From 08cb96bba2831a8fc3dbda697ab65d64bb05a371 Mon Sep 17 00:00:00 2001 From: "Dr. Stephen Henson" Date: Tue, 14 Jan 2003 20:54:18 +0000 Subject: [PATCH 001/393] Set EXPORT_VAR_AS_FN for BC-32 to work around a compiler bug, --- Configure | 2 +- 1 file changed, 1 insertion(+), 1 deletion(-) diff --git a/Configure b/Configure index 451330a0b4..03f0b387da 100755 --- a/Configure +++ b/Configure @@ -501,7 +501,7 @@ my %table=( "VC-MSDOS","cl:::(unknown):MSDOS::BN_LLONG MD2_CHAR DES_UNROLL DES_PTR RC4_INDEX SIXTEEN_BIT:::", # Borland C++ 4.5 -"BC-32","bcc32::::WIN32::BN_LLONG DES_PTR RC4_INDEX::::::::::win32", +"BC-32","bcc32::::WIN32::BN_LLONG DES_PTR RC4_INDEX EXPORT_VAR_AS_FN::::::::::win32", "BC-16","bcc:::(unknown):WIN16::BN_LLONG DES_PTR RC4_INDEX SIXTEEN_BIT:::", # Mingw32 From 0e4aa0d2d2807e0cbeac29b65d2b9061daed8941 Mon Sep 17 00:00:00 2001 From: Geoff Thorpe Date: Wed, 15 Jan 2003 02:01:55 +0000 Subject: [PATCH 002/393] As with RSA, which was modified recently, this change makes it possible to override key-generation implementations by placing handlers in the methods for DSA and DH. Also, parameter generation for DSA and DH is possible by another new handler for each method. --- CHANGES | 6 ++++++ crypto/dh/dh.h | 2 ++ crypto/dh/dh_gen.c | 11 ++++++++++- crypto/dh/dh_key.c | 1 + crypto/dsa/dsa.h | 7 +++++++ crypto/dsa/dsa_gen.c | 15 +++++++++++++++ crypto/dsa/dsa_key.c | 9 +++++++++ crypto/dsa/dsa_ossl.c | 2 ++ engines/e_aep.c | 5 ++++- engines/e_atalla.c | 5 ++++- engines/e_cswift.c | 5 ++++- engines/e_ncipher.c | 1 + engines/e_nuron.c | 5 ++++- engines/e_sureware.c | 5 ++++- engines/e_ubsec.c | 5 ++++- 15 files changed, 77 insertions(+), 7 deletions(-) diff --git a/CHANGES b/CHANGES index 404f76bd08..4b11fc9c53 100644 --- a/CHANGES +++ b/CHANGES @@ -4,6 +4,12 @@ Changes between 0.9.7 and 0.9.8 [xx XXX xxxx] + *) Key-generation can now be implemented in RSA_METHOD, DSA_METHOD + and DH_METHOD (eg. by ENGINE implementations) to override the normal + software implementations. For DSA and DH, parameter generation can + also be overriden by providing the appropriate method callbacks. + [Geoff Thorpe] + *) Change the "progress" mechanism used in key-generation and primality testing to functions that take a new BN_GENCB pointer in place of callback/argument pairs. The new API functions have "_ex" diff --git a/crypto/dh/dh.h b/crypto/dh/dh.h index cab9b1493d..62dba4055c 100644 --- a/crypto/dh/dh.h +++ b/crypto/dh/dh.h @@ -91,6 +91,8 @@ typedef struct dh_method { int (*finish)(DH *dh); int flags; char *app_data; + /* If this is non-NULL, it will be used to generate parameters */ + int (*generate_params)(DH *dh, int prime_len, int generator, BN_GENCB *cb); } DH_METHOD; struct dh_st diff --git a/crypto/dh/dh_gen.c b/crypto/dh/dh_gen.c index a929a0f064..1f805073cf 100644 --- a/crypto/dh/dh_gen.c +++ b/crypto/dh/dh_gen.c @@ -66,6 +66,15 @@ #include #include +static int dh_builtin_genparams(DH *ret, int prime_len, int generator, BN_GENCB *cb); + +int DH_generate_parameters_ex(DH *ret, int prime_len, int generator, BN_GENCB *cb) + { + if(ret->meth->generate_params) + return ret->meth->generate_params(ret, prime_len, generator, cb); + return dh_builtin_genparams(ret, prime_len, generator, cb); + } + /* We generate DH parameters as follows * find a prime q which is prime_len/2 bits long. * p=(2*q)+1 or (p-1)/2 = q @@ -91,7 +100,7 @@ * It's just as OK (and in some sense better) to use a generator of the * order-q subgroup. */ -int DH_generate_parameters_ex(DH *ret, int prime_len, int generator, BN_GENCB *cb) +static int dh_builtin_genparams(DH *ret, int prime_len, int generator, BN_GENCB *cb) { BIGNUM *t1,*t2; int g,ok= -1; diff --git a/crypto/dh/dh_key.c b/crypto/dh/dh_key.c index 1a0efca2c4..5e58e0032f 100644 --- a/crypto/dh/dh_key.c +++ b/crypto/dh/dh_key.c @@ -90,6 +90,7 @@ dh_bn_mod_exp, dh_init, dh_finish, 0, +NULL, NULL }; diff --git a/crypto/dsa/dsa.h b/crypto/dsa/dsa.h index 7a126e486b..6ba79b01df 100644 --- a/crypto/dsa/dsa.h +++ b/crypto/dsa/dsa.h @@ -110,6 +110,13 @@ typedef struct dsa_method { int (*finish)(DSA *dsa); int flags; char *app_data; + /* If this is non-NULL, it is used to generate DSA parameters */ + int (*dsa_paramgen)(DSA *dsa, int bits, + unsigned char *seed, int seed_len, + int *counter_ret, unsigned long *h_ret, + BN_GENCB *cb); + /* If this is non-NULL, it is used to generate DSA keys */ + int (*dsa_keygen)(DSA *dsa); } DSA_METHOD; struct dsa_st diff --git a/crypto/dsa/dsa_gen.c b/crypto/dsa/dsa_gen.c index ca2c867089..4b9aff3689 100644 --- a/crypto/dsa/dsa_gen.c +++ b/crypto/dsa/dsa_gen.c @@ -80,10 +80,25 @@ #include #include +static int dsa_builtin_paramgen(DSA *ret, int bits, + unsigned char *seed_in, int seed_len, + int *counter_ret, unsigned long *h_ret, BN_GENCB *cb); + int DSA_generate_parameters_ex(DSA *ret, int bits, unsigned char *seed_in, int seed_len, int *counter_ret, unsigned long *h_ret, BN_GENCB *cb) { + if(ret->meth->dsa_paramgen) + return ret->meth->dsa_paramgen(ret, bits, seed_in, seed_len, + counter_ret, h_ret, cb); + return dsa_builtin_paramgen(ret, bits, seed_in, seed_len, + counter_ret, h_ret, cb); + } + +static int dsa_builtin_paramgen(DSA *ret, int bits, + unsigned char *seed_in, int seed_len, + int *counter_ret, unsigned long *h_ret, BN_GENCB *cb) + { int ok=0; unsigned char seed[SHA_DIGEST_LENGTH]; unsigned char md[SHA_DIGEST_LENGTH]; diff --git a/crypto/dsa/dsa_key.c b/crypto/dsa/dsa_key.c index ef87c3e637..48ff1f423c 100644 --- a/crypto/dsa/dsa_key.c +++ b/crypto/dsa/dsa_key.c @@ -64,7 +64,16 @@ #include #include +static int dsa_builtin_keygen(DSA *dsa); + int DSA_generate_key(DSA *dsa) + { + if(dsa->meth->dsa_keygen) + return dsa->meth->dsa_keygen(dsa); + return dsa_builtin_keygen(dsa); + } + +static int dsa_builtin_keygen(DSA *dsa) { int ok=0; BN_CTX *ctx=NULL; diff --git a/crypto/dsa/dsa_ossl.c b/crypto/dsa/dsa_ossl.c index fc35dfe1f6..313c06fa3f 100644 --- a/crypto/dsa/dsa_ossl.c +++ b/crypto/dsa/dsa_ossl.c @@ -89,6 +89,8 @@ dsa_bn_mod_exp, dsa_init, dsa_finish, 0, +NULL, +NULL, NULL }; diff --git a/engines/e_aep.c b/engines/e_aep.c index 3bb979a5f1..46ccac2823 100644 --- a/engines/e_aep.c +++ b/engines/e_aep.c @@ -190,7 +190,9 @@ static DSA_METHOD aep_dsa = NULL, /* init */ NULL, /* finish */ 0, /* flags */ - NULL /* app_data */ + NULL, /* app_data */ + NULL, /* dsa_paramgen */ + NULL /* dsa_keygen */ }; #endif @@ -205,6 +207,7 @@ static DH_METHOD aep_dh = NULL, NULL, 0, + NULL, NULL }; #endif diff --git a/engines/e_atalla.c b/engines/e_atalla.c index 6807e8400c..64dcc046e8 100644 --- a/engines/e_atalla.c +++ b/engines/e_atalla.c @@ -154,7 +154,9 @@ static DSA_METHOD atalla_dsa = NULL, /* init */ NULL, /* finish */ 0, /* flags */ - NULL /* app_data */ + NULL, /* app_data */ + NULL, /* dsa_paramgen */ + NULL /* dsa_keygen */ }; #endif @@ -169,6 +171,7 @@ static DH_METHOD atalla_dh = NULL, NULL, 0, + NULL, NULL }; #endif diff --git a/engines/e_cswift.c b/engines/e_cswift.c index d3bd9c657d..28a51d1bfd 100644 --- a/engines/e_cswift.c +++ b/engines/e_cswift.c @@ -172,7 +172,9 @@ static DSA_METHOD cswift_dsa = NULL, /* init */ NULL, /* finish */ 0, /* flags */ - NULL /* app_data */ + NULL, /* app_data */ + NULL, /* dsa_paramgen */ + NULL /* dsa_keygen */ }; #endif @@ -187,6 +189,7 @@ static DH_METHOD cswift_dh = NULL, NULL, 0, + NULL, NULL }; #endif diff --git a/engines/e_ncipher.c b/engines/e_ncipher.c index 8e8344379e..bf95ca8612 100644 --- a/engines/e_ncipher.c +++ b/engines/e_ncipher.c @@ -201,6 +201,7 @@ static DH_METHOD hwcrhk_dh = NULL, NULL, 0, + NULL, NULL }; #endif diff --git a/engines/e_nuron.c b/engines/e_nuron.c index 2d3f84b041..f9c3795033 100644 --- a/engines/e_nuron.c +++ b/engines/e_nuron.c @@ -287,7 +287,9 @@ static DSA_METHOD nuron_dsa = NULL, /* init */ NULL, /* finish */ 0, /* flags */ - NULL /* app_data */ + NULL, /* app_data */ + NULL, /* dsa_paramgen */ + NULL /* dsa_keygen */ }; #endif @@ -301,6 +303,7 @@ static DH_METHOD nuron_dh = NULL, NULL, 0, + NULL, NULL }; #endif diff --git a/engines/e_sureware.c b/engines/e_sureware.c index ee7182cd0c..cae8bf4856 100644 --- a/engines/e_sureware.c +++ b/engines/e_sureware.c @@ -145,7 +145,8 @@ static DH_METHOD surewarehk_dh = NULL, /* init*/ NULL, /* finish*/ 0, /* flags*/ - NULL + NULL, + NULL }; #endif @@ -194,6 +195,8 @@ static DSA_METHOD surewarehk_dsa = NULL,/*finish*/ 0, NULL, + NULL, + NULL }; #endif diff --git a/engines/e_ubsec.c b/engines/e_ubsec.c index afb0c9ece6..02927d7b38 100644 --- a/engines/e_ubsec.c +++ b/engines/e_ubsec.c @@ -162,7 +162,9 @@ static DSA_METHOD ubsec_dsa = NULL, /* init */ NULL, /* finish */ 0, /* flags */ - NULL /* app_data */ + NULL, /* app_data */ + NULL, /* dsa_paramgen */ + NULL /* dsa_keygen */ }; #endif @@ -177,6 +179,7 @@ static DH_METHOD ubsec_dh = NULL, NULL, 0, + NULL, NULL }; #endif From 8ec16ce7110a9b60bb6a616c4f0ad2df6cb08894 Mon Sep 17 00:00:00 2001 From: =?UTF-8?q?Lutz=20J=C3=A4nicke?= Date: Wed, 15 Jan 2003 09:51:22 +0000 Subject: [PATCH 003/393] Really fix SSLv2 session ID handling PR: 377 --- CHANGES | 9 +++++++++ ssl/s2_clnt.c | 2 +- 2 files changed, 10 insertions(+), 1 deletion(-) diff --git a/CHANGES b/CHANGES index 4b11fc9c53..c3176727e5 100644 --- a/CHANGES +++ b/CHANGES @@ -375,6 +375,15 @@ TODO: bug: pad x with leading zeros if necessary Changes between 0.9.7 and 0.9.7a [XX xxx 2003] + *) Another fix for SSLv2 session ID handling: the session ID was incorrectly + checked on reconnect on the client side, therefore session resumption + could still fail with a "ssl session id is different" error. This + behaviour is masked when SSL_OP_ALL is used due to + SSL_OP_MICROSOFT_SESS_ID_BUG being set. + Behaviour observed by Crispin Flowerday as + followup to PR #377. + [Lutz Jaenicke] + *) IA-32 assembler support enhancements: unified ELF targets, support for SCO/Caldera platforms, fix for Cygwin shared build. [Andy Polyakov] diff --git a/ssl/s2_clnt.c b/ssl/s2_clnt.c index c6319bb63d..1d24dedc91 100644 --- a/ssl/s2_clnt.c +++ b/ssl/s2_clnt.c @@ -1021,7 +1021,7 @@ static int get_server_finished(SSL *s) if (!(s->options & SSL_OP_MICROSOFT_SESS_ID_BUG)) { if ((s->session->session_id_length > sizeof s->session->session_id) - || (0 != memcmp(buf, s->session->session_id, + || (0 != memcmp(buf + 1, s->session->session_id, (unsigned int)s->session->session_id_length))) { ssl2_return_error(s,SSL2_PE_UNDEFINED_ERROR); From 365e14622a810d619f78f1f683580a7d2a353f60 Mon Sep 17 00:00:00 2001 From: =?UTF-8?q?Bodo=20M=C3=B6ller?= Date: Wed, 15 Jan 2003 11:47:28 +0000 Subject: [PATCH 004/393] update error library for EC... changes Submitted by: Nils Larsch --- crypto/err/err_all.c | 12 ++++++++++++ crypto/err/openssl.ec | 1 - 2 files changed, 12 insertions(+), 1 deletion(-) diff --git a/crypto/err/err_all.c b/crypto/err/err_all.c index 90029fd159..812ab7cbe6 100644 --- a/crypto/err/err_all.c +++ b/crypto/err/err_all.c @@ -73,6 +73,12 @@ #ifndef OPENSSL_NO_DSA #include #endif +#ifndef OPENSSL_NO_ECDSA +#include +#endif +#ifndef OPENSSL_NO_ECDH +#include +#endif #include #include #include @@ -114,6 +120,12 @@ void ERR_load_crypto_strings(void) ERR_load_CRYPTO_strings(); #ifndef OPENSSL_NO_EC ERR_load_EC_strings(); +#endif +#ifndef OPENSSL_NO_ECDSA + ERR_load_ECDSA_strings(); +#endif +#ifndef OPENSSL_NO_ECDH + ERR_load_ECDH_strings(); #endif /* skip ERR_load_SSL_strings() because it is not in this library */ ERR_load_BIO_strings(); diff --git a/crypto/err/openssl.ec b/crypto/err/openssl.ec index 38d68f23e7..3ac40512d2 100644 --- a/crypto/err/openssl.ec +++ b/crypto/err/openssl.ec @@ -33,7 +33,6 @@ L ECDH crypto/ecdh/ecdh.h crypto/ecdh/ech_err.c # additional header files to be scanned for function names L NONE crypto/x509/x509_vfy.h NONE L NONE crypto/ec/ec_lcl.h NONE -L NONE crypto/ecdsa/ecs_locl.h NONE F RSAREF_F_RSA_BN2BIN From a74333f90509a3bb48c1d604ed20237e7746aff2 Mon Sep 17 00:00:00 2001 From: =?UTF-8?q?Lutz=20J=C3=A4nicke?= Date: Wed, 15 Jan 2003 14:54:59 +0000 Subject: [PATCH 005/393] Fix initialization sequence to prevent freeing of unitialized objects. Submitted by: Nils Larsch PR: 459 --- CHANGES | 12 ++++++++++++ crypto/dsa/dsa_ossl.c | 13 +++++++++---- crypto/ecdsa/ecs_ossl.c | 7 +++++-- 3 files changed, 26 insertions(+), 6 deletions(-) diff --git a/CHANGES b/CHANGES index c3176727e5..2fd057c41e 100644 --- a/CHANGES +++ b/CHANGES @@ -4,6 +4,12 @@ Changes between 0.9.7 and 0.9.8 [xx XXX xxxx] + *) ECDSA routines: under certain error conditions uninitialized BN objects + could be freed. Solution: make sure initialization is performed early + enough. (Reported and fix supplied by Nils Larsch + via PR#459) + [Lutz Jaenicke] + *) Key-generation can now be implemented in RSA_METHOD, DSA_METHOD and DH_METHOD (eg. by ENGINE implementations) to override the normal software implementations. For DSA and DH, parameter generation can @@ -375,6 +381,12 @@ TODO: bug: pad x with leading zeros if necessary Changes between 0.9.7 and 0.9.7a [XX xxx 2003] + *) DSA routines: under certain error conditions uninitialized BN objects + could be freed. Solution: make sure initialization is performed early + enough. (Reported and fix supplied by Ivan D Nestlerode , + Nils Larsch via PR#459) + [Lutz Jaenicke] + *) Another fix for SSLv2 session ID handling: the session ID was incorrectly checked on reconnect on the client side, therefore session resumption could still fail with a "ssl session id is different" error. This diff --git a/crypto/dsa/dsa_ossl.c b/crypto/dsa/dsa_ossl.c index 313c06fa3f..70d60d9e29 100644 --- a/crypto/dsa/dsa_ossl.c +++ b/crypto/dsa/dsa_ossl.c @@ -108,13 +108,15 @@ static DSA_SIG *dsa_do_sign(const unsigned char *dgst, int dlen, DSA *dsa) int i,reason=ERR_R_BN_LIB; DSA_SIG *ret=NULL; + BN_init(&m); + BN_init(&xr); + if (!dsa->p || !dsa->q || !dsa->g) { reason=DSA_R_MISSING_PARAMETERS; goto err; } - BN_init(&m); - BN_init(&xr); + s=BN_new(); if (s == NULL) goto err; @@ -180,6 +182,9 @@ static int dsa_sign_setup(DSA *dsa, BN_CTX *ctx_in, BIGNUM **kinvp, BIGNUM **rp) DSAerr(DSA_F_DSA_SIGN_SETUP,DSA_R_MISSING_PARAMETERS); return 0; } + + BN_init(&k); + if (ctx_in == NULL) { if ((ctx=BN_CTX_new()) == NULL) goto err; @@ -187,7 +192,6 @@ static int dsa_sign_setup(DSA *dsa, BN_CTX *ctx_in, BIGNUM **kinvp, BIGNUM **rp) else ctx=ctx_in; - BN_init(&k); if ((r=BN_new()) == NULL) goto err; kinv=NULL; @@ -243,11 +247,12 @@ static int dsa_do_verify(const unsigned char *dgst, int dgst_len, DSA_SIG *sig, return -1; } - if ((ctx=BN_CTX_new()) == NULL) goto err; BN_init(&u1); BN_init(&u2); BN_init(&t1); + if ((ctx=BN_CTX_new()) == NULL) goto err; + if (BN_is_zero(sig->r) || BN_get_sign(sig->r) || BN_ucmp(sig->r, dsa->q) >= 0) { diff --git a/crypto/ecdsa/ecs_ossl.c b/crypto/ecdsa/ecs_ossl.c index 215da3892a..ba1c56121c 100644 --- a/crypto/ecdsa/ecs_ossl.c +++ b/crypto/ecdsa/ecs_ossl.c @@ -94,6 +94,9 @@ static int ecdsa_sign_setup(EC_KEY *eckey, BN_CTX *ctx_in, BIGNUM **kinvp, ECDSAerr(ECDSA_F_ECDSA_SIGN_SETUP, ERR_R_PASSED_NULL_PARAMETER); return 0; } + + BN_init(&k); + if (ctx_in == NULL) { if ((ctx=BN_CTX_new()) == NULL) @@ -134,7 +137,6 @@ static int ecdsa_sign_setup(EC_KEY *eckey, BN_CTX *ctx_in, BIGNUM **kinvp, do { /* get random k */ - BN_init(&k); do if (!BN_rand_range(&k,order)) { @@ -223,6 +225,8 @@ static ECDSA_SIG *ecdsa_do_sign(const unsigned char *dgst, int dgst_len, ECDSA_SIG *ret=NULL; ECDSA_DATA *ecdsa; + BN_init(&xr); + ecdsa = ecdsa_check(eckey); if (!eckey || !eckey->group || !eckey->pub_key || !eckey->priv_key @@ -231,7 +235,6 @@ static ECDSA_SIG *ecdsa_do_sign(const unsigned char *dgst, int dgst_len, ECDSAerr(ECDSA_F_ECDSA_DO_SIGN, ERR_R_PASSED_NULL_PARAMETER); goto err; } - BN_init(&xr); if ((ctx = BN_CTX_new()) == NULL || (order = BN_new()) == NULL || (tmp = BN_new()) == NULL || (m = BN_new()) == NULL || From 4e59cd3bb6d31bbe31575a3dad2cbd4a1b2865dd Mon Sep 17 00:00:00 2001 From: Richard Levitte Date: Wed, 15 Jan 2003 17:23:16 +0000 Subject: [PATCH 006/393] Add verbosity --- INSTALL | 3 ++- 1 file changed, 2 insertions(+), 1 deletion(-) diff --git a/INSTALL b/INSTALL index cc6b731741..1c3f3c3fe9 100644 --- a/INSTALL +++ b/INSTALL @@ -321,7 +321,8 @@ cd objtree/"`uname -s`-`uname -r`-`uname -m`" (cd $OPENSSL_SOURCE; find . -type f) | while read F; do mkdir -p `dirname $F` - ln -s $OPENSSL_SOURCE/$F $F + rm -f $F; ln -s $OPENSSL_SOURCE/$F $F + echo $F '->' $OPENSSL_SOURCE/$F done make -f Makefile.org clean From 28b958f732a7a09bb67ba142cb96573731a79392 Mon Sep 17 00:00:00 2001 From: Richard Levitte Date: Thu, 16 Jan 2003 06:00:55 +0000 Subject: [PATCH 007/393] Fix possible NULL dereferencial. Notified by Verdon Walker --- ssl/ssl_lib.c | 34 ++++++++++++++++++++-------------- 1 file changed, 20 insertions(+), 14 deletions(-) diff --git a/ssl/ssl_lib.c b/ssl/ssl_lib.c index f4112678f8..68c7ae7b6e 100644 --- a/ssl/ssl_lib.c +++ b/ssl/ssl_lib.c @@ -1073,14 +1073,17 @@ int ssl_cipher_ptr_id_cmp(const SSL_CIPHER * const *ap, * preference */ STACK_OF(SSL_CIPHER) *SSL_get_ciphers(SSL *s) { - if ((s != NULL) && (s->cipher_list != NULL)) + if (s != NULL) { - return(s->cipher_list); - } - else if ((s->ctx != NULL) && - (s->ctx->cipher_list != NULL)) - { - return(s->ctx->cipher_list); + if (s->cipher_list != NULL) + { + return(s->cipher_list); + } + else if ((s->ctx != NULL) && + (s->ctx->cipher_list != NULL)) + { + return(s->ctx->cipher_list); + } } return(NULL); } @@ -1089,14 +1092,17 @@ STACK_OF(SSL_CIPHER) *SSL_get_ciphers(SSL *s) * algorithm id */ STACK_OF(SSL_CIPHER) *ssl_get_ciphers_by_id(SSL *s) { - if ((s != NULL) && (s->cipher_list_by_id != NULL)) + if (s != NULL) { - return(s->cipher_list_by_id); - } - else if ((s != NULL) && (s->ctx != NULL) && - (s->ctx->cipher_list_by_id != NULL)) - { - return(s->ctx->cipher_list_by_id); + if (s->cipher_list_by_id != NULL) + { + return(s->cipher_list_by_id); + } + else if ((s->ctx != NULL) && + (s->ctx->cipher_list_by_id != NULL)) + { + return(s->ctx->cipher_list_by_id); + } } return(NULL); } From acad5755a2239d448e151a2b40650f44a5f85a7b Mon Sep 17 00:00:00 2001 From: =?UTF-8?q?Lutz=20J=C3=A4nicke?= Date: Thu, 16 Jan 2003 07:54:52 +0000 Subject: [PATCH 008/393] ncr-scde target needs -lc89 for strcasecmp() and ftime() (Tim Rice, Martin Megele). PR: 450 --- Configure | 2 +- 1 file changed, 1 insertion(+), 1 deletion(-) diff --git a/Configure b/Configure index 03f0b387da..77762cb2cd 100755 --- a/Configure +++ b/Configure @@ -402,7 +402,7 @@ my %table=( "nextstep3.3", "cc:-O3 -Wall::(unknown):::BN_LLONG ${x86_gcc_des} ${x86_gcc_opts}:::", # NCR MP-RAS UNIX ver 02.03.01 -"ncr-scde","cc:-O6 -Xa -Hoff=BEHAVED -686 -Hwide -Hiw::(unknown)::-lsocket -lnsl:${x86_gcc_des} ${x86_gcc_opts}:::", +"ncr-scde","cc:-O6 -Xa -Hoff=BEHAVED -686 -Hwide -Hiw::(unknown)::-lsocket -lnsl -lc89:${x86_gcc_des} ${x86_gcc_opts}:::", # QNX 4 "qnx4", "cc:-DL_ENDIAN -DTERMIO::(unknown):::${x86_gcc_des} ${x86_gcc_opts}:", From 44ea41cfff77ede56a56931d7851e5a806fb44b1 Mon Sep 17 00:00:00 2001 From: Richard Levitte Date: Thu, 16 Jan 2003 13:01:36 +0000 Subject: [PATCH 009/393] make update --- TABLE | 413 +++++++++++++++++----------------------------------------- 1 file changed, 119 insertions(+), 294 deletions(-) diff --git a/TABLE b/TABLE index adf02a6d6a..7bce67f7fc 100644 --- a/TABLE +++ b/TABLE @@ -32,7 +32,7 @@ $unistd = $thread_cflag = $sys_id = WIN32 $lflags = -$bn_ops = BN_LLONG DES_PTR RC4_INDEX +$bn_ops = BN_LLONG DES_PTR RC4_INDEX EXPORT_VAR_AS_FN $bn_obj = $des_obj = $bf_obj = @@ -225,6 +225,31 @@ $shared_extension = .so.$(SHLIB_MAJOR).$(SHLIB_MINOR) $ranlib = $arflags = +*** FreeBSD-sparc64 +$cc = gcc +$cflags = -DB_ENDIAN -DTERMIOS -O3 -fomit-frame-pointer +$unistd = +$thread_cflag = -pthread -D_REENTRANT -D_THREAD_SAFE -D_THREADSAFE +$sys_id = +$lflags = +$bn_ops = SIXTY_FOUR_BIT_LONG DES_INT DES_PTR DES_RISC2 BF_PTR +$bn_obj = +$des_obj = +$bf_obj = +$md5_obj = +$sha1_obj = +$cast_obj = +$rc4_obj = +$rmd160_obj = +$rc5_obj = +$dso_scheme = dlfcn +$shared_target= bsd-gcc-shared +$shared_cflag = -fPIC +$shared_ldflag = +$shared_extension = .so.$(SHLIB_MAJOR).$(SHLIB_MINOR) +$ranlib = +$arflags = + *** MPE/iX-gcc $cc = gcc $cflags = -D_ENDIAN -DBN_DIV2W -O3 -D_POSIX_SOURCE -D_SOCKET_SOURCE -I/SYSLOG/PUB @@ -609,7 +634,7 @@ $sys_id = $lflags = $bn_ops = BN_LLONG RC2_CHAR RC4_INDEX DES_INT DES_UNROLL $bn_obj = -$des_obj = +$des_obj = asm/des_enc-sparc.o fcrypt_b.o $bf_obj = $md5_obj = $sha1_obj = @@ -634,7 +659,7 @@ $sys_id = $lflags = $bn_ops = SIXTY_FOUR_BIT_LONG DES_INT DES_PTR DES_RISC2 BF_PTR $bn_obj = -$des_obj = +$des_obj = asm/des_enc-sparc.o fcrypt_b.o $bf_obj = $md5_obj = $sha1_obj = @@ -683,15 +708,15 @@ $thread_cflag = -Kthread $sys_id = $lflags = -lsocket -lnsl $bn_ops = BN_LLONG MD2_CHAR RC4_INDEX DES_PTR DES_RISC1 DES_UNROLL -$bn_obj = -$des_obj = -$bf_obj = -$md5_obj = -$sha1_obj = -$cast_obj = -$rc4_obj = -$rmd160_obj = -$rc5_obj = +$bn_obj = asm/bn86-elf.o asm/co86-elf.o +$des_obj = asm/dx86-elf.o asm/yx86-elf.o +$bf_obj = asm/bx86-elf.o +$md5_obj = asm/mx86-elf.o +$sha1_obj = asm/sx86-elf.o +$cast_obj = asm/cx86-elf.o +$rc4_obj = asm/rx86-elf.o +$rmd160_obj = asm/rm86-elf.o +$rc5_obj = asm/r586-elf.o $dso_scheme = dlfcn $shared_target= svr5-shared $shared_cflag = -Kpic @@ -708,15 +733,15 @@ $thread_cflag = -pthread $sys_id = $lflags = -lsocket -lnsl $bn_ops = BN_LLONG MD2_CHAR RC4_INDEX DES_PTR DES_RISC1 DES_UNROLL -$bn_obj = -$des_obj = -$bf_obj = -$md5_obj = -$sha1_obj = -$cast_obj = -$rc4_obj = -$rmd160_obj = -$rc5_obj = +$bn_obj = asm/bn86-elf.o asm/co86-elf.o +$des_obj = asm/dx86-elf.o asm/yx86-elf.o +$bf_obj = asm/bx86-elf.o +$md5_obj = asm/mx86-elf.o +$sha1_obj = asm/sx86-elf.o +$cast_obj = asm/cx86-elf.o +$rc4_obj = asm/rx86-elf.o +$rmd160_obj = asm/rm86-elf.o +$rc5_obj = asm/r586-elf.o $dso_scheme = dlfcn $shared_target= svr5-shared $shared_cflag = -fPIC @@ -725,56 +750,6 @@ $shared_extension = .so.$(SHLIB_MAJOR).$(SHLIB_MINOR) $ranlib = $arflags = -*** OpenUNIX-8-pentium -$cc = cc -$cflags = -O -DFILIO_H -Kalloca -Kpentium -$unistd = -$thread_cflag = -Kthread -$sys_id = -$lflags = -lsocket -lnsl -$bn_ops = BN_LLONG MD2_CHAR RC4_INDEX DES_PTR DES_RISC1 DES_UNROLL -$bn_obj = -$des_obj = -$bf_obj = -$md5_obj = -$sha1_obj = -$cast_obj = -$rc4_obj = -$rmd160_obj = -$rc5_obj = -$dso_scheme = dlfcn -$shared_target= svr5-shared -$shared_cflag = -Kpic -$shared_ldflag = -$shared_extension = .so.$(SHLIB_MAJOR).$(SHLIB_MINOR) -$ranlib = -$arflags = - -*** OpenUNIX-8-pentium_pro -$cc = cc -$cflags = -O -DFILIO_H -Kalloca -Kpentium_pro -$unistd = -$thread_cflag = -Kthread -$sys_id = -$lflags = -lsocket -lnsl -$bn_ops = BN_LLONG MD2_CHAR RC4_INDEX DES_PTR DES_RISC1 DES_UNROLL -$bn_obj = -$des_obj = -$bf_obj = -$md5_obj = -$sha1_obj = -$cast_obj = -$rc4_obj = -$rmd160_obj = -$rc5_obj = -$dso_scheme = dlfcn -$shared_target= svr5-shared -$shared_cflag = -Kpic -$shared_ldflag = -$shared_extension = .so.$(SHLIB_MAJOR).$(SHLIB_MINOR) -$ranlib = -$arflags = - *** ReliantUNIX $cc = cc $cflags = -KPIC -g -DTERMIOS -DB_ENDIAN @@ -2302,7 +2277,7 @@ $arflags = *** hpux-ia64-cc $cc = cc -$cflags = -Ae +DD32 +O3 +ESlit -z -DB_ENDIAN +$cflags = -Ae +DD32 +O3 +Olit=all -z -DB_ENDIAN $unistd = $thread_cflag = -D_REENTRANT $sys_id = @@ -2577,7 +2552,7 @@ $arflags = *** hpux64-ia64-cc $cc = cc -$cflags = -Ae +DD64 +O3 +ESlit -z -DB_ENDIAN +$cflags = -Ae +DD64 +O3 +Olit=all -z -DB_ENDIAN $unistd = $thread_cflag = -D_REENTRANT $sys_id = @@ -3025,6 +3000,31 @@ $shared_extension = .so.$(SHLIB_MAJOR).$(SHLIB_MINOR) $ranlib = $arflags = +*** linux-ia32-icc +$cc = icc +$cflags = -DL_ENDIAN -DTERMIO -O2 +$unistd = +$thread_cflag = -D_REENTRANT +$sys_id = +$lflags = -ldl +$bn_ops = BN_LLONG DES_PTR DES_RISC1 DES_UNROLL RC4_INDEX MD2_INT +$bn_obj = asm/bn86-elf.o asm/co86-elf.o +$des_obj = asm/dx86-elf.o asm/yx86-elf.o +$bf_obj = asm/bx86-elf.o +$md5_obj = asm/mx86-elf.o +$sha1_obj = asm/sx86-elf.o +$cast_obj = asm/cx86-elf.o +$rc4_obj = asm/rx86-elf.o +$rmd160_obj = asm/rm86-elf.o +$rc5_obj = asm/r586-elf.o +$dso_scheme = dlfcn +$shared_target= linux-shared +$shared_cflag = -KPIC +$shared_ldflag = +$shared_extension = .so.$(SHLIB_MAJOR).$(SHLIB_MINOR) +$ranlib = +$arflags = + *** linux-ia64 $cc = gcc $cflags = -DL_ENDIAN -DTERMIO -O3 -fomit-frame-pointer -Wall @@ -3334,7 +3334,7 @@ $sys_id = $lflags = -ldl $bn_ops = BN_LLONG RC4_CHAR RC4_CHUNK DES_UNROLL BF_PTR $bn_obj = asm/sparcv8.o -$des_obj = +$des_obj = asm/des_enc-sparc.o fcrypt_b.o $bf_obj = $md5_obj = $sha1_obj = @@ -3359,7 +3359,7 @@ $sys_id = ULTRASPARC $lflags = -ldl $bn_ops = BN_LLONG RC4_CHAR RC4_CHUNK DES_UNROLL BF_PTR $bn_obj = asm/sparcv8plus.o -$des_obj = +$des_obj = asm/des_enc-sparc.o fcrypt_b.o $bf_obj = $md5_obj = asm/md5-sparcv8plus.o $sha1_obj = @@ -3409,7 +3409,7 @@ $sys_id = ULTRASPARC $lflags = -ldl $bn_ops = SIXTY_FOUR_BIT_LONG RC4_CHAR RC4_CHUNK DES_UNROLL BF_PTR $bn_obj = -$des_obj = +$des_obj = asm/des_enc-sparc.o fcrypt_b.o $bf_obj = $md5_obj = asm/md5-sparcv9.o $sha1_obj = @@ -3658,15 +3658,15 @@ $thread_cflag = (unknown) $sys_id = $lflags = -lsocket -lresolv -lnsl $bn_ops = DES_PTR DES_RISC1 DES_UNROLL RC4_INDEX MD2_INT -$bn_obj = -$des_obj = -$bf_obj = -$md5_obj = -$sha1_obj = -$cast_obj = -$rc4_obj = -$rmd160_obj = -$rc5_obj = +$bn_obj = asm/bn86-elf.o asm/co86-elf.o +$des_obj = asm/dx86-elf.o asm/yx86-elf.o +$bf_obj = asm/bx86-elf.o +$md5_obj = asm/mx86-elf.o +$sha1_obj = asm/sx86-elf.o +$cast_obj = asm/cx86-elf.o +$rc4_obj = asm/rx86-elf.o +$rmd160_obj = asm/rm86-elf.o +$rc5_obj = asm/r586-elf.o $dso_scheme = dlfcn $shared_target= svr3-shared $shared_cflag = -Kpic @@ -3675,31 +3675,6 @@ $shared_extension = $ranlib = $arflags = -*** sco5-cc-pentium -$cc = cc -$cflags = -Kpentium -$unistd = -$thread_cflag = (unknown) -$sys_id = -$lflags = -lsocket -$bn_ops = DES_PTR DES_RISC1 DES_UNROLL RC4_INDEX MD2_INT -$bn_obj = -$des_obj = -$bf_obj = -$md5_obj = -$sha1_obj = -$cast_obj = -$rc4_obj = -$rmd160_obj = -$rc5_obj = -$dso_scheme = -$shared_target= -$shared_cflag = -$shared_ldflag = -$shared_extension = -$ranlib = -$arflags = - *** sco5-gcc $cc = gcc $cflags = -O3 -fomit-frame-pointer @@ -3809,7 +3784,7 @@ $sys_id = $lflags = -lsocket -lnsl -ldl $bn_ops = BN_LLONG RC4_CHAR RC4_CHUNK DES_PTR DES_RISC1 DES_UNROLL BF_PTR $bn_obj = asm/sparcv8.o -$des_obj = +$des_obj = asm/des_enc-sparc.o fcrypt_b.o $bf_obj = $md5_obj = $sha1_obj = @@ -3834,7 +3809,7 @@ $sys_id = $lflags = -lsocket -lnsl -ldl $bn_ops = BN_LLONG RC4_CHAR RC4_CHUNK DES_UNROLL BF_PTR $bn_obj = asm/sparcv8.o -$des_obj = +$des_obj = asm/des_enc-sparc.o fcrypt_b.o $bf_obj = $md5_obj = $sha1_obj = @@ -3859,7 +3834,7 @@ $sys_id = ULTRASPARC $lflags = -lsocket -lnsl -ldl $bn_ops = BN_LLONG RC4_CHAR RC4_CHUNK_LL DES_PTR DES_RISC1 DES_UNROLL BF_PTR $bn_obj = asm/sparcv8plus.o -$des_obj = +$des_obj = asm/des_enc-sparc.o fcrypt_b.o $bf_obj = $md5_obj = asm/md5-sparcv8plus.o $sha1_obj = @@ -3884,7 +3859,7 @@ $sys_id = ULTRASPARC $lflags = -lsocket -lnsl -ldl $bn_ops = BN_LLONG RC4_CHAR RC4_CHUNK DES_UNROLL BF_PTR $bn_obj = asm/sparcv8plus.o -$des_obj = +$des_obj = asm/des_enc-sparc.o fcrypt_b.o $bf_obj = $md5_obj = asm/md5-sparcv8plus.o $sha1_obj = @@ -3909,7 +3884,7 @@ $sys_id = ULTRASPARC $lflags = -lsocket -lnsl -ldl $bn_ops = BN_LLONG RC4_CHAR RC4_CHUNK DES_UNROLL BF_PTR $bn_obj = asm/sparcv8plus-gcc27.o -$des_obj = +$des_obj = asm/des_enc-sparc.o fcrypt_b.o $bf_obj = $md5_obj = asm/md5-sparcv8plus-gcc27.o $sha1_obj = @@ -3958,15 +3933,15 @@ $thread_cflag = -D_REENTRANT $sys_id = $lflags = -lsocket -lnsl -ldl $bn_ops = BN_LLONG DES_PTR DES_RISC1 DES_UNROLL RC4_INDEX MD2_INT -$bn_obj = asm/bn86-sol.o asm/co86-sol.o -$des_obj = asm/dx86-sol.o asm/yx86-sol.o -$bf_obj = asm/bx86-sol.o -$md5_obj = asm/mx86-sol.o -$sha1_obj = asm/sx86-sol.o -$cast_obj = asm/cx86-sol.o -$rc4_obj = asm/rx86-sol.o -$rmd160_obj = asm/rm86-sol.o -$rc5_obj = asm/r586-sol.o +$bn_obj = asm/bn86-elf.o asm/co86-elf.o +$des_obj = asm/dx86-elf.o asm/yx86-elf.o +$bf_obj = asm/bx86-elf.o +$md5_obj = asm/mx86-elf.o +$sha1_obj = asm/sx86-elf.o +$cast_obj = asm/cx86-elf.o +$rc4_obj = asm/rx86-elf.o +$rmd160_obj = asm/rm86-elf.o +$rc5_obj = asm/r586-elf.o $dso_scheme = dlfcn $shared_target= solaris-shared $shared_cflag = -fPIC @@ -3984,7 +3959,7 @@ $sys_id = ULTRASPARC $lflags = -lsocket -lnsl -ldl $bn_ops = SIXTY_FOUR_BIT_LONG RC4_CHAR RC4_CHUNK DES_INT DES_PTR DES_RISC1 DES_UNROLL BF_PTR $bn_obj = -$des_obj = +$des_obj = asm/des_enc-sparc.o fcrypt_b.o $bf_obj = $md5_obj = asm/md5-sparcv9.o $sha1_obj = @@ -4009,32 +3984,7 @@ $sys_id = ULTRASPARC $lflags = -lsocket -lnsl -ldl $bn_ops = SIXTY_FOUR_BIT_LONG RC4_CHAR RC4_CHUNK DES_INT DES_PTR DES_RISC1 DES_UNROLL BF_PTR $bn_obj = -$des_obj = -$bf_obj = -$md5_obj = asm/md5-sparcv9.o -$sha1_obj = -$cast_obj = -$rc4_obj = -$rmd160_obj = -$rc5_obj = -$dso_scheme = dlfcn -$shared_target= solaris-shared -$shared_cflag = -fPIC -$shared_ldflag = -m64 -shared -$shared_extension = .so.$(SHLIB_MAJOR).$(SHLIB_MINOR) -$ranlib = -$arflags = - -*** solaris64-sparcv9-gcc31 -$cc = gcc -$cflags = -mcpu=ultrasparc -m64 -O3 -fomit-frame-pointer -Wall -DB_ENDIAN -$unistd = -$thread_cflag = -D_REENTRANT -$sys_id = ULTRASPARC -$lflags = -lsocket -lnsl -ldl -$bn_ops = SIXTY_FOUR_BIT_LONG RC4_CHAR RC4_CHUNK DES_INT DES_PTR DES_RISC1 DES_UNROLL BF_PTR -$bn_obj = -$des_obj = +$des_obj = asm/des_enc-sparc.o fcrypt_b.o $bf_obj = $md5_obj = asm/md5-sparcv9.o $sha1_obj = @@ -4175,31 +4125,6 @@ $shared_extension = $ranlib = $arflags = -*** unixware-2.0-pentium -$cc = cc -$cflags = -DFILIO_H -DNO_STRINGS_H -Kpentium -$unistd = -$thread_cflag = -Kthread -$sys_id = -$lflags = -lsocket -lnsl -lresolv -lx -$bn_ops = MD2_CHAR RC4_INDEX DES_PTR DES_RISC1 DES_UNROLL -$bn_obj = -$des_obj = -$bf_obj = -$md5_obj = -$sha1_obj = -$cast_obj = -$rc4_obj = -$rmd160_obj = -$rc5_obj = -$dso_scheme = -$shared_target= -$shared_cflag = -$shared_ldflag = -$shared_extension = -$ranlib = -$arflags = - *** unixware-2.1 $cc = cc $cflags = -O -DFILIO_H @@ -4225,56 +4150,6 @@ $shared_extension = $ranlib = $arflags = -*** unixware-2.1-p6 -$cc = cc -$cflags = -O -DFILIO_H -Kp6 -$unistd = -$thread_cflag = -Kthread -$sys_id = -$lflags = -lsocket -lnsl -lresolv -lx -$bn_ops = MD2_CHAR RC4_INDEX DES_PTR DES_RISC1 DES_UNROLL -$bn_obj = -$des_obj = -$bf_obj = -$md5_obj = -$sha1_obj = -$cast_obj = -$rc4_obj = -$rmd160_obj = -$rc5_obj = -$dso_scheme = -$shared_target= -$shared_cflag = -$shared_ldflag = -$shared_extension = -$ranlib = -$arflags = - -*** unixware-2.1-pentium -$cc = cc -$cflags = -O -DFILIO_H -Kpentium -$unistd = -$thread_cflag = -Kthread -$sys_id = -$lflags = -lsocket -lnsl -lresolv -lx -$bn_ops = MD2_CHAR RC4_INDEX DES_PTR DES_RISC1 DES_UNROLL -$bn_obj = -$des_obj = -$bf_obj = -$md5_obj = -$sha1_obj = -$cast_obj = -$rc4_obj = -$rmd160_obj = -$rc5_obj = -$dso_scheme = -$shared_target= -$shared_cflag = -$shared_ldflag = -$shared_extension = -$ranlib = -$arflags = - *** unixware-7 $cc = cc $cflags = -O -DFILIO_H -Kalloca @@ -4283,15 +4158,15 @@ $thread_cflag = -Kthread $sys_id = $lflags = -lsocket -lnsl $bn_ops = BN_LLONG MD2_CHAR RC4_INDEX DES_PTR DES_RISC1 DES_UNROLL -$bn_obj = -$des_obj = -$bf_obj = -$md5_obj = -$sha1_obj = -$cast_obj = -$rc4_obj = -$rmd160_obj = -$rc5_obj = +$bn_obj = asm/bn86-elf.o asm/co86-elf.o +$des_obj = asm/dx86-elf.o asm/yx86-elf.o +$bf_obj = asm/bx86-elf.o +$md5_obj = asm/mx86-elf.o +$sha1_obj = asm/sx86-elf.o +$cast_obj = asm/cx86-elf.o +$rc4_obj = asm/rx86-elf.o +$rmd160_obj = asm/rm86-elf.o +$rc5_obj = asm/r586-elf.o $dso_scheme = dlfcn $shared_target= svr5-shared $shared_cflag = -Kpic @@ -4308,15 +4183,15 @@ $thread_cflag = -D_REENTRANT $sys_id = $lflags = -lsocket -lnsl $bn_ops = BN_LLONG DES_PTR DES_RISC1 DES_UNROLL RC4_INDEX MD2_INT -$bn_obj = -$des_obj = -$bf_obj = -$md5_obj = -$sha1_obj = -$cast_obj = -$rc4_obj = -$rmd160_obj = -$rc5_obj = +$bn_obj = asm/bn86-elf.o asm/co86-elf.o +$des_obj = asm/dx86-elf.o asm/yx86-elf.o +$bf_obj = asm/bx86-elf.o +$md5_obj = asm/mx86-elf.o +$sha1_obj = asm/sx86-elf.o +$cast_obj = asm/cx86-elf.o +$rc4_obj = asm/rx86-elf.o +$rmd160_obj = asm/rm86-elf.o +$rc5_obj = asm/r586-elf.o $dso_scheme = dlfcn $shared_target= gnu-shared $shared_cflag = -fPIC @@ -4325,56 +4200,6 @@ $shared_extension = .so.$(SHLIB_MAJOR).$(SHLIB_MINOR) $ranlib = $arflags = -*** unixware-7-pentium -$cc = cc -$cflags = -O -DFILIO_H -Kalloca -Kpentium -$unistd = -$thread_cflag = -Kthread -$sys_id = -$lflags = -lsocket -lnsl -$bn_ops = BN_LLONG MD2_CHAR RC4_INDEX DES_PTR DES_RISC1 DES_UNROLL -$bn_obj = -$des_obj = -$bf_obj = -$md5_obj = -$sha1_obj = -$cast_obj = -$rc4_obj = -$rmd160_obj = -$rc5_obj = -$dso_scheme = dlfcn -$shared_target= svr5-shared -$shared_cflag = -Kpic -$shared_ldflag = -$shared_extension = .so.$(SHLIB_MAJOR).$(SHLIB_MINOR) -$ranlib = -$arflags = - -*** unixware-7-pentium_pro -$cc = cc -$cflags = -O -DFILIO_H -Kalloca -Kpentium_pro -$unistd = -$thread_cflag = -Kthread -$sys_id = -$lflags = -lsocket -lnsl -$bn_ops = BN_LLONG MD2_CHAR RC4_INDEX DES_PTR DES_RISC1 DES_UNROLL -$bn_obj = -$des_obj = -$bf_obj = -$md5_obj = -$sha1_obj = -$cast_obj = -$rc4_obj = -$rmd160_obj = -$rc5_obj = -$dso_scheme = dlfcn -$shared_target= svr5-shared -$shared_cflag = -Kpic -$shared_ldflag = -$shared_extension = .so.$(SHLIB_MAJOR).$(SHLIB_MINOR) -$ranlib = -$arflags = - *** vxworks-ppc405 $cc = ccppc $cflags = -g -msoft-float -mlongcall -DCPU=PPC405 -I$(WIND_BASE)/target/h From d745af4b0cc5d37ffa662aa04dcbfb2855c0f034 Mon Sep 17 00:00:00 2001 From: =?UTF-8?q?Bodo=20M=C3=B6ller?= Date: Thu, 16 Jan 2003 16:05:23 +0000 Subject: [PATCH 010/393] avoid potential confusion about curves (prime192v1 and prime256v1 are also known as secp192r1 and secp256r1, respectively) Submitted by: Nils Larsch, Bodo Moeller --- apps/ecparam.c | 21 +++++++++++++++- crypto/ec/ec_curve.c | 50 ++++++++++++++++++++------------------ crypto/objects/objects.txt | 4 +++ 3 files changed, 50 insertions(+), 25 deletions(-) diff --git a/apps/ecparam.c b/apps/ecparam.c index 3bd0a97487..010e214e57 100644 --- a/apps/ecparam.c +++ b/apps/ecparam.c @@ -383,7 +383,26 @@ bad: if (curve_name != NULL) { - int nid = OBJ_sn2nid(curve_name); + int nid; + + /* workaround for the SECG curve names secp192r1 + * and secp256r1 (which are the same as the curves + * prime192v1 and prime256v1 defined in X9.62) + */ + if (!strcmp(curve_name, "secp192r1")) + { + BIO_printf(bio_err, "using curve name prime192v1 " + "instead of secp192r1\n"); + nid = NID_X9_62_prime192v1; + } + else if (!strcmp(curve_name, "secp256r1")) + { + BIO_printf(bio_err, "using curve name prime256v1 " + "instead of secp256r1\n"); + nid = NID_X9_62_prime256v1; + } + else + nid = OBJ_sn2nid(curve_name); if (nid == 0) { diff --git a/crypto/ec/ec_curve.c b/crypto/ec/ec_curve.c index cb7776346d..0b9b7ca7c7 100644 --- a/crypto/ec/ec_curve.c +++ b/crypto/ec/ec_curve.c @@ -103,7 +103,7 @@ static const EC_CURVE_DATA _EC_NIST_PRIME_192 = { "07192b95ffc8da78631011ed6b24cdd573f977a11e794811", "FFFFFFFFFFFFFFFFFFFFFFFF99DEF836146BC9B1B4D22831",1, _EC_NIST_PRIME_192_SEED, 20, - "192 bit prime curve from the X9.62 draft" + "192 bit prime curve from X9.62 and SECG" }; static const unsigned char _EC_NIST_PRIME_224_SEED[] = { @@ -175,7 +175,7 @@ static const EC_CURVE_DATA _EC_X9_62_PRIME_192V2 = { "6574d11d69b6ec7a672bb82a083df2f2b0847de970b2de15", "FFFFFFFFFFFFFFFFFFFFFFFE5FB1A724DC80418648D8DD31",1, _EC_X9_62_PRIME_192V2_SEED, 20, - "192 bit prime curve from the X9.62 draft" + "192 bit prime curve from X9.62" }; static const unsigned char _EC_X9_62_PRIME_192V3_SEED[] = { @@ -190,7 +190,7 @@ static const EC_CURVE_DATA _EC_X9_62_PRIME_192V3 = { "38a90f22637337334b49dcb66a6dc8f9978aca7648a943b0", "FFFFFFFFFFFFFFFFFFFFFFFF7A62D031C83F4294F640EC13",1, _EC_X9_62_PRIME_192V3_SEED, 20, - "192 bit prime curve from the X9.62 draft" + "192 bit prime curve from X9.62" }; static const unsigned char _EC_X9_62_PRIME_239V1_SEED[] = { @@ -205,7 +205,7 @@ static const EC_CURVE_DATA _EC_X9_62_PRIME_239V1 = { "7debe8e4e90a5dae6e4054ca530ba04654b36818ce226b39fccb7b02f1ae", "7FFFFFFFFFFFFFFFFFFFFFFF7FFFFF9E5E9A9F5D9071FBD1522688909D0B",1, _EC_X9_62_PRIME_239V1_SEED, 20, - "239 bit prime curve from the X9.62 draft" + "239 bit prime curve from X9.62" }; static const unsigned char _EC_X9_62_PRIME_239V2_SEED[] = { @@ -220,7 +220,7 @@ static const EC_CURVE_DATA _EC_X9_62_PRIME_239V2 = { "5b0125e4dbea0ec7206da0fc01d9b081329fb555de6ef460237dff8be4ba", "7FFFFFFFFFFFFFFFFFFFFFFF800000CFA7E8594377D414C03821BC582063",1, _EC_X9_62_PRIME_239V2_SEED, 20, - "239 bit prime curve from the X9.62 draft" + "239 bit prime curve from X9.62" }; static const unsigned char _EC_X9_62_PRIME_239V3_SEED[] = { @@ -235,7 +235,7 @@ static const EC_CURVE_DATA _EC_X9_62_PRIME_239V3 = { "1607e6898f390c06bc1d552bad226f3b6fcfe48b6e818499af18e3ed6cf3", "7FFFFFFFFFFFFFFFFFFFFFFF7FFFFF975DEB41B3A6057C3C432146526551",1, _EC_X9_62_PRIME_239V3_SEED, 20, - "239 bit prime curve from the X9.62 draft" + "239 bit prime curve from X9.62" }; static const unsigned char _EC_X9_62_PRIME_256V1_SEED[] = { @@ -250,7 +250,7 @@ static const EC_CURVE_DATA _EC_X9_62_PRIME_256V1 = { "4fe342e2fe1a7f9b8ee7eb4a7c0f9e162bce33576b315ececbb6406837bf51f5", "FFFFFFFF00000000FFFFFFFFFFFFFFFFBCE6FAADA7179E84F3B9CAC2FC632551",1, _EC_X9_62_PRIME_256V1_SEED, 20, - "256 bit prime curve from the X9.62 draft" + "256 bit prime curve from X9.62 and SECG" }; /* the secg prime curves (minus the nist and x9.62 prime curves) */ static const unsigned char _EC_SECG_PRIME_112R1_SEED[] = { @@ -733,7 +733,7 @@ static const EC_CURVE_DATA _EC_X9_62_CHAR2_163V1 = { "01EC23211B5966ADEA1D3F87F7EA5848AEF0B7CA9F", "0400000000000000000001E60FC8821CC74DAEAFC1", 2, _EC_X9_62_CHAR2_163V1_SEED, 20, - "163 bit binary curve from the X9.62 draft" + "163 bit binary curve from X9.62" }; static const unsigned char _EC_X9_62_CHAR2_163V2_SEED[] = { @@ -748,7 +748,7 @@ static const EC_CURVE_DATA _EC_X9_62_CHAR2_163V2 = { "079F684DDF6684C5CD258B3890021B2386DFD19FC5", "03FFFFFFFFFFFFFFFFFFFDF64DE1151ADBB78F10A7", 2, _EC_X9_62_CHAR2_163V2_SEED, 20, - "163 bit binary curve from the X9.62 draft" + "163 bit binary curve from X9.62" }; static const unsigned char _EC_X9_62_CHAR2_163V3_SEED[] = { @@ -763,7 +763,7 @@ static const EC_CURVE_DATA _EC_X9_62_CHAR2_163V3 = { "05B935590C155E17EA48EB3FF3718B893DF59A05D0", "03FFFFFFFFFFFFFFFFFFFE1AEE140F110AFF961309", 2, _EC_X9_62_CHAR2_163V3_SEED, 20, - "163 bit binary curve from the X9.62 draft" + "163 bit binary curve from X9.62" }; static const EC_CURVE_DATA _EC_X9_62_CHAR2_176V1 = { @@ -775,7 +775,7 @@ static const EC_CURVE_DATA _EC_X9_62_CHAR2_176V1 = { "6FA4539C2DADDDD6BAB5167D61B436E1D92BB16A562C", "00010092537397ECA4F6145799D62B0A19CE06FE26AD", 0xFF6E, NULL, 0, - "176 bit binary curve from the X9.62 draft" + "176 bit binary curve from X9.62" }; static const unsigned char _EC_X9_62_CHAR2_191V1_SEED[] = { @@ -790,7 +790,7 @@ static const EC_CURVE_DATA _EC_X9_62_CHAR2_191V1 = { "765BE73433B3F95E332932E70EA245CA2418EA0EF98018FB", "40000000000000000000000004A20E90C39067C893BBB9A5", 2, _EC_X9_62_CHAR2_191V1_SEED, 20, - "191 bit binary curve from the X9.62 draft" + "191 bit binary curve from X9.62" }; static const unsigned char _EC_X9_62_CHAR2_191V2_SEED[] = { @@ -805,7 +805,7 @@ static const EC_CURVE_DATA _EC_X9_62_CHAR2_191V2 = { "17434386626D14F3DBF01760D9213A3E1CF37AEC437D668A", "20000000000000000000000050508CB89F652824E06B8173", 4, _EC_X9_62_CHAR2_191V2_SEED, 20, - "191 bit binary curve from the X9.62 draft" + "191 bit binary curve from X9.62" }; static const unsigned char _EC_X9_62_CHAR2_191V3_SEED[] = { @@ -820,7 +820,7 @@ static const EC_CURVE_DATA _EC_X9_62_CHAR2_191V3 = { "545A39176196575D985999366E6AD34CE0A77CD7127B06BE", "155555555555555555555555610C0B196812BFB6288A3EA3", 6, _EC_X9_62_CHAR2_191V3_SEED, 20, - "191 bit binary curve from the X9.62 draft" + "191 bit binary curve from X9.62" }; static const EC_CURVE_DATA _EC_X9_62_CHAR2_208W1 = { @@ -832,7 +832,7 @@ static const EC_CURVE_DATA _EC_X9_62_CHAR2_208W1 = { "0F55B51A06E78E9AC38A035FF520D8B01781BEB1A6BB08617DE3", "000101BAF95C9723C57B6C21DA2EFF2D5ED588BDD5717E212F9D", 0xFE48, NULL, 0, - "208 bit binary curve from the X9.62 draft" + "208 bit binary curve from X9.62" }; static const unsigned char _EC_X9_62_CHAR2_239V1_SEED[] = { @@ -847,7 +847,7 @@ static const EC_CURVE_DATA _EC_X9_62_CHAR2_239V1 = { "61D8EE5077C33FECF6F1A16B268DE469C3C7744EA9A971649FC7A9616305", "2000000000000000000000000000000F4D42FFE1492A4993F1CAD666E447", 4, _EC_X9_62_CHAR2_239V1_SEED, 20, - "239 bit binary curve from the X9.62 draft" + "239 bit binary curve from X9.62" }; static const unsigned char _EC_X9_62_CHAR2_239V2_SEED[] = { @@ -862,7 +862,7 @@ static const EC_CURVE_DATA _EC_X9_62_CHAR2_239V2 = { "5667334C45AFF3B5A03BAD9DD75E2C71A99362567D5453F7FA6E227EC833", "1555555555555555555555555555553C6F2885259C31E3FCDF154624522D", 6, _EC_X9_62_CHAR2_239V2_SEED, 20, - "239 bit binary curve from the X9.62 draft" + "239 bit binary curve from X9.62" }; static const unsigned char _EC_X9_62_CHAR2_239V3_SEED[] = { @@ -877,7 +877,7 @@ static const EC_CURVE_DATA _EC_X9_62_CHAR2_239V3 = { "2E5A0EAF6E5E1305B9004DCE5C0ED7FE59A35608F33837C816D80B79F461", "0CCCCCCCCCCCCCCCCCCCCCCCCCCCCCAC4912D2D9DF903EF9888B8A0E4CFF", 0xA, _EC_X9_62_CHAR2_239V3_SEED, 20, - "239 bit binary curve from the X9.62 draft" + "239 bit binary curve from X9.62" }; static const EC_CURVE_DATA _EC_X9_62_CHAR2_272W1 = { @@ -891,7 +891,7 @@ static const EC_CURVE_DATA _EC_X9_62_CHAR2_272W1 = { "000100FAF51354E0E39E4892DF6E319C72C8161603FA45AA7B998A167B8F1E629521", 0xFF06, NULL, 0, - "272 bit binary curve from the X9.62 draft" + "272 bit binary curve from X9.62" }; static const EC_CURVE_DATA _EC_X9_62_CHAR2_304W1 = { @@ -909,7 +909,7 @@ static const EC_CURVE_DATA _EC_X9_62_CHAR2_304W1 = { "000101D556572AABAC800101D556572AABAC8001022D5C91DD173F8FB561DA6899164" "443051D", 0xFE2E, NULL, 0, - "304 bit binary curve from the X9.62 draft" + "304 bit binary curve from X9.62" }; static const unsigned char _EC_X9_62_CHAR2_359V1_SEED[] = { @@ -930,7 +930,7 @@ static const EC_CURVE_DATA _EC_X9_62_CHAR2_359V1 = { "01AF286BCA1AF286BCA1AF286BCA1AF286BCA1AF286BC9FB8F6B85C556892C20A7EB9" "64FE7719E74F490758D3B", 0x4C, _EC_X9_62_CHAR2_359V1_SEED, 20, - "359 bit binary curve from the X9.62 draft" + "359 bit binary curve from X9.62" }; static const EC_CURVE_DATA _EC_X9_62_CHAR2_368W1 = { @@ -948,7 +948,7 @@ static const EC_CURVE_DATA _EC_X9_62_CHAR2_368W1 = { "00010090512DA9AF72B08349D98A5DD4C7B0532ECA51CE03E2D10F3B7AC579BD87E90" "9AE40A6F131E9CFCE5BD967", 0xFF70, NULL, 0, - "368 bit binary curve from the X9.62 draft" + "368 bit binary curve from X9.62" }; static const EC_CURVE_DATA _EC_X9_62_CHAR2_431R1 = { @@ -966,7 +966,7 @@ static const EC_CURVE_DATA _EC_X9_62_CHAR2_431R1 = { "0340340340340340340340340340340340340340340340340340340323C313FAB5058" "9703B5EC68D3587FEC60D161CC149C1AD4A91", 0x2760, NULL, 0, - "431 bit binary curve from the X9.62 draft" + "431 bit binary curve from X9.62" }; static const EC_CURVE_DATA _EC_WTLS_1 = { @@ -996,14 +996,16 @@ static const ec_list_element curve_list[] = { { NID_secp160k1, &_EC_SECG_PRIME_160K1}, { NID_secp160r1, &_EC_SECG_PRIME_160R1}, { NID_secp160r2, &_EC_SECG_PRIME_160R2}, + /* SECG secp192r1 is the same as X9.62 prime192v1 and hence omitted */ { NID_secp192k1, &_EC_SECG_PRIME_192K1}, { NID_secp224k1, &_EC_SECG_PRIME_224K1}, { NID_secp224r1, &_EC_NIST_PRIME_224}, { NID_secp256k1, &_EC_SECG_PRIME_256K1}, + /* SECG secp256r1 is the same as X9.62 prime256v1 and hence omitted */ { NID_secp384r1, &_EC_NIST_PRIME_384}, { NID_secp521r1, &_EC_NIST_PRIME_521}, /* X9.62 curves */ - { NID_X9_62_prime192v1, &_EC_NIST_PRIME_192}, + { NID_X9_62_prime192v1, &_EC_NIST_PRIME_192}, { NID_X9_62_prime192v2, &_EC_X9_62_PRIME_192V2}, { NID_X9_62_prime192v3, &_EC_X9_62_PRIME_192V3}, { NID_X9_62_prime239v1, &_EC_X9_62_PRIME_239V1}, diff --git a/crypto/objects/objects.txt b/crypto/objects/objects.txt index e13912e7a8..8ec0484c76 100644 --- a/crypto/objects/objects.txt +++ b/crypto/objects/objects.txt @@ -83,9 +83,13 @@ secg-ellipticCurve 9 : secp160k1 secg-ellipticCurve 8 : secp160r1 secg-ellipticCurve 30 : secp160r2 secg-ellipticCurve 31 : secp192k1 +# NOTE: the curve secp192r1 is the same as prime192v1 defined above +# and is therefore omitted secg-ellipticCurve 32 : secp224k1 secg-ellipticCurve 33 : secp224r1 secg-ellipticCurve 10 : secp256k1 +# NOTE: the curve secp256r1 is the same as prime256v1 defined above +# and is therefore omitted secg-ellipticCurve 34 : secp384r1 secg-ellipticCurve 35 : secp521r1 # SECG characteristic two curves OIDs From 018c56fdcad95befe7fe07b51d4c04d9af866c24 Mon Sep 17 00:00:00 2001 From: =?UTF-8?q?Lutz=20J=C3=A4nicke?= Date: Thu, 16 Jan 2003 17:22:30 +0000 Subject: [PATCH 011/393] Armor against systems without ranlib... Submitted by: Thierry Lelegard PR: 461 --- crypto/engine/Makefile.ssl | 2 +- crypto/krb5/Makefile.ssl | 2 +- crypto/ocsp/Makefile.ssl | 2 +- crypto/ui/Makefile.ssl | 2 +- 4 files changed, 4 insertions(+), 4 deletions(-) diff --git a/crypto/engine/Makefile.ssl b/crypto/engine/Makefile.ssl index 144526aedd..6b99263724 100644 --- a/crypto/engine/Makefile.ssl +++ b/crypto/engine/Makefile.ssl @@ -46,7 +46,7 @@ all: lib lib: $(LIBOBJ) $(AR) $(LIB) $(LIBOBJ) - $(RANLIB) $(LIB) + $(RANLIB) $(LIB) || echo Never mind. @touch lib files: diff --git a/crypto/krb5/Makefile.ssl b/crypto/krb5/Makefile.ssl index cc47c05472..7136d7a402 100644 --- a/crypto/krb5/Makefile.ssl +++ b/crypto/krb5/Makefile.ssl @@ -41,7 +41,7 @@ all: lib lib: $(LIBOBJ) $(AR) $(LIB) $(LIBOBJ) - $(RANLIB) $(LIB) + $(RANLIB) $(LIB) || echo Never mind. @touch lib files: diff --git a/crypto/ocsp/Makefile.ssl b/crypto/ocsp/Makefile.ssl index 171a89ee79..8f26819532 100644 --- a/crypto/ocsp/Makefile.ssl +++ b/crypto/ocsp/Makefile.ssl @@ -43,7 +43,7 @@ all: lib lib: $(LIBOBJ) $(AR) $(LIB) $(LIBOBJ) - $(RANLIB) $(LIB) + $(RANLIB) $(LIB) || echo Never mind. @touch lib files: diff --git a/crypto/ui/Makefile.ssl b/crypto/ui/Makefile.ssl index 256f536a68..90ae7d4a4a 100644 --- a/crypto/ui/Makefile.ssl +++ b/crypto/ui/Makefile.ssl @@ -44,7 +44,7 @@ all: lib lib: $(LIBOBJ) $(AR) $(LIB) $(LIBOBJ) - $(RANLIB) $(LIB) + $(RANLIB) $(LIB) || echo Never mind. @touch lib files: From 8228f302ddcb8b80ddc3696ce68f74af8bf8ae44 Mon Sep 17 00:00:00 2001 From: Richard Levitte Date: Thu, 16 Jan 2003 17:28:46 +0000 Subject: [PATCH 012/393] Add some debugging output. --- crypto/comp/c_zlib.c | 10 ++++++++++ 1 file changed, 10 insertions(+) diff --git a/crypto/comp/c_zlib.c b/crypto/comp/c_zlib.c index d31ab63ad2..3bcb7c9600 100644 --- a/crypto/comp/c_zlib.c +++ b/crypto/comp/c_zlib.c @@ -207,6 +207,11 @@ static int zlib_stateful_compress_block(COMP_CTX *ctx, unsigned char *out, err = deflate(&state->ostream, Z_SYNC_FLUSH); if (err != Z_OK) return -1; +#ifdef DEBUG_ZLIB + fprintf(stderr,"compress(%4d)->%4d %s\n", + ilen,olen - state->ostream.avail_out, + (ilen != olen - state->ostream.avail_out)?"zlib":"clear"); +#endif return olen - state->ostream.avail_out; } @@ -230,6 +235,11 @@ static int zlib_stateful_expand_block(COMP_CTX *ctx, unsigned char *out, err = inflate(&state->istream, Z_SYNC_FLUSH); if (err != Z_OK) return -1; +#ifdef DEBUG_ZLIB + fprintf(stderr,"expand(%4d)->%4d %s\n", + ilen,olen - state->istream.avail_out, + (ilen != olen - state->istream.avail_out)?"zlib":"clear"); +#endif return olen - state->istream.avail_out; } From c00cee00fd8756ca94c162794e02d7bf73a77ecf Mon Sep 17 00:00:00 2001 From: Richard Levitte Date: Thu, 16 Jan 2003 18:29:30 +0000 Subject: [PATCH 013/393] FreeBSD has /dev/crypto as well. PR: 462 --- crypto/engine/eng_all.c | 12 +++++------ crypto/engine/eng_cryptodev.c | 40 ++++++++++++++++++----------------- crypto/evp/c_all.c | 4 ++-- 3 files changed, 29 insertions(+), 27 deletions(-) diff --git a/crypto/engine/eng_all.c b/crypto/engine/eng_all.c index 6bb7e93bb2..7cc05bfe0b 100644 --- a/crypto/engine/eng_all.c +++ b/crypto/engine/eng_all.c @@ -97,19 +97,19 @@ void ENGINE_load_builtin_engines(void) ENGINE_load_4758cca(); #endif #endif -#ifdef __OpenBSD__ +#if defined(__OpenBSD__) || defined(__FreeBSD__) ENGINE_load_cryptodev(); #endif #endif } -#ifdef __OpenBSD__ -void ENGINE_setup_openbsd(void) { - static int openbsd_default_loaded = 0; - if (!openbsd_default_loaded) { +#if defined(__OpenBSD__) || defined(__FreeBSD__) +void ENGINE_setup_bsd_cryptodev(void) { + static int bsd_cryptodev_default_loaded = 0; + if (!bsd_cryptodev_default_loaded) { ENGINE_load_cryptodev(); ENGINE_register_all_complete(); } - openbsd_default_loaded=1; + bsd_cryptodev_default_loaded=1; } #endif diff --git a/crypto/engine/eng_cryptodev.c b/crypto/engine/eng_cryptodev.c index be7ed6bb3f..a658528d31 100644 --- a/crypto/engine/eng_cryptodev.c +++ b/crypto/engine/eng_cryptodev.c @@ -33,31 +33,28 @@ #include #include -#ifndef __OpenBSD__ - -void -ENGINE_load_cryptodev(void) -{ - /* This is a NOP unless __OpenBSD__ is defined */ - return; -} - -#else /* __OpenBSD__ */ - -#include +#if (defined(__unix__) || defined(unix)) && !defined(USG) #include +# if (OpenBSD >= 200112) || ((__FreeBSD_version >= 470101 && __FreeBSD_version < 50000) || __FreeBSD_version >= 50041) +# define HAVE_CRYPTODEV +# endif +# if (OpenBSD >= 200110) +# define HAVE_SYSLOG_R +# endif +#endif -#if OpenBSD < 200112 +#ifndef HAVE_CRYPTODEV void ENGINE_load_cryptodev(void) { - /* This is a NOP unless we have release 3.0 (released december 2001) */ + /* This is a NOP on platforms without /dev/crypto */ return; } -#else /* OpenBSD 3.0 or above */ - +#else + +#include #include #include #include @@ -1032,12 +1029,18 @@ static DH_METHOD cryptodev_dh = { static int cryptodev_ctrl(ENGINE *e, int cmd, long i, void *p, void (*f)()) { +#ifdef HAVE_SYSLOG_R struct syslog_data sd = SYSLOG_DATA_INIT; +#endif switch (cmd) { default: +#ifdef HAVE_SYSLOG_R syslog_r(LOG_ERR, &sd, "cryptodev_ctrl: unknown command %d", cmd); +#else + syslog(LOG_ERR, "cryptodev_ctrl: unknown command %d", cmd); +#endif break; } return (1); @@ -1064,7 +1067,7 @@ ENGINE_load_cryptodev(void) close(fd); if (!ENGINE_set_id(engine, "cryptodev") || - !ENGINE_set_name(engine, "OpenBSD cryptodev engine") || + !ENGINE_set_name(engine, "BSD cryptodev engine") || !ENGINE_set_ciphers(engine, cryptodev_engine_ciphers) || !ENGINE_set_digests(engine, cryptodev_engine_digests) || !ENGINE_set_ctrl_function(engine, cryptodev_ctrl) || @@ -1126,5 +1129,4 @@ ENGINE_load_cryptodev(void) ERR_clear_error(); } -#endif /* OpenBSD 3.0 or above */ -#endif /* __OpenBSD__ */ +#endif /* HAVE_CRYPTODEV */ diff --git a/crypto/evp/c_all.c b/crypto/evp/c_all.c index 1bd54d791e..af3dd26162 100644 --- a/crypto/evp/c_all.c +++ b/crypto/evp/c_all.c @@ -73,7 +73,7 @@ void OPENSSL_add_all_algorithms_noconf(void) { OpenSSL_add_all_ciphers(); OpenSSL_add_all_digests(); -#ifdef __OpenBSD__ - ENGINE_setup_openbsd(); +#if defined(__OpenBSD__) || defined(__FreeBSD__) + ENGINE_setup_bsd_cryptodev(); #endif } From 06492aef016507799fb8bd7ffa7d9bcd6ee1cd19 Mon Sep 17 00:00:00 2001 From: Richard Levitte Date: Thu, 16 Jan 2003 21:20:30 +0000 Subject: [PATCH 014/393] make update --- TABLE | 2 +- 1 file changed, 1 insertion(+), 1 deletion(-) diff --git a/TABLE b/TABLE index 7bce67f7fc..4609761306 100644 --- a/TABLE +++ b/TABLE @@ -3431,7 +3431,7 @@ $cflags = -O6 -Xa -Hoff=BEHAVED -686 -Hwide -Hiw $unistd = $thread_cflag = (unknown) $sys_id = -$lflags = -lsocket -lnsl +$lflags = -lsocket -lnsl -lc89 $bn_ops = DES_PTR DES_RISC1 DES_UNROLL RC4_INDEX MD2_INT $bn_obj = $des_obj = From 2f0952450199c529e515e2476c449508059036b4 Mon Sep 17 00:00:00 2001 From: Richard Levitte Date: Thu, 16 Jan 2003 21:32:56 +0000 Subject: [PATCH 015/393] A few more files to ignore --- crypto/bf/asm/.cvsignore | 1 + crypto/bn/asm/.cvsignore | 2 ++ crypto/des/asm/.cvsignore | 3 +++ crypto/md5/asm/.cvsignore | 1 + crypto/rc4/asm/.cvsignore | 1 + crypto/rc5/asm/.cvsignore | 1 + crypto/ripemd/asm/.cvsignore | 1 + crypto/sha/asm/.cvsignore | 1 + 8 files changed, 11 insertions(+) diff --git a/crypto/bf/asm/.cvsignore b/crypto/bf/asm/.cvsignore index 9505a25ec6..3e14af16d0 100644 --- a/crypto/bf/asm/.cvsignore +++ b/crypto/bf/asm/.cvsignore @@ -1 +1,2 @@ bx86unix.cpp +bx86-elf.s diff --git a/crypto/bn/asm/.cvsignore b/crypto/bn/asm/.cvsignore index bb16ec91c3..671eb02019 100644 --- a/crypto/bn/asm/.cvsignore +++ b/crypto/bn/asm/.cvsignore @@ -1,2 +1,4 @@ bn86unix.cpp co86unix.cpp +bn86-elf.s +co86-elf.s diff --git a/crypto/des/asm/.cvsignore b/crypto/des/asm/.cvsignore index f300536224..c8436379e4 100644 --- a/crypto/des/asm/.cvsignore +++ b/crypto/des/asm/.cvsignore @@ -1,2 +1,5 @@ dx86unix.cpp yx86unix.cpp +des_enc-sparc.S +dx86-elf.s +yx86-elf.s diff --git a/crypto/md5/asm/.cvsignore b/crypto/md5/asm/.cvsignore index 085a1b1a96..5dd0091ca7 100644 --- a/crypto/md5/asm/.cvsignore +++ b/crypto/md5/asm/.cvsignore @@ -1 +1,2 @@ mx86unix.cpp +mx86-elf.s diff --git a/crypto/rc4/asm/.cvsignore b/crypto/rc4/asm/.cvsignore index 0ec20dc6ff..b261702507 100644 --- a/crypto/rc4/asm/.cvsignore +++ b/crypto/rc4/asm/.cvsignore @@ -1 +1,2 @@ rx86unix.cpp +rx86-elf.s diff --git a/crypto/rc5/asm/.cvsignore b/crypto/rc5/asm/.cvsignore index f60a6a8d65..855415c90e 100644 --- a/crypto/rc5/asm/.cvsignore +++ b/crypto/rc5/asm/.cvsignore @@ -1 +1,2 @@ r586unix.cpp +r586-elf.s diff --git a/crypto/ripemd/asm/.cvsignore b/crypto/ripemd/asm/.cvsignore index 64d70dbf32..e18b24f965 100644 --- a/crypto/ripemd/asm/.cvsignore +++ b/crypto/ripemd/asm/.cvsignore @@ -1 +1,2 @@ rm86unix.cpp +rm86-elf.s diff --git a/crypto/sha/asm/.cvsignore b/crypto/sha/asm/.cvsignore index 5e8206257c..748a54a4b5 100644 --- a/crypto/sha/asm/.cvsignore +++ b/crypto/sha/asm/.cvsignore @@ -1 +1,2 @@ sx86unix.cpp +sx86-elf.s From 0bdd2da5d222c1dad24b5479e0677e5a5fdd3cee Mon Sep 17 00:00:00 2001 From: Richard Levitte Date: Thu, 16 Jan 2003 21:36:17 +0000 Subject: [PATCH 016/393] Ingore the correct flag file. --- engines/.cvsignore | 2 +- 1 file changed, 1 insertion(+), 1 deletion(-) diff --git a/engines/.cvsignore b/engines/.cvsignore index bb22714f15..695fdd0059 100644 --- a/engines/.cvsignore +++ b/engines/.cvsignore @@ -1,2 +1,2 @@ Makefile.save -libs +lib From 59ae8c941916a2f8850c59638cb0ee4329d57b3e Mon Sep 17 00:00:00 2001 From: "Dr. Stephen Henson" Date: Fri, 17 Jan 2003 00:48:47 +0000 Subject: [PATCH 017/393] EVP_DecryptInit() should call EVP_CipherInit() not EVP_CipherInit_ex(). --- crypto/evp/evp_enc.c | 2 +- 1 file changed, 1 insertion(+), 1 deletion(-) diff --git a/crypto/evp/evp_enc.c b/crypto/evp/evp_enc.c index 66c48d1431..ccfcc7e1b1 100644 --- a/crypto/evp/evp_enc.c +++ b/crypto/evp/evp_enc.c @@ -236,7 +236,7 @@ int EVP_EncryptInit_ex(EVP_CIPHER_CTX *ctx,const EVP_CIPHER *cipher, ENGINE *imp int EVP_DecryptInit(EVP_CIPHER_CTX *ctx, const EVP_CIPHER *cipher, const unsigned char *key, const unsigned char *iv) { - return EVP_CipherInit_ex(ctx, cipher, NULL, key, iv, 0); + return EVP_CipherInit(ctx, cipher, key, iv, 0); } int EVP_DecryptInit_ex(EVP_CIPHER_CTX *ctx, const EVP_CIPHER *cipher, ENGINE *impl, From 726c2231431f811d12bdfcd83052eb62d1fc626b Mon Sep 17 00:00:00 2001 From: Andy Polyakov Date: Sat, 18 Jan 2003 15:13:03 +0000 Subject: [PATCH 018/393] Fix for AIX shared build, see RT#463. --- Configure | 4 ++-- config | 4 ++++ 2 files changed, 6 insertions(+), 2 deletions(-) diff --git a/Configure b/Configure index 77762cb2cd..3d74ceb105 100755 --- a/Configure +++ b/Configure @@ -440,9 +440,9 @@ my %table=( # IBM's AIX. "aix-cc", "cc:-O -DB_ENDIAN -qmaxmem=16384::(unknown):AIX::BN_LLONG RC4_CHAR:::", "aix-gcc", "gcc:-O3 -DB_ENDIAN::(unknown):AIX::BN_LLONG RC4_CHAR:::", -"aix43-cc", "cc:-O -DAIX -DB_ENDIAN -qmaxmem=16384::(unknown):::BN_LLONG RC4_CHAR::::::::::dlfcn:", +"aix43-cc", "cc:-O -DAIX -DB_ENDIAN -qmaxmem=16384::(unknown):::BN_LLONG RC4_CHAR::::::::::dlfcn:aix-shared:::.so.\$(SHLIB_MAJOR).\$(SHLIB_MINOR)::", "aix43-gcc", "gcc:-O1 -DAIX -DB_ENDIAN::(unknown):::BN_LLONG RC4_CHAR::::::::::dlfcn:", -"aix64-cc", "cc:-O -DAIX -DB_ENDIAN -qmaxmem=16384 -q64::(unknown):::SIXTY_FOUR_BIT_LONG RC4_CHAR::::::::::dlfcn::::::-X 64", +"aix64-cc", "cc:-O -DAIX -DB_ENDIAN -qmaxmem=16384 -q64::(unknown):::SIXTY_FOUR_BIT_LONG RC4_CHAR::::::::::dlfcn:aix-shared::-q64:.so.\$(SHLIB_MAJOR).\$(SHLIB_MINOR)::-X 64", # # Cray T90 and similar (SDSC) diff --git a/config b/config index fe8a441b28..e72b982288 100755 --- a/config +++ b/config @@ -464,6 +464,10 @@ if [ "${SYSTEM}-${MACHINE}" = "Linux-alpha" ]; then fi fi +if [ "${SYSTEM}" = "AIX" ]; then # favor vendor cc over gcc + (cc) 2>&1 | grep -iv "command not found" > /dev/null && CC=cc +fi + CCVER=${CCVER:-0} # read the output of the embedded GuessOS From 7c4e24af38a70213b42519d65a29d8c0ac6c0940 Mon Sep 17 00:00:00 2001 From: Andy Polyakov Date: Sat, 18 Jan 2003 15:17:26 +0000 Subject: [PATCH 019/393] Caldera/SCO targets erroneously limit themselves to 386. See RT#464. --- config | 39 ++++++++++++++++----------------------- 1 file changed, 16 insertions(+), 23 deletions(-) diff --git a/config b/config index e72b982288..16286a59e9 100755 --- a/config +++ b/config @@ -74,34 +74,27 @@ if [ "x$XREL" != "x" ]; then echo "whatever-whatever-sco5"; exit 0 ;; 4.2MP) - if [ "x$VERSION" = "x2.01" ]; then - echo "${MACHINE}-whatever-unixware201"; exit 0 - elif [ "x$VERSION" = "x2.02" ]; then - echo "${MACHINE}-whatever-unixware202"; exit 0 - elif [ "x$VERSION" = "x2.03" ]; then - echo "${MACHINE}-whatever-unixware203"; exit 0 - elif [ "x$VERSION" = "x2.1.1" ]; then - echo "${MACHINE}-whatever-unixware211"; exit 0 - elif [ "x$VERSION" = "x2.1.2" ]; then - echo "${MACHINE}-whatever-unixware212"; exit 0 - elif [ "x$VERSION" = "x2.1.3" ]; then - echo "${MACHINE}-whatever-unixware213"; exit 0 - else - echo "${MACHINE}-whatever-unixware2"; exit 0 - fi + case "x${VERSION}" in + x2.0*) echo "${MACHINE}-whatever-unixware20"; exit 0 ;; + x2.1*) echo "${MACHINE}-whatever-unixware21"; exit 0 ;; + x2*) echo "${MACHINE}-whatever-unixware2"; exit 0 ;; + esac ;; 4.2) echo "whatever-whatever-unixware1"; exit 0 ;; - OpenUNIX) - if [ "`echo x$VERSION | sed -e 's/\..*//'`" = "x8" ]; then - echo "${MACHINE}-unknown-OpenUNIX${VERSION}"; exit 0 - fi - ;; 5) - if [ "`echo x$VERSION | sed -e 's/\..*//'`" = "x7" ]; then - echo "${MACHINE}-sco-unixware7"; exit 0 - fi + case "x${VERSION}" in + # We hardcode i586 in place of ${MACHINE} for the + # following reason. The catch is that even though Pentium + # is minimum requirement for platforms in question, + # ${MACHINE} gets always assigned to i386. Now, problem + # with i386 is that it makes ./config pass 386 to + # ./Configure, which in turn makes make generate + # inefficient SHA-1 (for this moment) code. + x7*) echo "i586-sco-unixware7"; exit 0 ;; + x8*) echo "i586-unkn-OpenUNIX${VERSION}; exit 0 ;; + esac ;; esac fi From 80bcbaa02fb526065260711594b31402f9541bf3 Mon Sep 17 00:00:00 2001 From: Andy Polyakov Date: Sat, 18 Jan 2003 18:12:23 +0000 Subject: [PATCH 020/393] -lresolv is not present on SCO Unix, RT#460. --- Configure | 4 ++-- 1 file changed, 2 insertions(+), 2 deletions(-) diff --git a/Configure b/Configure index 3d74ceb105..37e4b66831 100755 --- a/Configure +++ b/Configure @@ -433,8 +433,8 @@ my %table=( "OpenUNIX-8-gcc","gcc:-O -DFILIO_H -fomit-frame-pointer::-pthread::-lsocket -lnsl:BN_LLONG MD2_CHAR RC4_INDEX ${x86_gcc_des}:${x86_elf_asm}:dlfcn:svr5-shared:-fPIC::.so.\$(SHLIB_MAJOR).\$(SHLIB_MINOR)", "sco3-gcc", "gcc:-O3 -fomit-frame-pointer -Dssize_t=int -DNO_SYS_UN_H::(unknown)::-lsocket:BN_LLONG ${x86_gcc_des} ${x86_gcc_opts}:::", # the SCO assembler doesn't seem to like our assembler files ... # SCO 5 - Ben Laurie says the -O breaks the SCO cc. -"sco5-cc", "cc:-belf::(unknown)::-lsocket -lresolv -lnsl:${x86_gcc_des} ${x86_gcc_opts}:${x86_elf_asm}:dlfcn:svr3-shared:-Kpic", -"sco5-gcc", "gcc:-O3 -fomit-frame-pointer::(unknown)::-lsocket -lresolv -lnsl:BN_LLONG ${x86_gcc_des} ${x86_gcc_opts}:${x86_elf_asm}:dlfcn:svr3-shared:-fPIC", +"sco5-cc", "cc:-belf::(unknown)::-lsocket -lnsl:${x86_gcc_des} ${x86_gcc_opts}:${x86_elf_asm}:dlfcn:svr3-shared:-Kpic", +"sco5-gcc", "gcc:-O3 -fomit-frame-pointer::(unknown)::-lsocket -lnsl:BN_LLONG ${x86_gcc_des} ${x86_gcc_opts}:${x86_elf_asm}:dlfcn:svr3-shared:-fPIC", # IBM's AIX. From 42bf2a5cdc849f4ff8437f976a1598728d1baa1f Mon Sep 17 00:00:00 2001 From: Andy Polyakov Date: Sat, 18 Jan 2003 21:57:30 +0000 Subject: [PATCH 021/393] SCO target missed .so suffix. --- Configure | 4 ++-- 1 file changed, 2 insertions(+), 2 deletions(-) diff --git a/Configure b/Configure index 37e4b66831..4d227e6d88 100755 --- a/Configure +++ b/Configure @@ -433,8 +433,8 @@ my %table=( "OpenUNIX-8-gcc","gcc:-O -DFILIO_H -fomit-frame-pointer::-pthread::-lsocket -lnsl:BN_LLONG MD2_CHAR RC4_INDEX ${x86_gcc_des}:${x86_elf_asm}:dlfcn:svr5-shared:-fPIC::.so.\$(SHLIB_MAJOR).\$(SHLIB_MINOR)", "sco3-gcc", "gcc:-O3 -fomit-frame-pointer -Dssize_t=int -DNO_SYS_UN_H::(unknown)::-lsocket:BN_LLONG ${x86_gcc_des} ${x86_gcc_opts}:::", # the SCO assembler doesn't seem to like our assembler files ... # SCO 5 - Ben Laurie says the -O breaks the SCO cc. -"sco5-cc", "cc:-belf::(unknown)::-lsocket -lnsl:${x86_gcc_des} ${x86_gcc_opts}:${x86_elf_asm}:dlfcn:svr3-shared:-Kpic", -"sco5-gcc", "gcc:-O3 -fomit-frame-pointer::(unknown)::-lsocket -lnsl:BN_LLONG ${x86_gcc_des} ${x86_gcc_opts}:${x86_elf_asm}:dlfcn:svr3-shared:-fPIC", +"sco5-cc", "cc:-belf::(unknown)::-lsocket -lnsl:${x86_gcc_des} ${x86_gcc_opts}:${x86_elf_asm}:dlfcn:svr3-shared:-Kpic::.so.\$(SHLIB_MAJOR).\$(SHLIB_MINOR)", +"sco5-gcc", "gcc:-O3 -fomit-frame-pointer::(unknown)::-lsocket -lnsl:BN_LLONG ${x86_gcc_des} ${x86_gcc_opts}:${x86_elf_asm}:dlfcn:svr3-shared:-fPIC::.so.\$(SHLIB_MAJOR).\$(SHLIB_MINOR)", # IBM's AIX. From 59b846c5156772a5ee556212dfd63e1988aed532 Mon Sep 17 00:00:00 2001 From: Andy Polyakov Date: Sun, 19 Jan 2003 11:39:19 +0000 Subject: [PATCH 022/393] Oops! Missed closing quote... Didn't have time to verify before a snapshot was cut... --- config | 4 ++-- 1 file changed, 2 insertions(+), 2 deletions(-) diff --git a/config b/config index 16286a59e9..a2a56754a0 100755 --- a/config +++ b/config @@ -92,8 +92,8 @@ if [ "x$XREL" != "x" ]; then # with i386 is that it makes ./config pass 386 to # ./Configure, which in turn makes make generate # inefficient SHA-1 (for this moment) code. - x7*) echo "i586-sco-unixware7"; exit 0 ;; - x8*) echo "i586-unkn-OpenUNIX${VERSION}; exit 0 ;; + x7*) echo "i586-sco-unixware7"; exit 0 ;; + x8*) echo "i586-unkn-OpenUNIX${VERSION}"; exit 0 ;; esac ;; esac From 722d17cbac898bf02ee8f75dabba87ab1373500d Mon Sep 17 00:00:00 2001 From: Andy Polyakov Date: Sun, 19 Jan 2003 21:29:59 +0000 Subject: [PATCH 023/393] This is an *initial* tune-up. This update puts Itanium2 back on par with Itanium. I mean if overall performance improvement over C version was X for Itanium, it's X even for Itanium2. --- crypto/bn/asm/ia64.S | 123 ++++++++++++++++++++++++++----------------- 1 file changed, 76 insertions(+), 47 deletions(-) diff --git a/crypto/bn/asm/ia64.S b/crypto/bn/asm/ia64.S index 04e0cc5409..7dfda85566 100644 --- a/crypto/bn/asm/ia64.S +++ b/crypto/bn/asm/ia64.S @@ -1,6 +1,6 @@ .explicit .text -.ident "ia64.S, Version 1.2" +.ident "ia64.S, Version 2.0" .ident "IA-64 ISA artwork by Andy Polyakov " // @@ -13,6 +13,35 @@ // disclaimed. // ==================================================================== // +// Version 2.x is Itanium2 re-tune. Few words about how Itanum2 is +// different from Itanium to this module viewpoint. Most notably, is it +// "wider" than Itanium? Can you experience loop scalability as +// discussed in commentary sections? Not really:-( Itanium2 has 6 +// integer ALU ports, i.e. it's 2 ports wider, but it's not enough to +// spin twice as fast, as I need 8 IALU ports. Amount of floating point +// ports is the same, i.e. 2, while I need 4. In other words, to this +// module Itanium2 remains effectively as "wide" as Itanium. Yet it's +// essentially different in respect to this module, and a re-tune was +// required. Well, because some intruction latencies has changed. Most +// noticeably those intensively used: +// +// Itanium Itanium2 +// ldf8 9 6 L2 hit +// ld8 2 1 L1 hit +// getf 2 5 +// xma[->getf] 7[+1] 4[+0] +// add[->st8] 1[+1] 1[+0] +// +// What does it mean? You might ratiocinate that the original code +// should run just faster... Because sum of latencies is smaller... +// Wrong! Note that getf latency increased. This means that if a loop is +// scheduled for lower latency (and they are), then it will suffer from +// stall condition and the code will therefore turn anti-scalable, e.g. +// original bn_mul_words spun at 5*n or 2.5 times slower than expected +// on Itanium2! What to do? Reschedule loops for Itanium2? But then +// Itanium would exhibit anti-scalability. So I've chosen to reschedule +// for worst latency for every instruction aiming for best *all-round* +// performance. // Q. How much faster does it get? // A. Here is the output from 'openssl speed rsa dsa' for vanilla @@ -283,7 +312,7 @@ bn_mul_words: #ifdef XMA_TEMPTATION { .mfi; alloc r2=ar.pfs,4,0,0,0 };; #else -{ .mfi; alloc r2=ar.pfs,4,4,0,8 };; +{ .mfi; alloc r2=ar.pfs,4,12,0,16 };; #endif { .mib; mov r8=r0 // return value cmp4.le p6,p0=r34,r0 @@ -296,8 +325,8 @@ bn_mul_words: .body { .mib; setf.sig f8=r35 // w - mov pr.rot=0x400001<<16 - // ------^----- serves as (p48) at first (p26) + mov pr.rot=0x800001<<16 + // ------^----- serves as (p50) at first (p27) brp.loop.imp .L_bn_mul_words_ctop,.L_bn_mul_words_cend-16 } @@ -312,14 +341,14 @@ bn_mul_words: mov r15=r33 // ap #endif mov ar.lc=r10 } -{ .mii; mov r39=0 // serves as r33 at first (p26) - mov ar.ec=12 };; +{ .mii; mov r40=0 // serves as r35 at first (p27) + mov ar.ec=13 };; -// This loop spins in 2*(n+11) ticks. It's scheduled for data in L2 -// cache (i.e. 9 ticks away) as floating point load/store instructions +// This loop spins in 2*(n+12) ticks. It's scheduled for data in Itanium +// L2 cache (i.e. 9 ticks away) as floating point load/store instructions // bypass L1 cache and L2 latency is actually best-case scenario for -// ldf8. The loop is not scalable and shall run in 2*(n+11) even on -// "wider" IA-64 implementations. It's a trade-off here. n+22 loop +// ldf8. The loop is not scalable and shall run in 2*(n+12) even on +// "wider" IA-64 implementations. It's a trade-off here. n+24 loop // would give us ~5% in *overall* performance improvement on "wider" // IA-64, but would hurt Itanium for about same because of longer // epilogue. As it's a matter of few percents in either case I've @@ -327,25 +356,25 @@ bn_mul_words: // this very instruction sequence in bn_mul_add_words loop which in // turn is scalable). .L_bn_mul_words_ctop: -{ .mfi; (p25) getf.sig r36=f49 // low - (p21) xmpy.lu f45=f37,f8 - (p27) cmp.ltu p52,p48=r39,r38 } +{ .mfi; (p25) getf.sig r36=f52 // low + (p21) xmpy.lu f48=f37,f8 + (p28) cmp.ltu p54,p50=r41,r39 } { .mfi; (p16) ldf8 f32=[r15],8 - (p21) xmpy.hu f38=f37,f8 + (p21) xmpy.hu f40=f37,f8 (p0) nop.i 0x0 };; -{ .mii; (p26) getf.sig r32=f43 // high - .pred.rel "mutex",p48,p52 - (p48) add r38=r37,r33 // (p26) - (p52) add r38=r37,r33,1 } // (p26) -{ .mfb; (p27) st8 [r14]=r39,8 +{ .mii; (p25) getf.sig r32=f44 // high + .pred.rel "mutex",p50,p54 + (p50) add r40=r38,r35 // (p27) + (p54) add r40=r38,r35,1 } // (p27) +{ .mfb; (p28) st8 [r14]=r41,8 (p0) nop.f 0x0 br.ctop.sptk .L_bn_mul_words_ctop };; .L_bn_mul_words_cend: { .mii; nop.m 0x0 -.pred.rel "mutex",p49,p53 -(p49) add r8=r34,r0 -(p53) add r8=r34,r0,1 } +.pred.rel "mutex",p51,p55 +(p51) add r8=r36,r0 +(p55) add r8=r36,r0,1 } { .mfb; nop.m 0x0 nop.f 0x0 nop.b 0x0 } @@ -412,8 +441,8 @@ bn_mul_add_words: .body { .mib; setf.sig f8=r35 // w - mov pr.rot=0x400001<<16 - // ------^----- serves as (p48) at first (p26) + mov pr.rot=0x800001<<16 + // ------^----- serves as (p50) at first (p27) brp.loop.imp .L_bn_mul_add_words_ctop,.L_bn_mul_add_words_cend-16 } { .mii; @@ -425,55 +454,55 @@ bn_mul_add_words: mov r15=r33 // ap #endif mov ar.lc=r10 } -{ .mii; mov r39=0 // serves as r33 at first (p26) +{ .mii; mov r40=0 // serves as r35 at first (p27) #if defined(_HPUX_SOURCE) && defined(_ILP32) addp4 r18=0,r32 // rp copy #else mov r18=r32 // rp copy #endif - mov ar.ec=14 };; + mov ar.ec=15 };; -// This loop spins in 3*(n+13) ticks on Itanium and should spin in -// 2*(n+13) on "wider" IA-64 implementations (to be verified with new +// This loop spins in 3*(n+14) ticks on Itanium and should spin in +// 2*(n+14) on "wider" IA-64 implementations (to be verified with new // ľ-architecture manuals as they become available). As usual it's // possible to compress the epilogue, down to 10 in this case, at the // cost of scalability. Compressed (and therefore non-scalable) loop -// running at 3*(n+10) would buy you ~10% on Itanium but take ~35% +// running at 3*(n+11) would buy you ~10% on Itanium but take ~35% // from "wider" IA-64 so let it be scalable! Special attention was // paid for having the loop body split at 64-byte boundary. ld8 is // scheduled for L1 cache as the data is more than likely there. // Indeed, bn_mul_words has put it there a moment ago:-) .L_bn_mul_add_words_ctop: -{ .mfi; (p25) getf.sig r36=f49 // low - (p21) xmpy.lu f45=f37,f8 - (p27) cmp.ltu p52,p48=r39,r38 } +{ .mfi; (p25) getf.sig r36=f52 // low + (p21) xmpy.lu f48=f37,f8 + (p28) cmp.ltu p54,p50=r41,r39 } { .mfi; (p16) ldf8 f32=[r15],8 - (p21) xmpy.hu f38=f37,f8 - (p27) add r43=r43,r39 };; -{ .mii; (p26) getf.sig r32=f43 // high - .pred.rel "mutex",p48,p52 - (p48) add r38=r37,r33 // (p26) - (p52) add r38=r37,r33,1 } // (p26) -{ .mfb; (p27) cmp.ltu.unc p56,p0=r43,r39 + (p21) xmpy.hu f40=f37,f8 + (p28) add r45=r45,r41 };; +{ .mii; (p25) getf.sig r32=f44 // high + .pred.rel "mutex",p50,p54 + (p50) add r40=r38,r35 // (p27) + (p54) add r40=r38,r35,1 } // (p27) +{ .mfb; (p28) cmp.ltu.unc p60,p0=r45,r41 (p0) nop.f 0x0 (p0) nop.b 0x0 } -{ .mii; (p26) ld8 r42=[r18],8 - (p58) cmp.eq.or p57,p0=-1,r44 - (p58) add r44=1,r44 } -{ .mfb; (p29) st8 [r14]=r45,8 +{ .mii; (p27) ld8 r44=[r18],8 + (p62) cmp.eq.or p61,p0=-1,r46 + (p62) add r46=1,r46 } +{ .mfb; (p30) st8 [r14]=r47,8 (p0) nop.f 0x0 br.ctop.sptk .L_bn_mul_add_words_ctop};; .L_bn_mul_add_words_cend: { .mii; nop.m 0x0 -.pred.rel "mutex",p51,p55 -(p51) add r8=r36,r0 -(p55) add r8=r36,r0,1 } +.pred.rel "mutex",p53,p57 +(p53) add r8=r38,r0 +(p57) add r8=r38,r0,1 } { .mfb; nop.m 0x0 nop.f 0x0 nop.b 0x0 };; { .mii; -(p59) add r8=1,r8 +(p63) add r8=1,r8 mov pr=r9,0x1ffff mov ar.lc=r3 } { .mfb; rum 1<<5 // clear um.mfh From 9abff96b2f488163e8f340161b9d70f4ffb7b2b7 Mon Sep 17 00:00:00 2001 From: Andy Polyakov Date: Sun, 19 Jan 2003 21:47:06 +0000 Subject: [PATCH 024/393] Suggestion was to change ${MACHINE} to i586 in lines in question. Well, "whatever" doesn't the same (avoids 386 being passed to ./Configure), consistent with other elder SCO targets and denotes that we probably shouldn't care much about every out-of-date platform. --- config | 6 +++--- 1 file changed, 3 insertions(+), 3 deletions(-) diff --git a/config b/config index a2a56754a0..72905c90ed 100755 --- a/config +++ b/config @@ -75,9 +75,9 @@ if [ "x$XREL" != "x" ]; then ;; 4.2MP) case "x${VERSION}" in - x2.0*) echo "${MACHINE}-whatever-unixware20"; exit 0 ;; - x2.1*) echo "${MACHINE}-whatever-unixware21"; exit 0 ;; - x2*) echo "${MACHINE}-whatever-unixware2"; exit 0 ;; + x2.0*) echo "whatever-whatever-unixware20"; exit 0 ;; + x2.1*) echo "whatever-whatever-unixware21"; exit 0 ;; + x2*) echo "whatever-whatever-unixware2"; exit 0 ;; esac ;; 4.2) From 9b3f03d5a23bd3abf22a48b07b11584ef8258434 Mon Sep 17 00:00:00 2001 From: =?UTF-8?q?Bodo=20M=C3=B6ller?= Date: Tue, 21 Jan 2003 09:53:14 +0000 Subject: [PATCH 025/393] fix warnings Submitted by: Nils Larsch --- crypto/ec/ec2_smpl.c | 8 ++++---- 1 file changed, 4 insertions(+), 4 deletions(-) diff --git a/crypto/ec/ec2_smpl.c b/crypto/ec/ec2_smpl.c index 1bc440eed1..a6fa4da7e6 100644 --- a/crypto/ec/ec2_smpl.c +++ b/crypto/ec/ec2_smpl.c @@ -170,8 +170,8 @@ int ec_GF2m_simple_group_copy(EC_GROUP *dest, const EC_GROUP *src) dest->poly[2] = src->poly[2]; dest->poly[3] = src->poly[3]; dest->poly[4] = src->poly[4]; - bn_wexpand(&dest->a, (dest->poly[0] + BN_BITS2 - 1) / BN_BITS2); - bn_wexpand(&dest->b, (dest->poly[0] + BN_BITS2 - 1) / BN_BITS2); + bn_wexpand(&dest->a, (int)(dest->poly[0] + BN_BITS2 - 1) / BN_BITS2); + bn_wexpand(&dest->b, (int)(dest->poly[0] + BN_BITS2 - 1) / BN_BITS2); for (i = dest->a.top; i < dest->a.dmax; i++) dest->a.d[i] = 0; for (i = dest->b.top; i < dest->b.dmax; i++) dest->b.d[i] = 0; return 1; @@ -195,12 +195,12 @@ int ec_GF2m_simple_group_set_curve(EC_GROUP *group, /* group->a */ if (!BN_GF2m_mod_arr(&group->a, a, group->poly)) goto err; - bn_wexpand(&group->a, (group->poly[0] + BN_BITS2 - 1) / BN_BITS2); + bn_wexpand(&group->a, (int)(group->poly[0] + BN_BITS2 - 1) / BN_BITS2); for (i = group->a.top; i < group->a.dmax; i++) group->a.d[i] = 0; /* group->b */ if (!BN_GF2m_mod_arr(&group->b, b, group->poly)) goto err; - bn_wexpand(&group->b, (group->poly[0] + BN_BITS2 - 1) / BN_BITS2); + bn_wexpand(&group->b, (int)(group->poly[0] + BN_BITS2 - 1) / BN_BITS2); for (i = group->b.top; i < group->b.dmax; i++) group->b.d[i] = 0; ret = 1; From 0c3426da8678d248c2ebfe02c84d6fdab122a21e Mon Sep 17 00:00:00 2001 From: Richard Levitte Date: Thu, 23 Jan 2003 08:10:04 +0000 Subject: [PATCH 026/393] Missing 0 broke FreeBSD build. PR: 470 --- crypto/engine/eng_cryptodev.c | 2 +- 1 file changed, 1 insertion(+), 1 deletion(-) diff --git a/crypto/engine/eng_cryptodev.c b/crypto/engine/eng_cryptodev.c index a658528d31..b32be08c8e 100644 --- a/crypto/engine/eng_cryptodev.c +++ b/crypto/engine/eng_cryptodev.c @@ -35,7 +35,7 @@ #if (defined(__unix__) || defined(unix)) && !defined(USG) #include -# if (OpenBSD >= 200112) || ((__FreeBSD_version >= 470101 && __FreeBSD_version < 50000) || __FreeBSD_version >= 50041) +# if (OpenBSD >= 200112) || ((__FreeBSD_version >= 470101 && __FreeBSD_version < 500000) || __FreeBSD_version >= 500041) # define HAVE_CRYPTODEV # endif # if (OpenBSD >= 200110) From 04da4558dd70add8069d90ef7c1a5dd17c7b76c2 Mon Sep 17 00:00:00 2001 From: Andy Polyakov Date: Thu, 23 Jan 2003 09:52:34 +0000 Subject: [PATCH 027/393] The patch speaks for itself. --- PROBLEMS | 9 +++++++++ 1 file changed, 9 insertions(+) diff --git a/PROBLEMS b/PROBLEMS index 62e395f0a5..1a956b5481 100644 --- a/PROBLEMS +++ b/PROBLEMS @@ -89,3 +89,12 @@ failures in other parts of the code. (See Ticket #426.) Workaround: modify the target to +O2 when building with no-asm. + +* Poor support for AIX shared builds. + +do_aix-shared rule is not flexible enough to parameterize through a +config-line. './Configure aix43-cc shared' is working, but not +'./Configure aix64-gcc shared'. In latter case make fails to create shared +libraries. It's possible to build 64-bit shared libraries by running +'env OBJECT_MODE=64 make', but we need more elegant solution. Preferably one +supporting even gcc shared builds. See RT#463 for background information. From 97e6bf6b22d75b847b5c9c0472c54ffe3169eece Mon Sep 17 00:00:00 2001 From: Andy Polyakov Date: Thu, 23 Jan 2003 10:05:39 +0000 Subject: [PATCH 028/393] Workaround for lame compiler bug introduced in "CPU pack" for MSVC6SP5. --- crypto/aes/aes_core.c | 6 +++--- 1 file changed, 3 insertions(+), 3 deletions(-) diff --git a/crypto/aes/aes_core.c b/crypto/aes/aes_core.c index ea884f6f9e..2f41a825f8 100644 --- a/crypto/aes/aes_core.c +++ b/crypto/aes/aes_core.c @@ -750,7 +750,7 @@ int AES_set_encrypt_key(const unsigned char *userKey, const int bits, rk[2] = GETU32(userKey + 8); rk[3] = GETU32(userKey + 12); if (bits == 128) { - for (;;) { + while (1) { temp = rk[3]; rk[4] = rk[0] ^ (Te4[(temp >> 16) & 0xff] & 0xff000000) ^ @@ -770,7 +770,7 @@ int AES_set_encrypt_key(const unsigned char *userKey, const int bits, rk[4] = GETU32(userKey + 16); rk[5] = GETU32(userKey + 20); if (bits == 192) { - for (;;) { + while (1) { temp = rk[ 5]; rk[ 6] = rk[ 0] ^ (Te4[(temp >> 16) & 0xff] & 0xff000000) ^ @@ -792,7 +792,7 @@ int AES_set_encrypt_key(const unsigned char *userKey, const int bits, rk[6] = GETU32(userKey + 24); rk[7] = GETU32(userKey + 28); if (bits == 256) { - for (;;) { + while (1) { temp = rk[ 7]; rk[ 8] = rk[ 0] ^ (Te4[(temp >> 16) & 0xff] & 0xff000000) ^ From d3b5cb5343afa4e4ae64bee4621171e6b00aaa21 Mon Sep 17 00:00:00 2001 From: "Dr. Stephen Henson" Date: Fri, 24 Jan 2003 01:12:01 +0000 Subject: [PATCH 029/393] Check return value of gmtime() and add error codes where it fails in ASN1_TIME_set(). Edit asn1.h so the new error code is the same in 0.9.7 and 0.9.8, rebuild new error codes. Clear error queue in req.c if *_min or *_max is absent. --- CHANGES | 4 +++ apps/req.c | 6 +++++ crypto/asn1/a_time.c | 3 +++ crypto/asn1/asn1.h | 61 +++++++++++++++++++++--------------------- crypto/asn1/asn1_err.c | 3 ++- crypto/o_time.c | 3 ++- 6 files changed, 48 insertions(+), 32 deletions(-) diff --git a/CHANGES b/CHANGES index 2fd057c41e..aa9a7ae8d1 100644 --- a/CHANGES +++ b/CHANGES @@ -381,6 +381,10 @@ TODO: bug: pad x with leading zeros if necessary Changes between 0.9.7 and 0.9.7a [XX xxx 2003] + *) Under Win32 gmtime() can return NULL: check return value in + OPENSSL_gmtime(). Add error code for case where gmtime() fails. + [Steve Henson] + *) DSA routines: under certain error conditions uninitialized BN objects could be freed. Solution: make sure initialization is performed early enough. (Reported and fix supplied by Ivan D Nestlerode , diff --git a/apps/req.c b/apps/req.c index 4fa5ae6fe8..3612114980 100644 --- a/apps/req.c +++ b/apps/req.c @@ -1318,11 +1318,17 @@ start: for (;;) sprintf(buf,"%s_min",v->name); if (!NCONF_get_number(req_conf,dn_sect,buf, &n_min)) + { + ERR_clear_error(); n_min = -1; + } sprintf(buf,"%s_max",v->name); if (!NCONF_get_number(req_conf,dn_sect,buf, &n_max)) + { + ERR_clear_error(); n_max = -1; + } if (!add_DN_object(subj,v->value,def,value,nid, n_min,n_max, chtype)) diff --git a/crypto/asn1/a_time.c b/crypto/asn1/a_time.c index 3a03c9e4e4..7348da9457 100644 --- a/crypto/asn1/a_time.c +++ b/crypto/asn1/a_time.c @@ -105,7 +105,10 @@ ASN1_TIME *ASN1_TIME_set(ASN1_TIME *s, time_t t) ts=OPENSSL_gmtime(&t,&data); if (ts == NULL) + { + ASN1err(ASN1_F_ASN1_TIME_SET, ASN1_R_ERROR_GETTING_TIME); return NULL; + } if((ts->tm_year >= 50) && (ts->tm_year < 150)) return ASN1_UTCTIME_set(s, t); return ASN1_GENERALIZEDTIME_set(s,t); diff --git a/crypto/asn1/asn1.h b/crypto/asn1/asn1.h index 460e0eb6e7..0eb97fa62e 100644 --- a/crypto/asn1/asn1.h +++ b/crypto/asn1/asn1.h @@ -965,8 +965,8 @@ void ERR_load_ASN1_strings(void); #define ASN1_F_A2I_ASN1_ENUMERATED 101 #define ASN1_F_A2I_ASN1_INTEGER 102 #define ASN1_F_A2I_ASN1_STRING 103 -#define ASN1_F_APPEND_TAG 177 -#define ASN1_F_ASN1_CB 178 +#define ASN1_F_APPEND_TAG 176 +#define ASN1_F_ASN1_CB 177 #define ASN1_F_ASN1_CHECK_TLEN 104 #define ASN1_F_ASN1_COLLATE_PRIMITIVE 105 #define ASN1_F_ASN1_COLLECT 106 @@ -977,7 +977,7 @@ void ERR_load_ASN1_strings(void); #define ASN1_F_ASN1_DUP 111 #define ASN1_F_ASN1_ENUMERATED_SET 112 #define ASN1_F_ASN1_ENUMERATED_TO_BN 113 -#define ASN1_F_ASN1_GENERATE_V3 182 +#define ASN1_F_ASN1_GENERATE_V3 178 #define ASN1_F_ASN1_GET_OBJECT 114 #define ASN1_F_ASN1_HEADER_NEW 115 #define ASN1_F_ASN1_I2D_BIO 116 @@ -999,6 +999,7 @@ void ERR_load_ASN1_strings(void); #define ASN1_F_ASN1_TEMPLATE_D2I 131 #define ASN1_F_ASN1_TEMPLATE_EX_D2I 132 #define ASN1_F_ASN1_TEMPLATE_NEW 133 +#define ASN1_F_ASN1_TIME_SET 175 #define ASN1_F_ASN1_TYPE_GET_INT_OCTETSTRING 134 #define ASN1_F_ASN1_TYPE_GET_OCTETSTRING 135 #define ASN1_F_ASN1_UNPACK_STRING 136 @@ -1028,15 +1029,14 @@ void ERR_load_ASN1_strings(void); #define ASN1_F_D2I_X509_PKEY 159 #define ASN1_F_I2D_ASN1_TIME 160 #define ASN1_F_I2D_DSA_PUBKEY 161 -#define ASN1_F_I2D_ECDSA_PUBKEY 174 -#define ASN1_F_I2D_EC_PUBKEY 176 +#define ASN1_F_I2D_EC_PUBKEY 181 #define ASN1_F_I2D_NETSCAPE_RSA 162 #define ASN1_F_I2D_PRIVATEKEY 163 #define ASN1_F_I2D_PUBLICKEY 164 #define ASN1_F_I2D_RSA_PUBKEY 165 #define ASN1_F_LONG_C2I 166 -#define ASN1_F_OID_MODULE_INIT 175 -#define ASN1_F_PARSE_TAGGING 181 +#define ASN1_F_OID_MODULE_INIT 174 +#define ASN1_F_PARSE_TAGGING 182 #define ASN1_F_PKCS5_PBE2_SET 167 #define ASN1_F_X509_CINF_NEW 168 #define ASN1_F_X509_CRL_ADD0_REVOKED 169 @@ -1059,8 +1059,9 @@ void ERR_load_ASN1_strings(void); #define ASN1_R_DATA_IS_WRONG 109 #define ASN1_R_DECODE_ERROR 110 #define ASN1_R_DECODING_ERROR 111 -#define ASN1_R_DEPTH_EXCEEDED 173 +#define ASN1_R_DEPTH_EXCEEDED 174 #define ASN1_R_ENCODE_ERROR 112 +#define ASN1_R_ERROR_GETTING_TIME 173 #define ASN1_R_ERROR_LOADING_SECTION 172 #define ASN1_R_ERROR_PARSING_SET_ELEMENT 113 #define ASN1_R_ERROR_SETTING_CIPHER_PARAMS 114 @@ -1073,57 +1074,57 @@ void ERR_load_ASN1_strings(void); #define ASN1_R_FIELD_MISSING 121 #define ASN1_R_FIRST_NUM_TOO_LARGE 122 #define ASN1_R_HEADER_TOO_LONG 123 -#define ASN1_R_ILLEGAL_BITSTRING_FORMAT 174 -#define ASN1_R_ILLEGAL_BOOLEAN 175 +#define ASN1_R_ILLEGAL_BITSTRING_FORMAT 175 +#define ASN1_R_ILLEGAL_BOOLEAN 176 #define ASN1_R_ILLEGAL_CHARACTERS 124 -#define ASN1_R_ILLEGAL_FORMAT 176 -#define ASN1_R_ILLEGAL_HEX 177 -#define ASN1_R_ILLEGAL_IMPLICIT_TAG 178 -#define ASN1_R_ILLEGAL_INTEGER 179 -#define ASN1_R_ILLEGAL_NESTED_TAGGING 180 +#define ASN1_R_ILLEGAL_FORMAT 177 +#define ASN1_R_ILLEGAL_HEX 178 +#define ASN1_R_ILLEGAL_IMPLICIT_TAG 179 +#define ASN1_R_ILLEGAL_INTEGER 180 +#define ASN1_R_ILLEGAL_NESTED_TAGGING 181 #define ASN1_R_ILLEGAL_NULL 125 -#define ASN1_R_ILLEGAL_NULL_VALUE 181 -#define ASN1_R_ILLEGAL_OBJECT 182 +#define ASN1_R_ILLEGAL_NULL_VALUE 182 +#define ASN1_R_ILLEGAL_OBJECT 183 #define ASN1_R_ILLEGAL_OPTIONAL_ANY 126 #define ASN1_R_ILLEGAL_OPTIONS_ON_ITEM_TEMPLATE 170 #define ASN1_R_ILLEGAL_TAGGED_ANY 127 -#define ASN1_R_ILLEGAL_TIME_VALUE 183 -#define ASN1_R_INTEGER_NOT_ASCII_FORMAT 184 +#define ASN1_R_ILLEGAL_TIME_VALUE 184 +#define ASN1_R_INTEGER_NOT_ASCII_FORMAT 185 #define ASN1_R_INTEGER_TOO_LARGE_FOR_LONG 128 #define ASN1_R_INVALID_BMPSTRING_LENGTH 129 #define ASN1_R_INVALID_DIGIT 130 -#define ASN1_R_INVALID_MODIFIER 185 -#define ASN1_R_INVALID_NUMBER 186 +#define ASN1_R_INVALID_MODIFIER 186 +#define ASN1_R_INVALID_NUMBER 187 #define ASN1_R_INVALID_SEPARATOR 131 #define ASN1_R_INVALID_TIME_FORMAT 132 #define ASN1_R_INVALID_UNIVERSALSTRING_LENGTH 133 #define ASN1_R_INVALID_UTF8STRING 134 #define ASN1_R_IV_TOO_LARGE 135 #define ASN1_R_LENGTH_ERROR 136 -#define ASN1_R_LIST_ERROR 187 +#define ASN1_R_LIST_ERROR 188 #define ASN1_R_MISSING_EOC 137 #define ASN1_R_MISSING_SECOND_NUMBER 138 -#define ASN1_R_MISSING_VALUE 188 +#define ASN1_R_MISSING_VALUE 189 #define ASN1_R_MSTRING_NOT_UNIVERSAL 139 #define ASN1_R_MSTRING_WRONG_TAG 140 #define ASN1_R_NON_HEX_CHARACTERS 141 -#define ASN1_R_NOT_ASCII_FORMAT 189 +#define ASN1_R_NOT_ASCII_FORMAT 190 #define ASN1_R_NOT_ENOUGH_DATA 142 #define ASN1_R_NO_MATCHING_CHOICE_TYPE 143 #define ASN1_R_NULL_IS_WRONG_LENGTH 144 -#define ASN1_R_OBJECT_NOT_ASCII_FORMAT 190 +#define ASN1_R_OBJECT_NOT_ASCII_FORMAT 191 #define ASN1_R_ODD_NUMBER_OF_CHARS 145 #define ASN1_R_PRIVATE_KEY_HEADER_MISSING 146 #define ASN1_R_SECOND_NUMBER_TOO_LARGE 147 #define ASN1_R_SEQUENCE_LENGTH_MISMATCH 148 #define ASN1_R_SEQUENCE_NOT_CONSTRUCTED 149 -#define ASN1_R_SEQUENCE_OR_SET_NEEDS_CONFIG 195 +#define ASN1_R_SEQUENCE_OR_SET_NEEDS_CONFIG 192 #define ASN1_R_SHORT_LINE 150 #define ASN1_R_STRING_TOO_LONG 151 #define ASN1_R_STRING_TOO_SHORT 152 #define ASN1_R_TAG_VALUE_TOO_HIGH 153 #define ASN1_R_THE_ASN1_OBJECT_IDENTIFIER_IS_NOT_KNOWN_FOR_THIS_MD 154 -#define ASN1_R_TIME_NOT_ASCII_FORMAT 191 +#define ASN1_R_TIME_NOT_ASCII_FORMAT 193 #define ASN1_R_TOO_LONG 155 #define ASN1_R_TYPE_NOT_CONSTRUCTED 156 #define ASN1_R_UNABLE_TO_DECODE_RSA_KEY 157 @@ -1133,13 +1134,13 @@ void ERR_load_ASN1_strings(void); #define ASN1_R_UNKNOWN_MESSAGE_DIGEST_ALGORITHM 161 #define ASN1_R_UNKNOWN_OBJECT_TYPE 162 #define ASN1_R_UNKNOWN_PUBLIC_KEY_TYPE 163 -#define ASN1_R_UNKNOWN_TAG 192 -#define ASN1_R_UNKOWN_FORMAT 193 +#define ASN1_R_UNKNOWN_TAG 194 +#define ASN1_R_UNKOWN_FORMAT 195 #define ASN1_R_UNSUPPORTED_ANY_DEFINED_BY_TYPE 164 #define ASN1_R_UNSUPPORTED_CIPHER 165 #define ASN1_R_UNSUPPORTED_ENCRYPTION_ALGORITHM 166 #define ASN1_R_UNSUPPORTED_PUBLIC_KEY_TYPE 167 -#define ASN1_R_UNSUPPORTED_TYPE 194 +#define ASN1_R_UNSUPPORTED_TYPE 196 #define ASN1_R_WRONG_TAG 168 #define ASN1_R_WRONG_TYPE 169 diff --git a/crypto/asn1/asn1_err.c b/crypto/asn1/asn1_err.c index 55aef5e790..d83ed65cdb 100644 --- a/crypto/asn1/asn1_err.c +++ b/crypto/asn1/asn1_err.c @@ -104,6 +104,7 @@ static ERR_STRING_DATA ASN1_str_functs[]= {ERR_PACK(0,ASN1_F_ASN1_TEMPLATE_D2I,0), "ASN1_TEMPLATE_D2I"}, {ERR_PACK(0,ASN1_F_ASN1_TEMPLATE_EX_D2I,0), "ASN1_TEMPLATE_EX_D2I"}, {ERR_PACK(0,ASN1_F_ASN1_TEMPLATE_NEW,0), "ASN1_TEMPLATE_NEW"}, +{ERR_PACK(0,ASN1_F_ASN1_TIME_SET,0), "ASN1_TIME_set"}, {ERR_PACK(0,ASN1_F_ASN1_TYPE_GET_INT_OCTETSTRING,0), "ASN1_TYPE_get_int_octetstring"}, {ERR_PACK(0,ASN1_F_ASN1_TYPE_GET_OCTETSTRING,0), "ASN1_TYPE_get_octetstring"}, {ERR_PACK(0,ASN1_F_ASN1_UNPACK_STRING,0), "ASN1_unpack_string"}, @@ -133,7 +134,6 @@ static ERR_STRING_DATA ASN1_str_functs[]= {ERR_PACK(0,ASN1_F_D2I_X509_PKEY,0), "d2i_X509_PKEY"}, {ERR_PACK(0,ASN1_F_I2D_ASN1_TIME,0), "I2D_ASN1_TIME"}, {ERR_PACK(0,ASN1_F_I2D_DSA_PUBKEY,0), "i2d_DSA_PUBKEY"}, -{ERR_PACK(0,ASN1_F_I2D_ECDSA_PUBKEY,0), "I2D_ECDSA_PUBKEY"}, {ERR_PACK(0,ASN1_F_I2D_EC_PUBKEY,0), "i2d_EC_PUBKEY"}, {ERR_PACK(0,ASN1_F_I2D_NETSCAPE_RSA,0), "i2d_Netscape_RSA"}, {ERR_PACK(0,ASN1_F_I2D_PRIVATEKEY,0), "i2d_PrivateKey"}, @@ -169,6 +169,7 @@ static ERR_STRING_DATA ASN1_str_reasons[]= {ASN1_R_DECODING_ERROR ,"decoding error"}, {ASN1_R_DEPTH_EXCEEDED ,"depth exceeded"}, {ASN1_R_ENCODE_ERROR ,"encode error"}, +{ASN1_R_ERROR_GETTING_TIME ,"error getting time"}, {ASN1_R_ERROR_LOADING_SECTION ,"error loading section"}, {ASN1_R_ERROR_PARSING_SET_ELEMENT ,"error parsing set element"}, {ASN1_R_ERROR_SETTING_CIPHER_PARAMS ,"error setting cipher params"}, diff --git a/crypto/o_time.c b/crypto/o_time.c index 1bc0297b36..ca5f3ea48e 100644 --- a/crypto/o_time.c +++ b/crypto/o_time.c @@ -80,7 +80,8 @@ struct tm *OPENSSL_gmtime(const time_t *timer, struct tm *result) ts = result; #elif !defined(OPENSSL_SYS_VMS) ts = gmtime(timer); - memcpy(result, ts, sizeof(struct tm)); + if (ts != NULL) + memcpy(result, ts, sizeof(struct tm)); ts = result; #endif #ifdef OPENSSL_SYS_VMS From 02bf9a151a435ceaa170f4b46387bba3afac0a78 Mon Sep 17 00:00:00 2001 From: Andy Polyakov Date: Fri, 24 Jan 2003 09:39:31 +0000 Subject: [PATCH 030/393] Provide "dummy" &main::picmeup even in Windows perlasm modules. --- crypto/perlasm/x86ms.pl | 6 ++++++ crypto/perlasm/x86nasm.pl | 6 ++++++ 2 files changed, 12 insertions(+) diff --git a/crypto/perlasm/x86ms.pl b/crypto/perlasm/x86ms.pl index abcb7c1303..35f1a4ddb9 100644 --- a/crypto/perlasm/x86ms.pl +++ b/crypto/perlasm/x86ms.pl @@ -367,4 +367,10 @@ sub out1p push(@out,"\t$name\t ".&conv($p1)."\n"); } +sub main'picmeup + { + local($dst,$sym)=@_; + &main'lea($dst,&main'DWP($sym)); + } + sub main'blindpop { &out1("pop",@_); } diff --git a/crypto/perlasm/x86nasm.pl b/crypto/perlasm/x86nasm.pl index 796556159c..f30b7466d4 100644 --- a/crypto/perlasm/x86nasm.pl +++ b/crypto/perlasm/x86nasm.pl @@ -344,4 +344,10 @@ sub out1p push(@out,"\t$name\t ".&conv($p1)."\n"); } +sub main'picmeup + { + local($dst,$sym)=@_; + &main'lea($dst,&main'DWP($sym)); + } + sub main'blindpop { &out1("pop",@_); } From 9048c7245b095db7fa2f153777ce61e64c6cdd82 Mon Sep 17 00:00:00 2001 From: =?UTF-8?q?Bodo=20M=C3=B6ller?= Date: Fri, 24 Jan 2003 21:43:08 +0000 Subject: [PATCH 031/393] For ecdsa-with-SHA1, as for id-dsa-with-sha1, omit 'parameters' in AlgorithmIdentifier Submitted by: Nils Larsch --- crypto/asn1/a_sign.c | 9 +++++---- 1 file changed, 5 insertions(+), 4 deletions(-) diff --git a/crypto/asn1/a_sign.c b/crypto/asn1/a_sign.c index 52ce7e3974..37e1e84a11 100644 --- a/crypto/asn1/a_sign.c +++ b/crypto/asn1/a_sign.c @@ -56,7 +56,7 @@ * [including the GNU Public Licence.] */ /* ==================================================================== - * Copyright (c) 1998-2002 The OpenSSL Project. All rights reserved. + * Copyright (c) 1998-2003 The OpenSSL Project. All rights reserved. * * Redistribution and use in source and binary forms, with or without * modification, are permitted provided that the following conditions @@ -229,10 +229,11 @@ int ASN1_item_sign(const ASN1_ITEM *it, X509_ALGOR *algor1, X509_ALGOR *algor2, else a=algor2; if (a == NULL) continue; - if (type->pkey_type == NID_dsaWithSHA1) + if (type->pkey_type == NID_dsaWithSHA1 || + type->pkey_type == NID_ecdsa_with_SHA1) { - /* special case: RFC 2459 tells us to omit 'parameters' - * with id-dsa-with-sha1 */ + /* special case: RFC 3279 tells us to omit 'parameters' + * with id-dsa-with-sha1 and ecdsa-with-SHA1 */ ASN1_TYPE_free(a->parameter); a->parameter = NULL; } From c1862f91361faa4783e2cf52feed3643593bb892 Mon Sep 17 00:00:00 2001 From: =?UTF-8?q?Bodo=20M=C3=B6ller?= Date: Fri, 24 Jan 2003 22:28:32 +0000 Subject: [PATCH 032/393] consistency --- CHANGES | 15 +++++++++++++++ 1 file changed, 15 insertions(+) diff --git a/CHANGES b/CHANGES index aa9a7ae8d1..1a30ede2af 100644 --- a/CHANGES +++ b/CHANGES @@ -379,6 +379,15 @@ TODO: bug: pad x with leading zeros if necessary EC_GROUP_get_nid() [Nils Larsch , Bodo Moeller] +#if 0 + The following entry accidentily appeared in the CHANGES file + distributed with OpenSSL 0.9.7. The modifications described in + it do *not* apply to OpenSSL 0.9.7. + *) Remove a few calls to bn_wexpand() in BN_sqr() (the one in there was actually never needed) and in BN_mul(). The removal in BN_mul() required a small change in bn_mul_part_recursive() and the addition @@ -2092,6 +2106,7 @@ des-cbc 3624.96k 5258.21k 5530.91k 5624.30k 5628.26k bn_sub_words() and bn_add_words() except they take arrays with differing sizes. [Richard Levitte] +#endif *) In 'openssl passwd', verify passwords read from the terminal unless the '-salt' option is used (which usually means that From 82516e3baf2870cc9f4cece522dd6487bc96de38 Mon Sep 17 00:00:00 2001 From: =?UTF-8?q?Bodo=20M=C3=B6ller?= Date: Sat, 25 Jan 2003 15:28:49 +0000 Subject: [PATCH 033/393] cofactor is optional in parameter encodings Submitted by: Nils Larsch --- crypto/ec/ec_asn1.c | 64 +++++++++++++++++++++++++++------------------ 1 file changed, 38 insertions(+), 26 deletions(-) diff --git a/crypto/ec/ec_asn1.c b/crypto/ec/ec_asn1.c index 63d33a5f56..c1c6ffee5a 100644 --- a/crypto/ec/ec_asn1.c +++ b/crypto/ec/ec_asn1.c @@ -3,7 +3,7 @@ * Written by Nils Larsch for the OpenSSL project. */ /* ==================================================================== - * Copyright (c) 2000-2002 The OpenSSL Project. All rights reserved. + * Copyright (c) 2000-2003 The OpenSSL Project. All rights reserved. * * Redistribution and use in source and binary forms, with or without * modification, are permitted provided that the following conditions @@ -224,7 +224,7 @@ ASN1_SEQUENCE(ECPARAMETERS) = { ASN1_SIMPLE(ECPARAMETERS, curve, X9_62_CURVE), ASN1_SIMPLE(ECPARAMETERS, base, ASN1_OCTET_STRING), ASN1_SIMPLE(ECPARAMETERS, order, ASN1_INTEGER), - ASN1_SIMPLE(ECPARAMETERS, cofactor, ASN1_INTEGER) + ASN1_OPT(ECPARAMETERS, cofactor, ASN1_INTEGER) } ASN1_SEQUENCE_END(ECPARAMETERS) DECLARE_ASN1_FUNCTIONS_const(ECPARAMETERS) @@ -715,17 +715,15 @@ static ECPARAMETERS *ec_asn1_group2parameters(const EC_GROUP *group, goto err; } - /* set the cofactor */ - if (!EC_GROUP_get_cofactor(group, tmp, NULL)) + /* set the cofactor (optional) */ + if (EC_GROUP_get_cofactor(group, tmp, NULL)) { - ECerr(EC_F_EC_ASN1_GROUP2PARAMETERS, ERR_R_EC_LIB); - goto err; - } - ret->cofactor = BN_to_ASN1_INTEGER(tmp, ret->cofactor); - if (ret->cofactor == NULL) - { - ECerr(EC_F_EC_ASN1_GROUP2PARAMETERS, ERR_R_ASN1_LIB); - goto err; + ret->cofactor = BN_to_ASN1_INTEGER(tmp, ret->cofactor); + if (ret->cofactor == NULL) + { + ECerr(EC_F_EC_ASN1_GROUP2PARAMETERS, ERR_R_ASN1_LIB); + goto err; + } } ok = 1; @@ -978,9 +976,7 @@ static EC_GROUP *ec_asn1_parameters2group(const ECPARAMETERS *params) ret->seed_len = params->curve->seed->length; } - /* extract the order, cofactor and generator */ - if (!params->order || !params->cofactor || !params->base || - !params->base->data) + if (!params->order || !params->base || !params->base->data) { ECerr(EC_F_EC_ASN1_PARAMETERS2GROUP, EC_R_ASN1_ERROR); goto err; @@ -988,14 +984,11 @@ static EC_GROUP *ec_asn1_parameters2group(const ECPARAMETERS *params) if ((point = EC_POINT_new(ret)) == NULL) goto err; - a = ASN1_INTEGER_to_BN(params->order, a); - b = ASN1_INTEGER_to_BN(params->cofactor, b); - if (!a || !b) - { - ECerr(EC_F_EC_ASN1_PARAMETERS2GROUP, ERR_R_ASN1_LIB); - goto err; - } + /* set the point conversion form */ + EC_GROUP_set_point_conversion_form(ret, (point_conversion_form_t) + (params->base->data[0] & ~0x01)); + /* extract the ec point */ if (!EC_POINT_oct2point(ret, point, params->base->data, params->base->length, NULL)) { @@ -1003,10 +996,29 @@ static EC_GROUP *ec_asn1_parameters2group(const ECPARAMETERS *params) goto err; } - /* set the point conversion form */ - EC_GROUP_set_point_conversion_form(ret, (point_conversion_form_t) - (params->base->data[0] & ~0x01)); - + /* extract the order */ + if ((a = ASN1_INTEGER_to_BN(params->order, a)) == NULL) + { + ECerr(EC_F_EC_ASN1_PARAMETERS2GROUP, ERR_R_ASN1_LIB); + goto err; + } + + /* extract the cofactor (optional) */ + if (params->cofactor == NULL) + { + if (b) + { + BN_free(b); + b = NULL; + } + } + else + if ((b = ASN1_INTEGER_to_BN(params->cofactor, b)) == NULL) + { + ECerr(EC_F_EC_ASN1_PARAMETERS2GROUP, ERR_R_ASN1_LIB); + goto err; + } + /* set the generator, order and cofactor (if present) */ if (!EC_GROUP_set_generator(ret, point, a, b)) { ECerr(EC_F_EC_ASN1_PARAMETERS2GROUP, ERR_R_EC_LIB); From da45180de49b60be97ae0d5e574864417d7ddebd Mon Sep 17 00:00:00 2001 From: "Dr. Stephen Henson" Date: Sun, 26 Jan 2003 13:38:56 +0000 Subject: [PATCH 034/393] Correct EVP_SealInit() documentation, iv is an output parameter. --- doc/crypto/EVP_SealInit.pod | 26 ++++++++++++++++---------- 1 file changed, 16 insertions(+), 10 deletions(-) diff --git a/doc/crypto/EVP_SealInit.pod b/doc/crypto/EVP_SealInit.pod index 25ef07f7c7..b5e477e294 100644 --- a/doc/crypto/EVP_SealInit.pod +++ b/doc/crypto/EVP_SealInit.pod @@ -18,22 +18,28 @@ EVP_SealInit, EVP_SealUpdate, EVP_SealFinal - EVP envelope encryption =head1 DESCRIPTION The EVP envelope routines are a high level interface to envelope -encryption. They generate a random key and then "envelope" it by -using public key encryption. Data can then be encrypted using this -key. +encryption. They generate a random key and IV (if required) then +"envelope" it by using public key encryption. Data can then be +encrypted using this key. EVP_SealInit() initializes a cipher context B for encryption -with cipher B using a random secret key and IV supplied in -the B parameter. B is normally supplied by a function such -as EVP_des_cbc(). The secret key is encrypted using one or more public -keys, this allows the same encrypted data to be decrypted using any -of the corresponding private keys. B is an array of buffers where -the public key encrypted secret key will be written, each buffer must -contain enough room for the corresponding encrypted key: that is +with cipher B using a random secret key and IV. B is normally +supplied by a function such as EVP_des_cbc(). The secret key is encrypted +using one or more public keys, this allows the same encrypted data to be +decrypted using any of the corresponding private keys. B is an array of +buffers where the public key encrypted secret key will be written, each buffer +must contain enough room for the corresponding encrypted key: that is B must have room for B bytes. The actual size of each encrypted secret key is written to the array B. B is an array of B public keys. +The B parameter is a buffer where the generated IV is written to. It must +contain enough room for the corresponding cipher's IV, as determined by (for +example) EVP_CIPHER_iv_length(type). + +If the cipher does not require an IV then the B parameter is ignored +and can be B. + EVP_SealUpdate() and EVP_SealFinal() have exactly the same properties as the EVP_EncryptUpdate() and EVP_EncryptFinal() routines, as documented on the L manual From bd1217a1768f15366cd99175c81b5da98e7715fb Mon Sep 17 00:00:00 2001 From: =?UTF-8?q?Bodo=20M=C3=B6ller?= Date: Tue, 28 Jan 2003 13:08:21 +0000 Subject: [PATCH 035/393] simplify Submitted by: Nils Larsch --- crypto/ec/ecp_nist.c | 18 ++---------------- 1 file changed, 2 insertions(+), 16 deletions(-) diff --git a/crypto/ec/ecp_nist.c b/crypto/ec/ecp_nist.c index 559cb5c418..ba5d180e1d 100644 --- a/crypto/ec/ecp_nist.c +++ b/crypto/ec/ecp_nist.c @@ -3,7 +3,7 @@ * Written by Nils Larsch for the OpenSSL project. */ /* ==================================================================== - * Copyright (c) 1998-2002 The OpenSSL Project. All rights reserved. + * Copyright (c) 1998-2003 The OpenSSL Project. All rights reserved. * * Redistribution and use in source and binary forms, with or without * modification, are permitted provided that the following conditions @@ -165,21 +165,7 @@ int ec_GFp_nist_group_set_curve(EC_GROUP *group, const BIGNUM *p, goto err; } - /* group->field */ - if (!BN_copy(&group->field, p)) goto err; - BN_set_sign(&group->field, 0); - - /* group->a */ - if (!group->field_mod_func(&group->a, a, p, ctx)) goto err; - - /* group->b */ - if (!group->field_mod_func(&group->b, b, p, ctx)) goto err; - - /* group->a_is_minus3 */ - if (!BN_add_word(tmp_bn, 3)) goto err; - group->a_is_minus3 = (0 == BN_cmp(tmp_bn, &group->field)); - - ret = 1; + ret = ec_GFp_simple_group_set_curve(group, p, a, b, ctx); err: BN_CTX_end(ctx); From b637670f039cef574e96e60f5bd660b899221021 Mon Sep 17 00:00:00 2001 From: Richard Levitte Date: Wed, 29 Jan 2003 15:06:35 +0000 Subject: [PATCH 036/393] DVCS (see RFC 3029) was missing among the possible purposes. Notified privately to me by Peter Sylvester , one of the authors of said RFC --- crypto/x509v3/v3_purp.c | 4 ++++ crypto/x509v3/x509v3.h | 1 + 2 files changed, 5 insertions(+) diff --git a/crypto/x509v3/v3_purp.c b/crypto/x509v3/v3_purp.c index b739e4fd83..4d145f71fd 100644 --- a/crypto/x509v3/v3_purp.c +++ b/crypto/x509v3/v3_purp.c @@ -378,6 +378,10 @@ static void x509v3_cache_extensions(X509 *x) case NID_time_stamp: x->ex_xkusage |= XKU_TIMESTAMP; break; + + case NID_dvcs: + x->ex_xkusage |= XKU_DVCS; + break; } } sk_ASN1_OBJECT_pop_free(extusage, ASN1_OBJECT_free); diff --git a/crypto/x509v3/x509v3.h b/crypto/x509v3/x509v3.h index e1334b4717..b4dd52a951 100644 --- a/crypto/x509v3/x509v3.h +++ b/crypto/x509v3/x509v3.h @@ -351,6 +351,7 @@ DECLARE_ASN1_SET_OF(POLICYINFO) #define XKU_SGC 0x10 #define XKU_OCSP_SIGN 0x20 #define XKU_TIMESTAMP 0x40 +#define XKU_DVCS 0x80 #define X509_PURPOSE_DYNAMIC 0x1 #define X509_PURPOSE_DYNAMIC_NAME 0x2 From 4e78074b39063d19ebab54209d5cf6eceb770141 Mon Sep 17 00:00:00 2001 From: Richard Levitte Date: Thu, 30 Jan 2003 10:27:43 +0000 Subject: [PATCH 037/393] cert_sk isn't always allocated, so freeing it may cause a crash. PR: 481 --- apps/ca.c | 3 ++- 1 file changed, 2 insertions(+), 1 deletion(-) diff --git a/apps/ca.c b/apps/ca.c index 028dd98d31..2a56e556a3 100644 --- a/apps/ca.c +++ b/apps/ca.c @@ -1641,7 +1641,8 @@ err: BIO_free_all(out); BIO_free_all(in); - sk_X509_pop_free(cert_sk,X509_free); + if (cert_sk) + sk_X509_pop_free(cert_sk,X509_free); if (ret) ERR_print_errors(bio_err); app_RAND_write_file(randfile, bio_err); From 2e60ea7634125fcad082cc4b493e429ee440ea83 Mon Sep 17 00:00:00 2001 From: Richard Levitte Date: Thu, 30 Jan 2003 11:00:34 +0000 Subject: [PATCH 038/393] Fix a memory leak in SSL. PR: 477 --- ssl/ssl_lib.c | 1 + 1 file changed, 1 insertion(+) diff --git a/ssl/ssl_lib.c b/ssl/ssl_lib.c index 68c7ae7b6e..ea76cf1172 100644 --- a/ssl/ssl_lib.c +++ b/ssl/ssl_lib.c @@ -2047,6 +2047,7 @@ SSL *SSL_dup(SSL *s) * they should not both point to the same object, * and thus we can't use SSL_copy_session_id. */ + ret->method->ssl_free(ret); ret->method = s->method; ret->method->ssl_new(ret); From c0a93e31ab0bba212092b1125fb076fed69b8b01 Mon Sep 17 00:00:00 2001 From: Richard Levitte Date: Thu, 30 Jan 2003 11:08:44 +0000 Subject: [PATCH 039/393] Small typo, OENSSL should really be spelled OPENSSL. PR: 476 --- crypto/md5/md5.h | 2 +- 1 file changed, 1 insertion(+), 1 deletion(-) diff --git a/crypto/md5/md5.h b/crypto/md5/md5.h index cfdbf03fe1..a252e02115 100644 --- a/crypto/md5/md5.h +++ b/crypto/md5/md5.h @@ -78,7 +78,7 @@ extern "C" { #if defined(OPENSSL_SYS_WIN16) || defined(__LP32__) #define MD5_LONG unsigned long -#elif defined(OENSSL_SYS_CRAY) || defined(__ILP64__) +#elif defined(OPENSSL_SYS_CRAY) || defined(__ILP64__) #define MD5_LONG unsigned long #define MD5_LONG_LOG2 3 /* From bb3e67f3157cc44f20c1d3b96611126d4660d225 Mon Sep 17 00:00:00 2001 From: Geoff Thorpe Date: Thu, 30 Jan 2003 14:58:44 +0000 Subject: [PATCH 040/393] "openssl engine" will not display ENGINE/DSO load failure errors when testing availability of engines with "-t" - the old behaviour of is produced by increasing the feature's verbosity with "-tt". --- apps/engine.c | 16 ++++++++++++---- 1 file changed, 12 insertions(+), 4 deletions(-) diff --git a/apps/engine.c b/apps/engine.c index b718ae124c..1a22d5dee9 100644 --- a/apps/engine.c +++ b/apps/engine.c @@ -77,7 +77,8 @@ static char *engine_usage[]={ " -vvv will also add the input flags for each command\n", " -vvvv will also show internal input flags\n", " -c - for each engine, also list the capabilities\n", -" -t - for each engine, check that they are really available\n", +" -t[t] - for each engine, check that they are really available\n", +" -tt will display error trace for unavailable engines\n", " -pre - runs command 'cmd' against the ENGINE before any attempts\n", " to load it (if -t is used)\n", " -post - runs command 'cmd' against the ENGINE after loading it\n", @@ -342,7 +343,7 @@ int MAIN(int argc, char **argv) { int ret=1,i; char **pp; - int verbose=0, list_cap=0, test_avail=0; + int verbose=0, list_cap=0, test_avail=0, test_avail_noise = 0; ENGINE *e; STACK *engines = sk_new_null(); STACK *pre_cmds = sk_new_null(); @@ -380,8 +381,14 @@ int MAIN(int argc, char **argv) } else if (strcmp(*argv,"-c") == 0) list_cap=1; - else if (strcmp(*argv,"-t") == 0) + else if (strncmp(*argv,"-t",2) == 0) + { test_avail=1; + if(strspn(*argv + 1, "t") < strlen(*argv + 1)) + goto skip_arg_loop; + if((test_avail_noise = strlen(*argv + 1) - 1) > 1) + goto skip_arg_loop; + } else if (strcmp(*argv,"-pre") == 0) { argc--; argv++; @@ -496,7 +503,8 @@ skip_digests: else { BIO_printf(bio_out, "[ unavailable ]\n"); - ERR_print_errors_fp(stdout); + if(test_avail_noise) + ERR_print_errors_fp(stdout); ERR_clear_error(); } } From a85bef18995496a5f503350d921b2c98686cd12e Mon Sep 17 00:00:00 2001 From: Geoff Thorpe Date: Thu, 30 Jan 2003 15:43:07 +0000 Subject: [PATCH 041/393] Commit a slightly modified version of an old experiment to do RSA private key operations using the GMP library. The default is not to build (or use) this code unless OPENSSL_USE_GMP is defined (because it will impose header and linker dependencies that might need specifying too). --- engines/.cvsignore | 1 + engines/Makefile.ssl | 5 +- engines/e_gmp.c | 435 +++++++++++++++++++++++++++++++++++++++++++ engines/e_gmp.ec | 1 + engines/e_gmp_err.c | 137 ++++++++++++++ engines/e_gmp_err.h | 81 ++++++++ 6 files changed, 659 insertions(+), 1 deletion(-) create mode 100644 engines/e_gmp.c create mode 100644 engines/e_gmp.ec create mode 100644 engines/e_gmp_err.c create mode 100644 engines/e_gmp_err.h diff --git a/engines/.cvsignore b/engines/.cvsignore index 695fdd0059..d7169dd1f3 100644 --- a/engines/.cvsignore +++ b/engines/.cvsignore @@ -1,2 +1,3 @@ Makefile.save lib +libs diff --git a/engines/Makefile.ssl b/engines/Makefile.ssl index d20f2bdab0..15d92844ee 100644 --- a/engines/Makefile.ssl +++ b/engines/Makefile.ssl @@ -27,12 +27,13 @@ TEST= APPS= LIB=$(TOP)/libcrypto.a -LIBNAMES= 4758_cca aep atalla cswift ncipher nuron sureware ubsec +LIBNAMES= 4758_cca aep atalla cswift gmp ncipher nuron sureware ubsec LIBSRC= e_4758_cca.c \ e_aep.c \ e_atalla.c \ e_cswift.c \ + e_gmp.c \ e_ncipher.c \ e_nuron.c \ e_sureware.c \ @@ -41,6 +42,7 @@ LIBOBJ= e_4758_cca.o \ e_aep.o \ e_atalla.o \ e_cswift.o \ + e_gmp.o \ e_ncipher.o \ e_nuron.o \ e_sureware.o \ @@ -53,6 +55,7 @@ HEADER= e_4758_cca_err.c e_4758_cca_err.h \ e_aep_err.c e_aep_err.h \ e_atalla_err.c e_atalla_err.h \ e_cswift_err.c e_cswift_err.h \ + e_gmp_err.c e_gmp_err.h \ e_ncipher_err.c e_ncipher_err.h \ e_nuron_err.c e_nuron_err.h \ e_sureware_err.c e_sureware_err.h \ diff --git a/engines/e_gmp.c b/engines/e_gmp.c new file mode 100644 index 0000000000..8d778fcbf7 --- /dev/null +++ b/engines/e_gmp.c @@ -0,0 +1,435 @@ +/* crypto/engine/e_gmp.c */ +/* Written by Geoff Thorpe (geoff@geoffthorpe.net) for the OpenSSL + * project 2003. + */ +/* ==================================================================== + * Copyright (c) 1999-2001 The OpenSSL Project. All rights reserved. + * + * Redistribution and use in source and binary forms, with or without + * modification, are permitted provided that the following conditions + * are met: + * + * 1. Redistributions of source code must retain the above copyright + * notice, this list of conditions and the following disclaimer. + * + * 2. Redistributions in binary form must reproduce the above copyright + * notice, this list of conditions and the following disclaimer in + * the documentation and/or other materials provided with the + * distribution. + * + * 3. All advertising materials mentioning features or use of this + * software must display the following acknowledgment: + * "This product includes software developed by the OpenSSL Project + * for use in the OpenSSL Toolkit. (http://www.OpenSSL.org/)" + * + * 4. The names "OpenSSL Toolkit" and "OpenSSL Project" must not be used to + * endorse or promote products derived from this software without + * prior written permission. For written permission, please contact + * licensing@OpenSSL.org. + * + * 5. Products derived from this software may not be called "OpenSSL" + * nor may "OpenSSL" appear in their names without prior written + * permission of the OpenSSL Project. + * + * 6. Redistributions of any form whatsoever must retain the following + * acknowledgment: + * "This product includes software developed by the OpenSSL Project + * for use in the OpenSSL Toolkit (http://www.OpenSSL.org/)" + * + * THIS SOFTWARE IS PROVIDED BY THE OpenSSL PROJECT ``AS IS'' AND ANY + * EXPRESSED OR IMPLIED WARRANTIES, INCLUDING, BUT NOT LIMITED TO, THE + * IMPLIED WARRANTIES OF MERCHANTABILITY AND FITNESS FOR A PARTICULAR + * PURPOSE ARE DISCLAIMED. IN NO EVENT SHALL THE OpenSSL PROJECT OR + * ITS CONTRIBUTORS BE LIABLE FOR ANY DIRECT, INDIRECT, INCIDENTAL, + * SPECIAL, EXEMPLARY, OR CONSEQUENTIAL DAMAGES (INCLUDING, BUT + * NOT LIMITED TO, PROCUREMENT OF SUBSTITUTE GOODS OR SERVICES; + * LOSS OF USE, DATA, OR PROFITS; OR BUSINESS INTERRUPTION) + * HOWEVER CAUSED AND ON ANY THEORY OF LIABILITY, WHETHER IN CONTRACT, + * STRICT LIABILITY, OR TORT (INCLUDING NEGLIGENCE OR OTHERWISE) + * ARISING IN ANY WAY OUT OF THE USE OF THIS SOFTWARE, EVEN IF ADVISED + * OF THE POSSIBILITY OF SUCH DAMAGE. + * ==================================================================== + * + * This product includes cryptographic software written by Eric Young + * (eay@cryptsoft.com). This product includes software written by Tim + * Hudson (tjh@cryptsoft.com). + * + */ + +/* This engine is not (currently) compiled in by default. Do enable it, + * reconfigure OpenSSL with "-DOPENSSL_USE_GMP -lgmp". The GMP libraries and + * headers must reside in one of the paths searched by the compiler/linker, + * otherwise paths must be specified - eg. try configuring with + * "-DOPENSSL_USE_GMP -I -L -lgmp". YMMV. */ + +/* As for what this does - it's a largely unoptimised implementation of an + * ENGINE that uses the GMP library to perform RSA private key operations. To + * obtain more information about what "unoptimised" means, see my original mail + * on the subject (though ignore the build instructions which have since + * changed); + * + * http://www.mail-archive.com/openssl-dev@openssl.org/msg12227.html + * + * On my athlon system at least, it appears the builtin OpenSSL code is now + * slightly faster, which is to say that the RSA-related MPI performance + * between OpenSSL's BIGNUM and GMP's mpz implementations is probably pretty + * balanced for this chip, and so the performance degradation in this ENGINE by + * having to convert to/from GMP formats (and not being able to cache + * montgomery forms) is probably the difference. However, if some unconfirmed + * reports from users is anything to go by, the situation on some other + * chipsets might be a good deal more favourable to the GMP version (eg. PPC). + * Feedback welcome. */ + +#include +#include +#include +#include +#include + +#ifndef OPENSSL_NO_HW +#if defined(OPENSSL_USE_GMP) && !defined(OPENSSL_NO_HW_GMP) + +#include + +#define E_GMP_LIB_NAME "gmp engine" +#include "e_gmp_err.c" + +static int e_gmp_destroy(ENGINE *e); +static int e_gmp_init(ENGINE *e); +static int e_gmp_finish(ENGINE *e); +static int e_gmp_ctrl(ENGINE *e, int cmd, long i, void *p, void (*f)()); + +#ifndef OPENSSL_NO_RSA +/* RSA stuff */ +static int e_gmp_rsa_mod_exp(BIGNUM *r, const BIGNUM *I, RSA *rsa); +static int e_gmp_rsa_finish(RSA *r); +#endif + +/* The definitions for control commands specific to this engine */ +/* #define E_GMP_CMD_SO_PATH ENGINE_CMD_BASE */ +static const ENGINE_CMD_DEFN e_gmp_cmd_defns[] = { +#if 0 + {E_GMP_CMD_SO_PATH, + "SO_PATH", + "Specifies the path to the 'e_gmp' shared library", + ENGINE_CMD_FLAG_STRING}, +#endif + {0, NULL, NULL, 0} + }; + +#ifndef OPENSSL_NO_RSA +/* Our internal RSA_METHOD that we provide pointers to */ +static RSA_METHOD e_gmp_rsa = + { + "GMP RSA method", + NULL, + NULL, + NULL, + NULL, + e_gmp_rsa_mod_exp, + NULL, + NULL, + e_gmp_rsa_finish, + /* These flags initialise montgomery crud that GMP ignores, however it + * makes sure the public key ops (which are done in openssl) don't seem + * *slower* than usual :-) */ + RSA_FLAG_CACHE_PUBLIC|RSA_FLAG_CACHE_PRIVATE, + NULL, + NULL, + NULL + }; +#endif + +/* Constants used when creating the ENGINE */ +static const char *engine_e_gmp_id = "gmp"; +static const char *engine_e_gmp_name = "GMP engine support"; + +/* This internal function is used by ENGINE_gmp() and possibly by the + * "dynamic" ENGINE support too */ +static int bind_helper(ENGINE *e) + { +#ifndef OPENSSL_NO_RSA + const RSA_METHOD *meth1; +#endif + if(!ENGINE_set_id(e, engine_e_gmp_id) || + !ENGINE_set_name(e, engine_e_gmp_name) || +#ifndef OPENSSL_NO_RSA + !ENGINE_set_RSA(e, &e_gmp_rsa) || +#endif + !ENGINE_set_destroy_function(e, e_gmp_destroy) || + !ENGINE_set_init_function(e, e_gmp_init) || + !ENGINE_set_finish_function(e, e_gmp_finish) || + !ENGINE_set_ctrl_function(e, e_gmp_ctrl) || + !ENGINE_set_cmd_defns(e, e_gmp_cmd_defns)) + return 0; + +#ifndef OPENSSL_NO_RSA + meth1 = RSA_PKCS1_SSLeay(); + e_gmp_rsa.rsa_pub_enc = meth1->rsa_pub_enc; + e_gmp_rsa.rsa_pub_dec = meth1->rsa_pub_dec; + e_gmp_rsa.rsa_priv_enc = meth1->rsa_priv_enc; + e_gmp_rsa.rsa_priv_dec = meth1->rsa_priv_dec; + e_gmp_rsa.bn_mod_exp = meth1->bn_mod_exp; +#endif + + /* Ensure the e_gmp error handling is set up */ + ERR_load_GMP_strings(); + return 1; + } + +static ENGINE *engine_gmp(void) + { + ENGINE *ret = ENGINE_new(); + if(!ret) + return NULL; + if(!bind_helper(ret)) + { + ENGINE_free(ret); + return NULL; + } + return ret; + } + +void ENGINE_load_gmp(void) + { + /* Copied from eng_[openssl|dyn].c */ + ENGINE *toadd = engine_gmp(); + if(!toadd) return; + ENGINE_add(toadd); + ENGINE_free(toadd); + ERR_clear_error(); + } + +#ifndef OPENSSL_NO_RSA +/* Used to attach our own key-data to an RSA structure */ +static int hndidx_rsa = -1; +#endif + +static int e_gmp_destroy(ENGINE *e) + { + ERR_unload_GMP_strings(); + return 1; + } + +/* (de)initialisation functions. */ +static int e_gmp_init(ENGINE *e) + { +#ifndef OPENSSL_NO_RSA + if (hndidx_rsa == -1) + hndidx_rsa = RSA_get_ex_new_index(0, + "GMP-based RSA key handle", + NULL, NULL, NULL); +#endif + if (hndidx_rsa == -1) + return 0; + return 1; + } + +static int e_gmp_finish(ENGINE *e) + { + return 1; + } + +static int e_gmp_ctrl(ENGINE *e, int cmd, long i, void *p, void (*f)()) + { + int to_return = 1; + + switch(cmd) + { +#if 0 + case E_GMP_CMD_SO_PATH: + /* ... */ +#endif + /* The command isn't understood by this engine */ + default: + GMPerr(GMP_F_E_GMP_CTRL, + GMP_R_CTRL_COMMAND_NOT_IMPLEMENTED); + to_return = 0; + break; + } + + return to_return; + } + +/* HACK - use text I/O functions in openssl and GMP to handle conversions. This + * is vile. */ +static int bn2gmp(const BIGNUM *bn, mpz_t g) + { + int toret; + char *tmpchar = BN_bn2hex(bn); + if(!tmpchar) return 0; + toret = (mpz_set_str(g, tmpchar, 16) == 0 ? 1 : 0); + OPENSSL_free(tmpchar); + return toret; + } + +static int gmp2bn(mpz_t g, BIGNUM *bn) + { + int toret; + char *tmpchar = OPENSSL_malloc(mpz_sizeinbase(g, 16) + 10); + if(!tmpchar) return 0; + mpz_get_str(tmpchar, 16, g); + toret = BN_hex2bn(&bn, tmpchar); + OPENSSL_free(tmpchar); + return toret; + } + +#ifndef OPENSSL_NO_RSA +typedef struct st_e_gmp_rsa_ctx + { + int public_only; + mpz_t n; + mpz_t d; + mpz_t e; + mpz_t p; + mpz_t q; + mpz_t dmp1; + mpz_t dmq1; + mpz_t iqmp; + mpz_t r0, r1, I0, m1; + } E_GMP_RSA_CTX; + +static E_GMP_RSA_CTX *e_gmp_get_rsa(RSA *rsa) + { + E_GMP_RSA_CTX *hptr = RSA_get_ex_data(rsa, hndidx_rsa); + if(hptr) return hptr; + hptr = OPENSSL_malloc(sizeof(E_GMP_RSA_CTX)); + if(!hptr) return NULL; + /* These inits could probably be replaced by more intelligent + * mpz_init2() versions, to reduce malloc-thrashing. */ + mpz_init(hptr->n); + mpz_init(hptr->d); + mpz_init(hptr->e); + mpz_init(hptr->p); + mpz_init(hptr->q); + mpz_init(hptr->dmp1); + mpz_init(hptr->dmq1); + mpz_init(hptr->iqmp); + mpz_init(hptr->r0); + mpz_init(hptr->r1); + mpz_init(hptr->I0); + mpz_init(hptr->m1); + if(!bn2gmp(rsa->n, hptr->n) || !bn2gmp(rsa->e, hptr->e)) + goto err; + if(!rsa->p || !rsa->q || !rsa->d || !rsa->dmp1 || !rsa->dmq1 || !rsa->iqmp) + { + hptr->public_only = 1; + return hptr; + } + if(!bn2gmp(rsa->d, hptr->d) || !bn2gmp(rsa->p, hptr->p) || + !bn2gmp(rsa->q, hptr->q) || !bn2gmp(rsa->dmp1, hptr->dmp1) || + !bn2gmp(rsa->dmq1, hptr->dmq1) || !bn2gmp(rsa->iqmp, hptr->iqmp)) + goto err; + hptr->public_only = 0; + RSA_set_ex_data(rsa, hndidx_rsa, hptr); + return hptr; +err: + mpz_clear(hptr->n); + mpz_clear(hptr->d); + mpz_clear(hptr->e); + mpz_clear(hptr->p); + mpz_clear(hptr->q); + mpz_clear(hptr->dmp1); + mpz_clear(hptr->dmq1); + mpz_clear(hptr->iqmp); + mpz_clear(hptr->r0); + mpz_clear(hptr->r1); + mpz_clear(hptr->I0); + mpz_clear(hptr->m1); + OPENSSL_free(hptr); + return NULL; + } + +static int e_gmp_rsa_finish(RSA *rsa) + { + E_GMP_RSA_CTX *hptr = RSA_get_ex_data(rsa, hndidx_rsa); + if(!hptr) return 0; + mpz_clear(hptr->n); + mpz_clear(hptr->d); + mpz_clear(hptr->e); + mpz_clear(hptr->p); + mpz_clear(hptr->q); + mpz_clear(hptr->dmp1); + mpz_clear(hptr->dmq1); + mpz_clear(hptr->iqmp); + mpz_clear(hptr->r0); + mpz_clear(hptr->r1); + mpz_clear(hptr->I0); + mpz_clear(hptr->m1); + OPENSSL_free(hptr); + RSA_set_ex_data(rsa, hndidx_rsa, NULL); + return 1; + } + +static int e_gmp_rsa_mod_exp(BIGNUM *r, const BIGNUM *I, RSA *rsa) + { + E_GMP_RSA_CTX *hptr; + int to_return = 0; + + hptr = e_gmp_get_rsa(rsa); + if(!hptr) + { + GMPerr(GMP_F_E_GMP_RSA_MOD_EXP, + GMP_R_KEY_CONTEXT_ERROR); + return 0; + } + if(hptr->public_only) + { + GMPerr(GMP_F_E_GMP_RSA_MOD_EXP, + GMP_R_MISSING_KEY_COMPONENTS); + return 0; + } + + /* ugh!!! */ + if(!bn2gmp(I, hptr->I0)) + return 0; + + /* This is basically the CRT logic in crypto/rsa/rsa_eay.c reworded into + * GMP-speak. It may be that GMP's API facilitates cleaner formulations + * of this stuff, eg. better handling of negatives, or functions that + * combine operations. */ + + mpz_mod(hptr->r1, hptr->I0, hptr->q); + mpz_powm(hptr->m1, hptr->r1, hptr->dmq1, hptr->q); + + mpz_mod(hptr->r1, hptr->I0, hptr->p); + mpz_powm(hptr->r0, hptr->r1, hptr->dmp1, hptr->p); + + mpz_sub(hptr->r0, hptr->r0, hptr->m1); + + if(mpz_sgn(hptr->r0) < 0) + mpz_add(hptr->r0, hptr->r0, hptr->p); + mpz_mul(hptr->r1, hptr->r0, hptr->iqmp); + mpz_mod(hptr->r0, hptr->r1, hptr->p); + + if(mpz_sgn(hptr->r0) < 0) + mpz_add(hptr->r0, hptr->r0, hptr->p); + mpz_mul(hptr->r1, hptr->r0, hptr->q); + mpz_add(hptr->r0, hptr->r1, hptr->m1); + + /* ugh!!! */ + if(gmp2bn(hptr->r0, r)) + to_return = 1; + + return 1; + } +#endif + +/* This stuff is needed if this ENGINE is being compiled into a self-contained + * shared-library. */ +#ifdef ENGINE_DYNAMIC_SUPPORT +static int bind_fn(ENGINE *e, const char *id) + { + if(id && (strcmp(id, engine_e_gmp_id) != 0)) + return 0; + if(!bind_helper(e)) + return 0; + return 1; + } +IMPLEMENT_DYNAMIC_CHECK_FN() +IMPLEMENT_DYNAMIC_BIND_FN(bind_fn) +#endif /* ENGINE_DYNAMIC_SUPPORT */ + +#endif /* !OPENSSL_NO_HW_GMP */ +#endif /* !OPENSSL_NO_HW */ + diff --git a/engines/e_gmp.ec b/engines/e_gmp.ec new file mode 100644 index 0000000000..72ec447fb7 --- /dev/null +++ b/engines/e_gmp.ec @@ -0,0 +1 @@ +L GMP e_gmp_err.h e_gmp_err.c diff --git a/engines/e_gmp_err.c b/engines/e_gmp_err.c new file mode 100644 index 0000000000..383832ad2f --- /dev/null +++ b/engines/e_gmp_err.c @@ -0,0 +1,137 @@ +/* e_gmp_err.c */ +/* ==================================================================== + * Copyright (c) 1999-2002 The OpenSSL Project. All rights reserved. + * + * Redistribution and use in source and binary forms, with or without + * modification, are permitted provided that the following conditions + * are met: + * + * 1. Redistributions of source code must retain the above copyright + * notice, this list of conditions and the following disclaimer. + * + * 2. Redistributions in binary form must reproduce the above copyright + * notice, this list of conditions and the following disclaimer in + * the documentation and/or other materials provided with the + * distribution. + * + * 3. All advertising materials mentioning features or use of this + * software must display the following acknowledgment: + * "This product includes software developed by the OpenSSL Project + * for use in the OpenSSL Toolkit. (http://www.OpenSSL.org/)" + * + * 4. The names "OpenSSL Toolkit" and "OpenSSL Project" must not be used to + * endorse or promote products derived from this software without + * prior written permission. For written permission, please contact + * openssl-core@OpenSSL.org. + * + * 5. Products derived from this software may not be called "OpenSSL" + * nor may "OpenSSL" appear in their names without prior written + * permission of the OpenSSL Project. + * + * 6. Redistributions of any form whatsoever must retain the following + * acknowledgment: + * "This product includes software developed by the OpenSSL Project + * for use in the OpenSSL Toolkit (http://www.OpenSSL.org/)" + * + * THIS SOFTWARE IS PROVIDED BY THE OpenSSL PROJECT ``AS IS'' AND ANY + * EXPRESSED OR IMPLIED WARRANTIES, INCLUDING, BUT NOT LIMITED TO, THE + * IMPLIED WARRANTIES OF MERCHANTABILITY AND FITNESS FOR A PARTICULAR + * PURPOSE ARE DISCLAIMED. IN NO EVENT SHALL THE OpenSSL PROJECT OR + * ITS CONTRIBUTORS BE LIABLE FOR ANY DIRECT, INDIRECT, INCIDENTAL, + * SPECIAL, EXEMPLARY, OR CONSEQUENTIAL DAMAGES (INCLUDING, BUT + * NOT LIMITED TO, PROCUREMENT OF SUBSTITUTE GOODS OR SERVICES; + * LOSS OF USE, DATA, OR PROFITS; OR BUSINESS INTERRUPTION) + * HOWEVER CAUSED AND ON ANY THEORY OF LIABILITY, WHETHER IN CONTRACT, + * STRICT LIABILITY, OR TORT (INCLUDING NEGLIGENCE OR OTHERWISE) + * ARISING IN ANY WAY OUT OF THE USE OF THIS SOFTWARE, EVEN IF ADVISED + * OF THE POSSIBILITY OF SUCH DAMAGE. + * ==================================================================== + * + * This product includes cryptographic software written by Eric Young + * (eay@cryptsoft.com). This product includes software written by Tim + * Hudson (tjh@cryptsoft.com). + * + */ + +/* NOTE: this file was auto generated by the mkerr.pl script: any changes + * made to it will be overwritten when the script next updates this file, + * only reason strings will be preserved. + */ + +#include +#include +#include "e_gmp_err.h" + +/* BEGIN ERROR CODES */ +#ifndef OPENSSL_NO_ERR +static ERR_STRING_DATA GMP_str_functs[]= + { +{ERR_PACK(0,GMP_F_E_GMP_CTRL,0), "E_GMP_CTRL"}, +{ERR_PACK(0,GMP_F_E_GMP_RSA_MOD_EXP,0), "E_GMP_RSA_MOD_EXP"}, +{0,NULL} + }; + +static ERR_STRING_DATA GMP_str_reasons[]= + { +{GMP_R_CTRL_COMMAND_NOT_IMPLEMENTED ,"ctrl command not implemented"}, +{GMP_R_KEY_CONTEXT_ERROR ,"key context error"}, +{GMP_R_MISSING_KEY_COMPONENTS ,"missing key components"}, +{0,NULL} + }; + +#endif + +#ifdef GMP_LIB_NAME +static ERR_STRING_DATA GMP_lib_name[]= + { +{0 ,GMP_LIB_NAME}, +{0,NULL} + }; +#endif + + +static int GMP_lib_error_code=0; +static int GMP_error_init=1; + +static void ERR_load_GMP_strings(void) + { + if (GMP_lib_error_code == 0) + GMP_lib_error_code=ERR_get_next_error_library(); + + if (GMP_error_init) + { + GMP_error_init=0; +#ifndef OPENSSL_NO_ERR + ERR_load_strings(GMP_lib_error_code,GMP_str_functs); + ERR_load_strings(GMP_lib_error_code,GMP_str_reasons); +#endif + +#ifdef GMP_LIB_NAME + GMP_lib_name->error = ERR_PACK(GMP_lib_error_code,0,0); + ERR_load_strings(0,GMP_lib_name); +#endif + } + } + +static void ERR_unload_GMP_strings(void) + { + if (GMP_error_init == 0) + { +#ifndef OPENSSL_NO_ERR + ERR_unload_strings(GMP_lib_error_code,GMP_str_functs); + ERR_unload_strings(GMP_lib_error_code,GMP_str_reasons); +#endif + +#ifdef GMP_LIB_NAME + ERR_unload_strings(0,GMP_lib_name); +#endif + GMP_error_init=1; + } + } + +static void ERR_GMP_error(int function, int reason, char *file, int line) + { + if (GMP_lib_error_code == 0) + GMP_lib_error_code=ERR_get_next_error_library(); + ERR_PUT_error(GMP_lib_error_code,function,reason,file,line); + } diff --git a/engines/e_gmp_err.h b/engines/e_gmp_err.h new file mode 100644 index 0000000000..cf46f0ec74 --- /dev/null +++ b/engines/e_gmp_err.h @@ -0,0 +1,81 @@ +/* ==================================================================== + * Copyright (c) 2001-2002 The OpenSSL Project. All rights reserved. + * + * Redistribution and use in source and binary forms, with or without + * modification, are permitted provided that the following conditions + * are met: + * + * 1. Redistributions of source code must retain the above copyright + * notice, this list of conditions and the following disclaimer. + * + * 2. Redistributions in binary form must reproduce the above copyright + * notice, this list of conditions and the following disclaimer in + * the documentation and/or other materials provided with the + * distribution. + * + * 3. All advertising materials mentioning features or use of this + * software must display the following acknowledgment: + * "This product includes software developed by the OpenSSL Project + * for use in the OpenSSL Toolkit. (http://www.openssl.org/)" + * + * 4. The names "OpenSSL Toolkit" and "OpenSSL Project" must not be used to + * endorse or promote products derived from this software without + * prior written permission. For written permission, please contact + * openssl-core@openssl.org. + * + * 5. Products derived from this software may not be called "OpenSSL" + * nor may "OpenSSL" appear in their names without prior written + * permission of the OpenSSL Project. + * + * 6. Redistributions of any form whatsoever must retain the following + * acknowledgment: + * "This product includes software developed by the OpenSSL Project + * for use in the OpenSSL Toolkit (http://www.openssl.org/)" + * + * THIS SOFTWARE IS PROVIDED BY THE OpenSSL PROJECT ``AS IS'' AND ANY + * EXPRESSED OR IMPLIED WARRANTIES, INCLUDING, BUT NOT LIMITED TO, THE + * IMPLIED WARRANTIES OF MERCHANTABILITY AND FITNESS FOR A PARTICULAR + * PURPOSE ARE DISCLAIMED. IN NO EVENT SHALL THE OpenSSL PROJECT OR + * ITS CONTRIBUTORS BE LIABLE FOR ANY DIRECT, INDIRECT, INCIDENTAL, + * SPECIAL, EXEMPLARY, OR CONSEQUENTIAL DAMAGES (INCLUDING, BUT + * NOT LIMITED TO, PROCUREMENT OF SUBSTITUTE GOODS OR SERVICES; + * LOSS OF USE, DATA, OR PROFITS; OR BUSINESS INTERRUPTION) + * HOWEVER CAUSED AND ON ANY THEORY OF LIABILITY, WHETHER IN CONTRACT, + * STRICT LIABILITY, OR TORT (INCLUDING NEGLIGENCE OR OTHERWISE) + * ARISING IN ANY WAY OUT OF THE USE OF THIS SOFTWARE, EVEN IF ADVISED + * OF THE POSSIBILITY OF SUCH DAMAGE. + * ==================================================================== + * + * This product includes cryptographic software written by Eric Young + * (eay@cryptsoft.com). This product includes software written by Tim + * Hudson (tjh@cryptsoft.com). + * + */ + +#ifndef HEADER_GMP_ERR_H +#define HEADER_GMP_ERR_H + +/* BEGIN ERROR CODES */ +/* The following lines are auto generated by the script mkerr.pl. Any changes + * made after this point may be overwritten when the script is next run. + */ +static void ERR_load_GMP_strings(void); +static void ERR_unload_GMP_strings(void); +static void ERR_GMP_error(int function, int reason, char *file, int line); +#define GMPerr(f,r) ERR_GMP_error((f),(r),__FILE__,__LINE__) + +/* Error codes for the GMP functions. */ + +/* Function codes. */ +#define GMP_F_E_GMP_CTRL 100 +#define GMP_F_E_GMP_RSA_MOD_EXP 101 + +/* Reason codes. */ +#define GMP_R_CTRL_COMMAND_NOT_IMPLEMENTED 100 +#define GMP_R_KEY_CONTEXT_ERROR 101 +#define GMP_R_MISSING_KEY_COMPONENTS 102 + +#ifdef __cplusplus +} +#endif +#endif From f3c22ef10de7a506f0c127892835961c7f07837c Mon Sep 17 00:00:00 2001 From: Geoff Thorpe Date: Thu, 30 Jan 2003 15:49:03 +0000 Subject: [PATCH 042/393] This glues the GMP wrapper ENGINE into OpenSSL if it is being built (ie. if the OPENSSL_USE_GMP symbol is defined). Also, I've re-ordered the listing of other builtin ENGINEs to be alphabetical (though "dynamic" will still come first). --- crypto/engine/eng_all.c | 25 ++++++++++++++----------- crypto/engine/engine.h | 15 ++++++++------- 2 files changed, 22 insertions(+), 18 deletions(-) diff --git a/crypto/engine/eng_all.c b/crypto/engine/eng_all.c index 7cc05bfe0b..64ec2db901 100644 --- a/crypto/engine/eng_all.c +++ b/crypto/engine/eng_all.c @@ -72,34 +72,37 @@ void ENGINE_load_builtin_engines(void) ENGINE_load_dynamic(); #ifndef OPENSSL_NO_STATIC_ENGINE #ifndef OPENSSL_NO_HW +#ifndef OPENSSL_NO_HW_4758_CCA + ENGINE_load_4758cca(); +#endif +#ifndef OPENSSL_NO_HW_AEP + ENGINE_load_aep(); +#endif +#ifndef OPENSSL_NO_HW_ATALLA + ENGINE_load_atalla(); +#endif #ifndef OPENSSL_NO_HW_CSWIFT ENGINE_load_cswift(); #endif #ifndef OPENSSL_NO_HW_NCIPHER ENGINE_load_chil(); #endif -#ifndef OPENSSL_NO_HW_ATALLA - ENGINE_load_atalla(); -#endif #ifndef OPENSSL_NO_HW_NURON ENGINE_load_nuron(); #endif -#ifndef OPENSSL_NO_HW_UBSEC - ENGINE_load_ubsec(); -#endif -#ifndef OPENSSL_NO_HW_AEP - ENGINE_load_aep(); -#endif #ifndef OPENSSL_NO_HW_SUREWARE ENGINE_load_sureware(); #endif -#ifndef OPENSSL_NO_HW_4758_CCA - ENGINE_load_4758cca(); +#ifndef OPENSSL_NO_HW_UBSEC + ENGINE_load_ubsec(); #endif #endif #if defined(__OpenBSD__) || defined(__FreeBSD__) ENGINE_load_cryptodev(); #endif +#if defined(OPENSSL_USE_GMP) && !defined(OPENSSL_NO_HW_GMP) + ENGINE_load_gmp(); +#endif #endif } diff --git a/crypto/engine/engine.h b/crypto/engine/engine.h index 8ed684c0ea..44b3849b25 100644 --- a/crypto/engine/engine.h +++ b/crypto/engine/engine.h @@ -320,14 +320,15 @@ ENGINE *ENGINE_by_id(const char *id); void ENGINE_load_openssl(void); void ENGINE_load_dynamic(void); #ifndef OPENSSL_NO_STATIC_ENGINE -void ENGINE_load_cswift(void); -void ENGINE_load_chil(void); -void ENGINE_load_atalla(void); -void ENGINE_load_nuron(void); -void ENGINE_load_ubsec(void); -void ENGINE_load_aep(void); -void ENGINE_load_sureware(void); void ENGINE_load_4758cca(void); +void ENGINE_load_aep(void); +void ENGINE_load_atalla(void); +void ENGINE_load_chil(void); +void ENGINE_load_cswift(void); +void ENGINE_load_gmp(void); +void ENGINE_load_nuron(void); +void ENGINE_load_sureware(void); +void ENGINE_load_ubsec(void); #endif void ENGINE_load_cryptodev(void); void ENGINE_load_builtin_engines(void); From 96f7065f6392e19f1449578aaeabb8dc39294fa7 Mon Sep 17 00:00:00 2001 From: Geoff Thorpe Date: Thu, 30 Jan 2003 15:52:40 +0000 Subject: [PATCH 043/393] Summarise the last couple of commits. --- CHANGES | 16 ++++++++++++++++ 1 file changed, 16 insertions(+) diff --git a/CHANGES b/CHANGES index 1a30ede2af..32056ac1f1 100644 --- a/CHANGES +++ b/CHANGES @@ -4,6 +4,22 @@ Changes between 0.9.7 and 0.9.8 [xx XXX xxxx] + *) Added an ENGINE that implements RSA by performing private key + exponentiations with the GMP library. The conversions to and from + GMP's mpz_t format aren't optimised nor are any montgomery forms + cached, and on x86 it appears OpenSSL's own performance has caught up. + However there are likely to be other architectures where GMP could + provide a boost. This ENGINE is not built in by default, but it can be + specified at Configure time and should be accompanied by the necessary + linker additions, eg; + ./config -DOPENSSL_USE_GMP -lgmp + [Geoff Thorpe] + + *) "openssl engine" will not display ENGINE/DSO load failure errors when + testing availability of engines with "-t" - the old behaviour is + produced by increasing the feature's verbosity with "-tt". + [Geoff Thorpe] + *) ECDSA routines: under certain error conditions uninitialized BN objects could be freed. Solution: make sure initialization is performed early enough. (Reported and fix supplied by Nils Larsch From 0b13e9f055d3f7be066dc2e89fc9f9822b12eca7 Mon Sep 17 00:00:00 2001 From: Richard Levitte Date: Thu, 30 Jan 2003 17:39:26 +0000 Subject: [PATCH 044/393] Add the possibility to build without the ENGINE framework. PR: 287 --- CHANGES | 3 ++ Configure | 3 +- apps/apps.c | 8 +++++ apps/apps.h | 69 +++++++++++++++++++++++++++----------- apps/ca.c | 8 +++++ apps/dgst.c | 8 +++++ apps/dh.c | 15 ++++++++- apps/dhparam.c | 13 ++++++- apps/dsa.c | 15 ++++++++- apps/dsaparam.c | 10 ++++++ apps/enc.c | 10 ++++++ apps/engine.c | 3 ++ apps/gendh.c | 10 ++++++ apps/gendsa.c | 10 ++++++ apps/genrsa.c | 10 ++++++ apps/openssl.c | 2 ++ apps/pkcs12.c | 8 +++++ apps/pkcs7.c | 10 ++++++ apps/pkcs8.c | 8 +++++ apps/progs.h | 4 +++ apps/rand.c | 10 ++++++ apps/req.c | 10 +++++- apps/rsa.c | 8 +++++ apps/rsautl.c | 8 +++++ apps/s_client.c | 8 +++++ apps/s_server.c | 12 +++++++ apps/smime.c | 8 +++++ apps/speed.c | 6 ++++ apps/spkac.c | 8 +++++ apps/verify.c | 12 ++++++- apps/x509.c | 8 +++++ crypto/conf/conf_mall.c | 4 +++ crypto/conf/conf_sap.c | 4 +++ crypto/dh/dh.h | 2 ++ crypto/dh/dh_key.c | 2 ++ crypto/dh/dh_lib.c | 10 ++++++ crypto/dsa/dsa.h | 2 ++ crypto/dsa/dsa_lib.c | 10 ++++++ crypto/dsa/dsa_ossl.c | 2 ++ crypto/dsa/dsa_sign.c | 2 ++ crypto/dsa/dsa_vrf.c | 2 ++ crypto/dsa/dsatest.c | 2 ++ crypto/ec/ectest.c | 4 +++ crypto/engine/engine.h | 5 +++ crypto/engine/enginetest.c | 11 +++++- crypto/err/err_all.c | 4 +++ crypto/evp/digest.c | 13 ++++++- crypto/evp/evp.h | 4 +++ crypto/evp/evp_acnf.c | 2 ++ crypto/evp/evp_enc.c | 10 ++++++ crypto/evp/evp_test.c | 9 +++++ crypto/rand/rand.h | 2 ++ crypto/rand/rand_lib.c | 10 ++++++ crypto/rsa/rsa.h | 2 ++ crypto/rsa/rsa_eay.c | 2 ++ crypto/rsa/rsa_lib.c | 10 ++++++ crypto/rsa/rsa_sign.c | 6 ++++ crypto/rsa/rsa_test.c | 2 ++ demos/x509/mkcert.c | 4 +++ demos/x509/mkreq.c | 4 +++ ssl/ssltest.c | 4 +++ util/bat.sh | 2 ++ util/mk1mf.pl | 8 +++++ util/mkdef.pl | 8 +++-- 64 files changed, 463 insertions(+), 30 deletions(-) diff --git a/CHANGES b/CHANGES index 32056ac1f1..8196fd23f1 100644 --- a/CHANGES +++ b/CHANGES @@ -406,6 +406,9 @@ TODO: bug: pad x with leading zeros if necessary Changes between 0.9.7 and 0.9.7a [XX xxx 2003] + *) Add the possibility to build without the ENGINE framework. + [Steven Reddie via Richard Levitte] + *) Under Win32 gmtime() can return NULL: check return value in OPENSSL_gmtime(). Add error code for case where gmtime() fails. [Steve Henson] diff --git a/Configure b/Configure index 4d227e6d88..0f270d72ea 100755 --- a/Configure +++ b/Configure @@ -10,7 +10,7 @@ use strict; # see INSTALL for instructions. -my $usage="Usage: Configure [no- ...] [-Dxxx] [-lxxx] [-Lxxx] [-fxxx] [-Kxxx] [no-hw-xxx|no-hw] [[no-]threads] [[no-]shared] [[no-]zlib|zlib-dynamic] [no-asm] [no-dso] [no-krb5] [386] [--prefix=DIR] [--openssldir=OPENSSLDIR] [--with-xxx[=vvv]] [--test-sanity] os/compiler[:flags]\n"; +my $usage="Usage: Configure [no- ...] [-Dxxx] [-lxxx] [-Lxxx] [-fxxx] [-Kxxx] [no-engine] [no-hw-xxx|no-hw] [[no-]threads] [[no-]shared] [[no-]zlib|zlib-dynamic] [no-asm] [no-dso] [no-krb5] [386] [--prefix=DIR] [--openssldir=OPENSSLDIR] [--with-xxx[=vvv]] [--test-sanity] os/compiler[:flags]\n"; # Options: # @@ -38,6 +38,7 @@ my $usage="Usage: Configure [no- ...] [-Dxxx] [-lxxx] [-Lxxx] [-fxxx] [- # --test-sanity Make a number of sanity checks on the data in this file. # This is a debugging tool for OpenSSL developers. # +# no-engine do not compile in any engine code. # no-hw-xxx do not compile support for specific crypto hardware. # Generic OpenSSL-style methods relating to this support # are always compiled but return NULL if the hardware diff --git a/apps/apps.c b/apps/apps.c index 4a8c9263a7..ec3e391b66 100644 --- a/apps/apps.c +++ b/apps/apps.c @@ -122,7 +122,9 @@ #include #include #include +#ifndef OPENSSL_NO_ENGINE #include +#endif #ifdef OPENSSL_SYS_WINDOWS #define strcasecmp _stricmp @@ -859,6 +861,7 @@ EVP_PKEY *load_key(BIO *err, const char *file, int format, int maybe_stdin, BIO_printf(err,"no keyfile specified\n"); goto end; } +#ifndef OPENSSL_NO_ENGINE if (format == FORMAT_ENGINE) { if (!e) @@ -868,6 +871,7 @@ EVP_PKEY *load_key(BIO *err, const char *file, int format, int maybe_stdin, ui_method, &cb_data); goto end; } +#endif key=BIO_new(BIO_s_file()); if (key == NULL) { @@ -935,6 +939,7 @@ EVP_PKEY *load_pubkey(BIO *err, const char *file, int format, int maybe_stdin, BIO_printf(err,"no keyfile specified\n"); goto end; } +#ifndef OPENSSL_NO_ENGINE if (format == FORMAT_ENGINE) { if (!e) @@ -944,6 +949,7 @@ EVP_PKEY *load_pubkey(BIO *err, const char *file, int format, int maybe_stdin, ui_method, &cb_data); goto end; } +#endif key=BIO_new(BIO_s_file()); if (key == NULL) { @@ -1329,6 +1335,7 @@ X509_STORE *setup_verify(BIO *bp, char *CAfile, char *CApath) return NULL; } +#ifndef OPENSSL_NO_ENGINE /* Try to load an engine in a shareable library */ static ENGINE *try_load_engine(BIO *err, const char *engine, int debug) { @@ -1385,6 +1392,7 @@ ENGINE *setup_engine(BIO *err, const char *engine, int debug) } return e; } +#endif int load_config(BIO *err, CONF *cnf) { diff --git a/apps/apps.h b/apps/apps.h index 7b1f8ded78..c36b9d2566 100644 --- a/apps/apps.h +++ b/apps/apps.h @@ -121,7 +121,9 @@ #include #include #include +#ifndef OPENSSL_NO_ENGINE #include +#endif #include int app_RAND_load_file(const char *file, BIO *bio_e, int dont_warn); @@ -179,30 +181,57 @@ extern BIO *bio_err; do_pipe_sig() # define apps_shutdown() #else -# if defined(OPENSSL_SYS_MSDOS) || defined(OPENSSL_SYS_WIN16) || \ - defined(OPENSSL_SYS_WIN32) -# ifdef _O_BINARY -# define apps_startup() \ - do { _fmode=_O_BINARY; do_pipe_sig(); CRYPTO_malloc_init(); \ - ERR_load_crypto_strings(); OpenSSL_add_all_algorithms(); \ - ENGINE_load_builtin_engines(); setup_ui_method(); } while(0) +# ifndef OPENSSL_NO_ENGINE +# if defined(OPENSSL_SYS_MSDOS) || defined(OPENSSL_SYS_WIN16) || \ + defined(OPENSSL_SYS_WIN32) +# ifdef _O_BINARY +# define apps_startup() \ + do { _fmode=_O_BINARY; do_pipe_sig(); CRYPTO_malloc_init(); \ + ERR_load_crypto_strings(); OpenSSL_add_all_algorithms(); \ + ENGINE_load_builtin_engines(); setup_ui_method(); } while(0) +# else +# define apps_startup() \ + do { _fmode=O_BINARY; do_pipe_sig(); CRYPTO_malloc_init(); \ + ERR_load_crypto_strings(); OpenSSL_add_all_algorithms(); \ + ENGINE_load_builtin_engines(); setup_ui_method(); } while(0) +# endif # else # define apps_startup() \ - do { _fmode=O_BINARY; do_pipe_sig(); CRYPTO_malloc_init(); \ - ERR_load_crypto_strings(); OpenSSL_add_all_algorithms(); \ - ENGINE_load_builtin_engines(); setup_ui_method(); } while(0) + do { do_pipe_sig(); OpenSSL_add_all_algorithms(); \ + ERR_load_crypto_strings(); ENGINE_load_builtin_engines(); \ + setup_ui_method(); } while(0) # endif +# define apps_shutdown() \ + do { CONF_modules_unload(1); destroy_ui_method(); \ + EVP_cleanup(); ENGINE_cleanup(); \ + CRYPTO_cleanup_all_ex_data(); ERR_remove_state(0); \ + ERR_free_strings(); } while(0) # else -# define apps_startup() \ - do { do_pipe_sig(); OpenSSL_add_all_algorithms(); \ - ERR_load_crypto_strings(); ENGINE_load_builtin_engines(); \ - setup_ui_method(); } while(0) +# if defined(OPENSSL_SYS_MSDOS) || defined(OPENSSL_SYS_WIN16) || \ + defined(OPENSSL_SYS_WIN32) +# ifdef _O_BINARY +# define apps_startup() \ + do { _fmode=_O_BINARY; do_pipe_sig(); CRYPTO_malloc_init(); \ + ERR_load_crypto_strings(); OpenSSL_add_all_algorithms(); \ + setup_ui_method(); } while(0) +# else +# define apps_startup() \ + do { _fmode=O_BINARY; do_pipe_sig(); CRYPTO_malloc_init(); \ + ERR_load_crypto_strings(); OpenSSL_add_all_algorithms(); \ + setup_ui_method(); } while(0) +# endif +# else +# define apps_startup() \ + do { do_pipe_sig(); OpenSSL_add_all_algorithms(); \ + ERR_load_crypto_strings(); \ + setup_ui_method(); } while(0) +# endif +# define apps_shutdown() \ + do { CONF_modules_unload(1); destroy_ui_method(); \ + EVP_cleanup(); \ + CRYPTO_cleanup_all_ex_data(); ERR_remove_state(0); \ + ERR_free_strings(); } while(0) # endif -# define apps_shutdown() \ - do { CONF_modules_unload(1); destroy_ui_method(); \ - EVP_cleanup(); ENGINE_cleanup(); \ - CRYPTO_cleanup_all_ex_data(); ERR_remove_state(0); \ - ERR_free_strings(); } while(0) #endif typedef struct args_st @@ -248,7 +277,9 @@ EVP_PKEY *load_pubkey(BIO *err, const char *file, int format, int maybe_stdin, STACK_OF(X509) *load_certs(BIO *err, const char *file, int format, const char *pass, ENGINE *e, const char *cert_descrip); X509_STORE *setup_verify(BIO *bp, char *CAfile, char *CApath); +#ifndef OPENSSL_NO_ENGINE ENGINE *setup_engine(BIO *err, const char *engine, int debug); +#endif int load_config(BIO *err, CONF *cnf); char *make_config_name(void); diff --git a/apps/ca.c b/apps/ca.c index 2a56e556a3..6722c5dbc9 100644 --- a/apps/ca.c +++ b/apps/ca.c @@ -196,7 +196,9 @@ static char *ca_usage[]={ " -extensions .. - Extension section (override value in config file)\n", " -extfile file - Configuration file with X509v3 extentions to add\n", " -crlexts .. - CRL extension section (override value in config file)\n", +#ifndef OPENSSL_NO_ENGINE " -engine e - use engine e, possibly a hardware device.\n", +#endif " -status serial - Shows certificate status given the serial number\n", " -updatedb - Updates db for expired certificates\n", NULL @@ -333,7 +335,9 @@ int MAIN(int argc, char **argv) #define BSIZE 256 MS_STATIC char buf[3][BSIZE]; char *randfile=NULL; +#ifndef OPENSSL_NO_ENGINE char *engine = NULL; +#endif char *tofree=NULL; #ifdef EFENCE @@ -537,11 +541,13 @@ EF_ALIGNMENT=0; rev_arg = *(++argv); rev_type = REV_CA_COMPROMISE; } +#ifndef OPENSSL_NO_ENGINE else if (strcmp(*argv,"-engine") == 0) { if (--argc < 1) goto bad; engine= *(++argv); } +#endif else { bad: @@ -562,7 +568,9 @@ bad: ERR_load_crypto_strings(); +#ifndef OPENSSL_NO_ENGINE e = setup_engine(bio_err, engine, 0); +#endif /*****************************************************************/ tofree=NULL; diff --git a/apps/dgst.c b/apps/dgst.c index 280f79b4a2..47d1309b14 100644 --- a/apps/dgst.c +++ b/apps/dgst.c @@ -100,7 +100,9 @@ int MAIN(int argc, char **argv) EVP_PKEY *sigkey = NULL; unsigned char *sigbuf = NULL; int siglen = 0; +#ifndef OPENSSL_NO_ENGINE char *engine=NULL; +#endif apps_startup(); @@ -166,11 +168,13 @@ int MAIN(int argc, char **argv) if (--argc < 1) break; keyform=str2fmt(*(++argv)); } +#ifndef OPENSSL_NO_ENGINE else if (strcmp(*argv,"-engine") == 0) { if (--argc < 1) break; engine= *(++argv); } +#endif else if (strcmp(*argv,"-hex") == 0) out_bin = 0; else if (strcmp(*argv,"-binary") == 0) @@ -208,7 +212,9 @@ int MAIN(int argc, char **argv) BIO_printf(bio_err,"-keyform arg key file format (PEM or ENGINE)\n"); BIO_printf(bio_err,"-signature file signature to verify\n"); BIO_printf(bio_err,"-binary output in binary form\n"); +#ifndef OPENSSL_NO_ENGINE BIO_printf(bio_err,"-engine e use engine e, possibly a hardware device.\n"); +#endif BIO_printf(bio_err,"-%3s to use the %s message digest algorithm (default)\n", LN_md5,LN_md5); @@ -228,7 +234,9 @@ int MAIN(int argc, char **argv) goto end; } +#ifndef OPENSSL_NO_ENGINE e = setup_engine(bio_err, engine, 0); +#endif in=BIO_new(BIO_s_file()); bmd=BIO_new(BIO_f_md()); diff --git a/apps/dh.c b/apps/dh.c index c10ea96b90..cd01fed139 100644 --- a/apps/dh.c +++ b/apps/dh.c @@ -87,12 +87,17 @@ int MAIN(int, char **); int MAIN(int argc, char **argv) { +#ifndef OPENSSL_NO_ENGINE ENGINE *e = NULL; +#endif DH *dh=NULL; int i,badops=0,text=0; BIO *in=NULL,*out=NULL; int informat,outformat,check=0,noout=0,C=0,ret=1; - char *infile,*outfile,*prog,*engine; + char *infile,*outfile,*prog; +#ifndef OPENSSL_NO_ENGINE + char *engine; +#endif apps_startup(); @@ -103,7 +108,9 @@ int MAIN(int argc, char **argv) if (!load_config(bio_err, NULL)) goto end; +#ifndef OPENSSL_NO_ENGINE engine=NULL; +#endif infile=NULL; outfile=NULL; informat=FORMAT_PEM; @@ -134,11 +141,13 @@ int MAIN(int argc, char **argv) if (--argc < 1) goto bad; outfile= *(++argv); } +#ifndef OPENSSL_NO_ENGINE else if (strcmp(*argv,"-engine") == 0) { if (--argc < 1) goto bad; engine= *(++argv); } +#endif else if (strcmp(*argv,"-check") == 0) check=1; else if (strcmp(*argv,"-text") == 0) @@ -170,13 +179,17 @@ bad: BIO_printf(bio_err," -text print a text form of the DH parameters\n"); BIO_printf(bio_err," -C Output C code\n"); BIO_printf(bio_err," -noout no output\n"); +#ifndef OPENSSL_NO_ENGINE BIO_printf(bio_err," -engine e use engine e, possibly a hardware device.\n"); +#endif goto end; } ERR_load_crypto_strings(); +#ifndef OPENSSL_NO_ENGINE e = setup_engine(bio_err, engine, 0); +#endif in=BIO_new(BIO_s_file()); out=BIO_new(BIO_s_file()); diff --git a/apps/dhparam.c b/apps/dhparam.c index cbc65bcc5f..dc00355b95 100644 --- a/apps/dhparam.c +++ b/apps/dhparam.c @@ -148,7 +148,9 @@ int MAIN(int, char **); int MAIN(int argc, char **argv) { +#ifndef OPENSSL_NO_ENGINE ENGINE *e = NULL; +#endif DH *dh=NULL; int i,badops=0,text=0; #ifndef OPENSSL_NO_DSA @@ -157,7 +159,10 @@ int MAIN(int argc, char **argv) BIO *in=NULL,*out=NULL; int informat,outformat,check=0,noout=0,C=0,ret=1; char *infile,*outfile,*prog; - char *inrand=NULL,*engine=NULL; + char *inrand=NULL; +#ifndef OPENSSL_NO_ENGINE + char *engine=NULL; +#endif int num = 0, g = 0; apps_startup(); @@ -199,11 +204,13 @@ int MAIN(int argc, char **argv) if (--argc < 1) goto bad; outfile= *(++argv); } +#ifndef OPENSSL_NO_ENGINE else if (strcmp(*argv,"-engine") == 0) { if (--argc < 1) goto bad; engine= *(++argv); } +#endif else if (strcmp(*argv,"-check") == 0) check=1; else if (strcmp(*argv,"-text") == 0) @@ -249,7 +256,9 @@ bad: BIO_printf(bio_err," -2 generate parameters using 2 as the generator value\n"); BIO_printf(bio_err," -5 generate parameters using 5 as the generator value\n"); BIO_printf(bio_err," numbits number of bits in to generate (default 512)\n"); +#ifndef OPENSSL_NO_ENGINE BIO_printf(bio_err," -engine e use engine e, possibly a hardware device.\n"); +#endif BIO_printf(bio_err," -rand file%cfile%c...\n", LIST_SEPARATOR_CHAR, LIST_SEPARATOR_CHAR); BIO_printf(bio_err," - load the file (or the files in the directory) into\n"); BIO_printf(bio_err," the random number generator\n"); @@ -259,7 +268,9 @@ bad: ERR_load_crypto_strings(); +#ifndef OPENSSL_NO_ENGINE e = setup_engine(bio_err, engine, 0); +#endif if (g && !num) num = DEFBITS; diff --git a/apps/dsa.c b/apps/dsa.c index 65988717bb..e9de3a3bdf 100644 --- a/apps/dsa.c +++ b/apps/dsa.c @@ -90,7 +90,9 @@ int MAIN(int, char **); int MAIN(int argc, char **argv) { +#ifndef OPENSSL_NO_ENGINE ENGINE *e = NULL; +#endif int ret=1; DSA *dsa=NULL; int i,badops=0; @@ -98,7 +100,10 @@ int MAIN(int argc, char **argv) BIO *in=NULL,*out=NULL; int informat,outformat,text=0,noout=0; int pubin = 0, pubout = 0; - char *infile,*outfile,*prog,*engine; + char *infile,*outfile,*prog; +#ifndef OPENSSL_NO_ENGINE + char *engine; +#endif char *passargin = NULL, *passargout = NULL; char *passin = NULL, *passout = NULL; int modulus=0; @@ -112,7 +117,9 @@ int MAIN(int argc, char **argv) if (!load_config(bio_err, NULL)) goto end; +#ifndef OPENSSL_NO_ENGINE engine=NULL; +#endif infile=NULL; outfile=NULL; informat=FORMAT_PEM; @@ -153,11 +160,13 @@ int MAIN(int argc, char **argv) if (--argc < 1) goto bad; passargout= *(++argv); } +#ifndef OPENSSL_NO_ENGINE else if (strcmp(*argv,"-engine") == 0) { if (--argc < 1) goto bad; engine= *(++argv); } +#endif else if (strcmp(*argv,"-noout") == 0) noout=1; else if (strcmp(*argv,"-text") == 0) @@ -189,7 +198,9 @@ bad: BIO_printf(bio_err," -passin arg input file pass phrase source\n"); BIO_printf(bio_err," -out arg output file\n"); BIO_printf(bio_err," -passout arg output file pass phrase source\n"); +#ifndef OPENSSL_NO_ENGINE BIO_printf(bio_err," -engine e use engine e, possibly a hardware device.\n"); +#endif BIO_printf(bio_err," -des encrypt PEM output with cbc des\n"); BIO_printf(bio_err," -des3 encrypt PEM output with ede cbc des using 168 bit key\n"); #ifndef OPENSSL_NO_IDEA @@ -207,7 +218,9 @@ bad: ERR_load_crypto_strings(); +#ifndef OPENSSL_NO_ENGINE e = setup_engine(bio_err, engine, 0); +#endif if(!app_passwd(bio_err, passargin, passargout, &passin, &passout)) { BIO_printf(bio_err, "Error getting passwords\n"); diff --git a/apps/dsaparam.c b/apps/dsaparam.c index b6abe785ab..14e79f9a21 100644 --- a/apps/dsaparam.c +++ b/apps/dsaparam.c @@ -110,7 +110,9 @@ int MAIN(int, char **); int MAIN(int argc, char **argv) { +#ifndef OPENSSL_NO_ENGINE ENGINE *e = NULL; +#endif DSA *dsa=NULL; int i,badops=0,text=0; BIO *in=NULL,*out=NULL; @@ -118,7 +120,9 @@ int MAIN(int argc, char **argv) char *infile,*outfile,*prog,*inrand=NULL; int numbits= -1,num,genkey=0; int need_rand=0; +#ifndef OPENSSL_NO_ENGINE char *engine=NULL; +#endif #ifdef GENCB_TEST int timebomb=0; #endif @@ -162,11 +166,13 @@ int MAIN(int argc, char **argv) if (--argc < 1) goto bad; outfile= *(++argv); } +#ifndef OPENSSL_NO_ENGINE else if(strcmp(*argv, "-engine") == 0) { if (--argc < 1) goto bad; engine = *(++argv); } +#endif #ifdef GENCB_TEST else if(strcmp(*argv, "-timebomb") == 0) { @@ -221,7 +227,9 @@ bad: BIO_printf(bio_err," -noout no output\n"); BIO_printf(bio_err," -genkey generate a DSA key\n"); BIO_printf(bio_err," -rand files to use for random number input\n"); +#ifndef OPENSSL_NO_ENGINE BIO_printf(bio_err," -engine e use engine e, possibly a hardware device.\n"); +#endif #ifdef GENCB_TEST BIO_printf(bio_err," -timebomb n interrupt keygen after seconds\n"); #endif @@ -268,7 +276,9 @@ bad: } } +#ifndef OPENSSL_NO_ENGINE e = setup_engine(bio_err, engine, 0); +#endif if (need_rand) { diff --git a/apps/enc.c b/apps/enc.c index 42ddfd244b..0a9f7310bf 100644 --- a/apps/enc.c +++ b/apps/enc.c @@ -100,7 +100,9 @@ int MAIN(int, char **); int MAIN(int argc, char **argv) { +#ifndef OPENSSL_NO_ENGINE ENGINE *e = NULL; +#endif static const char magic[]="Salted__"; char mbuf[sizeof magic-1]; char *strbuf=NULL; @@ -119,7 +121,9 @@ int MAIN(int argc, char **argv) BIO *in=NULL,*out=NULL,*b64=NULL,*benc=NULL,*rbio=NULL,*wbio=NULL; #define PROG_NAME_SIZE 39 char pname[PROG_NAME_SIZE+1]; +#ifndef OPENSSL_NO_ENGINE char *engine = NULL; +#endif apps_startup(); @@ -163,11 +167,13 @@ int MAIN(int argc, char **argv) if (--argc < 1) goto bad; passarg= *(++argv); } +#ifndef OPENSSL_NO_ENGINE else if (strcmp(*argv,"-engine") == 0) { if (--argc < 1) goto bad; engine= *(++argv); } +#endif else if (strcmp(*argv,"-d") == 0) enc=0; else if (strcmp(*argv,"-p") == 0) @@ -270,7 +276,9 @@ bad: BIO_printf(bio_err,"%-14s key/iv in hex is the next argument\n","-K/-iv"); BIO_printf(bio_err,"%-14s print the iv/key (then exit if -P)\n","-[pP]"); BIO_printf(bio_err,"%-14s buffer size\n","-bufsize "); +#ifndef OPENSSL_NO_ENGINE BIO_printf(bio_err,"%-14s use engine e, possibly a hardware device.\n","-engine e"); +#endif BIO_printf(bio_err,"Cipher Types\n"); OBJ_NAME_do_all_sorted(OBJ_NAME_TYPE_CIPHER_METH, @@ -284,7 +292,9 @@ bad: argv++; } +#ifndef OPENSSL_NO_ENGINE e = setup_engine(bio_err, engine, 0); +#endif if (bufsize != NULL) { diff --git a/apps/engine.c b/apps/engine.c index 1a22d5dee9..3b3464a849 100644 --- a/apps/engine.c +++ b/apps/engine.c @@ -56,6 +56,8 @@ * */ +#ifndef OPENSSL_NO_ENGINE + #include #include #include @@ -526,3 +528,4 @@ end: apps_shutdown(); OPENSSL_EXIT(ret); } +#endif diff --git a/apps/gendh.c b/apps/gendh.c index 574a13a57a..b90087493a 100644 --- a/apps/gendh.c +++ b/apps/gendh.c @@ -87,13 +87,17 @@ int MAIN(int, char **); int MAIN(int argc, char **argv) { +#ifndef OPENSSL_NO_ENGINE ENGINE *e = NULL; +#endif DH *dh=NULL; int ret=1,num=DEFBITS; int g=2; char *outfile=NULL; char *inrand=NULL; +#ifndef OPENSSL_NO_ENGINE char *engine=NULL; +#endif BIO *out=NULL; apps_startup(); @@ -121,11 +125,13 @@ int MAIN(int argc, char **argv) g=3; */ else if (strcmp(*argv,"-5") == 0) g=5; +#ifndef OPENSSL_NO_ENGINE else if (strcmp(*argv,"-engine") == 0) { if (--argc < 1) goto bad; engine= *(++argv); } +#endif else if (strcmp(*argv,"-rand") == 0) { if (--argc < 1) goto bad; @@ -144,14 +150,18 @@ bad: BIO_printf(bio_err," -2 - use 2 as the generator value\n"); /* BIO_printf(bio_err," -3 - use 3 as the generator value\n"); */ BIO_printf(bio_err," -5 - use 5 as the generator value\n"); +#ifndef OPENSSL_NO_ENGINE BIO_printf(bio_err," -engine e - use engine e, possibly a hardware device.\n"); +#endif BIO_printf(bio_err," -rand file%cfile%c...\n", LIST_SEPARATOR_CHAR, LIST_SEPARATOR_CHAR); BIO_printf(bio_err," - load the file (or the files in the directory) into\n"); BIO_printf(bio_err," the random number generator\n"); goto end; } +#ifndef OPENSSL_NO_ENGINE e = setup_engine(bio_err, engine, 0); +#endif out=BIO_new(BIO_s_file()); if (out == NULL) diff --git a/apps/gendsa.c b/apps/gendsa.c index 4600711c36..6d2ed06c81 100644 --- a/apps/gendsa.c +++ b/apps/gendsa.c @@ -77,7 +77,9 @@ int MAIN(int, char **); int MAIN(int argc, char **argv) { +#ifndef OPENSSL_NO_ENGINE ENGINE *e = NULL; +#endif DSA *dsa=NULL; int ret=1; char *outfile=NULL; @@ -85,7 +87,9 @@ int MAIN(int argc, char **argv) char *passargout = NULL, *passout = NULL; BIO *out=NULL,*in=NULL; const EVP_CIPHER *enc=NULL; +#ifndef OPENSSL_NO_ENGINE char *engine=NULL; +#endif apps_startup(); @@ -111,11 +115,13 @@ int MAIN(int argc, char **argv) if (--argc < 1) goto bad; passargout= *(++argv); } +#ifndef OPENSSL_NO_ENGINE else if (strcmp(*argv,"-engine") == 0) { if (--argc < 1) goto bad; engine= *(++argv); } +#endif else if (strcmp(*argv,"-rand") == 0) { if (--argc < 1) goto bad; @@ -167,7 +173,9 @@ bad: BIO_printf(bio_err," -aes128, -aes192, -aes256\n"); BIO_printf(bio_err," encrypt PEM output with cbc aes\n"); #endif +#ifndef OPENSSL_NO_ENGINE BIO_printf(bio_err," -engine e - use engine e, possibly a hardware device.\n"); +#endif BIO_printf(bio_err," -rand file%cfile%c...\n", LIST_SEPARATOR_CHAR, LIST_SEPARATOR_CHAR); BIO_printf(bio_err," - load the file (or the files in the directory) into\n"); BIO_printf(bio_err," the random number generator\n"); @@ -176,7 +184,9 @@ bad: goto end; } +#ifndef OPENSSL_NO_ENGINE e = setup_engine(bio_err, engine, 0); +#endif if(!app_passwd(bio_err, NULL, passargout, NULL, &passout)) { BIO_printf(bio_err, "Error getting password\n"); diff --git a/apps/genrsa.c b/apps/genrsa.c index 6079688ce9..0ce23946ef 100644 --- a/apps/genrsa.c +++ b/apps/genrsa.c @@ -87,7 +87,9 @@ int MAIN(int, char **); int MAIN(int argc, char **argv) { +#ifndef OPENSSL_NO_ENGINE ENGINE *e = NULL; +#endif int ret=1; RSA *rsa=NULL; int i,num=DEFBITS; @@ -96,7 +98,9 @@ int MAIN(int argc, char **argv) unsigned long f4=RSA_F4; char *outfile=NULL; char *passargout = NULL, *passout = NULL; +#ifndef OPENSSL_NO_ENGINE char *engine=NULL; +#endif char *inrand=NULL; BIO *out=NULL; @@ -128,11 +132,13 @@ int MAIN(int argc, char **argv) f4=3; else if (strcmp(*argv,"-F4") == 0 || strcmp(*argv,"-f4") == 0) f4=RSA_F4; +#ifndef OPENSSL_NO_ENGINE else if (strcmp(*argv,"-engine") == 0) { if (--argc < 1) goto bad; engine= *(++argv); } +#endif else if (strcmp(*argv,"-rand") == 0) { if (--argc < 1) goto bad; @@ -183,7 +189,9 @@ bad: BIO_printf(bio_err," -passout arg output file pass phrase source\n"); BIO_printf(bio_err," -f4 use F4 (0x10001) for the E value\n"); BIO_printf(bio_err," -3 use 3 for the E value\n"); +#ifndef OPENSSL_NO_ENGINE BIO_printf(bio_err," -engine e use engine e, possibly a hardware device.\n"); +#endif BIO_printf(bio_err," -rand file%cfile%c...\n", LIST_SEPARATOR_CHAR, LIST_SEPARATOR_CHAR); BIO_printf(bio_err," load the file (or the files in the directory) into\n"); BIO_printf(bio_err," the random number generator\n"); @@ -197,7 +205,9 @@ bad: goto err; } +#ifndef OPENSSL_NO_ENGINE e = setup_engine(bio_err, engine, 0); +#endif if (outfile == NULL) { diff --git a/apps/openssl.c b/apps/openssl.c index 47896472e8..45af2ba7f9 100644 --- a/apps/openssl.c +++ b/apps/openssl.c @@ -122,7 +122,9 @@ #include #include #include +#ifndef OPENSSL_NO_ENGINE #include +#endif #define USE_SOCKETS /* needed for the _O_BINARY defs in the MS world */ #include "progs.h" #include "s_apps.h" diff --git a/apps/pkcs12.c b/apps/pkcs12.c index e445c24b9b..dd56a2b808 100644 --- a/apps/pkcs12.c +++ b/apps/pkcs12.c @@ -120,7 +120,9 @@ int MAIN(int argc, char **argv) char *passin = NULL, *passout = NULL; char *inrand = NULL; char *CApath = NULL, *CAfile = NULL; +#ifndef OPENSSL_NO_ENGINE char *engine=NULL; +#endif apps_startup(); @@ -259,11 +261,13 @@ int MAIN(int argc, char **argv) args++; CAfile = *args; } else badarg = 1; +#ifndef OPENSSL_NO_ENGINE } else if (!strcmp(*args,"-engine")) { if (args[1]) { args++; engine = *args; } else badarg = 1; +#endif } else badarg = 1; } else badarg = 1; @@ -311,14 +315,18 @@ int MAIN(int argc, char **argv) BIO_printf (bio_err, "-password p set import/export password source\n"); BIO_printf (bio_err, "-passin p input file pass phrase source\n"); BIO_printf (bio_err, "-passout p output file pass phrase source\n"); +#ifndef OPENSSL_NO_ENGINE BIO_printf (bio_err, "-engine e use engine e, possibly a hardware device.\n"); +#endif BIO_printf(bio_err, "-rand file%cfile%c...\n", LIST_SEPARATOR_CHAR, LIST_SEPARATOR_CHAR); BIO_printf(bio_err, " load the file (or the files in the directory) into\n"); BIO_printf(bio_err, " the random number generator\n"); goto end; } +#ifndef OPENSSL_NO_ENGINE e = setup_engine(bio_err, engine, 0); +#endif if(passarg) { if(export_cert) passargout = passarg; diff --git a/apps/pkcs7.c b/apps/pkcs7.c index 738dd853ce..6c58c67eb2 100644 --- a/apps/pkcs7.c +++ b/apps/pkcs7.c @@ -82,7 +82,9 @@ int MAIN(int, char **); int MAIN(int argc, char **argv) { +#ifndef OPENSSL_NO_ENGINE ENGINE *e = NULL; +#endif PKCS7 *p7=NULL; int i,badops=0; BIO *in=NULL,*out=NULL; @@ -90,7 +92,9 @@ int MAIN(int argc, char **argv) char *infile,*outfile,*prog; int print_certs=0,text=0,noout=0; int ret=1; +#ifndef OPENSSL_NO_ENGINE char *engine=NULL; +#endif apps_startup(); @@ -134,11 +138,13 @@ int MAIN(int argc, char **argv) text=1; else if (strcmp(*argv,"-print_certs") == 0) print_certs=1; +#ifndef OPENSSL_NO_ENGINE else if (strcmp(*argv,"-engine") == 0) { if (--argc < 1) goto bad; engine= *(++argv); } +#endif else { BIO_printf(bio_err,"unknown option %s\n",*argv); @@ -161,14 +167,18 @@ bad: BIO_printf(bio_err," -print_certs print any certs or crl in the input\n"); BIO_printf(bio_err," -text print full details of certificates\n"); BIO_printf(bio_err," -noout don't output encoded data\n"); +#ifndef OPENSSL_NO_ENGINE BIO_printf(bio_err," -engine e use engine e, possibly a hardware device.\n"); +#endif ret = 1; goto end; } ERR_load_crypto_strings(); +#ifndef OPENSSL_NO_ENGINE e = setup_engine(bio_err, engine, 0); +#endif in=BIO_new(BIO_s_file()); out=BIO_new(BIO_s_file()); diff --git a/apps/pkcs8.c b/apps/pkcs8.c index 1debccb17e..6be27e7f44 100644 --- a/apps/pkcs8.c +++ b/apps/pkcs8.c @@ -85,7 +85,9 @@ int MAIN(int argc, char **argv) EVP_PKEY *pkey=NULL; char pass[50], *passin = NULL, *passout = NULL, *p8pass = NULL; int badarg = 0; +#ifndef OPENSSL_NO_ENGINE char *engine=NULL; +#endif if (bio_err == NULL) bio_err = BIO_new_fp (stderr, BIO_NOCLOSE); @@ -145,11 +147,13 @@ int MAIN(int argc, char **argv) if (!args[1]) goto bad; passargout= *(++args); } +#ifndef OPENSSL_NO_ENGINE else if (strcmp(*args,"-engine") == 0) { if (!args[1]) goto bad; engine= *(++args); } +#endif else if (!strcmp (*args, "-in")) { if (args[1]) { args++; @@ -182,11 +186,15 @@ int MAIN(int argc, char **argv) BIO_printf(bio_err, "-nocrypt use or expect unencrypted private key\n"); BIO_printf(bio_err, "-v2 alg use PKCS#5 v2.0 and cipher \"alg\"\n"); BIO_printf(bio_err, "-v1 obj use PKCS#5 v1.5 and cipher \"alg\"\n"); +#ifndef OPENSSL_NO_ENGINE BIO_printf(bio_err," -engine e use engine e, possibly a hardware device.\n"); +#endif return (1); } +#ifndef OPENSSL_NO_ENGINE e = setup_engine(bio_err, engine, 0); +#endif if(!app_passwd(bio_err, passargin, passargout, &passin, &passout)) { BIO_printf(bio_err, "Error getting passwords\n"); diff --git a/apps/progs.h b/apps/progs.h index 999de31bdd..b551e1de95 100644 --- a/apps/progs.h +++ b/apps/progs.h @@ -37,7 +37,9 @@ extern int pkcs8_main(int argc,char *argv[]); extern int spkac_main(int argc,char *argv[]); extern int smime_main(int argc,char *argv[]); extern int rand_main(int argc,char *argv[]); +#ifndef OPENSSL_NO_ENGINE extern int engine_main(int argc,char *argv[]); +#endif extern int ocsp_main(int argc,char *argv[]); #define FUNC_TYPE_GENERAL 1 @@ -119,7 +121,9 @@ FUNCTION functions[] = { {FUNC_TYPE_GENERAL,"spkac",spkac_main}, {FUNC_TYPE_GENERAL,"smime",smime_main}, {FUNC_TYPE_GENERAL,"rand",rand_main}, +#ifndef OPENSSL_NO_ENGINE {FUNC_TYPE_GENERAL,"engine",engine_main}, +#endif {FUNC_TYPE_GENERAL,"ocsp",ocsp_main}, #ifndef OPENSSL_NO_MD2 {FUNC_TYPE_MD,"md2",dgst_main}, diff --git a/apps/rand.c b/apps/rand.c index eaaa6e35a6..63724bc730 100644 --- a/apps/rand.c +++ b/apps/rand.c @@ -76,7 +76,9 @@ int MAIN(int, char **); int MAIN(int argc, char **argv) { +#ifndef OPENSSL_NO_ENGINE ENGINE *e = NULL; +#endif int i, r, ret = 1; int badopt; char *outfile = NULL; @@ -84,7 +86,9 @@ int MAIN(int argc, char **argv) int base64 = 0; BIO *out = NULL; int num = -1; +#ifndef OPENSSL_NO_ENGINE char *engine=NULL; +#endif apps_startup(); @@ -106,6 +110,7 @@ int MAIN(int argc, char **argv) else badopt = 1; } +#ifndef OPENSSL_NO_ENGINE else if (strcmp(argv[i], "-engine") == 0) { if ((argv[i+1] != NULL) && (engine == NULL)) @@ -113,6 +118,7 @@ int MAIN(int argc, char **argv) else badopt = 1; } +#endif else if (strcmp(argv[i], "-rand") == 0) { if ((argv[i+1] != NULL) && (inrand == NULL)) @@ -150,13 +156,17 @@ int MAIN(int argc, char **argv) BIO_printf(bio_err, "Usage: rand [options] num\n"); BIO_printf(bio_err, "where options are\n"); BIO_printf(bio_err, "-out file - write to file\n"); +#ifndef OPENSSL_NO_ENGINE BIO_printf(bio_err, "-engine e - use engine e, possibly a hardware device.\n"); +#endif BIO_printf(bio_err, "-rand file%cfile%c... - seed PRNG from files\n", LIST_SEPARATOR_CHAR, LIST_SEPARATOR_CHAR); BIO_printf(bio_err, "-base64 - encode output\n"); goto err; } +#ifndef OPENSSL_NO_ENGINE e = setup_engine(bio_err, engine, 0); +#endif app_RAND_load_file(NULL, bio_err, (inrand != NULL)); if (inrand != NULL) diff --git a/apps/req.c b/apps/req.c index 3612114980..8304df8aa2 100644 --- a/apps/req.c +++ b/apps/req.c @@ -172,7 +172,9 @@ int MAIN(int argc, char **argv) int informat,outformat,verify=0,noout=0,text=0,keyform=FORMAT_PEM; int nodes=0,kludge=0,newhdr=0,subject=0,pubkey=0; char *infile,*outfile,*prog,*keyfile=NULL,*template=NULL,*keyout=NULL; +#ifndef OPENSSL_NO_ENGINE char *engine=NULL; +#endif char *extensions = NULL; char *req_exts = NULL; const EVP_CIPHER *cipher=NULL; @@ -220,11 +222,13 @@ int MAIN(int argc, char **argv) if (--argc < 1) goto bad; outformat=str2fmt(*(++argv)); } +#ifndef OPENSSL_NO_ENGINE else if (strcmp(*argv,"-engine") == 0) { if (--argc < 1) goto bad; engine= *(++argv); } +#endif else if (strcmp(*argv,"-key") == 0) { if (--argc < 1) goto bad; @@ -488,7 +492,9 @@ bad: BIO_printf(bio_err," -verify verify signature on REQ\n"); BIO_printf(bio_err," -modulus RSA modulus\n"); BIO_printf(bio_err," -nodes don't encrypt the output key\n"); +#ifndef OPENSSL_NO_ENGINE BIO_printf(bio_err," -engine e use engine e, possibly a hardware device\n"); +#endif BIO_printf(bio_err," -subject output the request's subject\n"); BIO_printf(bio_err," -passin private key password source\n"); BIO_printf(bio_err," -key file use the private key contained in file\n"); @@ -516,7 +522,7 @@ bad: BIO_printf(bio_err," -extensions .. specify certificate extension section (override value in config file)\n"); BIO_printf(bio_err," -reqexts .. specify request extension section (override value in config file)\n"); BIO_printf(bio_err," -utf8 input characters are UTF8 (default ASCII)\n"); - BIO_printf(bio_err," -nameopt arg - various certificate name options\n"); + BIO_printf(bio_err," -nameopt arg - various certificate name options\n"); BIO_printf(bio_err," -reqopt arg - various request text options\n\n"); goto end; } @@ -680,7 +686,9 @@ bad: if ((in == NULL) || (out == NULL)) goto end; +#ifndef OPENSSL_NO_ENGINE e = setup_engine(bio_err, engine, 0); +#endif if (keyfile != NULL) { diff --git a/apps/rsa.c b/apps/rsa.c index aebec744a2..0acdb08b24 100644 --- a/apps/rsa.c +++ b/apps/rsa.c @@ -104,7 +104,9 @@ int MAIN(int argc, char **argv) char *infile,*outfile,*prog; char *passargin = NULL, *passargout = NULL; char *passin = NULL, *passout = NULL; +#ifndef OPENSSL_NO_ENGINE char *engine=NULL; +#endif int modulus=0; apps_startup(); @@ -156,11 +158,13 @@ int MAIN(int argc, char **argv) if (--argc < 1) goto bad; passargout= *(++argv); } +#ifndef OPENSSL_NO_ENGINE else if (strcmp(*argv,"-engine") == 0) { if (--argc < 1) goto bad; engine= *(++argv); } +#endif else if (strcmp(*argv,"-sgckey") == 0) sgckey=1; else if (strcmp(*argv,"-pubin") == 0) @@ -212,13 +216,17 @@ bad: BIO_printf(bio_err," -check verify key consistency\n"); BIO_printf(bio_err," -pubin expect a public key in input file\n"); BIO_printf(bio_err," -pubout output a public key\n"); +#ifndef OPENSSL_NO_ENGINE BIO_printf(bio_err," -engine e use engine e, possibly a hardware device.\n"); +#endif goto end; } ERR_load_crypto_strings(); +#ifndef OPENSSL_NO_ENGINE e = setup_engine(bio_err, engine, 0); +#endif if(!app_passwd(bio_err, passargin, passargout, &passin, &passout)) { BIO_printf(bio_err, "Error getting passwords\n"); diff --git a/apps/rsautl.c b/apps/rsautl.c index 36957e5b84..5a6fd115f4 100644 --- a/apps/rsautl.c +++ b/apps/rsautl.c @@ -85,7 +85,9 @@ int MAIN(int argc, char **argv) ENGINE *e = NULL; BIO *in = NULL, *out = NULL; char *infile = NULL, *outfile = NULL; +#ifndef OPENSSL_NO_ENGINE char *engine = NULL; +#endif char *keyfile = NULL; char rsa_mode = RSA_VERIFY, key_type = KEY_PRIVKEY; int keyform = FORMAT_PEM; @@ -125,9 +127,11 @@ int MAIN(int argc, char **argv) } else if (strcmp(*argv,"-keyform") == 0) { if (--argc < 1) badarg = 1; keyform=str2fmt(*(++argv)); +#ifndef OPENSSL_NO_ENGINE } else if(!strcmp(*argv, "-engine")) { if (--argc < 1) badarg = 1; engine = *(++argv); +#endif } else if(!strcmp(*argv, "-pubin")) { key_type = KEY_PUBKEY; } else if(!strcmp(*argv, "-certin")) { @@ -162,7 +166,9 @@ int MAIN(int argc, char **argv) goto end; } +#ifndef OPENSSL_NO_ENGINE e = setup_engine(bio_err, engine, 0); +#endif /* FIXME: seed PRNG only if needed */ app_RAND_load_file(NULL, bio_err, 0); @@ -305,7 +311,9 @@ static void usage() BIO_printf(bio_err, "-encrypt encrypt with public key\n"); BIO_printf(bio_err, "-decrypt decrypt with private key\n"); BIO_printf(bio_err, "-hexdump hex dump output\n"); +#ifndef OPENSSL_NO_ENGINE BIO_printf(bio_err, "-engine e use engine e, possibly a hardware device.\n"); +#endif } diff --git a/apps/s_client.c b/apps/s_client.c index 738588c6aa..2e73f34676 100644 --- a/apps/s_client.c +++ b/apps/s_client.c @@ -222,7 +222,9 @@ static void sc_usage(void) BIO_printf(bio_err," for those protocols that support it, where\n"); BIO_printf(bio_err," 'prot' defines which one to assume. Currently,\n"); BIO_printf(bio_err," only \"smtp\" is supported.\n"); +#ifndef OPENSSL_NO_ENGINE BIO_printf(bio_err," -engine id - Initialise and use the specified engine\n"); +#endif BIO_printf(bio_err," -rand file%cfile%c...\n", LIST_SEPARATOR_CHAR, LIST_SEPARATOR_CHAR); } @@ -254,8 +256,10 @@ int MAIN(int argc, char **argv) SSL_METHOD *meth=NULL; BIO *sbio; char *inrand=NULL; +#ifndef OPENSSL_NO_ENGINE char *engine_id=NULL; ENGINE *e=NULL; +#endif #ifdef OPENSSL_SYS_WINDOWS struct timeval tv; #endif @@ -415,11 +419,13 @@ int MAIN(int argc, char **argv) else goto bad; } +#ifndef OPENSSL_NO_ENGINE else if (strcmp(*argv,"-engine") == 0) { if (--argc < 1) goto bad; engine_id = *(++argv); } +#endif else if (strcmp(*argv,"-rand") == 0) { if (--argc < 1) goto bad; @@ -444,7 +450,9 @@ bad: OpenSSL_add_ssl_algorithms(); SSL_load_error_strings(); +#ifndef OPENSSL_NO_ENGINE e = setup_engine(bio_err, engine_id, 1); +#endif if (!app_RAND_load_file(NULL, bio_err, 1) && inrand == NULL && !RAND_status()) diff --git a/apps/s_server.c b/apps/s_server.c index 39013c2b0b..814f3b9c15 100644 --- a/apps/s_server.c +++ b/apps/s_server.c @@ -255,7 +255,9 @@ static int s_msg=0; static int s_quiet=0; static int hack=0; +#ifndef OPENSSL_NO_ENGINE static char *engine_id=NULL; +#endif static const char *session_id_prefix=NULL; #ifdef MONOLITH @@ -280,7 +282,9 @@ static void s_server_init(void) s_msg=0; s_quiet=0; hack=0; +#ifndef OPENSSL_NO_ENGINE engine_id=NULL; +#endif } #endif @@ -337,7 +341,9 @@ static void sv_usage(void) BIO_printf(bio_err," -WWW - Respond to a 'GET / HTTP/1.0' with file ./\n"); BIO_printf(bio_err," -HTTP - Respond to a 'GET / HTTP/1.0' with file ./\n"); BIO_printf(bio_err," with the assumption it contains a complete HTTP response.\n"); +#ifndef OPENSSL_NO_ENGINE BIO_printf(bio_err," -engine id - Initialise and use the specified engine\n"); +#endif BIO_printf(bio_err," -id_prefix arg - Generate SSL/TLS session IDs prefixed by 'arg'\n"); BIO_printf(bio_err," -rand file%cfile%c...\n", LIST_SEPARATOR_CHAR, LIST_SEPARATOR_CHAR); } @@ -512,7 +518,9 @@ int MAIN(int argc, char *argv[]) int no_tmp_rsa=0,no_dhe=0,no_ecdhe=0,nocert=0; int state=0; SSL_METHOD *meth=NULL; +#ifndef OPENSSL_NO_ENGINE ENGINE *e=NULL; +#endif char *inrand=NULL; #if !defined(OPENSSL_NO_SSL2) && !defined(OPENSSL_NO_SSL3) @@ -696,11 +704,13 @@ int MAIN(int argc, char *argv[]) if (--argc < 1) goto bad; session_id_prefix = *(++argv); } +#ifndef OPENSSL_NO_ENGINE else if (strcmp(*argv,"-engine") == 0) { if (--argc < 1) goto bad; engine_id= *(++argv); } +#endif else if (strcmp(*argv,"-rand") == 0) { if (--argc < 1) goto bad; @@ -725,7 +735,9 @@ bad: SSL_load_error_strings(); OpenSSL_add_ssl_algorithms(); +#ifndef OPENSSL_NO_ENGINE e = setup_engine(bio_err, engine_id, 1); +#endif if (!app_RAND_load_file(NULL, bio_err, 1) && inrand == NULL && !RAND_status()) diff --git a/apps/smime.c b/apps/smime.c index ef0e477464..cc248d377b 100644 --- a/apps/smime.c +++ b/apps/smime.c @@ -104,7 +104,9 @@ int MAIN(int argc, char **argv) int need_rand = 0; int informat = FORMAT_SMIME, outformat = FORMAT_SMIME; int keyform = FORMAT_PEM; +#ifndef OPENSSL_NO_ENGINE char *engine=NULL; +#endif args = argv + 1; ret = 1; @@ -176,11 +178,13 @@ int MAIN(int argc, char **argv) inrand = *args; } else badarg = 1; need_rand = 1; +#ifndef OPENSSL_NO_ENGINE } else if (!strcmp(*args,"-engine")) { if (args[1]) { args++; engine = *args; } else badarg = 1; +#endif } else if (!strcmp(*args,"-passin")) { if (args[1]) { args++; @@ -330,7 +334,9 @@ int MAIN(int argc, char **argv) BIO_printf (bio_err, "-CAfile file trusted certificates file\n"); BIO_printf (bio_err, "-crl_check check revocation status of signer's certificate using CRLs\n"); BIO_printf (bio_err, "-crl_check_all check revocation status of signer's certificate chain using CRLs\n"); +#ifndef OPENSSL_NO_ENGINE BIO_printf (bio_err, "-engine e use engine e, possibly a hardware device.\n"); +#endif BIO_printf (bio_err, "-passin arg input file pass phrase source\n"); BIO_printf(bio_err, "-rand file%cfile%c...\n", LIST_SEPARATOR_CHAR, LIST_SEPARATOR_CHAR); BIO_printf(bio_err, " load the file (or the files in the directory) into\n"); @@ -339,7 +345,9 @@ int MAIN(int argc, char **argv) goto end; } +#ifndef OPENSSL_NO_ENGINE e = setup_engine(bio_err, engine, 0); +#endif if(!app_passwd(bio_err, passargin, NULL, &passin, NULL)) { BIO_printf(bio_err, "Error getting password\n"); diff --git a/apps/speed.c b/apps/speed.c index ad455e5073..758ce250de 100644 --- a/apps/speed.c +++ b/apps/speed.c @@ -398,7 +398,9 @@ int MAIN(int, char **); int MAIN(int argc, char **argv) { +#ifndef OPENSSL_NO_ENGINE ENGINE *e = NULL; +#endif unsigned char *buf=NULL,*buf2=NULL; int mret=1; long count=0,save_count=0; @@ -731,6 +733,7 @@ int MAIN(int argc, char **argv) j--; /* Otherwise, -elapsed gets confused with an algorithm. */ } +#ifndef OPENSSL_NO_ENGINE else if ((argc > 0) && (strcmp(*argv,"-engine") == 0)) { argc--; @@ -747,6 +750,7 @@ int MAIN(int argc, char **argv) means all of them should be run) */ j--; } +#endif #ifdef HAVE_FORK else if ((argc > 0) && (strcmp(*argv,"-multi") == 0)) { @@ -1064,7 +1068,9 @@ int MAIN(int argc, char **argv) #if defined(TIMES) || defined(USE_TOD) BIO_printf(bio_err,"-elapsed measure time in real time instead of CPU user time.\n"); #endif +#ifndef OPENSSL_NO_ENGINE BIO_printf(bio_err,"-engine e use engine e, possibly a hardware device.\n"); +#endif BIO_printf(bio_err,"-evp e use EVP e.\n"); BIO_printf(bio_err,"-decrypt time decryption instead of encryption (only EVP).\n"); BIO_printf(bio_err,"-mr produce machine readable output.\n"); diff --git a/apps/spkac.c b/apps/spkac.c index ed370c5ca9..47ee53f1ee 100644 --- a/apps/spkac.c +++ b/apps/spkac.c @@ -92,7 +92,9 @@ int MAIN(int argc, char **argv) CONF *conf = NULL; NETSCAPE_SPKI *spki = NULL; EVP_PKEY *pkey = NULL; +#ifndef OPENSSL_NO_ENGINE char *engine=NULL; +#endif apps_startup(); @@ -141,11 +143,13 @@ int MAIN(int argc, char **argv) if (--argc < 1) goto bad; spksect= *(++argv); } +#ifndef OPENSSL_NO_ENGINE else if (strcmp(*argv,"-engine") == 0) { if (--argc < 1) goto bad; engine= *(++argv); } +#endif else if (strcmp(*argv,"-noout") == 0) noout=1; else if (strcmp(*argv,"-pubkey") == 0) @@ -171,7 +175,9 @@ bad: BIO_printf(bio_err," -noout don't print SPKAC\n"); BIO_printf(bio_err," -pubkey output public key\n"); BIO_printf(bio_err," -verify verify SPKAC signature\n"); +#ifndef OPENSSL_NO_ENGINE BIO_printf(bio_err," -engine e use engine e, possibly a hardware device.\n"); +#endif goto end; } @@ -181,7 +187,9 @@ bad: goto end; } +#ifndef OPENSSL_NO_ENGINE e = setup_engine(bio_err, engine, 0); +#endif if(keyfile) { pkey = load_key(bio_err, diff --git a/apps/verify.c b/apps/verify.c index 9a18213ece..6a93c018b8 100644 --- a/apps/verify.c +++ b/apps/verify.c @@ -86,7 +86,9 @@ int MAIN(int argc, char **argv) STACK_OF(X509) *untrusted = NULL, *trusted = NULL; X509_STORE *cert_ctx=NULL; X509_LOOKUP *lookup=NULL; +#ifndef OPENSSL_NO_ENGINE char *engine=NULL; +#endif cert_ctx=X509_STORE_new(); if (cert_ctx == NULL) goto end; @@ -142,11 +144,13 @@ int MAIN(int argc, char **argv) if (argc-- < 1) goto end; trustfile= *(++argv); } +#ifndef OPENSSL_NO_ENGINE else if (strcmp(*argv,"-engine") == 0) { if (--argc < 1) goto end; engine= *(++argv); } +#endif else if (strcmp(*argv,"-help") == 0) goto end; else if (strcmp(*argv,"-ignore_critical") == 0) @@ -170,7 +174,9 @@ int MAIN(int argc, char **argv) break; } +#ifndef OPENSSL_NO_ENGINE e = setup_engine(bio_err, engine, 0); +#endif lookup=X509_STORE_add_lookup(cert_ctx,X509_LOOKUP_file()); if (lookup == NULL) abort(); @@ -219,7 +225,11 @@ int MAIN(int argc, char **argv) ret=0; end: if (ret == 1) { - BIO_printf(bio_err,"usage: verify [-verbose] [-CApath path] [-CAfile file] [-purpose purpose] [-crl_check] [-engine e] cert1 cert2 ...\n"); + BIO_printf(bio_err,"usage: verify [-verbose] [-CApath path] [-CAfile file] [-purpose purpose] [-crl_check]"); +#ifndef OPENSSL_NO_ENGINE + BIO_printf(bio_err," [-engine e]"); +#endif + BIO_printf(bio_err," cert1 cert2 ...\n"); BIO_printf(bio_err,"recognized usages:\n"); for(i = 0; i < X509_PURPOSE_get_count(); i++) { X509_PURPOSE *ptmp; diff --git a/apps/x509.c b/apps/x509.c index 9709628df3..cea33f58a0 100644 --- a/apps/x509.c +++ b/apps/x509.c @@ -131,7 +131,9 @@ static char *x509_usage[]={ " -extensions - section from config file with X509V3 extensions to add\n", " -clrext - delete extensions before signing and input certificate\n", " -nameopt arg - various certificate name options\n", +#ifndef OPENSSL_NO_ENGINE " -engine e - use engine e, possibly a hardware device.\n", +#endif " -certopt arg - various certificate text options\n", NULL }; @@ -183,7 +185,9 @@ int MAIN(int argc, char **argv) int need_rand = 0; int checkend=0,checkoffset=0; unsigned long nmflag = 0, certflag = 0; +#ifndef OPENSSL_NO_ENGINE char *engine=NULL; +#endif reqfile=0; @@ -360,11 +364,13 @@ int MAIN(int argc, char **argv) alias= *(++argv); trustout = 1; } +#ifndef OPENSSL_NO_ENGINE else if (strcmp(*argv,"-engine") == 0) { if (--argc < 1) goto bad; engine= *(++argv); } +#endif else if (strcmp(*argv,"-C") == 0) C= ++num; else if (strcmp(*argv,"-email") == 0) @@ -450,7 +456,9 @@ bad: goto end; } +#ifndef OPENSSL_NO_ENGINE e = setup_engine(bio_err, engine, 0); +#endif if (need_rand) app_RAND_load_file(NULL, bio_err, 0); diff --git a/crypto/conf/conf_mall.c b/crypto/conf/conf_mall.c index d702af689b..4ba40cf44c 100644 --- a/crypto/conf/conf_mall.c +++ b/crypto/conf/conf_mall.c @@ -63,7 +63,9 @@ #include #include #include +#ifndef OPENSSL_NO_ENGINE #include +#endif /* Load all OpenSSL builtin modules */ @@ -71,6 +73,8 @@ void OPENSSL_load_builtin_modules(void) { /* Add builtin modules here */ ASN1_add_oid_module(); +#ifndef OPENSSL_NO_ENGINE ENGINE_add_conf_module(); +#endif } diff --git a/crypto/conf/conf_sap.c b/crypto/conf/conf_sap.c index 97fb174303..e15c2e5546 100644 --- a/crypto/conf/conf_sap.c +++ b/crypto/conf/conf_sap.c @@ -63,7 +63,9 @@ #include #include #include +#ifndef OPENSSL_NO_ENGINE #include +#endif /* This is the automatic configuration loader: it is called automatically by * OpenSSL when any of a number of standard initialisation functions are called, @@ -78,8 +80,10 @@ void OPENSSL_config(const char *config_name) return; OPENSSL_load_builtin_modules(); +#ifndef OPENSSL_NO_ENGINE /* Need to load ENGINEs */ ENGINE_load_builtin_engines(); +#endif /* Add others here? */ diff --git a/crypto/dh/dh.h b/crypto/dh/dh.h index 62dba4055c..38214082f7 100644 --- a/crypto/dh/dh.h +++ b/crypto/dh/dh.h @@ -119,7 +119,9 @@ struct dh_st int references; CRYPTO_EX_DATA ex_data; const DH_METHOD *meth; +#ifndef OPENSSL_NO_ENGINE ENGINE *engine; +#endif }; #define DH_GENERATOR_2 2 diff --git a/crypto/dh/dh_key.c b/crypto/dh/dh_key.c index 5e58e0032f..28c20750bd 100644 --- a/crypto/dh/dh_key.c +++ b/crypto/dh/dh_key.c @@ -61,7 +61,9 @@ #include #include #include +#ifndef OPENSSL_NO_ENGINE #include +#endif static int generate_key(DH *dh); static int compute_key(unsigned char *key, const BIGNUM *pub_key, DH *dh); diff --git a/crypto/dh/dh_lib.c b/crypto/dh/dh_lib.c index ba5fd41057..09965ee2ea 100644 --- a/crypto/dh/dh_lib.c +++ b/crypto/dh/dh_lib.c @@ -60,7 +60,9 @@ #include "cryptlib.h" #include #include +#ifndef OPENSSL_NO_ENGINE #include +#endif const char *DH_version="Diffie-Hellman" OPENSSL_VERSION_PTEXT; @@ -85,11 +87,13 @@ int DH_set_method(DH *dh, const DH_METHOD *meth) const DH_METHOD *mtmp; mtmp = dh->meth; if (mtmp->finish) mtmp->finish(dh); +#ifndef OPENSSL_NO_ENGINE if (dh->engine) { ENGINE_finish(dh->engine); dh->engine = NULL; } +#endif dh->meth = meth; if (meth->init) meth->init(dh); return 1; @@ -112,6 +116,7 @@ DH *DH_new_method(ENGINE *engine) } ret->meth = DH_get_default_method(); +#ifndef OPENSSL_NO_ENGINE if (engine) { if (!ENGINE_init(engine)) @@ -135,6 +140,7 @@ DH *DH_new_method(ENGINE *engine) return NULL; } } +#endif ret->pad=0; ret->version=0; @@ -154,8 +160,10 @@ DH *DH_new_method(ENGINE *engine) CRYPTO_new_ex_data(CRYPTO_EX_INDEX_DH, ret, &ret->ex_data); if ((ret->meth->init != NULL) && !ret->meth->init(ret)) { +#ifndef OPENSSL_NO_ENGINE if (ret->engine) ENGINE_finish(ret->engine); +#endif CRYPTO_free_ex_data(CRYPTO_EX_INDEX_DH, ret, &ret->ex_data); OPENSSL_free(ret); ret=NULL; @@ -182,8 +190,10 @@ void DH_free(DH *r) if (r->meth->finish) r->meth->finish(r); +#ifndef OPENSSL_NO_ENGINE if (r->engine) ENGINE_finish(r->engine); +#endif CRYPTO_free_ex_data(CRYPTO_EX_INDEX_DH, r, &r->ex_data); diff --git a/crypto/dsa/dsa.h b/crypto/dsa/dsa.h index 6ba79b01df..63fcce9a33 100644 --- a/crypto/dsa/dsa.h +++ b/crypto/dsa/dsa.h @@ -142,8 +142,10 @@ struct dsa_st int references; CRYPTO_EX_DATA ex_data; const DSA_METHOD *meth; +#ifndef OPENSSL_NO_ENGINE /* functional reference if 'meth' is ENGINE-provided */ ENGINE *engine; +#endif }; #define DSAparams_dup(x) (DSA *)ASN1_dup((int (*)())i2d_DSAparams, \ diff --git a/crypto/dsa/dsa_lib.c b/crypto/dsa/dsa_lib.c index 579f73f869..4171af24c6 100644 --- a/crypto/dsa/dsa_lib.c +++ b/crypto/dsa/dsa_lib.c @@ -63,7 +63,9 @@ #include #include #include +#ifndef OPENSSL_NO_ENGINE #include +#endif const char *DSA_version="DSA" OPENSSL_VERSION_PTEXT; @@ -93,11 +95,13 @@ int DSA_set_method(DSA *dsa, const DSA_METHOD *meth) const DSA_METHOD *mtmp; mtmp = dsa->meth; if (mtmp->finish) mtmp->finish(dsa); +#ifndef OPENSSL_NO_ENGINE if (dsa->engine) { ENGINE_finish(dsa->engine); dsa->engine = NULL; } +#endif dsa->meth = meth; if (meth->init) meth->init(dsa); return 1; @@ -114,6 +118,7 @@ DSA *DSA_new_method(ENGINE *engine) return(NULL); } ret->meth = DSA_get_default_method(); +#ifndef OPENSSL_NO_ENGINE if (engine) { if (!ENGINE_init(engine)) @@ -138,6 +143,7 @@ DSA *DSA_new_method(ENGINE *engine) return NULL; } } +#endif ret->pad=0; ret->version=0; @@ -158,8 +164,10 @@ DSA *DSA_new_method(ENGINE *engine) CRYPTO_new_ex_data(CRYPTO_EX_INDEX_DSA, ret, &ret->ex_data); if ((ret->meth->init != NULL) && !ret->meth->init(ret)) { +#ifndef OPENSSL_NO_ENGINE if (ret->engine) ENGINE_finish(ret->engine); +#endif CRYPTO_free_ex_data(CRYPTO_EX_INDEX_DSA, ret, &ret->ex_data); OPENSSL_free(ret); ret=NULL; @@ -189,8 +197,10 @@ void DSA_free(DSA *r) if(r->meth->finish) r->meth->finish(r); +#ifndef OPENSSL_NO_ENGINE if(r->engine) ENGINE_finish(r->engine); +#endif CRYPTO_free_ex_data(CRYPTO_EX_INDEX_DSA, r, &r->ex_data); diff --git a/crypto/dsa/dsa_ossl.c b/crypto/dsa/dsa_ossl.c index 70d60d9e29..3a8d2bbc35 100644 --- a/crypto/dsa/dsa_ossl.c +++ b/crypto/dsa/dsa_ossl.c @@ -64,7 +64,9 @@ #include #include #include +#ifndef OPENSSL_NO_ENGINE #include +#endif static DSA_SIG *dsa_do_sign(const unsigned char *dgst, int dlen, DSA *dsa); static int dsa_sign_setup(DSA *dsa, BN_CTX *ctx_in, BIGNUM **kinvp, BIGNUM **rp); diff --git a/crypto/dsa/dsa_sign.c b/crypto/dsa/dsa_sign.c index e9469ca62f..5cdc8ed851 100644 --- a/crypto/dsa/dsa_sign.c +++ b/crypto/dsa/dsa_sign.c @@ -64,7 +64,9 @@ #include #include #include +#ifndef OPENSSL_NO_ENGINE #include +#endif DSA_SIG * DSA_do_sign(const unsigned char *dgst, int dlen, DSA *dsa) { diff --git a/crypto/dsa/dsa_vrf.c b/crypto/dsa/dsa_vrf.c index 066c6b5b28..fffb129f8f 100644 --- a/crypto/dsa/dsa_vrf.c +++ b/crypto/dsa/dsa_vrf.c @@ -65,7 +65,9 @@ #include #include #include +#ifndef OPENSSL_NO_ENGINE #include +#endif int DSA_do_verify(const unsigned char *dgst, int dgst_len, DSA_SIG *sig, DSA *dsa) diff --git a/crypto/dsa/dsatest.c b/crypto/dsa/dsatest.c index c341c1b49c..75eca097a5 100644 --- a/crypto/dsa/dsatest.c +++ b/crypto/dsa/dsatest.c @@ -74,7 +74,9 @@ #include #include #include +#ifndef OPENSSL_NO_ENGINE #include +#endif #ifdef OPENSSL_SYS_WINDOWS #include "../bio/bss_file.c" #endif diff --git a/crypto/ec/ectest.c b/crypto/ec/ectest.c index e292da3384..e91c8fffb3 100644 --- a/crypto/ec/ectest.c +++ b/crypto/ec/ectest.c @@ -86,7 +86,9 @@ int main(int argc, char * argv[]) { puts("Elliptic curves are disabled."); retur #include +#ifndef OPENSSL_NO_ENGINE #include +#endif #include #include #include @@ -1227,7 +1229,9 @@ int main(int argc, char *argv[]) /* test the internal curves */ internal_curve_test(); +#ifndef OPENSSL_NO_ENGINE ENGINE_cleanup(); +#endif CRYPTO_cleanup_all_ex_data(); ERR_free_strings(); ERR_remove_state(0); diff --git a/crypto/engine/engine.h b/crypto/engine/engine.h index 44b3849b25..43500a8676 100644 --- a/crypto/engine/engine.h +++ b/crypto/engine/engine.h @@ -65,6 +65,11 @@ #define HEADER_ENGINE_H #include + +#ifdef OPENSSL_NO_ENGINE +#error ENGINE is disabled. +#endif + #include #include #ifndef OPENSSL_NO_RSA diff --git a/crypto/engine/enginetest.c b/crypto/engine/enginetest.c index 87fa8c57b7..c2d0297392 100644 --- a/crypto/engine/enginetest.c +++ b/crypto/engine/enginetest.c @@ -56,9 +56,17 @@ * */ -#include #include #include + +#ifdef OPENSSL_NO_ENGINE +int main(int argc, char *argv[]) +{ + printf("No ENGINE support\n"); + return(0); +} +#else +#include #include #include #include @@ -272,3 +280,4 @@ end: CRYPTO_mem_leaks_fp(stderr); return to_return; } +#endif diff --git a/crypto/err/err_all.c b/crypto/err/err_all.c index 812ab7cbe6..6da4326b2a 100644 --- a/crypto/err/err_all.c +++ b/crypto/err/err_all.c @@ -88,7 +88,9 @@ #include #include #include +#ifndef OPENSSL_NO_ENGINE #include +#endif #include #include @@ -134,7 +136,9 @@ void ERR_load_crypto_strings(void) ERR_load_PKCS12_strings(); ERR_load_RAND_strings(); ERR_load_DSO_strings(); +#ifndef OPENSSL_NO_ENGINE ERR_load_ENGINE_strings(); +#endif ERR_load_OCSP_strings(); ERR_load_UI_strings(); #endif diff --git a/crypto/evp/digest.c b/crypto/evp/digest.c index 33013c41a6..5b2104ac12 100644 --- a/crypto/evp/digest.c +++ b/crypto/evp/digest.c @@ -113,7 +113,9 @@ #include "cryptlib.h" #include #include +#ifndef OPENSSL_NO_ENGINE #include +#endif void EVP_MD_CTX_init(EVP_MD_CTX *ctx) { @@ -138,6 +140,7 @@ int EVP_DigestInit(EVP_MD_CTX *ctx, const EVP_MD *type) int EVP_DigestInit_ex(EVP_MD_CTX *ctx, const EVP_MD *type, ENGINE *impl) { EVP_MD_CTX_clear_flags(ctx,EVP_MD_CTX_FLAG_CLEANED); +#ifndef OPENSSL_NO_ENGINE /* Whether it's nice or not, "Inits" can be used on "Final"'d contexts * so this context may already have an ENGINE! Try to avoid releasing * the previous handle, re-querying for an ENGINE, and having a @@ -183,7 +186,9 @@ int EVP_DigestInit_ex(EVP_MD_CTX *ctx, const EVP_MD *type, ENGINE *impl) else ctx->engine = NULL; } - else if(!ctx->digest) + else +#endif + if(!ctx->digest) { EVPerr(EVP_F_EVP_DIGESTINIT, EVP_R_NO_DIGEST_SET); return 0; @@ -196,7 +201,9 @@ int EVP_DigestInit_ex(EVP_MD_CTX *ctx, const EVP_MD *type, ENGINE *impl) if (type->ctx_size) ctx->md_data=OPENSSL_malloc(type->ctx_size); } +#ifndef OPENSSL_NO_ENGINE skip_to_init: +#endif return ctx->digest->init(ctx); } @@ -246,12 +253,14 @@ int EVP_MD_CTX_copy_ex(EVP_MD_CTX *out, const EVP_MD_CTX *in) EVPerr(EVP_F_EVP_MD_CTX_COPY,EVP_R_INPUT_NOT_INITIALIZED); return 0; } +#ifndef OPENSSL_NO_ENGINE /* Make sure it's safe to copy a digest context using an ENGINE */ if (in->engine && !ENGINE_init(in->engine)) { EVPerr(EVP_F_EVP_MD_CTX_COPY,ERR_R_ENGINE_LIB); return 0; } +#endif EVP_MD_CTX_cleanup(out); memcpy(out,in,sizeof *out); @@ -304,10 +313,12 @@ int EVP_MD_CTX_cleanup(EVP_MD_CTX *ctx) OPENSSL_cleanse(ctx->md_data,ctx->digest->ctx_size); OPENSSL_free(ctx->md_data); } +#ifndef OPENSSL_NO_ENGINE if(ctx->engine) /* The EVP_MD we used belongs to an ENGINE, release the * functional reference we held for this reason. */ ENGINE_finish(ctx->engine); +#endif memset(ctx,'\0',sizeof *ctx); return 1; diff --git a/crypto/evp/evp.h b/crypto/evp/evp.h index b084a35809..a58ece3a40 100644 --- a/crypto/evp/evp.h +++ b/crypto/evp/evp.h @@ -277,7 +277,9 @@ struct env_md_st struct env_md_ctx_st { const EVP_MD *digest; +#ifndef OPENSSL_NO_ENGINE ENGINE *engine; /* functional reference if 'digest' is ENGINE-provided */ +#endif unsigned long flags; void *md_data; } /* EVP_MD_CTX */; @@ -349,7 +351,9 @@ typedef struct evp_cipher_info_st struct evp_cipher_ctx_st { const EVP_CIPHER *cipher; +#ifndef OPENSSL_NO_ENGINE ENGINE *engine; /* functional reference if 'cipher' is ENGINE-provided */ +#endif int encrypt; /* encrypt or decrypt */ int buf_len; /* number we have left */ diff --git a/crypto/evp/evp_acnf.c b/crypto/evp/evp_acnf.c index a68b979bdb..54c073ca44 100644 --- a/crypto/evp/evp_acnf.c +++ b/crypto/evp/evp_acnf.c @@ -59,7 +59,9 @@ #include "cryptlib.h" #include #include +#ifndef OPENSSL_NO_ENGINE #include +#endif /* Load all algorithms and configure OpenSSL. diff --git a/crypto/evp/evp_enc.c b/crypto/evp/evp_enc.c index ccfcc7e1b1..be0758a879 100644 --- a/crypto/evp/evp_enc.c +++ b/crypto/evp/evp_enc.c @@ -60,7 +60,9 @@ #include "cryptlib.h" #include #include +#ifndef OPENSSL_NO_ENGINE #include +#endif #include "evp_locl.h" const char *EVP_version="EVP" OPENSSL_VERSION_PTEXT; @@ -91,6 +93,7 @@ int EVP_CipherInit_ex(EVP_CIPHER_CTX *ctx, const EVP_CIPHER *cipher, ENGINE *imp enc = 1; ctx->encrypt = enc; } +#ifndef OPENSSL_NO_ENGINE /* Whether it's nice or not, "Inits" can be used on "Final"'d contexts * so this context may already have an ENGINE! Try to avoid releasing * the previous handle, re-querying for an ENGINE, and having a @@ -98,6 +101,7 @@ int EVP_CipherInit_ex(EVP_CIPHER_CTX *ctx, const EVP_CIPHER *cipher, ENGINE *imp if (ctx->engine && ctx->cipher && (!cipher || (cipher && (cipher->nid == ctx->cipher->nid)))) goto skip_to_init; +#endif if (cipher) { /* Ensure a context left lying around from last time is cleared @@ -107,6 +111,7 @@ int EVP_CipherInit_ex(EVP_CIPHER_CTX *ctx, const EVP_CIPHER *cipher, ENGINE *imp /* Restore encrypt field: it is zeroed by cleanup */ ctx->encrypt = enc; +#ifndef OPENSSL_NO_ENGINE if(impl) { if (!ENGINE_init(impl)) @@ -140,6 +145,7 @@ int EVP_CipherInit_ex(EVP_CIPHER_CTX *ctx, const EVP_CIPHER *cipher, ENGINE *imp } else ctx->engine = NULL; +#endif ctx->cipher=cipher; ctx->cipher_data=OPENSSL_malloc(ctx->cipher->ctx_size); @@ -159,7 +165,9 @@ int EVP_CipherInit_ex(EVP_CIPHER_CTX *ctx, const EVP_CIPHER *cipher, ENGINE *imp EVPerr(EVP_F_EVP_CIPHERINIT, EVP_R_NO_CIPHER_SET); return 0; } +#ifndef OPENSSL_NO_ENGINE skip_to_init: +#endif /* we assume block size is a power of 2 in *cryptUpdate */ OPENSSL_assert(ctx->cipher->block_size == 1 || ctx->cipher->block_size == 8 @@ -460,10 +468,12 @@ int EVP_CIPHER_CTX_cleanup(EVP_CIPHER_CTX *c) } if (c->cipher_data) OPENSSL_free(c->cipher_data); +#ifndef OPENSSL_NO_ENGINE if (c->engine) /* The EVP_CIPHER we used belongs to an ENGINE, release the * functional reference we held for this reason. */ ENGINE_finish(c->engine); +#endif memset(c,0,sizeof(EVP_CIPHER_CTX)); return 1; } diff --git a/crypto/evp/evp_test.c b/crypto/evp/evp_test.c index 698aff21dc..28460173f7 100644 --- a/crypto/evp/evp_test.c +++ b/crypto/evp/evp_test.c @@ -53,7 +53,10 @@ #include "../e_os.h" #include +#ifndef OPENSSL_NO_ENGINE #include +#endif +#include #include static void hexdump(FILE *f,const char *title,const unsigned char *s,int l) @@ -330,11 +333,14 @@ int main(int argc,char **argv) /* Load up the software EVP_CIPHER and EVP_MD definitions */ OpenSSL_add_all_ciphers(); OpenSSL_add_all_digests(); +#ifndef OPENSSL_NO_ENGINE /* Load all compiled-in ENGINEs */ ENGINE_load_builtin_engines(); +#endif #if 0 OPENSSL_config(); #endif +#ifndef OPENSSL_NO_ENGINE /* Register all available ENGINE implementations of ciphers and digests. * This could perhaps be changed to "ENGINE_register_all_complete()"? */ ENGINE_register_all_ciphers(); @@ -343,6 +349,7 @@ int main(int argc,char **argv) * It'll prevent ENGINEs being ENGINE_init()ialised for cipher/digest use if * they weren't already initialised. */ /* ENGINE_set_cipher_flags(ENGINE_CIPHER_FLAG_NOINIT); */ +#endif for( ; ; ) { @@ -384,7 +391,9 @@ int main(int argc,char **argv) } } +#ifndef OPENSSL_NO_ENGINE ENGINE_cleanup(); +#endif EVP_cleanup(); CRYPTO_cleanup_all_ex_data(); ERR_remove_state(0); diff --git a/crypto/rand/rand.h b/crypto/rand/rand.h index 66e39991ec..606382dd21 100644 --- a/crypto/rand/rand.h +++ b/crypto/rand/rand.h @@ -87,7 +87,9 @@ extern int rand_predictable; int RAND_set_rand_method(const RAND_METHOD *meth); const RAND_METHOD *RAND_get_rand_method(void); +#ifndef OPENSSL_NO_ENGINE int RAND_set_rand_engine(ENGINE *engine); +#endif RAND_METHOD *RAND_SSLeay(void); void RAND_cleanup(void ); int RAND_bytes(unsigned char *buf,int num); diff --git a/crypto/rand/rand_lib.c b/crypto/rand/rand_lib.c index 5cf5dc1188..513e338985 100644 --- a/crypto/rand/rand_lib.c +++ b/crypto/rand/rand_lib.c @@ -60,19 +60,25 @@ #include #include "cryptlib.h" #include +#ifndef OPENSSL_NO_ENGINE #include +#endif +#ifndef OPENSSL_NO_ENGINE /* non-NULL if default_RAND_meth is ENGINE-provided */ static ENGINE *funct_ref =NULL; +#endif static const RAND_METHOD *default_RAND_meth = NULL; int RAND_set_rand_method(const RAND_METHOD *meth) { +#ifndef OPENSSL_NO_ENGINE if(funct_ref) { ENGINE_finish(funct_ref); funct_ref = NULL; } +#endif default_RAND_meth = meth; return 1; } @@ -81,6 +87,7 @@ const RAND_METHOD *RAND_get_rand_method(void) { if (!default_RAND_meth) { +#ifndef OPENSSL_NO_ENGINE ENGINE *e = ENGINE_get_default_RAND(); if(e) { @@ -94,11 +101,13 @@ const RAND_METHOD *RAND_get_rand_method(void) if(e) funct_ref = e; else +#endif default_RAND_meth = RAND_SSLeay(); } return default_RAND_meth; } +#ifndef OPENSSL_NO_ENGINE int RAND_set_rand_engine(ENGINE *engine) { const RAND_METHOD *tmp_meth = NULL; @@ -118,6 +127,7 @@ int RAND_set_rand_engine(ENGINE *engine) funct_ref = engine; return 1; } +#endif void RAND_cleanup(void) { diff --git a/crypto/rsa/rsa.h b/crypto/rsa/rsa.h index b005b4b0b3..68696f8219 100644 --- a/crypto/rsa/rsa.h +++ b/crypto/rsa/rsa.h @@ -128,8 +128,10 @@ struct rsa_st int pad; long version; const RSA_METHOD *meth; +#ifndef OPENSSL_NO_ENGINE /* functional reference if 'meth' is ENGINE-provided */ ENGINE *engine; +#endif BIGNUM *n; BIGNUM *e; BIGNUM *d; diff --git a/crypto/rsa/rsa_eay.c b/crypto/rsa/rsa_eay.c index cab34847df..d4e30647d1 100644 --- a/crypto/rsa/rsa_eay.c +++ b/crypto/rsa/rsa_eay.c @@ -61,7 +61,9 @@ #include #include #include +#ifndef OPENSSL_NO_ENGINE #include +#endif #ifndef RSA_NULL diff --git a/crypto/rsa/rsa_lib.c b/crypto/rsa/rsa_lib.c index 93235744f7..889c36d3a6 100644 --- a/crypto/rsa/rsa_lib.c +++ b/crypto/rsa/rsa_lib.c @@ -62,7 +62,9 @@ #include #include #include +#ifndef OPENSSL_NO_ENGINE #include +#endif const char *RSA_version="RSA" OPENSSL_VERSION_PTEXT; @@ -108,11 +110,13 @@ int RSA_set_method(RSA *rsa, const RSA_METHOD *meth) const RSA_METHOD *mtmp; mtmp = rsa->meth; if (mtmp->finish) mtmp->finish(rsa); +#ifndef OPENSSL_NO_ENGINE if (rsa->engine) { ENGINE_finish(rsa->engine); rsa->engine = NULL; } +#endif rsa->meth = meth; if (meth->init) meth->init(rsa); return 1; @@ -130,6 +134,7 @@ RSA *RSA_new_method(ENGINE *engine) } ret->meth = RSA_get_default_method(); +#ifndef OPENSSL_NO_ENGINE if (engine) { if (!ENGINE_init(engine)) @@ -154,6 +159,7 @@ RSA *RSA_new_method(ENGINE *engine) return NULL; } } +#endif ret->pad=0; ret->version=0; @@ -175,8 +181,10 @@ RSA *RSA_new_method(ENGINE *engine) CRYPTO_new_ex_data(CRYPTO_EX_INDEX_RSA, ret, &ret->ex_data); if ((ret->meth->init != NULL) && !ret->meth->init(ret)) { +#ifndef OPENSSL_NO_ENGINE if (ret->engine) ENGINE_finish(ret->engine); +#endif CRYPTO_free_ex_data(CRYPTO_EX_INDEX_RSA, ret, &ret->ex_data); OPENSSL_free(ret); ret=NULL; @@ -205,8 +213,10 @@ void RSA_free(RSA *r) if (r->meth->finish) r->meth->finish(r); +#ifndef OPENSSL_NO_ENGINE if (r->engine) ENGINE_finish(r->engine); +#endif CRYPTO_free_ex_data(CRYPTO_EX_INDEX_RSA, r, &r->ex_data); diff --git a/crypto/rsa/rsa_sign.c b/crypto/rsa/rsa_sign.c index 4ac2de3407..9dd62ac956 100644 --- a/crypto/rsa/rsa_sign.c +++ b/crypto/rsa/rsa_sign.c @@ -62,7 +62,9 @@ #include #include #include +#ifndef OPENSSL_NO_ENGINE #include +#endif /* Size of an SSL signature: MD5+SHA1 */ #define SSL_SIG_LENGTH 36 @@ -77,10 +79,12 @@ int RSA_sign(int type, const unsigned char *m, unsigned int m_len, const unsigned char *s = NULL; X509_ALGOR algor; ASN1_OCTET_STRING digest; +#ifndef OPENSSL_NO_ENGINE if((rsa->flags & RSA_FLAG_SIGN_VER) && ENGINE_get_RSA(rsa->engine)->rsa_sign) return ENGINE_get_RSA(rsa->engine)->rsa_sign(type, m, m_len, sigret, siglen, rsa); +#endif /* Special case: SSL signature, just check the length */ if(type == NID_md5_sha1) { if(m_len != SSL_SIG_LENGTH) { @@ -155,10 +159,12 @@ int RSA_verify(int dtype, const unsigned char *m, unsigned int m_len, return(0); } +#ifndef OPENSSL_NO_ENGINE if((rsa->flags & RSA_FLAG_SIGN_VER) && ENGINE_get_RSA(rsa->engine)->rsa_verify) return ENGINE_get_RSA(rsa->engine)->rsa_verify(dtype, m, m_len, sigbuf, siglen, rsa); +#endif s=(unsigned char *)OPENSSL_malloc((unsigned int)siglen); if (s == NULL) diff --git a/crypto/rsa/rsa_test.c b/crypto/rsa/rsa_test.c index b8b462d33b..99abb1fde7 100644 --- a/crypto/rsa/rsa_test.c +++ b/crypto/rsa/rsa_test.c @@ -16,7 +16,9 @@ int main(int argc, char *argv[]) } #else #include +#ifndef OPENSSL_NO_ENGINE #include +#endif #define SetKey \ key->n = BN_bin2bn(n, sizeof(n)-1, key->n); \ diff --git a/demos/x509/mkcert.c b/demos/x509/mkcert.c index 8304d30e0b..c5e67b8e28 100644 --- a/demos/x509/mkcert.c +++ b/demos/x509/mkcert.c @@ -9,7 +9,9 @@ #include #include #include +#ifndef OPENSSL_NO_ENGINE #include +#endif int mkcert(X509 **x509p, EVP_PKEY **pkeyp, int bits, int serial, int days); int add_ext(X509 *cert, int nid, char *value); @@ -35,7 +37,9 @@ int main(int argc, char **argv) X509_free(x509); EVP_PKEY_free(pkey); +#ifndef OPENSSL_NO_ENGINE ENGINE_cleanup(); +#endif CRYPTO_cleanup_all_ex_data(); CRYPTO_mem_leaks(bio_err); diff --git a/demos/x509/mkreq.c b/demos/x509/mkreq.c index d69dcc392b..3dfc65f164 100644 --- a/demos/x509/mkreq.c +++ b/demos/x509/mkreq.c @@ -8,7 +8,9 @@ #include #include #include +#ifndef OPENSSL_NO_ENGINE #include +#endif int mkreq(X509_REQ **x509p, EVP_PKEY **pkeyp, int bits, int serial, int days); int add_ext(STACK_OF(X509_REQUEST) *sk, int nid, char *value); @@ -33,7 +35,9 @@ int main(int argc, char **argv) X509_REQ_free(req); EVP_PKEY_free(pkey); +#ifndef OPENSSL_NO_ENGINE ENGINE_cleanup(); +#endif CRYPTO_cleanup_all_ex_data(); CRYPTO_mem_leaks(bio_err); diff --git a/ssl/ssltest.c b/ssl/ssltest.c index fc27f018d1..49360d5f9f 100644 --- a/ssl/ssltest.c +++ b/ssl/ssltest.c @@ -133,7 +133,9 @@ #include #include #include +#ifndef OPENSSL_NO_ENGINE #include +#endif #include #include @@ -828,7 +830,9 @@ end: #ifndef OPENSSL_NO_RSA free_tmp_rsa(); #endif +#ifndef OPENSSL_NO_ENGINE ENGINE_cleanup(); +#endif CRYPTO_cleanup_all_ex_data(); ERR_free_strings(); ERR_remove_state(0); diff --git a/util/bat.sh b/util/bat.sh index c6f48e8a7b..4d9a8287d0 100755 --- a/util/bat.sh +++ b/util/bat.sh @@ -62,6 +62,7 @@ sub var_add local($dir,$val)=@_; local(@a,$_,$ret); + return("") if $no_engine && $dir =~ /\/engine/; return("") if $no_idea && $dir =~ /\/idea/; return("") if $no_rc2 && $dir =~ /\/rc2/; return("") if $no_rc4 && $dir =~ /\/rc4/; @@ -116,6 +117,7 @@ sub var_add @a=grep(!/(^sha1)|(_sha1$)|(m_dss1$)/,@a) if $no_sha1; @a=grep(!/_mdc2$/,@a) if $no_mdc2; + @a=grep(!/^engine$/,@a) if $no_engine; @a=grep(!/(^rsa$)|(^genrsa$)|(^req$)|(^ca$)/,@a) if $no_rsa; @a=grep(!/(^dsa$)|(^gendsa$)|(^dsaparam$)/,@a) if $no_dsa; @a=grep(!/^gendsa$/,@a) if $no_sha1; diff --git a/util/mk1mf.pl b/util/mk1mf.pl index 8c6370bc5d..5f3ab059f0 100755 --- a/util/mk1mf.pl +++ b/util/mk1mf.pl @@ -65,6 +65,8 @@ and [options] can be one of no-krb5 - No KRB5 no-ec - No EC no-ecdsa - No ECDSA + no-ecdh - No ECDH + no-engine - No engine nasm - Use NASM for x86 asm gaswin - Use GNU as with Mingw32 no-socks - No socket code @@ -234,6 +236,8 @@ $cflags.=" -DOPENSSL_NO_ERR" if $no_err; $cflags.=" -DOPENSSL_NO_KRB5" if $no_krb5; $cflags.=" -DOPENSSL_NO_EC" if $no_ec; $cflags.=" -DOPENSSL_NO_ECDSA" if $no_ecdsa; +$cflags.=" -DOPENSSL_NO_ECDH" if $no_ecdh; +$cflags.=" -DOPENSSL_NO_ENGINE" if $no_engine; #$cflags.=" -DRSAref" if $rsaref ne ""; ## if ($unix) @@ -663,6 +667,7 @@ sub var_add local($dir,$val)=@_; local(@a,$_,$ret); + return("") if $no_engine && $dir =~ /\/engine/; return("") if $no_idea && $dir =~ /\/idea/; return("") if $no_aes && $dir =~ /\/aes/; return("") if $no_rc2 && $dir =~ /\/rc2/; @@ -723,6 +728,7 @@ sub var_add @a=grep(!/(^sha1)|(_sha1$)|(m_dss1$)/,@a) if $no_sha1; @a=grep(!/_mdc2$/,@a) if $no_mdc2; + @a=grep(!/^engine$/,@a) if $no_engine; @a=grep(!/(^rsa$)|(^genrsa$)/,@a) if $no_rsa; @a=grep(!/(^dsa$)|(^gendsa$)|(^dsaparam$)/,@a) if $no_dsa; @a=grep(!/^gendsa$/,@a) if $no_sha1; @@ -925,6 +931,8 @@ sub read_options elsif (/^no-krb5$/) { $no_krb5=1; } elsif (/^no-ec$/) { $no_ec=1; } elsif (/^no-ecdsa$/) { $no_ecdsa=1; } + elsif (/^no-ecdh$/) { $no_ecdh=1; } + elsif (/^no-engine$/) { $no_engine=1; } elsif (/^just-ssl$/) { $no_rc2=$no_idea=$no_des=$no_bf=$no_cast=1; $no_md2=$no_sha=$no_mdc2=$no_dsa=$no_dh=1; diff --git a/util/mkdef.pl b/util/mkdef.pl index d868a35036..5174939651 100755 --- a/util/mkdef.pl +++ b/util/mkdef.pl @@ -93,7 +93,7 @@ my @known_algorithms = ( "RC2", "RC4", "RC5", "IDEA", "DES", "BF", # External "algorithms" "FP_API", "STDIO", "SOCK", "KRB5", # Engines - "STATIC_ENGINE", + "STATIC_ENGINE", "ENGINE", # Deprecated functions "DEPRECATED" ); @@ -111,7 +111,7 @@ my $no_rc2; my $no_rc4; my $no_rc5; my $no_idea; my $no_des; my $no_bf; my $no_cast; my $no_md2; my $no_md4; my $no_md5; my $no_sha; my $no_ripemd; my $no_mdc2; my $no_rsa; my $no_dsa; my $no_dh; my $no_hmac=0; my $no_aes; my $no_krb5; -my $no_ec; my $no_ecdsa; my $no_ecdh; +my $no_ec; my $no_ecdsa; my $no_ecdh; my $no_engine; my $no_fp_api; my $no_static_engine; my $no_deprecated; foreach (@ARGV, split(/ /, $options)) @@ -182,6 +182,7 @@ foreach (@ARGV, split(/ /, $options)) elsif (/^no-comp$/) { $no_comp=1; } elsif (/^no-dso$/) { $no_dso=1; } elsif (/^no-krb5$/) { $no_krb5=1; } + elsif (/^no-engine$/) { $no_engine=1; } } @@ -243,7 +244,7 @@ $crypto.=" crypto/ecdsa/ecdsa.h" ; # unless $no_ecdsa; $crypto.=" crypto/ecdh/ecdh.h" ; # unless $no_ecdh; $crypto.=" crypto/hmac/hmac.h" ; # unless $no_hmac; -$crypto.=" crypto/engine/engine.h"; +$crypto.=" crypto/engine/engine.h"; # unless $no_engine; $crypto.=" crypto/stack/stack.h" ; # unless $no_stack; $crypto.=" crypto/buffer/buffer.h" ; # unless $no_buffer; $crypto.=" crypto/bio/bio.h" ; # unless $no_bio; @@ -1065,6 +1066,7 @@ sub is_valid if ($keyword eq "COMP" && $no_comp) { return 0; } if ($keyword eq "DSO" && $no_dso) { return 0; } if ($keyword eq "KRB5" && $no_krb5) { return 0; } + if ($keyword eq "ENGINE" && $no_engine) { return 0; } if ($keyword eq "FP_API" && $no_fp_api) { return 0; } if ($keyword eq "STATIC_ENGINE" && $no_static_engine) { return 0; } if ($keyword eq "DEPRECATED" && $no_deprecated) { return 0; } From a1d57849b3b0248d7b159849675e3a695ee1765c Mon Sep 17 00:00:00 2001 From: Richard Levitte Date: Thu, 30 Jan 2003 17:53:02 +0000 Subject: [PATCH 045/393] make update --- TABLE | 18 ++-- engines/Makefile.ssl | 12 +++ util/libeay.num | 249 ++++++++++++++++++++++--------------------- 3 files changed, 146 insertions(+), 133 deletions(-) diff --git a/TABLE b/TABLE index 4609761306..bf14584c2c 100644 --- a/TABLE +++ b/TABLE @@ -1093,10 +1093,10 @@ $rc4_obj = $rmd160_obj = $rc5_obj = $dso_scheme = dlfcn -$shared_target= +$shared_target= aix-shared $shared_cflag = $shared_ldflag = -$shared_extension = +$shared_extension = .so.$(SHLIB_MAJOR).$(SHLIB_MINOR) $ranlib = $arflags = @@ -1143,10 +1143,10 @@ $rc4_obj = $rmd160_obj = $rc5_obj = $dso_scheme = dlfcn -$shared_target= +$shared_target= aix-shared $shared_cflag = -$shared_ldflag = -$shared_extension = +$shared_ldflag = -q64 +$shared_extension = .so.$(SHLIB_MAJOR).$(SHLIB_MINOR) $ranlib = $arflags = -X 64 @@ -3656,7 +3656,7 @@ $cflags = -belf $unistd = $thread_cflag = (unknown) $sys_id = -$lflags = -lsocket -lresolv -lnsl +$lflags = -lsocket -lnsl $bn_ops = DES_PTR DES_RISC1 DES_UNROLL RC4_INDEX MD2_INT $bn_obj = asm/bn86-elf.o asm/co86-elf.o $des_obj = asm/dx86-elf.o asm/yx86-elf.o @@ -3671,7 +3671,7 @@ $dso_scheme = dlfcn $shared_target= svr3-shared $shared_cflag = -Kpic $shared_ldflag = -$shared_extension = +$shared_extension = .so.$(SHLIB_MAJOR).$(SHLIB_MINOR) $ranlib = $arflags = @@ -3681,7 +3681,7 @@ $cflags = -O3 -fomit-frame-pointer $unistd = $thread_cflag = (unknown) $sys_id = -$lflags = -lsocket -lresolv -lnsl +$lflags = -lsocket -lnsl $bn_ops = BN_LLONG DES_PTR DES_RISC1 DES_UNROLL RC4_INDEX MD2_INT $bn_obj = asm/bn86-elf.o asm/co86-elf.o $des_obj = asm/dx86-elf.o asm/yx86-elf.o @@ -3696,7 +3696,7 @@ $dso_scheme = dlfcn $shared_target= svr3-shared $shared_cflag = -fPIC $shared_ldflag = -$shared_extension = +$shared_extension = .so.$(SHLIB_MAJOR).$(SHLIB_MINOR) $ranlib = $arflags = diff --git a/engines/Makefile.ssl b/engines/Makefile.ssl index 15d92844ee..6a010e05d6 100644 --- a/engines/Makefile.ssl +++ b/engines/Makefile.ssl @@ -184,6 +184,18 @@ e_cswift.o: ../include/openssl/rand.h ../include/openssl/rsa.h e_cswift.o: ../include/openssl/safestack.h ../include/openssl/stack.h e_cswift.o: ../include/openssl/symhacks.h ../include/openssl/ui.h e_cswift.c e_cswift.o: e_cswift_err.c e_cswift_err.h vendor_defns/cswift.h +e_gmp.o: ../include/openssl/asn1.h ../include/openssl/bio.h +e_gmp.o: ../include/openssl/bn.h ../include/openssl/buffer.h +e_gmp.o: ../include/openssl/crypto.h ../include/openssl/dh.h +e_gmp.o: ../include/openssl/dsa.h ../include/openssl/e_os2.h +e_gmp.o: ../include/openssl/ec.h ../include/openssl/ecdh.h +e_gmp.o: ../include/openssl/ecdsa.h ../include/openssl/engine.h +e_gmp.o: ../include/openssl/err.h ../include/openssl/lhash.h +e_gmp.o: ../include/openssl/opensslconf.h ../include/openssl/opensslv.h +e_gmp.o: ../include/openssl/ossl_typ.h ../include/openssl/rand.h +e_gmp.o: ../include/openssl/rsa.h ../include/openssl/safestack.h +e_gmp.o: ../include/openssl/stack.h ../include/openssl/symhacks.h +e_gmp.o: ../include/openssl/ui.h e_gmp.c e_ncipher.o: ../include/openssl/asn1.h ../include/openssl/bio.h e_ncipher.o: ../include/openssl/bn.h ../include/openssl/buffer.h e_ncipher.o: ../include/openssl/crypto.h ../include/openssl/dh.h diff --git a/util/libeay.num b/util/libeay.num index 069c13d0bd..efaf93c942 100755 --- a/util/libeay.num +++ b/util/libeay.num @@ -1881,72 +1881,72 @@ BIO_f_linebuffer 2463 EXIST:VMS:FUNCTION: BN_bntest_rand 2464 EXIST::FUNCTION: OPENSSL_issetugid 2465 EXIST::FUNCTION: BN_rand_range 2466 EXIST::FUNCTION: -ERR_load_ENGINE_strings 2467 EXIST::FUNCTION: -ENGINE_set_DSA 2468 EXIST::FUNCTION: -ENGINE_get_finish_function 2469 EXIST::FUNCTION: -ENGINE_get_default_RSA 2470 EXIST::FUNCTION: +ERR_load_ENGINE_strings 2467 EXIST::FUNCTION:ENGINE +ENGINE_set_DSA 2468 EXIST::FUNCTION:ENGINE +ENGINE_get_finish_function 2469 EXIST::FUNCTION:ENGINE +ENGINE_get_default_RSA 2470 EXIST::FUNCTION:ENGINE ENGINE_get_BN_mod_exp 2471 NOEXIST::FUNCTION: DSA_get_default_openssl_method 2472 NOEXIST::FUNCTION: -ENGINE_set_DH 2473 EXIST::FUNCTION: +ENGINE_set_DH 2473 EXIST::FUNCTION:ENGINE ENGINE_set_def_BN_mod_exp_crt 2474 NOEXIST::FUNCTION: ENGINE_set_default_BN_mod_exp_crt 2474 NOEXIST::FUNCTION: -ENGINE_init 2475 EXIST::FUNCTION: +ENGINE_init 2475 EXIST::FUNCTION:ENGINE DH_get_default_openssl_method 2476 NOEXIST::FUNCTION: RSA_set_default_openssl_method 2477 NOEXIST::FUNCTION: -ENGINE_finish 2478 EXIST::FUNCTION: -ENGINE_load_public_key 2479 EXIST::FUNCTION: -ENGINE_get_DH 2480 EXIST::FUNCTION: -ENGINE_ctrl 2481 EXIST::FUNCTION: -ENGINE_get_init_function 2482 EXIST::FUNCTION: -ENGINE_set_init_function 2483 EXIST::FUNCTION: -ENGINE_set_default_DSA 2484 EXIST::FUNCTION: -ENGINE_get_name 2485 EXIST::FUNCTION: -ENGINE_get_last 2486 EXIST::FUNCTION: -ENGINE_get_prev 2487 EXIST::FUNCTION: -ENGINE_get_default_DH 2488 EXIST::FUNCTION: -ENGINE_get_RSA 2489 EXIST::FUNCTION: -ENGINE_set_default 2490 EXIST::FUNCTION: -ENGINE_get_RAND 2491 EXIST::FUNCTION: -ENGINE_get_first 2492 EXIST::FUNCTION: -ENGINE_by_id 2493 EXIST::FUNCTION: -ENGINE_set_finish_function 2494 EXIST::FUNCTION: +ENGINE_finish 2478 EXIST::FUNCTION:ENGINE +ENGINE_load_public_key 2479 EXIST::FUNCTION:ENGINE +ENGINE_get_DH 2480 EXIST::FUNCTION:ENGINE +ENGINE_ctrl 2481 EXIST::FUNCTION:ENGINE +ENGINE_get_init_function 2482 EXIST::FUNCTION:ENGINE +ENGINE_set_init_function 2483 EXIST::FUNCTION:ENGINE +ENGINE_set_default_DSA 2484 EXIST::FUNCTION:ENGINE +ENGINE_get_name 2485 EXIST::FUNCTION:ENGINE +ENGINE_get_last 2486 EXIST::FUNCTION:ENGINE +ENGINE_get_prev 2487 EXIST::FUNCTION:ENGINE +ENGINE_get_default_DH 2488 EXIST::FUNCTION:ENGINE +ENGINE_get_RSA 2489 EXIST::FUNCTION:ENGINE +ENGINE_set_default 2490 EXIST::FUNCTION:ENGINE +ENGINE_get_RAND 2491 EXIST::FUNCTION:ENGINE +ENGINE_get_first 2492 EXIST::FUNCTION:ENGINE +ENGINE_by_id 2493 EXIST::FUNCTION:ENGINE +ENGINE_set_finish_function 2494 EXIST::FUNCTION:ENGINE ENGINE_get_def_BN_mod_exp_crt 2495 NOEXIST::FUNCTION: ENGINE_get_default_BN_mod_exp_crt 2495 NOEXIST::FUNCTION: RSA_get_default_openssl_method 2496 NOEXIST::FUNCTION: -ENGINE_set_RSA 2497 EXIST::FUNCTION: -ENGINE_load_private_key 2498 EXIST::FUNCTION: -ENGINE_set_default_RAND 2499 EXIST::FUNCTION: +ENGINE_set_RSA 2497 EXIST::FUNCTION:ENGINE +ENGINE_load_private_key 2498 EXIST::FUNCTION:ENGINE +ENGINE_set_default_RAND 2499 EXIST::FUNCTION:ENGINE ENGINE_set_BN_mod_exp 2500 NOEXIST::FUNCTION: -ENGINE_remove 2501 EXIST::FUNCTION: -ENGINE_free 2502 EXIST::FUNCTION: +ENGINE_remove 2501 EXIST::FUNCTION:ENGINE +ENGINE_free 2502 EXIST::FUNCTION:ENGINE ENGINE_get_BN_mod_exp_crt 2503 NOEXIST::FUNCTION: -ENGINE_get_next 2504 EXIST::FUNCTION: -ENGINE_set_name 2505 EXIST::FUNCTION: -ENGINE_get_default_DSA 2506 EXIST::FUNCTION: +ENGINE_get_next 2504 EXIST::FUNCTION:ENGINE +ENGINE_set_name 2505 EXIST::FUNCTION:ENGINE +ENGINE_get_default_DSA 2506 EXIST::FUNCTION:ENGINE ENGINE_set_default_BN_mod_exp 2507 NOEXIST::FUNCTION: -ENGINE_set_default_RSA 2508 EXIST::FUNCTION: -ENGINE_get_default_RAND 2509 EXIST::FUNCTION: +ENGINE_set_default_RSA 2508 EXIST::FUNCTION:ENGINE +ENGINE_get_default_RAND 2509 EXIST::FUNCTION:ENGINE ENGINE_get_default_BN_mod_exp 2510 NOEXIST::FUNCTION: -ENGINE_set_RAND 2511 EXIST::FUNCTION: -ENGINE_set_id 2512 EXIST::FUNCTION: +ENGINE_set_RAND 2511 EXIST::FUNCTION:ENGINE +ENGINE_set_id 2512 EXIST::FUNCTION:ENGINE ENGINE_set_BN_mod_exp_crt 2513 NOEXIST::FUNCTION: -ENGINE_set_default_DH 2514 EXIST::FUNCTION: -ENGINE_new 2515 EXIST::FUNCTION: -ENGINE_get_id 2516 EXIST::FUNCTION: +ENGINE_set_default_DH 2514 EXIST::FUNCTION:ENGINE +ENGINE_new 2515 EXIST::FUNCTION:ENGINE +ENGINE_get_id 2516 EXIST::FUNCTION:ENGINE DSA_set_default_openssl_method 2517 NOEXIST::FUNCTION: -ENGINE_add 2518 EXIST::FUNCTION: +ENGINE_add 2518 EXIST::FUNCTION:ENGINE DH_set_default_openssl_method 2519 NOEXIST::FUNCTION: -ENGINE_get_DSA 2520 EXIST::FUNCTION: -ENGINE_get_ctrl_function 2521 EXIST::FUNCTION: -ENGINE_set_ctrl_function 2522 EXIST::FUNCTION: +ENGINE_get_DSA 2520 EXIST::FUNCTION:ENGINE +ENGINE_get_ctrl_function 2521 EXIST::FUNCTION:ENGINE +ENGINE_set_ctrl_function 2522 EXIST::FUNCTION:ENGINE BN_pseudo_rand_range 2523 EXIST::FUNCTION: X509_STORE_CTX_set_verify_cb 2524 EXIST::FUNCTION: ERR_load_COMP_strings 2525 EXIST::FUNCTION: PKCS12_item_decrypt_d2i 2526 EXIST::FUNCTION: ASN1_UTF8STRING_it 2527 EXIST:!EXPORT_VAR_AS_FUNCTION:VARIABLE: ASN1_UTF8STRING_it 2527 EXIST:EXPORT_VAR_AS_FUNCTION:FUNCTION: -ENGINE_unregister_ciphers 2528 EXIST::FUNCTION: -ENGINE_get_ciphers 2529 EXIST::FUNCTION: +ENGINE_unregister_ciphers 2528 EXIST::FUNCTION:ENGINE +ENGINE_get_ciphers 2529 EXIST::FUNCTION:ENGINE d2i_OCSP_BASICRESP 2530 EXIST::FUNCTION: KRB5_CHECKSUM_it 2531 EXIST:!EXPORT_VAR_AS_FUNCTION:VARIABLE: KRB5_CHECKSUM_it 2531 EXIST:EXPORT_VAR_AS_FUNCTION:FUNCTION: @@ -1959,15 +1959,15 @@ X509V3_add1_i2d 2536 EXIST::FUNCTION: PKCS7_ENVELOPE_it 2537 EXIST:!EXPORT_VAR_AS_FUNCTION:VARIABLE: PKCS7_ENVELOPE_it 2537 EXIST:EXPORT_VAR_AS_FUNCTION:FUNCTION: UI_add_input_boolean 2538 EXIST::FUNCTION: -ENGINE_unregister_RSA 2539 EXIST::FUNCTION: +ENGINE_unregister_RSA 2539 EXIST::FUNCTION:ENGINE X509V3_EXT_nconf 2540 EXIST::FUNCTION: ASN1_GENERALSTRING_free 2541 EXIST::FUNCTION: d2i_OCSP_CERTSTATUS 2542 EXIST::FUNCTION: X509_REVOKED_set_serialNumber 2543 EXIST::FUNCTION: X509_print_ex 2544 EXIST::FUNCTION:BIO OCSP_ONEREQ_get1_ext_d2i 2545 EXIST::FUNCTION: -ENGINE_register_all_RAND 2546 EXIST::FUNCTION: -ENGINE_load_dynamic 2547 EXIST::FUNCTION: +ENGINE_register_all_RAND 2546 EXIST::FUNCTION:ENGINE +ENGINE_load_dynamic 2547 EXIST::FUNCTION:ENGINE PBKDF2PARAM_it 2548 EXIST:!EXPORT_VAR_AS_FUNCTION:VARIABLE: PBKDF2PARAM_it 2548 EXIST:EXPORT_VAR_AS_FUNCTION:FUNCTION: EXTENDED_KEY_USAGE_new 2549 EXIST::FUNCTION: @@ -1987,7 +1987,7 @@ X509_STORE_set_purpose 2559 EXIST::FUNCTION: i2d_ASN1_GENERALSTRING 2560 EXIST::FUNCTION: OCSP_response_status 2561 EXIST::FUNCTION: i2d_OCSP_SERVICELOC 2562 EXIST::FUNCTION: -ENGINE_get_digest_engine 2563 EXIST::FUNCTION: +ENGINE_get_digest_engine 2563 EXIST::FUNCTION:ENGINE EC_GROUP_set_curve_GFp 2564 EXIST::FUNCTION:EC OCSP_REQUEST_get_ext_by_OBJ 2565 EXIST::FUNCTION: _ossl_old_des_random_key 2566 EXIST::FUNCTION:DES @@ -2011,7 +2011,7 @@ _shadow_DES_rw_mode 2581 EXIST:!EXPORT_VAR_AS_FUNCTION:VARIA _shadow_DES_rw_mode 2581 EXIST:EXPORT_VAR_AS_FUNCTION:FUNCTION:DES asn1_do_adb 2582 EXIST::FUNCTION: ASN1_template_i2d 2583 EXIST::FUNCTION: -ENGINE_register_DH 2584 EXIST::FUNCTION: +ENGINE_register_DH 2584 EXIST::FUNCTION:ENGINE UI_construct_prompt 2585 EXIST::FUNCTION: X509_STORE_set_trust 2586 EXIST::FUNCTION: UI_dup_input_string 2587 EXIST::FUNCTION: @@ -2039,7 +2039,7 @@ OCSP_resp_find 2605 EXIST::FUNCTION: BN_nnmod 2606 EXIST::FUNCTION: X509_CRL_sort 2607 EXIST::FUNCTION: X509_REVOKED_set_revocationDate 2608 EXIST::FUNCTION: -ENGINE_register_RAND 2609 EXIST::FUNCTION: +ENGINE_register_RAND 2609 EXIST::FUNCTION:ENGINE OCSP_SERVICELOC_new 2610 EXIST::FUNCTION: EC_POINT_set_affine_coordinates_GFp 2611 EXIST:!VMS:FUNCTION:EC EC_POINT_set_affine_coords_GFp 2611 EXIST:VMS:FUNCTION:EC @@ -2049,11 +2049,11 @@ SXNET_it 2613 EXIST:EXPORT_VAR_AS_FUNCTION:FUNCTI UI_dup_input_boolean 2614 EXIST::FUNCTION: PKCS12_add_CSPName_asc 2615 EXIST::FUNCTION: EC_POINT_is_at_infinity 2616 EXIST::FUNCTION:EC -ENGINE_load_cryptodev 2617 EXIST::FUNCTION: +ENGINE_load_cryptodev 2617 EXIST::FUNCTION:ENGINE DSO_convert_filename 2618 EXIST::FUNCTION: POLICYQUALINFO_it 2619 EXIST:!EXPORT_VAR_AS_FUNCTION:VARIABLE: POLICYQUALINFO_it 2619 EXIST:EXPORT_VAR_AS_FUNCTION:FUNCTION: -ENGINE_register_ciphers 2620 EXIST::FUNCTION: +ENGINE_register_ciphers 2620 EXIST::FUNCTION:ENGINE BN_mod_lshift_quick 2621 EXIST::FUNCTION: DSO_set_filename 2622 EXIST::FUNCTION: ASN1_item_free 2623 EXIST::FUNCTION: @@ -2062,7 +2062,7 @@ AUTHORITY_KEYID_it 2625 EXIST:!EXPORT_VAR_AS_FUNCTION:VARIA AUTHORITY_KEYID_it 2625 EXIST:EXPORT_VAR_AS_FUNCTION:FUNCTION: KRB5_APREQBODY_new 2626 EXIST::FUNCTION: X509V3_EXT_REQ_add_nconf 2627 EXIST::FUNCTION: -ENGINE_ctrl_cmd_string 2628 EXIST::FUNCTION: +ENGINE_ctrl_cmd_string 2628 EXIST::FUNCTION:ENGINE i2d_OCSP_RESPDATA 2629 EXIST::FUNCTION: EVP_MD_CTX_init 2630 EXIST::FUNCTION: EXTENDED_KEY_USAGE_free 2631 EXIST::FUNCTION: @@ -2071,8 +2071,8 @@ PKCS7_ATTR_SIGN_it 2632 EXIST:EXPORT_VAR_AS_FUNCTION:FUNCTI UI_add_error_string 2633 EXIST::FUNCTION: KRB5_CHECKSUM_free 2634 EXIST::FUNCTION: OCSP_REQUEST_get_ext 2635 EXIST::FUNCTION: -ENGINE_load_ubsec 2636 EXIST::FUNCTION:STATIC_ENGINE -ENGINE_register_all_digests 2637 EXIST::FUNCTION: +ENGINE_load_ubsec 2636 EXIST::FUNCTION:ENGINE,STATIC_ENGINE +ENGINE_register_all_digests 2637 EXIST::FUNCTION:ENGINE PKEY_USAGE_PERIOD_it 2638 EXIST:!EXPORT_VAR_AS_FUNCTION:VARIABLE: PKEY_USAGE_PERIOD_it 2638 EXIST:EXPORT_VAR_AS_FUNCTION:FUNCTION: PKCS12_unpack_authsafes 2639 EXIST::FUNCTION: @@ -2098,16 +2098,16 @@ OCSP_CERTSTATUS_free 2653 EXIST::FUNCTION: _ossl_old_des_crypt 2654 EXIST::FUNCTION:DES ASN1_item_i2d 2655 EXIST::FUNCTION: EVP_DecryptFinal_ex 2656 EXIST::FUNCTION: -ENGINE_load_openssl 2657 EXIST::FUNCTION: -ENGINE_get_cmd_defns 2658 EXIST::FUNCTION: -ENGINE_set_load_privkey_function 2659 EXIST:!VMS:FUNCTION: -ENGINE_set_load_privkey_fn 2659 EXIST:VMS:FUNCTION: +ENGINE_load_openssl 2657 EXIST::FUNCTION:ENGINE +ENGINE_get_cmd_defns 2658 EXIST::FUNCTION:ENGINE +ENGINE_set_load_privkey_function 2659 EXIST:!VMS:FUNCTION:ENGINE +ENGINE_set_load_privkey_fn 2659 EXIST:VMS:FUNCTION:ENGINE EVP_EncryptFinal_ex 2660 EXIST::FUNCTION: -ENGINE_set_default_digests 2661 EXIST::FUNCTION: +ENGINE_set_default_digests 2661 EXIST::FUNCTION:ENGINE X509_get0_pubkey_bitstr 2662 EXIST::FUNCTION: asn1_ex_i2c 2663 EXIST::FUNCTION: -ENGINE_register_RSA 2664 EXIST::FUNCTION: -ENGINE_unregister_DSA 2665 EXIST::FUNCTION: +ENGINE_register_RSA 2664 EXIST::FUNCTION:ENGINE +ENGINE_unregister_DSA 2665 EXIST::FUNCTION:ENGINE _ossl_old_des_key_sched 2666 EXIST::FUNCTION:DES X509_EXTENSION_it 2667 EXIST:!EXPORT_VAR_AS_FUNCTION:VARIABLE: X509_EXTENSION_it 2667 EXIST:EXPORT_VAR_AS_FUNCTION:FUNCTION: @@ -2120,7 +2120,7 @@ PKCS12_certbag2x509 2672 EXIST::FUNCTION: _ossl_old_des_ofb64_encrypt 2673 EXIST::FUNCTION:DES d2i_EXTENDED_KEY_USAGE 2674 EXIST::FUNCTION: ERR_print_errors_cb 2675 EXIST::FUNCTION: -ENGINE_set_ciphers 2676 EXIST::FUNCTION: +ENGINE_set_ciphers 2676 EXIST::FUNCTION:ENGINE d2i_KRB5_APREQBODY 2677 EXIST::FUNCTION: UI_method_get_flusher 2678 EXIST::FUNCTION: X509_PUBKEY_it 2679 EXIST:!EXPORT_VAR_AS_FUNCTION:VARIABLE: @@ -2156,7 +2156,7 @@ NCONF_get_number_e 2704 EXIST::FUNCTION: _ossl_old_des_decrypt3 2705 EXIST::FUNCTION:DES X509_signature_print 2706 EXIST::FUNCTION:EVP OCSP_SINGLERESP_free 2707 EXIST::FUNCTION: -ENGINE_load_builtin_engines 2708 EXIST::FUNCTION: +ENGINE_load_builtin_engines 2708 EXIST::FUNCTION:ENGINE i2d_OCSP_ONEREQ 2709 EXIST::FUNCTION: OCSP_REQUEST_add_ext 2710 EXIST::FUNCTION: OCSP_RESPBYTES_new 2711 EXIST::FUNCTION: @@ -2184,7 +2184,7 @@ X509_CERT_AUX_it 2727 EXIST:EXPORT_VAR_AS_FUNCTION:FUNCTI CERTIFICATEPOLICIES_it 2728 EXIST:!EXPORT_VAR_AS_FUNCTION:VARIABLE: CERTIFICATEPOLICIES_it 2728 EXIST:EXPORT_VAR_AS_FUNCTION:FUNCTION: _ossl_old_des_ede3_cbc_encrypt 2729 EXIST::FUNCTION:DES -RAND_set_rand_engine 2730 EXIST::FUNCTION: +RAND_set_rand_engine 2730 EXIST::FUNCTION:ENGINE DSO_get_loaded_filename 2731 EXIST::FUNCTION: X509_ATTRIBUTE_it 2732 EXIST:!EXPORT_VAR_AS_FUNCTION:VARIABLE: X509_ATTRIBUTE_it 2732 EXIST:EXPORT_VAR_AS_FUNCTION:FUNCTION: @@ -2206,7 +2206,7 @@ i2d_OCSP_BASICRESP 2744 EXIST::FUNCTION: i2d_OCSP_RESPBYTES 2745 EXIST::FUNCTION: PKCS12_unpack_p7encdata 2746 EXIST::FUNCTION: HMAC_CTX_init 2747 EXIST::FUNCTION:HMAC -ENGINE_get_digest 2748 EXIST::FUNCTION: +ENGINE_get_digest 2748 EXIST::FUNCTION:ENGINE OCSP_RESPONSE_print 2749 EXIST::FUNCTION: KRB5_TKTBODY_it 2750 EXIST:!EXPORT_VAR_AS_FUNCTION:VARIABLE: KRB5_TKTBODY_it 2750 EXIST:EXPORT_VAR_AS_FUNCTION:FUNCTION: @@ -2219,16 +2219,16 @@ PBE2PARAM_it 2753 EXIST:EXPORT_VAR_AS_FUNCTION:FUNCTI PKCS12_certbag2x509crl 2754 EXIST::FUNCTION: PKCS7_SIGNED_it 2755 EXIST:!EXPORT_VAR_AS_FUNCTION:VARIABLE: PKCS7_SIGNED_it 2755 EXIST:EXPORT_VAR_AS_FUNCTION:FUNCTION: -ENGINE_get_cipher 2756 EXIST::FUNCTION: +ENGINE_get_cipher 2756 EXIST::FUNCTION:ENGINE i2d_OCSP_CRLID 2757 EXIST::FUNCTION: OCSP_SINGLERESP_new 2758 EXIST::FUNCTION: -ENGINE_cmd_is_executable 2759 EXIST::FUNCTION: +ENGINE_cmd_is_executable 2759 EXIST::FUNCTION:ENGINE RSA_up_ref 2760 EXIST::FUNCTION:RSA ASN1_GENERALSTRING_it 2761 EXIST:!EXPORT_VAR_AS_FUNCTION:VARIABLE: ASN1_GENERALSTRING_it 2761 EXIST:EXPORT_VAR_AS_FUNCTION:FUNCTION: -ENGINE_register_DSA 2762 EXIST::FUNCTION: +ENGINE_register_DSA 2762 EXIST::FUNCTION:ENGINE X509V3_EXT_add_nconf_sk 2763 EXIST::FUNCTION: -ENGINE_set_load_pubkey_function 2764 EXIST::FUNCTION: +ENGINE_set_load_pubkey_function 2764 EXIST::FUNCTION:ENGINE PKCS8_decrypt 2765 EXIST::FUNCTION: PEM_bytes_read_bio 2766 EXIST::FUNCTION:BIO DIRECTORYSTRING_it 2767 EXIST:!EXPORT_VAR_AS_FUNCTION:VARIABLE: @@ -2265,7 +2265,7 @@ UI_method_set_flusher 2789 EXIST::FUNCTION: X509_ocspid_print 2790 EXIST::FUNCTION:BIO KRB5_ENCDATA_it 2791 EXIST:!EXPORT_VAR_AS_FUNCTION:VARIABLE: KRB5_ENCDATA_it 2791 EXIST:EXPORT_VAR_AS_FUNCTION:FUNCTION: -ENGINE_get_load_pubkey_function 2792 EXIST::FUNCTION: +ENGINE_get_load_pubkey_function 2792 EXIST::FUNCTION:ENGINE UI_add_user_data 2793 EXIST::FUNCTION: OCSP_REQUEST_delete_ext 2794 EXIST::FUNCTION: UI_get_method 2795 EXIST::FUNCTION: @@ -2289,16 +2289,16 @@ ASN1_FBOOLEAN_it 2806 EXIST:!EXPORT_VAR_AS_FUNCTION:VARIA ASN1_FBOOLEAN_it 2806 EXIST:EXPORT_VAR_AS_FUNCTION:FUNCTION: UI_set_ex_data 2807 EXIST::FUNCTION: _ossl_old_des_string_to_key 2808 EXIST::FUNCTION:DES -ENGINE_register_all_RSA 2809 EXIST::FUNCTION: +ENGINE_register_all_RSA 2809 EXIST::FUNCTION:ENGINE d2i_KRB5_PRINCNAME 2810 EXIST::FUNCTION: OCSP_RESPBYTES_it 2811 EXIST:!EXPORT_VAR_AS_FUNCTION:VARIABLE: OCSP_RESPBYTES_it 2811 EXIST:EXPORT_VAR_AS_FUNCTION:FUNCTION: X509_CINF_it 2812 EXIST:!EXPORT_VAR_AS_FUNCTION:VARIABLE: X509_CINF_it 2812 EXIST:EXPORT_VAR_AS_FUNCTION:FUNCTION: -ENGINE_unregister_digests 2813 EXIST::FUNCTION: +ENGINE_unregister_digests 2813 EXIST::FUNCTION:ENGINE d2i_EDIPARTYNAME 2814 EXIST::FUNCTION: d2i_OCSP_SERVICELOC 2815 EXIST::FUNCTION: -ENGINE_get_digests 2816 EXIST::FUNCTION: +ENGINE_get_digests 2816 EXIST::FUNCTION:ENGINE _ossl_old_des_set_odd_parity 2817 EXIST::FUNCTION:DES OCSP_RESPDATA_free 2818 EXIST::FUNCTION: d2i_KRB5_TICKET 2819 EXIST::FUNCTION: @@ -2309,7 +2309,7 @@ d2i_ASN1_GENERALSTRING 2822 EXIST::FUNCTION: X509_CRL_set_version 2823 EXIST::FUNCTION: BN_mod_sub 2824 EXIST::FUNCTION: OCSP_SINGLERESP_get_ext_by_NID 2825 EXIST::FUNCTION: -ENGINE_get_ex_new_index 2826 EXIST::FUNCTION: +ENGINE_get_ex_new_index 2826 EXIST::FUNCTION:ENGINE OCSP_REQUEST_free 2827 EXIST::FUNCTION: OCSP_REQUEST_add1_ext_i2d 2828 EXIST::FUNCTION: X509_VAL_it 2829 EXIST:!EXPORT_VAR_AS_FUNCTION:VARIABLE: @@ -2343,7 +2343,7 @@ EC_POINT_method_of 2852 EXIST::FUNCTION:EC i2d_KRB5_APREQBODY 2853 EXIST::FUNCTION: _ossl_old_des_ecb3_encrypt 2854 EXIST::FUNCTION:DES CRYPTO_get_mem_ex_functions 2855 EXIST::FUNCTION: -ENGINE_get_ex_data 2856 EXIST::FUNCTION: +ENGINE_get_ex_data 2856 EXIST::FUNCTION:ENGINE UI_destroy_method 2857 EXIST::FUNCTION: ASN1_item_i2d_bio 2858 EXIST::FUNCTION:BIO OCSP_ONEREQ_get_ext_by_OBJ 2859 EXIST::FUNCTION: @@ -2367,7 +2367,7 @@ PKCS12_SAFEBAGS_it 2872 EXIST:!EXPORT_VAR_AS_FUNCTION:VARIA PKCS12_SAFEBAGS_it 2872 EXIST:EXPORT_VAR_AS_FUNCTION:FUNCTION: d2i_OCSP_SIGNATURE 2873 EXIST::FUNCTION: OCSP_request_add1_nonce 2874 EXIST::FUNCTION: -ENGINE_set_cmd_defns 2875 EXIST::FUNCTION: +ENGINE_set_cmd_defns 2875 EXIST::FUNCTION:ENGINE OCSP_SERVICELOC_free 2876 EXIST::FUNCTION: EC_GROUP_free 2877 EXIST::FUNCTION:EC ASN1_BIT_STRING_it 2878 EXIST:!EXPORT_VAR_AS_FUNCTION:VARIABLE: @@ -2384,7 +2384,7 @@ EC_GROUP_new_curve_GFp 2885 EXIST::FUNCTION:EC OCSP_REQUEST_get1_ext_d2i 2886 EXIST::FUNCTION: PKCS12_item_pack_safebag 2887 EXIST::FUNCTION: asn1_ex_c2i 2888 EXIST::FUNCTION: -ENGINE_register_digests 2889 EXIST::FUNCTION: +ENGINE_register_digests 2889 EXIST::FUNCTION:ENGINE i2d_OCSP_REVOKEDINFO 2890 EXIST::FUNCTION: asn1_enc_restore 2891 EXIST::FUNCTION: UI_free 2892 EXIST::FUNCTION: @@ -2395,7 +2395,7 @@ EC_POINT_invert 2896 EXIST::FUNCTION:EC OCSP_basic_sign 2897 EXIST::FUNCTION: i2d_OCSP_RESPID 2898 EXIST::FUNCTION: OCSP_check_nonce 2899 EXIST::FUNCTION: -ENGINE_ctrl_cmd 2900 EXIST::FUNCTION: +ENGINE_ctrl_cmd 2900 EXIST::FUNCTION:ENGINE d2i_KRB5_ENCKEY 2901 EXIST::FUNCTION: OCSP_parse_url 2902 EXIST::FUNCTION: OCSP_SINGLERESP_get_ext 2903 EXIST::FUNCTION: @@ -2403,12 +2403,12 @@ OCSP_CRLID_free 2904 EXIST::FUNCTION: OCSP_BASICRESP_get1_ext_d2i 2905 EXIST::FUNCTION: RSAPrivateKey_it 2906 EXIST:!EXPORT_VAR_AS_FUNCTION:VARIABLE:RSA RSAPrivateKey_it 2906 EXIST:EXPORT_VAR_AS_FUNCTION:FUNCTION:RSA -ENGINE_register_all_DH 2907 EXIST::FUNCTION: +ENGINE_register_all_DH 2907 EXIST::FUNCTION:ENGINE i2d_EDIPARTYNAME 2908 EXIST::FUNCTION: EC_POINT_get_affine_coordinates_GFp 2909 EXIST:!VMS:FUNCTION:EC EC_POINT_get_affine_coords_GFp 2909 EXIST:VMS:FUNCTION:EC OCSP_CRLID_new 2910 EXIST::FUNCTION: -ENGINE_get_flags 2911 EXIST::FUNCTION: +ENGINE_get_flags 2911 EXIST::FUNCTION:ENGINE OCSP_ONEREQ_it 2912 EXIST:!EXPORT_VAR_AS_FUNCTION:VARIABLE: OCSP_ONEREQ_it 2912 EXIST:EXPORT_VAR_AS_FUNCTION:FUNCTION: UI_process 2913 EXIST::FUNCTION: @@ -2416,8 +2416,8 @@ ASN1_INTEGER_it 2914 EXIST:!EXPORT_VAR_AS_FUNCTION:VARIA ASN1_INTEGER_it 2914 EXIST:EXPORT_VAR_AS_FUNCTION:FUNCTION: EVP_CipherInit_ex 2915 EXIST::FUNCTION: UI_get_string_type 2916 EXIST::FUNCTION: -ENGINE_unregister_DH 2917 EXIST::FUNCTION: -ENGINE_register_all_DSA 2918 EXIST::FUNCTION: +ENGINE_unregister_DH 2917 EXIST::FUNCTION:ENGINE +ENGINE_register_all_DSA 2918 EXIST::FUNCTION:ENGINE OCSP_ONEREQ_get_ext_by_critical 2919 EXIST::FUNCTION: bn_dup_expand 2920 EXIST::FUNCTION: OCSP_cert_id_new 2921 EXIST::FUNCTION: @@ -2438,11 +2438,11 @@ BN_mod_sub_quick 2933 EXIST::FUNCTION: OCSP_ONEREQ_add_ext 2934 EXIST::FUNCTION: OCSP_request_sign 2935 EXIST::FUNCTION: EVP_DigestFinal_ex 2936 EXIST::FUNCTION: -ENGINE_set_digests 2937 EXIST::FUNCTION: +ENGINE_set_digests 2937 EXIST::FUNCTION:ENGINE OCSP_id_issuer_cmp 2938 EXIST::FUNCTION: OBJ_NAME_do_all 2939 EXIST::FUNCTION: EC_POINTs_mul 2940 EXIST::FUNCTION:EC -ENGINE_register_complete 2941 EXIST::FUNCTION: +ENGINE_register_complete 2941 EXIST::FUNCTION:ENGINE X509V3_EXT_nconf_nid 2942 EXIST::FUNCTION: ASN1_SEQUENCE_it 2943 EXIST:!EXPORT_VAR_AS_FUNCTION:VARIABLE: ASN1_SEQUENCE_it 2943 EXIST:EXPORT_VAR_AS_FUNCTION:FUNCTION: @@ -2451,7 +2451,7 @@ RAND_query_egd_bytes 2945 EXIST::FUNCTION: UI_method_get_writer 2946 EXIST::FUNCTION: UI_OpenSSL 2947 EXIST::FUNCTION: PEM_def_callback 2948 EXIST::FUNCTION: -ENGINE_cleanup 2949 EXIST::FUNCTION: +ENGINE_cleanup 2949 EXIST::FUNCTION:ENGINE DIST_POINT_it 2950 EXIST:!EXPORT_VAR_AS_FUNCTION:VARIABLE: DIST_POINT_it 2950 EXIST:EXPORT_VAR_AS_FUNCTION:FUNCTION: OCSP_SINGLERESP_it 2951 EXIST:!EXPORT_VAR_AS_FUNCTION:VARIABLE: @@ -2475,7 +2475,7 @@ OCSP_RESPID_new 2967 EXIST::FUNCTION: OCSP_RESPDATA_it 2968 EXIST:!EXPORT_VAR_AS_FUNCTION:VARIABLE: OCSP_RESPDATA_it 2968 EXIST:EXPORT_VAR_AS_FUNCTION:FUNCTION: d2i_OCSP_RESPDATA 2969 EXIST::FUNCTION: -ENGINE_register_all_complete 2970 EXIST::FUNCTION: +ENGINE_register_all_complete 2970 EXIST::FUNCTION:ENGINE OCSP_check_validity 2971 EXIST::FUNCTION: PKCS12_BAGS_it 2972 EXIST:!EXPORT_VAR_AS_FUNCTION:VARIABLE: PKCS12_BAGS_it 2972 EXIST:EXPORT_VAR_AS_FUNCTION:FUNCTION: @@ -2487,7 +2487,7 @@ KRB5_AUTHENTBODY_it 2976 EXIST:EXPORT_VAR_AS_FUNCTION:FUNCTI X509_supported_extension 2977 EXIST::FUNCTION: i2d_KRB5_AUTHDATA 2978 EXIST::FUNCTION: UI_method_get_opener 2979 EXIST::FUNCTION: -ENGINE_set_ex_data 2980 EXIST::FUNCTION: +ENGINE_set_ex_data 2980 EXIST::FUNCTION:ENGINE OCSP_REQUEST_print 2981 EXIST::FUNCTION: CBIGNUM_it 2982 EXIST:!EXPORT_VAR_AS_FUNCTION:VARIABLE: CBIGNUM_it 2982 EXIST:EXPORT_VAR_AS_FUNCTION:FUNCTION: @@ -2501,7 +2501,7 @@ OCSP_single_get0_status 2989 EXIST::FUNCTION: BN_swap 2990 EXIST::FUNCTION: POLICYINFO_it 2991 EXIST:!EXPORT_VAR_AS_FUNCTION:VARIABLE: POLICYINFO_it 2991 EXIST:EXPORT_VAR_AS_FUNCTION:FUNCTION: -ENGINE_set_destroy_function 2992 EXIST::FUNCTION: +ENGINE_set_destroy_function 2992 EXIST::FUNCTION:ENGINE asn1_enc_free 2993 EXIST::FUNCTION: OCSP_RESPID_it 2994 EXIST:!EXPORT_VAR_AS_FUNCTION:VARIABLE: OCSP_RESPID_it 2994 EXIST:EXPORT_VAR_AS_FUNCTION:FUNCTION: @@ -2523,8 +2523,8 @@ EDIPARTYNAME_it 3005 EXIST:EXPORT_VAR_AS_FUNCTION:FUNCTI NETSCAPE_SPKI_it 3006 EXIST:!EXPORT_VAR_AS_FUNCTION:VARIABLE: NETSCAPE_SPKI_it 3006 EXIST:EXPORT_VAR_AS_FUNCTION:FUNCTION: UI_get0_test_string 3007 EXIST::FUNCTION: -ENGINE_get_cipher_engine 3008 EXIST::FUNCTION: -ENGINE_register_all_ciphers 3009 EXIST::FUNCTION: +ENGINE_get_cipher_engine 3008 EXIST::FUNCTION:ENGINE +ENGINE_register_all_ciphers 3009 EXIST::FUNCTION:ENGINE EC_POINT_copy 3010 EXIST::FUNCTION:EC BN_kronecker 3011 EXIST::FUNCTION: _ossl_old_des_ede3_ofb64_encrypt 3012 EXIST:!VMS:FUNCTION:DES @@ -2545,9 +2545,9 @@ OCSP_RESPONSE_new 3023 EXIST::FUNCTION: AES_set_encrypt_key 3024 EXIST::FUNCTION:AES OCSP_resp_count 3025 EXIST::FUNCTION: KRB5_CHECKSUM_new 3026 EXIST::FUNCTION: -ENGINE_load_cswift 3027 EXIST::FUNCTION:STATIC_ENGINE +ENGINE_load_cswift 3027 EXIST::FUNCTION:ENGINE,STATIC_ENGINE OCSP_onereq_get0_id 3028 EXIST::FUNCTION: -ENGINE_set_default_ciphers 3029 EXIST::FUNCTION: +ENGINE_set_default_ciphers 3029 EXIST::FUNCTION:ENGINE NOTICEREF_it 3030 EXIST:!EXPORT_VAR_AS_FUNCTION:VARIABLE: NOTICEREF_it 3030 EXIST:EXPORT_VAR_AS_FUNCTION:FUNCTION: X509V3_EXT_CRL_add_nconf 3031 EXIST::FUNCTION: @@ -2565,7 +2565,7 @@ AES_decrypt 3040 EXIST::FUNCTION:AES asn1_enc_init 3041 EXIST::FUNCTION: UI_get_result_maxsize 3042 EXIST::FUNCTION: OCSP_CERTID_new 3043 EXIST::FUNCTION: -ENGINE_unregister_RAND 3044 EXIST::FUNCTION: +ENGINE_unregister_RAND 3044 EXIST::FUNCTION:ENGINE UI_method_get_closer 3045 EXIST::FUNCTION: d2i_KRB5_ENCDATA 3046 EXIST::FUNCTION: OCSP_request_onereq_count 3047 EXIST::FUNCTION: @@ -2576,7 +2576,7 @@ ASN1_primitive_free 3051 EXIST::FUNCTION: i2d_EXTENDED_KEY_USAGE 3052 EXIST::FUNCTION: i2d_OCSP_SIGNATURE 3053 EXIST::FUNCTION: asn1_enc_save 3054 EXIST::FUNCTION: -ENGINE_load_nuron 3055 EXIST::FUNCTION:STATIC_ENGINE +ENGINE_load_nuron 3055 EXIST::FUNCTION:ENGINE,STATIC_ENGINE _ossl_old_des_pcbc_encrypt 3056 EXIST::FUNCTION:DES PKCS12_MAC_DATA_it 3057 EXIST:!EXPORT_VAR_AS_FUNCTION:VARIABLE: PKCS12_MAC_DATA_it 3057 EXIST:EXPORT_VAR_AS_FUNCTION:FUNCTION: @@ -2598,15 +2598,15 @@ ASN1_item_d2i_bio 3069 EXIST::FUNCTION:BIO EC_POINT_dbl 3070 EXIST::FUNCTION:EC asn1_get_choice_selector 3071 EXIST::FUNCTION: i2d_KRB5_CHECKSUM 3072 EXIST::FUNCTION: -ENGINE_set_table_flags 3073 EXIST::FUNCTION: +ENGINE_set_table_flags 3073 EXIST::FUNCTION:ENGINE AES_options 3074 EXIST::FUNCTION:AES -ENGINE_load_chil 3075 EXIST::FUNCTION:STATIC_ENGINE +ENGINE_load_chil 3075 EXIST::FUNCTION:ENGINE,STATIC_ENGINE OCSP_id_cmp 3076 EXIST::FUNCTION: OCSP_BASICRESP_new 3077 EXIST::FUNCTION: OCSP_REQUEST_get_ext_by_NID 3078 EXIST::FUNCTION: KRB5_APREQ_it 3079 EXIST:!EXPORT_VAR_AS_FUNCTION:VARIABLE: KRB5_APREQ_it 3079 EXIST:EXPORT_VAR_AS_FUNCTION:FUNCTION: -ENGINE_get_destroy_function 3080 EXIST::FUNCTION: +ENGINE_get_destroy_function 3080 EXIST::FUNCTION:ENGINE CONF_set_nconf 3081 EXIST::FUNCTION: ASN1_PRINTABLE_free 3082 EXIST::FUNCTION: OCSP_BASICRESP_get_ext_by_NID 3083 EXIST::FUNCTION: @@ -2667,7 +2667,7 @@ OCSP_CRLID_it 3127 EXIST:!EXPORT_VAR_AS_FUNCTION:VARIA OCSP_CRLID_it 3127 EXIST:EXPORT_VAR_AS_FUNCTION:FUNCTION: i2d_KRB5_AUTHENTBODY 3128 EXIST::FUNCTION: OCSP_REQUEST_get_ext_count 3129 EXIST::FUNCTION: -ENGINE_load_atalla 3130 EXIST::FUNCTION:STATIC_ENGINE +ENGINE_load_atalla 3130 EXIST::FUNCTION:ENGINE,STATIC_ENGINE X509_NAME_it 3131 EXIST:!EXPORT_VAR_AS_FUNCTION:VARIABLE: X509_NAME_it 3131 EXIST:EXPORT_VAR_AS_FUNCTION:FUNCTION: USERNOTICE_it 3132 EXIST:!EXPORT_VAR_AS_FUNCTION:VARIABLE: @@ -2685,7 +2685,7 @@ UI_method_set_opener 3140 EXIST::FUNCTION: ASN1_item_ex_free 3141 EXIST::FUNCTION: ASN1_BOOLEAN_it 3142 EXIST:!EXPORT_VAR_AS_FUNCTION:VARIABLE: ASN1_BOOLEAN_it 3142 EXIST:EXPORT_VAR_AS_FUNCTION:FUNCTION: -ENGINE_get_table_flags 3143 EXIST::FUNCTION: +ENGINE_get_table_flags 3143 EXIST::FUNCTION:ENGINE UI_create_method 3144 EXIST::FUNCTION: OCSP_ONEREQ_add1_ext_i2d 3145 EXIST::FUNCTION: _shadow_DES_check_key 3146 EXIST:!EXPORT_VAR_AS_FUNCTION:VARIABLE:DES @@ -2709,7 +2709,7 @@ PKCS7_it 3160 EXIST:!EXPORT_VAR_AS_FUNCTION:VARIA PKCS7_it 3160 EXIST:EXPORT_VAR_AS_FUNCTION:FUNCTION: OCSP_REQUEST_get_ext_by_critical 3161 EXIST:!VMS:FUNCTION: OCSP_REQUEST_get_ext_by_crit 3161 EXIST:VMS:FUNCTION: -ENGINE_set_flags 3162 EXIST::FUNCTION: +ENGINE_set_flags 3162 EXIST::FUNCTION:ENGINE _ossl_old_des_ecb_encrypt 3163 EXIST::FUNCTION:DES OCSP_response_get1_basic 3164 EXIST::FUNCTION: EVP_Digest 3165 EXIST::FUNCTION: @@ -2721,8 +2721,8 @@ ASN1_TIME_to_generalizedtime 3169 EXIST::FUNCTION: BIGNUM_it 3170 EXIST:!EXPORT_VAR_AS_FUNCTION:VARIABLE: BIGNUM_it 3170 EXIST:EXPORT_VAR_AS_FUNCTION:FUNCTION: AES_cbc_encrypt 3171 EXIST::FUNCTION:AES -ENGINE_get_load_privkey_function 3172 EXIST:!VMS:FUNCTION: -ENGINE_get_load_privkey_fn 3172 EXIST:VMS:FUNCTION: +ENGINE_get_load_privkey_function 3172 EXIST:!VMS:FUNCTION:ENGINE +ENGINE_get_load_privkey_fn 3172 EXIST:VMS:FUNCTION:ENGINE OCSP_RESPONSE_free 3173 EXIST::FUNCTION: UI_method_set_reader 3174 EXIST::FUNCTION: i2d_ASN1_T61STRING 3175 EXIST::FUNCTION: @@ -2736,7 +2736,7 @@ OCSP_crlID_new 3181 EXIST:!OS2,!VMS,!WIN16:FUNCTION: OCSP_crlID2_new 3181 EXIST:OS2,VMS,WIN16:FUNCTION: CONF_modules_load_file 3182 EXIST::FUNCTION: CONF_imodule_set_usr_data 3183 EXIST::FUNCTION: -ENGINE_set_default_string 3184 EXIST::FUNCTION: +ENGINE_set_default_string 3184 EXIST::FUNCTION:ENGINE CONF_module_get_usr_data 3185 EXIST::FUNCTION: ASN1_add_oid_module 3186 EXIST::FUNCTION: CONF_modules_finish 3187 EXIST::FUNCTION: @@ -2754,7 +2754,7 @@ CONF_imodule_get_name 3198 EXIST::FUNCTION: ERR_peek_top_error 3199 NOEXIST::FUNCTION: CONF_imodule_get_usr_data 3200 EXIST::FUNCTION: CONF_imodule_set_flags 3201 EXIST::FUNCTION: -ENGINE_add_conf_module 3202 EXIST::FUNCTION: +ENGINE_add_conf_module 3202 EXIST::FUNCTION:ENGINE ERR_peek_last_error_line 3203 EXIST::FUNCTION: ERR_peek_last_error_line_data 3204 EXIST::FUNCTION: ERR_peek_last_error 3205 EXIST::FUNCTION: @@ -2762,8 +2762,8 @@ DES_read_2passwords 3206 EXIST::FUNCTION:DES DES_read_password 3207 EXIST::FUNCTION:DES UI_UTIL_read_pw 3208 EXIST::FUNCTION: UI_UTIL_read_pw_string 3209 EXIST::FUNCTION: -ENGINE_load_aep 3210 EXIST::FUNCTION:STATIC_ENGINE -ENGINE_load_sureware 3211 EXIST::FUNCTION:STATIC_ENGINE +ENGINE_load_aep 3210 EXIST::FUNCTION:ENGINE,STATIC_ENGINE +ENGINE_load_sureware 3211 EXIST::FUNCTION:ENGINE,STATIC_ENGINE OPENSSL_add_all_algorithms_noconf 3212 EXIST:!VMS:FUNCTION: OPENSSL_add_all_algo_noconf 3212 EXIST:VMS:FUNCTION: OPENSSL_add_all_algorithms_conf 3213 EXIST:!VMS:FUNCTION: @@ -2772,7 +2772,7 @@ OPENSSL_load_builtin_modules 3214 EXIST::FUNCTION: AES_ofb128_encrypt 3215 EXIST::FUNCTION:AES AES_ctr128_encrypt 3216 EXIST::FUNCTION:AES AES_cfb128_encrypt 3217 EXIST::FUNCTION:AES -ENGINE_load_4758cca 3218 EXIST::FUNCTION:STATIC_ENGINE +ENGINE_load_4758cca 3218 EXIST::FUNCTION:ENGINE,STATIC_ENGINE _ossl_096_des_random_seed 3219 EXIST::FUNCTION:DES EVP_aes_256_ofb 3220 EXIST::FUNCTION:AES EVP_aes_192_ofb 3221 EXIST::FUNCTION:AES @@ -2793,7 +2793,7 @@ ASN1_UNIVERSALSTRING_it 3234 EXIST:EXPORT_VAR_AS_FUNCTION:FUNCTI d2i_ASN1_UNIVERSALSTRING 3235 EXIST::FUNCTION: EVP_des_ede3_ecb 3236 EXIST::FUNCTION:DES X509_REQ_print_ex 3237 EXIST::FUNCTION:BIO -ENGINE_up_ref 3238 EXIST::FUNCTION: +ENGINE_up_ref 3238 EXIST::FUNCTION:ENGINE BUF_MEM_grow_clean 3239 EXIST::FUNCTION: CRYPTO_realloc_clean 3240 EXIST::FUNCTION: BUF_strlcat 3241 EXIST::FUNCTION: @@ -2802,12 +2802,12 @@ BUF_strlcpy 3243 EXIST::FUNCTION: OpenSSLDie 3244 EXIST::FUNCTION: OPENSSL_cleanse 3245 EXIST::FUNCTION: BN_get0_nist_prime_384 3246 EXIST::FUNCTION: -ENGINE_register_ECDSA 3247 EXIST::FUNCTION: +ENGINE_register_ECDSA 3247 EXIST::FUNCTION:ENGINE BN_nist_mod_192 3248 EXIST::FUNCTION: EC_GROUP_get_trinomial_basis 3249 EXIST::FUNCTION:EC ECDH_get_default_method 3250 EXIST::FUNCTION:ECDH PKCS12_add_safe 3251 EXIST::FUNCTION: -ENGINE_register_ECDH 3252 EXIST::FUNCTION: +ENGINE_register_ECDH 3252 EXIST::FUNCTION:ENGINE i2d_ECPrivateKey 3253 EXIST::FUNCTION:EC BN_get0_nist_prime_192 3254 EXIST::FUNCTION: EC_POINT_set_affine_coordinates_GF2m 3255 EXIST:!VMS:FUNCTION:EC @@ -2821,10 +2821,10 @@ EC_GROUP_check_discriminant 3261 EXIST::FUNCTION:EC EC_POINT_point2bn 3262 EXIST::FUNCTION:EC EC_GROUP_new_curve_GF2m 3263 EXIST::FUNCTION:EC EVP_PKEY_get1_EC_KEY 3264 EXIST::FUNCTION:EC -ENGINE_get_default_ECDH 3265 EXIST::FUNCTION: +ENGINE_get_default_ECDH 3265 EXIST::FUNCTION:ENGINE ASN1_OCTET_STRING_NDEF_it 3266 EXIST:!EXPORT_VAR_AS_FUNCTION:VARIABLE: ASN1_OCTET_STRING_NDEF_it 3266 EXIST:EXPORT_VAR_AS_FUNCTION:FUNCTION: -ENGINE_get_static_state 3267 EXIST::FUNCTION: +ENGINE_get_static_state 3267 EXIST::FUNCTION:ENGINE ECDSA_SIG_new 3268 EXIST::FUNCTION:ECDSA BN_GF2m_mod_sqr 3269 EXIST::FUNCTION: EC_POINT_bn2point 3270 EXIST::FUNCTION:EC @@ -2845,7 +2845,7 @@ BN_GF2m_mod_arr 3283 EXIST::FUNCTION: PEM_write_bio_X509_CERT_PAIR 3284 EXIST::FUNCTION: ECDH_get_ex_data 3285 EXIST::FUNCTION:ECDH ECDSA_do_sign 3286 EXIST::FUNCTION:ECDSA -ENGINE_unregister_ECDH 3287 EXIST::FUNCTION: +ENGINE_unregister_ECDH 3287 EXIST::FUNCTION:ENGINE ECDH_OpenSSL 3288 EXIST::FUNCTION:ECDH EC_POINT_dup 3289 EXIST::FUNCTION:EC EC_get_builtin_curves 3290 EXIST::FUNCTION:EC @@ -2863,7 +2863,7 @@ i2d_ECParameters 3301 EXIST::FUNCTION:EC i2d_ECPKParameters 3302 EXIST::FUNCTION:EC BN_ncopy 3303 EXIST::FUNCTION: d2i_ECPKParameters 3304 EXIST::FUNCTION:EC -ENGINE_set_ECDH 3305 EXIST::FUNCTION: +ENGINE_set_ECDH 3305 EXIST::FUNCTION:ENGINE PEM_write_bio_EC_PUBKEY 3306 EXIST::FUNCTION:EC ECParameters_print 3307 EXIST::FUNCTION:BIO,EC ASN1_generate_nconf 3308 EXIST::FUNCTION: @@ -2886,7 +2886,7 @@ X509_CERT_PAIR_it 3324 EXIST:!EXPORT_VAR_AS_FUNCTION:VARIA X509_CERT_PAIR_it 3324 EXIST:EXPORT_VAR_AS_FUNCTION:FUNCTION: BN_GF2m_mod_sqr_arr 3325 EXIST::FUNCTION: EC_GROUP_set_curve_GF2m 3326 EXIST::FUNCTION:EC -ENGINE_set_default_ECDSA 3327 EXIST::FUNCTION: +ENGINE_set_default_ECDSA 3327 EXIST::FUNCTION:ENGINE BN_GF2m_mod_sqrt 3328 EXIST::FUNCTION: ECDH_set_default_method 3329 EXIST::FUNCTION:ECDH EC_KEY_generate_key 3330 EXIST::FUNCTION:EC @@ -2911,7 +2911,7 @@ BN_GF2m_mod_exp 3348 EXIST::FUNCTION: EC_GROUP_get0_seed 3349 EXIST::FUNCTION:EC ecdsa_check 3350 EXIST::FUNCTION:ECDSA BN_GF2m_mod_div_arr 3351 EXIST::FUNCTION: -ENGINE_set_ECDSA 3352 EXIST::FUNCTION: +ENGINE_set_ECDSA 3352 EXIST::FUNCTION:ENGINE ECPKParameters_print 3353 EXIST::FUNCTION:BIO,EC PEM_write_EC_PUBKEY 3354 EXIST:!WIN16:FUNCTION:EC ECDH_set_method 3355 EXIST::FUNCTION:ECDH @@ -2935,14 +2935,14 @@ BN_nist_mod_384 3370 EXIST::FUNCTION: i2d_X509_CERT_PAIR 3371 EXIST::FUNCTION: PEM_write_ECPKParameters 3372 EXIST:!WIN16:FUNCTION:EC ECDH_compute_key 3373 EXIST::FUNCTION:ECDH -ENGINE_register_all_ECDH 3374 EXIST::FUNCTION: +ENGINE_register_all_ECDH 3374 EXIST::FUNCTION:ENGINE BN_GF2m_mod_solve_quad 3375 EXIST::FUNCTION: i2d_ECPrivateKey_fp 3376 EXIST::FUNCTION:EC,FP_API -ENGINE_register_all_ECDSA 3377 EXIST::FUNCTION: +ENGINE_register_all_ECDSA 3377 EXIST::FUNCTION:ENGINE EC_POINT_get_affine_coordinates_GF2m 3378 EXIST:!VMS:FUNCTION:EC EC_POINT_get_affine_coords_GF2m 3378 EXIST:VMS:FUNCTION:EC EC_GROUP_dup 3379 EXIST::FUNCTION:EC -ENGINE_get_default_ECDSA 3380 EXIST::FUNCTION: +ENGINE_get_default_ECDSA 3380 EXIST::FUNCTION:ENGINE EC_KEY_new 3381 EXIST::FUNCTION:EC ECDSA_verify 3382 EXIST::FUNCTION:ECDSA EC_POINT_point2hex 3383 EXIST::FUNCTION:EC @@ -2962,10 +2962,10 @@ ECDSA_size 3396 EXIST::FUNCTION:ECDSA d2i_EC_PUBKEY_bio 3397 EXIST::FUNCTION:BIO,EC BN_get0_nist_prime_521 3398 EXIST::FUNCTION: PEM_read_bio_ECPrivateKey 3399 EXIST::FUNCTION:EC -ENGINE_get_ECDH 3400 EXIST::FUNCTION: +ENGINE_get_ECDH 3400 EXIST::FUNCTION:ENGINE d2i_ECDSA_SIG 3401 EXIST::FUNCTION:ECDSA ECDSA_sign 3402 EXIST::FUNCTION:ECDSA -ENGINE_get_ECDSA 3403 EXIST::FUNCTION: +ENGINE_get_ECDSA 3403 EXIST::FUNCTION:ENGINE EVP_ecdsa 3404 EXIST::FUNCTION:SHA PKCS12_add_cert 3405 EXIST::FUNCTION: ERR_load_ECDH_strings 3406 EXIST::FUNCTION:ECDH @@ -2982,12 +2982,12 @@ d2i_EC_PUBKEY_fp 3416 EXIST::FUNCTION:EC,FP_API ecdh_check 3417 EXIST::FUNCTION:ECDH ECDSA_DATA_new_method 3418 EXIST::FUNCTION:ECDSA PEM_read_bio_X509_CERT_PAIR 3419 EXIST::FUNCTION: -ENGINE_set_default_ECDH 3420 EXIST::FUNCTION: +ENGINE_set_default_ECDH 3420 EXIST::FUNCTION:ENGINE PKCS12_add_key 3421 EXIST::FUNCTION: DSO_merge 3422 EXIST::FUNCTION: EC_POINT_hex2point 3423 EXIST::FUNCTION:EC BN_GF2m_mod_inv_arr 3424 EXIST::FUNCTION: -ENGINE_unregister_ECDSA 3425 EXIST::FUNCTION: +ENGINE_unregister_ECDSA 3425 EXIST::FUNCTION:ENGINE BN_GENCB_call 3426 EXIST::FUNCTION: BN_is_prime_ex 3427 EXIST::FUNCTION: RSA_generate_key_ex 3428 EXIST::FUNCTION:RSA @@ -2995,3 +2995,4 @@ DSA_generate_parameters_ex 3429 EXIST::FUNCTION:DSA BN_generate_prime_ex 3430 EXIST::FUNCTION: DH_generate_parameters_ex 3431 EXIST::FUNCTION:DH BN_is_prime_fasttest_ex 3432 EXIST::FUNCTION: +ENGINE_load_gmp 3433 EXIST::FUNCTION:ENGINE,STATIC_ENGINE From 5fe11c7533f43fd49bcf20992c8eb7c6f773770d Mon Sep 17 00:00:00 2001 From: Richard Levitte Date: Thu, 30 Jan 2003 18:52:46 +0000 Subject: [PATCH 046/393] The OPENSSL_NO_ENGINE has small problem: it changes certain structures. That's bad, so let's not check OPENSSL_NO_ENGINE in those places. Fortunately, all the header files where the problem existed include ossl_typ.h, which makes a 'forward declaration' of the ENGINE type. --- crypto/dh/dh.h | 2 -- crypto/dsa/dsa.h | 2 -- crypto/evp/evp.h | 4 ---- crypto/rsa/rsa.h | 2 -- 4 files changed, 10 deletions(-) diff --git a/crypto/dh/dh.h b/crypto/dh/dh.h index 38214082f7..62dba4055c 100644 --- a/crypto/dh/dh.h +++ b/crypto/dh/dh.h @@ -119,9 +119,7 @@ struct dh_st int references; CRYPTO_EX_DATA ex_data; const DH_METHOD *meth; -#ifndef OPENSSL_NO_ENGINE ENGINE *engine; -#endif }; #define DH_GENERATOR_2 2 diff --git a/crypto/dsa/dsa.h b/crypto/dsa/dsa.h index 63fcce9a33..6ba79b01df 100644 --- a/crypto/dsa/dsa.h +++ b/crypto/dsa/dsa.h @@ -142,10 +142,8 @@ struct dsa_st int references; CRYPTO_EX_DATA ex_data; const DSA_METHOD *meth; -#ifndef OPENSSL_NO_ENGINE /* functional reference if 'meth' is ENGINE-provided */ ENGINE *engine; -#endif }; #define DSAparams_dup(x) (DSA *)ASN1_dup((int (*)())i2d_DSAparams, \ diff --git a/crypto/evp/evp.h b/crypto/evp/evp.h index a58ece3a40..b084a35809 100644 --- a/crypto/evp/evp.h +++ b/crypto/evp/evp.h @@ -277,9 +277,7 @@ struct env_md_st struct env_md_ctx_st { const EVP_MD *digest; -#ifndef OPENSSL_NO_ENGINE ENGINE *engine; /* functional reference if 'digest' is ENGINE-provided */ -#endif unsigned long flags; void *md_data; } /* EVP_MD_CTX */; @@ -351,9 +349,7 @@ typedef struct evp_cipher_info_st struct evp_cipher_ctx_st { const EVP_CIPHER *cipher; -#ifndef OPENSSL_NO_ENGINE ENGINE *engine; /* functional reference if 'cipher' is ENGINE-provided */ -#endif int encrypt; /* encrypt or decrypt */ int buf_len; /* number we have left */ diff --git a/crypto/rsa/rsa.h b/crypto/rsa/rsa.h index 68696f8219..b005b4b0b3 100644 --- a/crypto/rsa/rsa.h +++ b/crypto/rsa/rsa.h @@ -128,10 +128,8 @@ struct rsa_st int pad; long version; const RSA_METHOD *meth; -#ifndef OPENSSL_NO_ENGINE /* functional reference if 'meth' is ENGINE-provided */ ENGINE *engine; -#endif BIGNUM *n; BIGNUM *e; BIGNUM *d; From 3d6a84c42aa11e1be0660c83dc433a7b729d3caa Mon Sep 17 00:00:00 2001 From: Richard Levitte Date: Thu, 30 Jan 2003 19:01:56 +0000 Subject: [PATCH 047/393] For VC++7 and up, the file is VSVARS32.BAT. PR: 327 --- FAQ | 11 +++++++---- 1 file changed, 7 insertions(+), 4 deletions(-) diff --git a/FAQ b/FAQ index 13eefd1c23..7634d169bd 100644 --- a/FAQ +++ b/FAQ @@ -490,10 +490,13 @@ and then redo the compilation. What you should really do is make sure Sometimes, you may get reports from VC++ command line (cl) that it can't find standard include files like stdio.h and other weirdnesses. One possible cause is that the environment isn't correctly set up. -To solve that problem, one should run VCVARS32.BAT which is found in -the 'bin' subdirectory of the VC++ installation directory (somewhere -under 'Program Files'). This needs to be done prior to running NMAKE, -and the changes are only valid for the current DOS session. +To solve that problem for VC++ versions up to 6, one should run +VCVARS32.BAT which is found in the 'bin' subdirectory of the VC++ +installation directory (somewhere under 'Program Files'). For VC++ +version 7 (and up?), which is also called VS.NET, the file is called +VSVARS32.BAT instead. +This needs to be done prior to running NMAKE, and the changes are only +valid for the current DOS session. * What is special about OpenSSL on Redhat? From db5006df04483571424227bb7bfac3e085be1642 Mon Sep 17 00:00:00 2001 From: Richard Levitte Date: Thu, 30 Jan 2003 19:05:25 +0000 Subject: [PATCH 048/393] The MASM situation is more difficult than described so far. It is part of VC++ 7. PR: 327 --- INSTALL.W32 | 13 +++++++------ 1 file changed, 7 insertions(+), 6 deletions(-) diff --git a/INSTALL.W32 b/INSTALL.W32 index 8a875cf0be..fd182595c5 100644 --- a/INSTALL.W32 +++ b/INSTALL.W32 @@ -26,12 +26,13 @@ * Microsoft MASM (aka "ml") * Free Netwide Assembler NASM. - MASM was at one point distributed with VC++. It is now distributed with some - Microsoft DDKs, for example the Windows NT 4.0 DDK and the Windows 98 DDK. If - you do not have either of these DDKs then you can just download the binaries - for the Windows 98 DDK and extract and rename the two files XXXXXml.exe and - XXXXXml.err, to ml.exe and ml.err and install somewhere on your PATH. Both - DDKs can be downloaded from the Microsoft developers site www.msdn.com. + MASM is distributed with most versions of VC++. For the versions where it is + not included in VC++, it is also distributed with some Microsoft DDKs, for + example the Windows NT 4.0 DDK and the Windows 98 DDK. If you do not have + either of these DDKs then you can just download the binaries for the Windows + 98 DDK and extract and rename the two files XXXXXml.exe and XXXXXml.err, to + ml.exe and ml.err and install somewhere on your PATH. Both DDKs can be + downloaded from the Microsoft developers site www.msdn.com. NASM is freely available. Version 0.98 was used during testing: other versions may also work. It is available from many places, see for example: From 5cd48abf9f4bf721545abf675e25ea5b2a33a7fb Mon Sep 17 00:00:00 2001 From: Richard Levitte Date: Thu, 30 Jan 2003 20:03:45 +0000 Subject: [PATCH 049/393] The util scripts need to handled no-hw. PR: 327 --- util/mk1mf.pl | 5 +++++ util/mkdef.pl | 6 ++++-- 2 files changed, 9 insertions(+), 2 deletions(-) diff --git a/util/mk1mf.pl b/util/mk1mf.pl index 5f3ab059f0..e14391164f 100755 --- a/util/mk1mf.pl +++ b/util/mk1mf.pl @@ -67,6 +67,7 @@ and [options] can be one of no-ecdsa - No ECDSA no-ecdh - No ECDH no-engine - No engine + no-hw - No hw nasm - Use NASM for x86 asm gaswin - Use GNU as with Mingw32 no-socks - No socket code @@ -238,6 +239,7 @@ $cflags.=" -DOPENSSL_NO_EC" if $no_ec; $cflags.=" -DOPENSSL_NO_ECDSA" if $no_ecdsa; $cflags.=" -DOPENSSL_NO_ECDH" if $no_ecdh; $cflags.=" -DOPENSSL_NO_ENGINE" if $no_engine; +$cflags.=" -DOPENSSL_NO_HW" if $no_hw; #$cflags.=" -DRSAref" if $rsaref ne ""; ## if ($unix) @@ -668,6 +670,7 @@ sub var_add local(@a,$_,$ret); return("") if $no_engine && $dir =~ /\/engine/; + return("") if $no_hw && $dir =~ /\/hw/; return("") if $no_idea && $dir =~ /\/idea/; return("") if $no_aes && $dir =~ /\/aes/; return("") if $no_rc2 && $dir =~ /\/rc2/; @@ -729,6 +732,7 @@ sub var_add @a=grep(!/_mdc2$/,@a) if $no_mdc2; @a=grep(!/^engine$/,@a) if $no_engine; + @a=grep(!/^hw$/,@a) if $no_hw; @a=grep(!/(^rsa$)|(^genrsa$)/,@a) if $no_rsa; @a=grep(!/(^dsa$)|(^gendsa$)|(^dsaparam$)/,@a) if $no_dsa; @a=grep(!/^gendsa$/,@a) if $no_sha1; @@ -933,6 +937,7 @@ sub read_options elsif (/^no-ecdsa$/) { $no_ecdsa=1; } elsif (/^no-ecdh$/) { $no_ecdh=1; } elsif (/^no-engine$/) { $no_engine=1; } + elsif (/^no-hw$/) { $no_hw=1; } elsif (/^just-ssl$/) { $no_rc2=$no_idea=$no_des=$no_bf=$no_cast=1; $no_md2=$no_sha=$no_mdc2=$no_dsa=$no_dh=1; diff --git a/util/mkdef.pl b/util/mkdef.pl index 5174939651..f7f0e6ebf2 100755 --- a/util/mkdef.pl +++ b/util/mkdef.pl @@ -93,7 +93,7 @@ my @known_algorithms = ( "RC2", "RC4", "RC5", "IDEA", "DES", "BF", # External "algorithms" "FP_API", "STDIO", "SOCK", "KRB5", # Engines - "STATIC_ENGINE", "ENGINE", + "STATIC_ENGINE", "ENGINE", "HW", # Deprecated functions "DEPRECATED" ); @@ -111,7 +111,7 @@ my $no_rc2; my $no_rc4; my $no_rc5; my $no_idea; my $no_des; my $no_bf; my $no_cast; my $no_md2; my $no_md4; my $no_md5; my $no_sha; my $no_ripemd; my $no_mdc2; my $no_rsa; my $no_dsa; my $no_dh; my $no_hmac=0; my $no_aes; my $no_krb5; -my $no_ec; my $no_ecdsa; my $no_ecdh; my $no_engine; +my $no_ec; my $no_ecdsa; my $no_ecdh; my $no_engine; my $no_hw; my $no_fp_api; my $no_static_engine; my $no_deprecated; foreach (@ARGV, split(/ /, $options)) @@ -183,6 +183,7 @@ foreach (@ARGV, split(/ /, $options)) elsif (/^no-dso$/) { $no_dso=1; } elsif (/^no-krb5$/) { $no_krb5=1; } elsif (/^no-engine$/) { $no_engine=1; } + elsif (/^no-hw$/) { $no_hw=1; } } @@ -1067,6 +1068,7 @@ sub is_valid if ($keyword eq "DSO" && $no_dso) { return 0; } if ($keyword eq "KRB5" && $no_krb5) { return 0; } if ($keyword eq "ENGINE" && $no_engine) { return 0; } + if ($keyword eq "HW" && $no_hw) { return 0; } if ($keyword eq "FP_API" && $no_fp_api) { return 0; } if ($keyword eq "STATIC_ENGINE" && $no_static_engine) { return 0; } if ($keyword eq "DEPRECATED" && $no_deprecated) { return 0; } From 5d780babe3e0e60e92e41bc38c96963abfe3655f Mon Sep 17 00:00:00 2001 From: Richard Levitte Date: Thu, 30 Jan 2003 21:49:12 +0000 Subject: [PATCH 050/393] A few small bugs with BIO popping. PR: 364 --- crypto/bio/bio_lib.c | 3 ++- ssl/bio_ssl.c | 4 ++++ 2 files changed, 6 insertions(+), 1 deletion(-) diff --git a/crypto/bio/bio_lib.c b/crypto/bio/bio_lib.c index 98ce395519..692c8fb5c6 100644 --- a/crypto/bio/bio_lib.c +++ b/crypto/bio/bio_lib.c @@ -395,6 +395,8 @@ BIO *BIO_pop(BIO *b) if (b == NULL) return(NULL); ret=b->next_bio; + BIO_ctrl(b,BIO_CTRL_POP,0,NULL); + if (b->prev_bio != NULL) b->prev_bio->next_bio=b->next_bio; if (b->next_bio != NULL) @@ -402,7 +404,6 @@ BIO *BIO_pop(BIO *b) b->next_bio=NULL; b->prev_bio=NULL; - BIO_ctrl(b,BIO_CTRL_POP,0,NULL); return(ret); } diff --git a/ssl/bio_ssl.c b/ssl/bio_ssl.c index 467e149947..1301549e21 100644 --- a/ssl/bio_ssl.c +++ b/ssl/bio_ssl.c @@ -403,6 +403,10 @@ static long ssl_ctrl(BIO *b, int cmd, long num, void *ptr) { BIO_free_all(ssl->wbio); } + if (b->next_bio != NULL) + { + CRYPTO_add(&b->next_bio->references,1,CRYPTO_LOCK_BIO); + } ssl->wbio=NULL; ssl->rbio=NULL; break; From bfa35550813c3afa5bd121a13f5bbe280c4c919e Mon Sep 17 00:00:00 2001 From: Richard Levitte Date: Thu, 30 Jan 2003 22:02:27 +0000 Subject: [PATCH 051/393] Document -engine where missing. PR: 424 --- doc/apps/ca.pod | 8 ++++++++ doc/apps/dhparam.pod | 8 ++++++++ doc/apps/dsa.pod | 8 ++++++++ doc/apps/dsaparam.pod | 8 ++++++++ doc/apps/gendsa.pod | 8 ++++++++ doc/apps/genrsa.pod | 8 ++++++++ doc/apps/pkcs7.pod | 8 ++++++++ doc/apps/pkcs8.pod | 8 ++++++++ doc/apps/req.pod | 8 ++++++++ doc/apps/rsa.pod | 8 ++++++++ doc/apps/spkac.pod | 8 +++++++- doc/apps/x509.pod | 7 +++++++ 12 files changed, 94 insertions(+), 1 deletion(-) diff --git a/doc/apps/ca.pod b/doc/apps/ca.pod index 183cd475c8..de66c534b5 100644 --- a/doc/apps/ca.pod +++ b/doc/apps/ca.pod @@ -43,6 +43,7 @@ B B [B<-msie_hack>] [B<-extensions section>] [B<-extfile section>] +[B<-engine id>] =head1 DESCRIPTION @@ -195,6 +196,13 @@ an additional configuration file to read certificate extensions from (using the default section unless the B<-extensions> option is also used). +=item B<-engine id> + +specifying an engine (by it's unique B string) will cause B +to attempt to obtain a functional reference to the specified engine, +thus initialising it if needed. The engine will then be set as the default +for all available algorithms. + =back =head1 CRL OPTIONS diff --git a/doc/apps/dhparam.pod b/doc/apps/dhparam.pod index ff8a6e5e5b..c31db95a47 100644 --- a/doc/apps/dhparam.pod +++ b/doc/apps/dhparam.pod @@ -18,6 +18,7 @@ B [B<-2>] [B<-5>] [B<-rand> I] +[B<-engine id>] [I] =head1 DESCRIPTION @@ -96,6 +97,13 @@ this option prints out the DH parameters in human readable form. this option converts the parameters into C code. The parameters can then be loaded by calling the BIB<()> function. +=item B<-engine id> + +specifying an engine (by it's unique B string) will cause B +to attempt to obtain a functional reference to the specified engine, +thus initialising it if needed. The engine will then be set as the default +for all available algorithms. + =back =head1 WARNINGS diff --git a/doc/apps/dsa.pod b/doc/apps/dsa.pod index 28e534bb95..ed06b8806d 100644 --- a/doc/apps/dsa.pod +++ b/doc/apps/dsa.pod @@ -21,6 +21,7 @@ B B [B<-modulus>] [B<-pubin>] [B<-pubout>] +[B<-engine id>] =head1 DESCRIPTION @@ -106,6 +107,13 @@ by default a private key is output. With this option a public key will be output instead. This option is automatically set if the input is a public key. +=item B<-engine id> + +specifying an engine (by it's unique B string) will cause B +to attempt to obtain a functional reference to the specified engine, +thus initialising it if needed. The engine will then be set as the default +for all available algorithms. + =back =head1 NOTES diff --git a/doc/apps/dsaparam.pod b/doc/apps/dsaparam.pod index 50c2f61242..b9b1b93b42 100644 --- a/doc/apps/dsaparam.pod +++ b/doc/apps/dsaparam.pod @@ -16,6 +16,7 @@ B [B<-C>] [B<-rand file(s)>] [B<-genkey>] +[B<-engine id>] [B] =head1 DESCRIPTION @@ -82,6 +83,13 @@ this option specifies that a parameter set should be generated of size B. It must be the last option. If this option is included then the input file (if any) is ignored. +=item B<-engine id> + +specifying an engine (by it's unique B string) will cause B +to attempt to obtain a functional reference to the specified engine, +thus initialising it if needed. The engine will then be set as the default +for all available algorithms. + =back =head1 NOTES diff --git a/doc/apps/gendsa.pod b/doc/apps/gendsa.pod index 74318fe7fb..2c56cc7888 100644 --- a/doc/apps/gendsa.pod +++ b/doc/apps/gendsa.pod @@ -12,6 +12,7 @@ B B [B<-des3>] [B<-idea>] [B<-rand file(s)>] +[B<-engine id>] [B] =head1 DESCRIPTION @@ -37,6 +38,13 @@ Multiple files can be specified separated by a OS-dependent character. The separator is B<;> for MS-Windows, B<,> for OpenVMS, and B<:> for all others. +=item B<-engine id> + +specifying an engine (by it's unique B string) will cause B +to attempt to obtain a functional reference to the specified engine, +thus initialising it if needed. The engine will then be set as the default +for all available algorithms. + =item B This option specifies the DSA parameter file to use. The parameters in this diff --git a/doc/apps/genrsa.pod b/doc/apps/genrsa.pod index cdcc03c123..25af4d1475 100644 --- a/doc/apps/genrsa.pod +++ b/doc/apps/genrsa.pod @@ -15,6 +15,7 @@ B B [B<-f4>] [B<-3>] [B<-rand file(s)>] +[B<-engine id>] [B] =head1 DESCRIPTION @@ -54,6 +55,13 @@ Multiple files can be specified separated by a OS-dependent character. The separator is B<;> for MS-Windows, B<,> for OpenVMS, and B<:> for all others. +=item B<-engine id> + +specifying an engine (by it's unique B string) will cause B +to attempt to obtain a functional reference to the specified engine, +thus initialising it if needed. The engine will then be set as the default +for all available algorithms. + =item B the size of the private key to generate in bits. This must be the last option diff --git a/doc/apps/pkcs7.pod b/doc/apps/pkcs7.pod index 9871c0e0cd..a0a636328b 100644 --- a/doc/apps/pkcs7.pod +++ b/doc/apps/pkcs7.pod @@ -14,6 +14,7 @@ B B [B<-print_certs>] [B<-text>] [B<-noout>] +[B<-engine id>] =head1 DESCRIPTION @@ -59,6 +60,13 @@ issuer names. don't output the encoded version of the PKCS#7 structure (or certificates is B<-print_certs> is set). +=item B<-engine id> + +specifying an engine (by it's unique B string) will cause B +to attempt to obtain a functional reference to the specified engine, +thus initialising it if needed. The engine will then be set as the default +for all available algorithms. + =back =head1 EXAMPLES diff --git a/doc/apps/pkcs8.pod b/doc/apps/pkcs8.pod index a56b2dd002..68ecd65b10 100644 --- a/doc/apps/pkcs8.pod +++ b/doc/apps/pkcs8.pod @@ -21,6 +21,7 @@ B B [B<-nsdb>] [B<-v2 alg>] [B<-v1 alg>] +[B<-engine id>] =head1 DESCRIPTION @@ -122,6 +123,13 @@ B, B and B. It is recommended that B is used. This option specifies a PKCS#5 v1.5 or PKCS#12 algorithm to use. A complete list of possible algorithms is included below. +=item B<-engine id> + +specifying an engine (by it's unique B string) will cause B +to attempt to obtain a functional reference to the specified engine, +thus initialising it if needed. The engine will then be set as the default +for all available algorithms. + =back =head1 NOTES diff --git a/doc/apps/req.pod b/doc/apps/req.pod index d9f2476557..e2b5d0d8ec 100644 --- a/doc/apps/req.pod +++ b/doc/apps/req.pod @@ -41,6 +41,7 @@ B B [B<-nameopt>] [B<-batch>] [B<-verbose>] +[B<-engine id>] =head1 DESCRIPTION @@ -244,6 +245,13 @@ non-interactive mode. print extra details about the operations being performed. +=item B<-engine id> + +specifying an engine (by it's unique B string) will cause B +to attempt to obtain a functional reference to the specified engine, +thus initialising it if needed. The engine will then be set as the default +for all available algorithms. + =back =head1 CONFIGURATION FILE FORMAT diff --git a/doc/apps/rsa.pod b/doc/apps/rsa.pod index ef74f1adff..4d7640995e 100644 --- a/doc/apps/rsa.pod +++ b/doc/apps/rsa.pod @@ -24,6 +24,7 @@ B B [B<-check>] [B<-pubin>] [B<-pubout>] +[B<-engine id>] =head1 DESCRIPTION @@ -117,6 +118,13 @@ by default a private key is output: with this option a public key will be output instead. This option is automatically set if the input is a public key. +=item B<-engine id> + +specifying an engine (by it's unique B string) will cause B +to attempt to obtain a functional reference to the specified engine, +thus initialising it if needed. The engine will then be set as the default +for all available algorithms. + =back =head1 NOTES diff --git a/doc/apps/spkac.pod b/doc/apps/spkac.pod index bb84dfbe33..c3f1ff9c64 100644 --- a/doc/apps/spkac.pod +++ b/doc/apps/spkac.pod @@ -17,7 +17,7 @@ B B [B<-spksect section>] [B<-noout>] [B<-verify>] - +[B<-engine id>] =head1 DESCRIPTION @@ -79,6 +79,12 @@ being created). verifies the digital signature on the supplied SPKAC. +=item B<-engine id> + +specifying an engine (by it's unique B string) will cause B +to attempt to obtain a functional reference to the specified engine, +thus initialising it if needed. The engine will then be set as the default +for all available algorithms. =back diff --git a/doc/apps/x509.pod b/doc/apps/x509.pod index f044177835..50343cd685 100644 --- a/doc/apps/x509.pod +++ b/doc/apps/x509.pod @@ -50,6 +50,7 @@ B B [B<-clrext>] [B<-extfile filename>] [B<-extensions section>] +[B<-engine id>] =head1 DESCRIPTION @@ -98,6 +99,12 @@ digest, such as the B<-fingerprint>, B<-signkey> and B<-CA> options. If not specified then MD5 is used. If the key being used to sign with is a DSA key then this option has no effect: SHA1 is always used with DSA keys. +=item B<-engine id> + +specifying an engine (by it's unique B string) will cause B +to attempt to obtain a functional reference to the specified engine, +thus initialising it if needed. The engine will then be set as the default +for all available algorithms. =back From c029841e366b5156982d2a691726a3481dbf8ea0 Mon Sep 17 00:00:00 2001 From: Richard Levitte Date: Fri, 31 Jan 2003 12:20:35 +0000 Subject: [PATCH 052/393] We can't say in advance what the argument to BIO_socket_ioctl() should be, so let's make that a void *. Also, BIO_socket_nbio() should send it an int argument, not a long. PR: 457 --- crypto/bio/b_sock.c | 4 ++-- crypto/bio/bio.h | 2 +- 2 files changed, 3 insertions(+), 3 deletions(-) diff --git a/crypto/bio/b_sock.c b/crypto/bio/b_sock.c index 86f38172fb..601a14f37c 100644 --- a/crypto/bio/b_sock.c +++ b/crypto/bio/b_sock.c @@ -492,7 +492,7 @@ void BIO_sock_cleanup(void) #if !defined(OPENSSL_SYS_VMS) || __VMS_VER >= 70000000 -int BIO_socket_ioctl(int fd, long type, unsigned long *arg) +int BIO_socket_ioctl(int fd, long type, void *arg) { int i; @@ -742,7 +742,7 @@ int BIO_set_tcp_ndelay(int s, int on) int BIO_socket_nbio(int s, int mode) { int ret= -1; - unsigned long l; + int l; l=mode; #ifdef FIONBIO diff --git a/crypto/bio/bio.h b/crypto/bio/bio.h index ecd2899918..f109308166 100644 --- a/crypto/bio/bio.h +++ b/crypto/bio/bio.h @@ -585,7 +585,7 @@ struct hostent *BIO_gethostbyname(const char *name); * and an appropriate error code is set). */ int BIO_sock_error(int sock); -int BIO_socket_ioctl(int fd, long type, unsigned long *arg); +int BIO_socket_ioctl(int fd, long type, void *arg); int BIO_socket_nbio(int fd,int mode); int BIO_get_port(const char *str, unsigned short *port_ptr); int BIO_get_host_ip(const char *str, unsigned char *ip); From 33cc07f79acf91dfbe4970e94665c53f42c89112 Mon Sep 17 00:00:00 2001 From: Ben Laurie Date: Sat, 1 Feb 2003 20:55:29 +0000 Subject: [PATCH 053/393] Fix warning. --- crypto/engine/engine.h | 3 +++ crypto/evp/c_all.c | 1 + 2 files changed, 4 insertions(+) diff --git a/crypto/engine/engine.h b/crypto/engine/engine.h index 43500a8676..f56c1c67ee 100644 --- a/crypto/engine/engine.h +++ b/crypto/engine/engine.h @@ -685,6 +685,9 @@ typedef int (*dynamic_bind_engine)(ENGINE *e, const char *id, * values. */ void *ENGINE_get_static_state(void); +#if defined(__OpenBSD__) || defined(__FreeBSD__) +void ENGINE_setup_bsd_cryptodev(void); +#endif /* BEGIN ERROR CODES */ /* The following lines are auto generated by the script mkerr.pl. Any changes diff --git a/crypto/evp/c_all.c b/crypto/evp/c_all.c index af3dd26162..19737f39f6 100644 --- a/crypto/evp/c_all.c +++ b/crypto/evp/c_all.c @@ -59,6 +59,7 @@ #include #include "cryptlib.h" #include +#include #if 0 #undef OpenSSL_add_all_algorithms From 26196762563f25d48466fb7168fd355d7651adb4 Mon Sep 17 00:00:00 2001 From: Ben Laurie Date: Sat, 1 Feb 2003 20:58:59 +0000 Subject: [PATCH 054/393] Old-style callbacks can be NULL! --- crypto/bn/bn_prime.c | 2 ++ 1 file changed, 2 insertions(+) diff --git a/crypto/bn/bn_prime.c b/crypto/bn/bn_prime.c index 6c16029957..fd863933e5 100644 --- a/crypto/bn/bn_prime.c +++ b/crypto/bn/bn_prime.c @@ -142,6 +142,8 @@ int BN_GENCB_call(BN_GENCB *cb, int a, int b) { case 1: /* Deprecated-style callbacks */ + if(!cb->cb.cb_1) + return 1; cb->cb.cb_1(a, b, cb->arg); return 1; case 2: From c09a2978923ea161699698e26af4ce237b6349fe Mon Sep 17 00:00:00 2001 From: =?UTF-8?q?Bodo=20M=C3=B6ller?= Date: Tue, 4 Feb 2003 12:28:11 +0000 Subject: [PATCH 055/393] Update PRNG entry: - OpenSSL version differences - Sun /dev/urandom patch information --- FAQ | 46 +++++++++++++++++++++++----------------------- 1 file changed, 23 insertions(+), 23 deletions(-) diff --git a/FAQ b/FAQ index 7634d169bd..4d2b0a9bf2 100644 --- a/FAQ +++ b/FAQ @@ -189,18 +189,30 @@ for permission to use their software with OpenSSL. Cryptographic software needs a source of unpredictable data to work correctly. Many open source operating systems provide a "randomness -device" that serves this purpose. On other systems, applications have -to call the RAND_add() or RAND_seed() function with appropriate data -before generating keys or performing public key encryption. -(These functions initialize the pseudo-random number generator, PRNG.) +device" (/dev/urandom or /dev/random) that serves this purpose. +All OpenSSL versions try to use /dev/urandom by default; starting with +version 0.9.7, OpenSSL also tries /dev/random is /dev/urandom is not +available. -Some broken applications do not do this. As of version 0.9.5, the -OpenSSL functions that need randomness report an error if the random -number generator has not been seeded with at least 128 bits of -randomness. If this error occurs, please contact the author of the -application you are using. It is likely that it never worked -correctly. OpenSSL 0.9.5 and later make the error visible by refusing -to perform potentially insecure encryption. +On other systems, applications have to call the RAND_add() or +RAND_seed() function with appropriate data before generating keys or +performing public key encryption. (These functions initialize the +pseudo-random number generator, PRNG.) Some broken applications do +not do this. As of version 0.9.5, the OpenSSL functions that need +randomness report an error if the random number generator has not been +seeded with at least 128 bits of randomness. If this error occurs and +is not discussed in the documentation of the application you are +using, please contact the author of that application; it is likely +that it never worked correctly. OpenSSL 0.9.5 and later make the +error visible by refusing to perform potentially insecure encryption. + +If you are using Solaris 8, you can add /dev/urandom and /dev/random +devices by installing patch 112438 (Sparc) or 112439 (x86), which are +available via the Patchfinder at +(Solaris 9 includes these devices by default). For /dev/random support +for earlier Solaris versions, see Sun's statement at + +(the SUNWski package is available in patch 105710). On systems without /dev/urandom and /dev/random, it is a good idea to use the Entropy Gathering Demon (EGD); see the RAND_egd() manpage for @@ -233,18 +245,6 @@ OpenSSL command line tools. Applications using the OpenSSL library provide their own configuration options to specify the entropy source, please check out the documentation coming the with application. -For Solaris 2.6, Tim Nibbe and others have suggested -installing the SUNski package from Sun patch 105710-01 (Sparc) which -adds a /dev/random device and make sure it gets used, usually through -$RANDFILE. There are probably similar patches for the other Solaris -versions. An official statement from Sun with respect to /dev/random -support can be found at - http://sunsolve.sun.com/pub-cgi/retrieve.pl?doc=fsrdb/27606&zone_32=SUNWski -However, be warned that /dev/random is usually a blocking device, which -may have some effects on OpenSSL. -A third party /dev/random solution for Solaris is available at - http://www.cosy.sbg.ac.at/~andi/ - * Why do I get an "unable to write 'random state'" error message? From 379e568950b365b07f67b9dccc2bbb9b46797e2c Mon Sep 17 00:00:00 2001 From: =?UTF-8?q?Bodo=20M=C3=B6ller?= Date: Tue, 4 Feb 2003 12:57:34 +0000 Subject: [PATCH 056/393] typo --- FAQ | 2 +- 1 file changed, 1 insertion(+), 1 deletion(-) diff --git a/FAQ b/FAQ index 4d2b0a9bf2..d6673b183f 100644 --- a/FAQ +++ b/FAQ @@ -191,7 +191,7 @@ Cryptographic software needs a source of unpredictable data to work correctly. Many open source operating systems provide a "randomness device" (/dev/urandom or /dev/random) that serves this purpose. All OpenSSL versions try to use /dev/urandom by default; starting with -version 0.9.7, OpenSSL also tries /dev/random is /dev/urandom is not +version 0.9.7, OpenSSL also tries /dev/random if /dev/urandom is not available. On other systems, applications have to call the RAND_add() or From 4e5d3a7f986c8ade22793a848e95447fafafece0 Mon Sep 17 00:00:00 2001 From: "Dr. Stephen Henson" Date: Wed, 5 Feb 2003 00:34:31 +0000 Subject: [PATCH 057/393] IPv6 display and input support for extensions usingh GeneralName. --- CHANGES | 6 ++ crypto/x509v3/v3_alt.c | 64 ++++++++----- crypto/x509v3/v3_utl.c | 210 ++++++++++++++++++++++++++++++++++++++++- crypto/x509v3/x509v3.h | 1 + 4 files changed, 256 insertions(+), 25 deletions(-) diff --git a/CHANGES b/CHANGES index 8196fd23f1..7dd56c3cd7 100644 --- a/CHANGES +++ b/CHANGES @@ -4,6 +4,12 @@ Changes between 0.9.7 and 0.9.8 [xx XXX xxxx] + *) IPv6 support for certificate extensions. The various extensions + which use the IP:a.b.c.d can now take IPv6 addresses using the + formats of RFC1884 2.2 . IPv6 addresses are now also displayed + correctly. + [Steve Henson] + *) Added an ENGINE that implements RSA by performing private key exponentiations with the GMP library. The conversions to and from GMP's mpz_t format aren't optimised nor are any montgomery forms diff --git a/crypto/x509v3/v3_alt.c b/crypto/x509v3/v3_alt.c index baa9ca103d..64e51d6129 100644 --- a/crypto/x509v3/v3_alt.c +++ b/crypto/x509v3/v3_alt.c @@ -1,9 +1,9 @@ /* v3_alt.c */ /* Written by Dr Stephen N Henson (shenson@bigfoot.com) for the OpenSSL - * project 1999. + * project. */ /* ==================================================================== - * Copyright (c) 1999-2002 The OpenSSL Project. All rights reserved. + * Copyright (c) 1999-2003 The OpenSSL Project. All rights reserved. * * Redistribution and use in source and binary forms, with or without * modification, are permitted provided that the following conditions @@ -100,7 +100,8 @@ STACK_OF(CONF_VALUE) *i2v_GENERAL_NAME(X509V3_EXT_METHOD *method, GENERAL_NAME *gen, STACK_OF(CONF_VALUE) *ret) { unsigned char *p; - char oline[256]; + char oline[256], htmp[5]; + int i; switch (gen->type) { case GEN_OTHERNAME: @@ -134,12 +135,25 @@ STACK_OF(CONF_VALUE) *i2v_GENERAL_NAME(X509V3_EXT_METHOD *method, case GEN_IPADD: p = gen->d.ip->data; - /* BUG: doesn't support IPV6 */ - if(gen->d.ip->length != 4) { + if(gen->d.ip->length == 4) + sprintf(oline, "%d.%d.%d.%d", p[0], p[1], p[2], p[3]); + else if(gen->d.ip->length == 16) + { + oline[0] = 0; + for (i = 0; i < 8; i++) + { + sprintf(htmp, "%X", p[0] << 8 | p[1]); + p += 2; + strcat(oline, htmp); + if (i != 7) + strcat(oline, ":"); + } + } + else + { X509V3_add_value("IP Address","", &ret); break; - } - sprintf(oline, "%d.%d.%d.%d", p[0], p[1], p[2], p[3]); + } X509V3_add_value("IP Address",oline, &ret); break; @@ -154,6 +168,7 @@ STACK_OF(CONF_VALUE) *i2v_GENERAL_NAME(X509V3_EXT_METHOD *method, int GENERAL_NAME_print(BIO *out, GENERAL_NAME *gen) { unsigned char *p; + int i; switch (gen->type) { case GEN_OTHERNAME: @@ -188,12 +203,24 @@ int GENERAL_NAME_print(BIO *out, GENERAL_NAME *gen) case GEN_IPADD: p = gen->d.ip->data; - /* BUG: doesn't support IPV6 */ - if(gen->d.ip->length != 4) { + if(gen->d.ip->length == 4) + BIO_printf(out, "IP Address:%d.%d.%d.%d", + p[0], p[1], p[2], p[3]); + else if(gen->d.ip->length == 16) + { + BIO_printf(out, "IP Address"); + for (i = 0; i < 8; i++) + { + BIO_printf(out, ":%X", p[0] << 8 | p[1]); + p += 2; + } + BIO_puts(out, "\n"); + } + else + { BIO_printf(out,"IP Address:"); break; - } - BIO_printf(out, "IP Address:%d.%d.%d.%d", p[0], p[1], p[2], p[3]); + } break; case GEN_RID: @@ -418,21 +445,12 @@ if(!name_cmp(name, "email")) { gen->d.rid = obj; type = GEN_RID; } else if(!name_cmp(name, "IP")) { - int i1,i2,i3,i4; - unsigned char ip[4]; - if((sscanf(value, "%d.%d.%d.%d",&i1,&i2,&i3,&i4) != 4) || - (i1 < 0) || (i1 > 255) || (i2 < 0) || (i2 > 255) || - (i3 < 0) || (i3 > 255) || (i4 < 0) || (i4 > 255) ) { + if(!(gen->d.ip = a2i_IPADDRESS(value))) + { X509V3err(X509V3_F_V2I_GENERAL_NAME,X509V3_R_BAD_IP_ADDRESS); ERR_add_error_data(2, "value=", value); goto err; - } - ip[0] = i1; ip[1] = i2 ; ip[2] = i3 ; ip[3] = i4; - if(!(gen->d.ip = M_ASN1_OCTET_STRING_new()) || - !ASN1_STRING_set(gen->d.ip, ip, 4)) { - X509V3err(X509V3_F_V2I_GENERAL_NAME,ERR_R_MALLOC_FAILURE); - goto err; - } + } type = GEN_IPADD; } else if(!name_cmp(name, "otherName")) { if (!do_othername(gen, value, ctx)) diff --git a/crypto/x509v3/v3_utl.c b/crypto/x509v3/v3_utl.c index a11243db8f..4b85378e94 100644 --- a/crypto/x509v3/v3_utl.c +++ b/crypto/x509v3/v3_utl.c @@ -1,9 +1,9 @@ /* v3_utl.c */ /* Written by Dr Stephen N Henson (shenson@bigfoot.com) for the OpenSSL - * project 1999. + * project. */ /* ==================================================================== - * Copyright (c) 1999 The OpenSSL Project. All rights reserved. + * Copyright (c) 1999-2003 The OpenSSL Project. All rights reserved. * * Redistribution and use in source and binary forms, with or without * modification, are permitted provided that the following conditions @@ -70,6 +70,11 @@ static STACK *get_email(X509_NAME *name, GENERAL_NAMES *gens); static void str_free(void *str); static int append_ia5(STACK **sk, ASN1_IA5STRING *email); +static int ipv4_from_asc(unsigned char *v4, const char *in); +static int ipv6_from_asc(unsigned char *v6, const char *in); +static int ipv6_cb(const char *elem, int len, void *usr); +static int ipv6_hex(unsigned char *out, const char *in, int inlen); + /* Add a CONF_VALUE name value pair to stack */ int X509V3_add_value(const char *name, const char *value, @@ -534,3 +539,204 @@ void X509_email_free(STACK *sk) { sk_pop_free(sk, str_free); } + +/* Convert IP addresses both IPv4 and IPv6 into an + * OCTET STRING compatible with RFC3280. + */ + +ASN1_OCTET_STRING *a2i_IPADDRESS(const char *ipasc) + { + unsigned char ipout[16]; + ASN1_OCTET_STRING *ret; + int iplen; + + /* If string contains a ':' assume IPv6 */ + + if (strchr(ipasc, ':')) + { + if (!ipv6_from_asc(ipout, ipasc)) + return NULL; + iplen = 16; + } + else + { + if (!ipv4_from_asc(ipout, ipasc)) + return NULL; + iplen = 4; + } + + ret = ASN1_OCTET_STRING_new(); + if (!ret) + return NULL; + if (!ASN1_OCTET_STRING_set(ret, ipout, iplen)) + { + ASN1_OCTET_STRING_free(ret); + return NULL; + } + return ret; + } + +static int ipv4_from_asc(unsigned char *v4, const char *in) + { + int a0, a1, a2, a3; + if (sscanf(in, "%d.%d.%d.%d", &a0, &a1, &a2, &a3) != 4) + return 0; + if ((a0 < 0) || (a0 > 255) || (a1 < 0) || (a1 > 255) + || (a2 < 0) || (a2 > 255) || (a3 < 0) || (a3 > 255)) + return 0; + v4[0] = a0; + v4[1] = a1; + v4[2] = a2; + v4[3] = a3; + return 1; + } + +typedef struct { + /* Temporary store for IPV6 output */ + unsigned char tmp[16]; + /* Total number of bytes in tmp */ + int total; + /* The position of a zero (corresponding to '::') */ + int zero_pos; + /* Number of zeroes */ + int zero_cnt; + } IPV6_STAT; + + +static int ipv6_from_asc(unsigned char *v6, const char *in) + { + IPV6_STAT v6stat; + v6stat.total = 0; + v6stat.zero_pos = -1; + v6stat.zero_cnt = 0; + /* Treat the IPv6 representation as a list of values + * separated by ':'. The presence of a '::' will parse + * as one, two or three zero length elements. + */ + if (!CONF_parse_list(in, ':', 0, ipv6_cb, &v6stat)) + return 0; + + /* Now for some sanity checks */ + + if (v6stat.zero_pos == -1) + { + /* If no '::' must have exactly 16 bytes */ + if (v6stat.total != 16) + return 0; + } + else + { + /* If '::' must have less than 16 bytes */ + if (v6stat.total == 16) + return 0; + /* More than three zeroes is an error */ + if (v6stat.zero_cnt > 3) + return 0; + /* Can only have three zeroes if nothing else present */ + else if (v6stat.zero_cnt == 3) + { + if (v6stat.total > 0) + return 0; + } + /* Can only have two zeroes if at start or end */ + else if (v6stat.zero_cnt == 2) + { + if ((v6stat.zero_pos != 0) + && (v6stat.zero_pos != v6stat.total)) + return 0; + } + else + /* Can only have one zero if *not* start or end */ + { + if ((v6stat.zero_pos == 0) + || (v6stat.zero_pos == v6stat.total)) + return 0; + } + } + + /* Format result */ + + /* Copy initial part */ + if (v6stat.zero_pos > 0) + memcpy(v6, v6stat.tmp, v6stat.zero_pos); + /* Zero middle */ + if (v6stat.total != 16) + memset(v6 + v6stat.zero_pos, 0, 16 - v6stat.total); + /* Copy final part */ + if (v6stat.total != v6stat.zero_pos) + memcpy(v6 + v6stat.zero_pos + 16 - v6stat.total, + v6stat.tmp + v6stat.zero_pos, + v6stat.total - v6stat.zero_pos); + + return 1; + } + +static int ipv6_cb(const char *elem, int len, void *usr) + { + IPV6_STAT *s = usr; + /* Error if 16 bytes written */ + if (s->total == 16) + return 0; + if (len == 0) + { + /* Zero length element, corresponds to '::' */ + if (s->zero_pos == -1) + s->zero_pos = s->total; + /* If we've already got a :: its an error */ + else if (s->zero_pos != s->total) + return 0; + s->zero_cnt++; + } + else + { + /* If more than 4 characters could be final a.b.c.d form */ + if (len > 4) + { + /* Need at least 4 bytes left */ + if (s->total > 12) + return 0; + /* Must be end of string */ + if (elem[len]) + return 0; + if (!ipv4_from_asc(s->tmp + s->total, elem)) + return 0; + s->total += 4; + } + else + { + if (!ipv6_hex(s->tmp + s->total, elem, len)) + return 0; + s->total += 2; + } + } + return 1; + } + +/* Convert a string of up to 4 hex digits into the corresponding + * IPv6 form. + */ + +static int ipv6_hex(unsigned char *out, const char *in, int inlen) + { + unsigned char c; + unsigned int num = 0; + if (inlen > 4) + return 0; + while(inlen--) + { + c = *in++; + num <<= 4; + if ((c >= '0') && (c <= '9')) + num |= c - '0'; + else if ((c >= 'A') && (c <= 'F')) + num |= c - 'A' + 10; + else if ((c >= 'a') && (c <= 'f')) + num |= c - 'a' + 10; + else + return 0; + } + out[0] = num >> 8; + out[1] = num & 0xff; + return 1; + } + diff --git a/crypto/x509v3/x509v3.h b/crypto/x509v3/x509v3.h index b4dd52a951..a720ff2b9e 100644 --- a/crypto/x509v3/x509v3.h +++ b/crypto/x509v3/x509v3.h @@ -547,6 +547,7 @@ STACK *X509_get1_email(X509 *x); STACK *X509_REQ_get1_email(X509_REQ *x); void X509_email_free(STACK *sk); +ASN1_OCTET_STRING *a2i_IPADDRESS(const char *ipasc); /* BEGIN ERROR CODES */ /* The following lines are auto generated by the script mkerr.pl. Any changes From 0e9035ac98383d5758a4376ddde4aafdb3162b85 Mon Sep 17 00:00:00 2001 From: =?UTF-8?q?Bodo=20M=C3=B6ller?= Date: Wed, 5 Feb 2003 16:40:29 +0000 Subject: [PATCH 058/393] SSL_add_dir_cert_subjects_to_stack now exists for WIN32 --- ssl/ssl.h | 2 -- ssl/ssl_cert.c | 2 +- util/ssleay.num | 2 +- 3 files changed, 2 insertions(+), 4 deletions(-) diff --git a/ssl/ssl.h b/ssl/ssl.h index 5177a8a126..466b8a7122 100644 --- a/ssl/ssl.h +++ b/ssl/ssl.h @@ -1241,14 +1241,12 @@ int SSL_CTX_use_certificate_chain_file(SSL_CTX *ctx, const char *file); /* PEM t STACK_OF(X509_NAME) *SSL_load_client_CA_file(const char *file); int SSL_add_file_cert_subjects_to_stack(STACK_OF(X509_NAME) *stackCAs, const char *file); -#ifndef OPENSSL_SYS_WIN32 #ifndef OPENSSL_SYS_VMS #ifndef OPENSSL_SYS_MACINTOSH_CLASSIC /* XXXXX: Better scheme needed! [was: #ifndef MAC_OS_pre_X] */ int SSL_add_dir_cert_subjects_to_stack(STACK_OF(X509_NAME) *stackCAs, const char *dir); #endif #endif -#endif #endif diff --git a/ssl/ssl_cert.c b/ssl/ssl_cert.c index b0e20ed941..144b90dd17 100644 --- a/ssl/ssl_cert.c +++ b/ssl/ssl_cert.c @@ -810,7 +810,7 @@ err: #endif #endif -#else +#else /* OPENSSL_SYS_WIN32 */ int SSL_add_dir_cert_subjects_to_stack(STACK_OF(X509_NAME) *stack, const char *dir) diff --git a/util/ssleay.num b/util/ssleay.num index d027a1c45a..7c15d0f05a 100755 --- a/util/ssleay.num +++ b/util/ssleay.num @@ -169,7 +169,7 @@ SSL_add_file_cert_subjects_to_stack 185 EXIST:!VMS:FUNCTION:STDIO SSL_add_file_cert_subjs_to_stk 185 EXIST:VMS:FUNCTION:STDIO SSL_set_tmp_rsa_callback 186 EXIST::FUNCTION:RSA SSL_set_tmp_dh_callback 187 EXIST::FUNCTION:DH -SSL_add_dir_cert_subjects_to_stack 188 EXIST:!VMS,!WIN32:FUNCTION:STDIO +SSL_add_dir_cert_subjects_to_stack 188 EXIST:!VMS:FUNCTION:STDIO SSL_add_dir_cert_subjs_to_stk 188 NOEXIST::FUNCTION: SSL_set_session_id_context 189 EXIST::FUNCTION: SSL_CTX_use_certificate_chain_file 222 EXIST:!VMS:FUNCTION:STDIO From 772ec4135c4c6f65c8cb6b3c7deb18f6e50dd6f9 Mon Sep 17 00:00:00 2001 From: =?UTF-8?q?Bodo=20M=C3=B6ller?= Date: Wed, 5 Feb 2003 16:54:10 +0000 Subject: [PATCH 059/393] typo in WIN16 section Submitted by: Toni Andjelkovic --- crypto/bio/bio.h | 2 +- 1 file changed, 1 insertion(+), 1 deletion(-) diff --git a/crypto/bio/bio.h b/crypto/bio/bio.h index f109308166..fbbc16d00c 100644 --- a/crypto/bio/bio.h +++ b/crypto/bio/bio.h @@ -244,7 +244,7 @@ typedef struct bio_method_st long (_far *ctrl)(); int (_far *create)(); int (_far *destroy)(); - long (_fat *callback_ctrl)(); + long (_far *callback_ctrl)(); } BIO_METHOD; #endif From 37c660ff9b22d6f0eb19a9881d3b663ca4f63449 Mon Sep 17 00:00:00 2001 From: =?UTF-8?q?Bodo=20M=C3=B6ller?= Date: Thu, 6 Feb 2003 19:25:12 +0000 Subject: [PATCH 060/393] implement fast point multiplication with precomputation Submitted by: Nils Larsch Reviewed by: Bodo Moeller --- CHANGES | 8 + apps/speed.c | 3 + crypto/ec/ec.h | 16 +- crypto/ec/ec2_mult.c | 22 +- crypto/ec/ec2_smpl.c | 10 +- crypto/ec/ec_err.c | 6 +- crypto/ec/ec_lcl.h | 20 +- crypto/ec/ec_lib.c | 59 +++- crypto/ec/ec_mult.c | 585 +++++++++++++++++++++++++++++++++------- crypto/ec/ecp_mont.c | 5 +- crypto/ec/ecp_nist.c | 5 +- crypto/ec/ecp_recp.c | 5 +- crypto/ec/ecp_smpl.c | 5 +- crypto/evp/Makefile.ssl | 9 +- util/mkerr.pl | 4 +- 15 files changed, 628 insertions(+), 134 deletions(-) diff --git a/CHANGES b/CHANGES index 7dd56c3cd7..36c6bd1765 100644 --- a/CHANGES +++ b/CHANGES @@ -4,6 +4,14 @@ Changes between 0.9.7 and 0.9.8 [xx XXX xxxx] + *) In crypto/ec/ec_mult.c, implement fast point multiplication with + precomputation, based one wNAF splitting: EC_GROUP_precompute_mult() + will now compute a table of multiples of the generator that + makes subsequent invocations of EC_POINTs_mul() or EC_POINT_mul + faster (notably in the case of a single point multiplication, + scalar * generator). + [Nils Larsch, Bodo Moeller] + *) IPv6 support for certificate extensions. The various extensions which use the IP:a.b.c.d can now take IPv6 addresses using the formats of RFC1884 2.2 . IPv6 addresses are now also displayed diff --git a/apps/speed.c b/apps/speed.c index 758ce250de..d6f78fb5d4 100644 --- a/apps/speed.c +++ b/apps/speed.c @@ -1933,6 +1933,9 @@ int MAIN(int argc, char **argv) } else { +#if 1 + EC_GROUP_precompute_mult(ecdsa[j]->group, NULL); +#endif /* Perform ECDSA signature test */ EC_KEY_generate_key(ecdsa[j]); ret = ECDSA_sign(0, buf, 20, ecdsasig, diff --git a/crypto/ec/ec.h b/crypto/ec/ec.h index 53fb8cfc57..f68963e66f 100644 --- a/crypto/ec/ec.h +++ b/crypto/ec/ec.h @@ -3,7 +3,7 @@ * Originally written by Bodo Moeller for the OpenSSL project. */ /* ==================================================================== - * Copyright (c) 1998-2002 The OpenSSL Project. All rights reserved. + * Copyright (c) 1998-2003 The OpenSSL Project. All rights reserved. * * Redistribution and use in source and binary forms, with or without * modification, are permitted provided that the following conditions @@ -101,7 +101,7 @@ typedef struct ec_group_st -- field definition -- curve coefficients -- optional generator with associated information (order, cofactor) - -- optional extra data (TODO: precomputed table for fast computation of multiples of generator) + -- optional extra data (precomputed table for fast computation of multiples of generator) -- ASN1 stuff */ EC_GROUP; @@ -241,7 +241,11 @@ int EC_POINTs_make_affine(const EC_GROUP *, size_t num, EC_POINT *[], BN_CTX *); int EC_POINTs_mul(const EC_GROUP *, EC_POINT *r, const BIGNUM *, size_t num, const EC_POINT *[], const BIGNUM *[], BN_CTX *); int EC_POINT_mul(const EC_GROUP *, EC_POINT *r, const BIGNUM *, const EC_POINT *, const BIGNUM *, BN_CTX *); + +/* EC_GROUP_precompute_mult() stores multiples of generator for faster point multiplication */ int EC_GROUP_precompute_mult(EC_GROUP *, BN_CTX *); +/* EC_GROUP_have_precompute_mult() reports whether such precomputation has been done */ +int EC_GROUP_have_precompute_mult(const EC_GROUP *); @@ -403,7 +407,6 @@ void ERR_load_EC_strings(void); #define EC_F_EC_GROUP_GET_CURVE_GF2M 172 #define EC_F_EC_GROUP_GET_CURVE_GFP 130 #define EC_F_EC_GROUP_GET_DEGREE 173 -#define EC_F_EC_GROUP_GET_EXTRA_DATA 107 #define EC_F_EC_GROUP_GET_ORDER 141 #define EC_F_EC_GROUP_GET_PENTANOMIAL_BASIS 193 #define EC_F_EC_GROUP_GET_TRINOMIAL_BASIS 194 @@ -444,6 +447,7 @@ void ERR_load_EC_strings(void); #define EC_F_EC_POINT_SET_COMPRESSED_COORDINATES_GFP 125 #define EC_F_EC_POINT_SET_JPROJECTIVE_COORDINATES_GFP 126 #define EC_F_EC_POINT_SET_TO_INFINITY 127 +#define EC_F_EC_PRE_COMP_DUP 207 #define EC_F_EC_WNAF_MUL 187 #define EC_F_EC_WNAF_PRECOMPUTE_MULT 188 #define EC_F_GFP_MONT_GROUP_SET_CURVE 189 @@ -462,7 +466,6 @@ void ERR_load_EC_strings(void); #define EC_R_GROUP2PKPARAMETERS_FAILURE 120 #define EC_R_I2D_ECPKPARAMETERS_FAILURE 121 #define EC_R_INCOMPATIBLE_OBJECTS 101 -#define EC_R_INTERNAL_ERROR 132 #define EC_R_INVALID_ARGUMENT 112 #define EC_R_INVALID_COMPRESSED_POINT 110 #define EC_R_INVALID_COMPRESSION_BIT 109 @@ -473,12 +476,11 @@ void ERR_load_EC_strings(void); #define EC_R_INVALID_PRIVATE_KEY 123 #define EC_R_MISSING_PARAMETERS 124 #define EC_R_MISSING_PRIVATE_KEY 125 -#define EC_R_NOT_A_NIST_PRIME 135 -#define EC_R_NOT_A_SUPPORTED_NIST_PRIME 136 +#define EC_R_NOT_A_NIST_PRIME 135 +#define EC_R_NOT_A_SUPPORTED_NIST_PRIME 136 #define EC_R_NOT_IMPLEMENTED 126 #define EC_R_NOT_INITIALIZED 111 #define EC_R_NO_FIELD_MOD 133 -#define EC_R_NO_SUCH_EXTRA_DATA 105 #define EC_R_PASSED_NULL_PARAMETER 134 #define EC_R_PKPARAMETERS2GROUP_FAILURE 127 #define EC_R_POINT_AT_INFINITY 106 diff --git a/crypto/ec/ec2_mult.c b/crypto/ec/ec2_mult.c index eefb41a157..a0effa95ad 100644 --- a/crypto/ec/ec2_mult.c +++ b/crypto/ec/ec2_mult.c @@ -14,7 +14,7 @@ * */ /* ==================================================================== - * Copyright (c) 1998-2002 The OpenSSL Project. All rights reserved. + * Copyright (c) 1998-2003 The OpenSSL Project. All rights reserved. * * Redistribution and use in source and binary forms, with or without * modification, are permitted provided that the following conditions @@ -326,9 +326,10 @@ int ec_GF2m_simple_mul(const EC_GROUP *group, EC_POINT *r, const BIGNUM *scalar, } /* This implementation is more efficient than the wNAF implementation for 2 - * or fewer points. Use the ec_wNAF_mul implementation for 3 or more points. + * or fewer points. Use the ec_wNAF_mul implementation for 3 or more points, + * or if we can perform a fast multiplication based on precomputation. */ - if ((scalar && (num > 1)) || (num > 2)) + if ((scalar && (num > 1)) || (num > 2) || (num == 0 && EC_GROUP_have_precompute_mult(group))) { ret = ec_wNAF_mul(group, r, scalar, num, points, scalars, ctx); goto err; @@ -364,12 +365,15 @@ int ec_GF2m_simple_mul(const EC_GROUP *group, EC_POINT *r, const BIGNUM *scalar, } -/* Precomputation for point multiplication. */ +/* Precomputation for point multiplication: fall back to wNAF methods + * because ec_GF2m_simple_mul() uses ec_wNAF_mul() if appropriate */ + int ec_GF2m_precompute_mult(EC_GROUP *group, BN_CTX *ctx) { - /* There is no precomputation to do for Montgomery scalar multiplication but - * since this implementation falls back to the wNAF multiplication for more than - * two points, call the wNAF implementation's precompute. - */ return ec_wNAF_precompute_mult(group, ctx); - } + } + +int ec_GF2m_have_precompute_mult(const EC_GROUP *group) + { + return ec_wNAF_have_precompute_mult(group); + } diff --git a/crypto/ec/ec2_smpl.c b/crypto/ec/ec2_smpl.c index a6fa4da7e6..89e8152015 100644 --- a/crypto/ec/ec2_smpl.c +++ b/crypto/ec/ec2_smpl.c @@ -14,7 +14,7 @@ * */ /* ==================================================================== - * Copyright (c) 1998-2002 The OpenSSL Project. All rights reserved. + * Copyright (c) 1998-2003 The OpenSSL Project. All rights reserved. * * Redistribution and use in source and binary forms, with or without * modification, are permitted provided that the following conditions @@ -99,13 +99,17 @@ const EC_METHOD *EC_GF2m_simple_method(void) ec_GF2m_simple_add, ec_GF2m_simple_dbl, ec_GF2m_simple_invert, - ec_GF2m_simple_mul, - ec_GF2m_precompute_mult, ec_GF2m_simple_is_at_infinity, ec_GF2m_simple_is_on_curve, ec_GF2m_simple_cmp, ec_GF2m_simple_make_affine, ec_GF2m_simple_points_make_affine, + + /* the following three method functions are defined in ec2_mult.c */ + ec_GF2m_simple_mul, + ec_GF2m_precompute_mult, + ec_GF2m_have_precompute_mult, + ec_GF2m_simple_field_mul, ec_GF2m_simple_field_sqr, ec_GF2m_simple_field_div, diff --git a/crypto/ec/ec_err.c b/crypto/ec/ec_err.c index 58ae9d682d..7730402d09 100644 --- a/crypto/ec/ec_err.c +++ b/crypto/ec/ec_err.c @@ -1,6 +1,6 @@ /* crypto/ec/ec_err.c */ /* ==================================================================== - * Copyright (c) 1999-2002 The OpenSSL Project. All rights reserved. + * Copyright (c) 1999-2003 The OpenSSL Project. All rights reserved. * * Redistribution and use in source and binary forms, with or without * modification, are permitted provided that the following conditions @@ -122,7 +122,6 @@ static ERR_STRING_DATA EC_str_functs[]= {ERR_PACK(0,EC_F_EC_GROUP_GET_CURVE_GF2M,0), "EC_GROUP_get_curve_GF2m"}, {ERR_PACK(0,EC_F_EC_GROUP_GET_CURVE_GFP,0), "EC_GROUP_get_curve_GFp"}, {ERR_PACK(0,EC_F_EC_GROUP_GET_DEGREE,0), "EC_GROUP_get_degree"}, -{ERR_PACK(0,EC_F_EC_GROUP_GET_EXTRA_DATA,0), "EC_GROUP_get_extra_data"}, {ERR_PACK(0,EC_F_EC_GROUP_GET_ORDER,0), "EC_GROUP_get_order"}, {ERR_PACK(0,EC_F_EC_GROUP_GET_PENTANOMIAL_BASIS,0), "EC_GROUP_get_pentanomial_basis"}, {ERR_PACK(0,EC_F_EC_GROUP_GET_TRINOMIAL_BASIS,0), "EC_GROUP_get_trinomial_basis"}, @@ -163,6 +162,7 @@ static ERR_STRING_DATA EC_str_functs[]= {ERR_PACK(0,EC_F_EC_POINT_SET_COMPRESSED_COORDINATES_GFP,0), "EC_POINT_set_compressed_coordinates_GFp"}, {ERR_PACK(0,EC_F_EC_POINT_SET_JPROJECTIVE_COORDINATES_GFP,0), "EC_POINT_set_Jprojective_coordinates_GFp"}, {ERR_PACK(0,EC_F_EC_POINT_SET_TO_INFINITY,0), "EC_POINT_set_to_infinity"}, +{ERR_PACK(0,EC_F_EC_PRE_COMP_DUP,0), "EC_PRE_COMP_DUP"}, {ERR_PACK(0,EC_F_EC_WNAF_MUL,0), "ec_wNAF_mul"}, {ERR_PACK(0,EC_F_EC_WNAF_PRECOMPUTE_MULT,0), "ec_wNAF_precompute_mult"}, {ERR_PACK(0,EC_F_GFP_MONT_GROUP_SET_CURVE,0), "GFP_MONT_GROUP_SET_CURVE"}, @@ -184,7 +184,6 @@ static ERR_STRING_DATA EC_str_reasons[]= {EC_R_GROUP2PKPARAMETERS_FAILURE ,"group2pkparameters failure"}, {EC_R_I2D_ECPKPARAMETERS_FAILURE ,"i2d ecpkparameters failure"}, {EC_R_INCOMPATIBLE_OBJECTS ,"incompatible objects"}, -{EC_R_INTERNAL_ERROR ,"internal error"}, {EC_R_INVALID_ARGUMENT ,"invalid argument"}, {EC_R_INVALID_COMPRESSED_POINT ,"invalid compressed point"}, {EC_R_INVALID_COMPRESSION_BIT ,"invalid compression bit"}, @@ -200,7 +199,6 @@ static ERR_STRING_DATA EC_str_reasons[]= {EC_R_NOT_IMPLEMENTED ,"not implemented"}, {EC_R_NOT_INITIALIZED ,"not initialized"}, {EC_R_NO_FIELD_MOD ,"no field mod"}, -{EC_R_NO_SUCH_EXTRA_DATA ,"no such extra data"}, {EC_R_PASSED_NULL_PARAMETER ,"passed null parameter"}, {EC_R_PKPARAMETERS2GROUP_FAILURE ,"pkparameters2group failure"}, {EC_R_POINT_AT_INFINITY ,"point at infinity"}, diff --git a/crypto/ec/ec_lcl.h b/crypto/ec/ec_lcl.h index a96d0df1a4..54b6a45f30 100644 --- a/crypto/ec/ec_lcl.h +++ b/crypto/ec/ec_lcl.h @@ -3,7 +3,7 @@ * Originally written by Bodo Moeller for the OpenSSL project. */ /* ==================================================================== - * Copyright (c) 1998-2001 The OpenSSL Project. All rights reserved. + * Copyright (c) 1998-2003 The OpenSSL Project. All rights reserved. * * Redistribution and use in source and binary forms, with or without * modification, are permitted provided that the following conditions @@ -136,11 +136,6 @@ struct ec_method_st { int (*dbl)(const EC_GROUP *, EC_POINT *r, const EC_POINT *a, BN_CTX *); int (*invert)(const EC_GROUP *, EC_POINT *, BN_CTX *); - /* used by EC_POINTs_mul, EC_POINT_mul, EC_POINT_precompute_mult: */ - int (*mul)(const EC_GROUP *group, EC_POINT *r, const BIGNUM *scalar, - size_t num, const EC_POINT *points[], const BIGNUM *scalars[], BN_CTX *); - int (*precompute_mult)(EC_GROUP *group, BN_CTX *); - /* used by EC_POINT_is_at_infinity, EC_POINT_is_on_curve, EC_POINT_cmp: */ int (*is_at_infinity)(const EC_GROUP *, const EC_POINT *); int (*is_on_curve)(const EC_GROUP *, const EC_POINT *, BN_CTX *); @@ -150,6 +145,13 @@ struct ec_method_st { int (*make_affine)(const EC_GROUP *, EC_POINT *, BN_CTX *); int (*points_make_affine)(const EC_GROUP *, size_t num, EC_POINT *[], BN_CTX *); + /* used by EC_POINTs_mul, EC_POINT_mul, EC_POINT_precompute_mult, EC_POINT_have_precompute_mult + * (default implementations are used if the 'mul' pointer is 0): */ + int (*mul)(const EC_GROUP *group, EC_POINT *r, const BIGNUM *scalar, + size_t num, const EC_POINT *points[], const BIGNUM *scalars[], BN_CTX *); + int (*precompute_mult)(EC_GROUP *group, BN_CTX *); + int (*have_precompute_mult)(const EC_GROUP *group); + /* internal functions */ @@ -248,10 +250,13 @@ struct ec_point_st { -/* method functions in ec_mult.c */ +/* method functions in ec_mult.c + * (ec_lib.c uses these as defaults if group->method->mul is 0 */ int ec_wNAF_mul(const EC_GROUP *group, EC_POINT *r, const BIGNUM *scalar, size_t num, const EC_POINT *points[], const BIGNUM *scalars[], BN_CTX *); int ec_wNAF_precompute_mult(EC_GROUP *group, BN_CTX *); +int ec_wNAF_have_precompute_mult(const EC_GROUP *group); + /* method functions in ecp_smpl.c */ int ec_GFp_simple_group_init(EC_GROUP *); @@ -363,3 +368,4 @@ int ec_GF2m_simple_field_div(const EC_GROUP *, BIGNUM *r, const BIGNUM *a, const int ec_GF2m_simple_mul(const EC_GROUP *group, EC_POINT *r, const BIGNUM *scalar, size_t num, const EC_POINT *points[], const BIGNUM *scalars[], BN_CTX *); int ec_GF2m_precompute_mult(EC_GROUP *group, BN_CTX *ctx); +int ec_GF2m_have_precompute_mult(const EC_GROUP *group); diff --git a/crypto/ec/ec_lib.c b/crypto/ec/ec_lib.c index 2cc0dc0ec1..5e3fb5c20b 100644 --- a/crypto/ec/ec_lib.c +++ b/crypto/ec/ec_lib.c @@ -3,7 +3,7 @@ * Originally written by Bodo Moeller for the OpenSSL project. */ /* ==================================================================== - * Copyright (c) 1998-2002 The OpenSSL Project. All rights reserved. + * Copyright (c) 1998-2003 The OpenSSL Project. All rights reserved. * * Redistribution and use in source and binary forms, with or without * modification, are permitted provided that the following conditions @@ -503,7 +503,9 @@ void *EC_GROUP_get_extra_data(const EC_GROUP *group, void *(*extra_data_dup_func || (group->extra_data_free_func != extra_data_free_func) || (group->extra_data_clear_free_func != extra_data_clear_free_func)) { +#if 0 /* this was an error in 0.9.7, but that does not make a lot of sense */ ECerr(EC_F_EC_GROUP_GET_EXTRA_DATA, EC_R_NO_SUCH_EXTRA_DATA); +#endif return NULL; } @@ -956,3 +958,58 @@ int EC_POINTs_make_affine(const EC_GROUP *group, size_t num, EC_POINT *points[], } return group->meth->points_make_affine(group, num, points, ctx); } + + +/* Functions for point multiplication. + * + * If group->meth->mul is 0, we use the wNAF-based implementations in ec_mult.c; + * otherwise we dispatch through methods. + */ + +int EC_POINTs_mul(const EC_GROUP *group, EC_POINT *r, const BIGNUM *scalar, + size_t num, const EC_POINT *points[], const BIGNUM *scalars[], BN_CTX *ctx) + { + if (group->meth->mul == 0) + /* use default */ + return ec_wNAF_mul(group, r, scalar, num, points, scalars, ctx); + + return group->meth->mul(group, r, scalar, num, points, scalars, ctx); + } + +int EC_POINT_mul(const EC_GROUP *group, EC_POINT *r, const BIGNUM *g_scalar, + const EC_POINT *point, const BIGNUM *p_scalar, BN_CTX *ctx) + { + /* just a convenient interface to EC_POINTs_mul() */ + + const EC_POINT *points[1]; + const BIGNUM *scalars[1]; + + points[0] = point; + scalars[0] = p_scalar; + + return EC_POINTs_mul(group, r, g_scalar, (point != NULL && p_scalar != NULL), points, scalars, ctx); + } + +int EC_GROUP_precompute_mult(EC_GROUP *group, BN_CTX *ctx) + { + if (group->meth->mul == 0) + /* use default */ + return ec_wNAF_precompute_mult(group, ctx); + + if (group->meth->precompute_mult != 0) + return group->meth->precompute_mult(group, ctx); + else + return 1; /* nothing to do, so report success */ + } + +int EC_GROUP_have_precompute_mult(const EC_GROUP *group) + { + if (group->meth->mul == 0) + /* use default */ + return ec_wNAF_have_precompute_mult(group); + + if (group->meth->have_precompute_mult != 0) + return group->meth->have_precompute_mult(group); + else + return 0; /* cannot tell whether precomputation has been performed */ + } diff --git a/crypto/ec/ec_mult.c b/crypto/ec/ec_mult.c index f5312aa23a..42cd98181c 100644 --- a/crypto/ec/ec_mult.c +++ b/crypto/ec/ec_mult.c @@ -1,9 +1,9 @@ /* crypto/ec/ec_mult.c */ /* - * Originally written by Bodo Moeller for the OpenSSL project. + * Originally written by Bodo Moeller and Nils Larsch for the OpenSSL project. */ /* ==================================================================== - * Copyright (c) 1998-2002 The OpenSSL Project. All rights reserved. + * Copyright (c) 1998-2003 The OpenSSL Project. All rights reserved. * * Redistribution and use in source and binary forms, with or without * modification, are permitted provided that the following conditions @@ -66,16 +66,137 @@ #include "ec_lcl.h" -/* TODO: optional precomputation of multiples of the generator */ - - - /* - * wNAF-based interleaving multi-exponentation method - * () + * This file implements the wNAF-based interleaving multi-exponentation method + * (); + * for multiplication with precomputation, we use wNAF splitting + * (). */ + + +/* structure for precomputed multiples of the generator */ +typedef struct ec_pre_comp_st { + const EC_GROUP *group; /* parent EC_GROUP object */ + size_t blocksize; /* block size for wNAF splitting */ + size_t numblocks; /* max. number of blocks for which we have precomputation */ + size_t w; /* window size */ + EC_POINT **points; /* array with pre-calculated multiples of generator: + * 'num' pointers to EC_POINT objects followed by a NULL */ + size_t num; /* numblocks * 2^(w-1) */ +} EC_PRE_COMP; + +/* functions to manage EC_PRE_COMP within the EC_GROUP extra_data framework */ +static void *ec_pre_comp_dup(void *); +static void ec_pre_comp_free(void *); +static void ec_pre_comp_clear_free(void *); + +static EC_PRE_COMP *ec_pre_comp_new(const EC_GROUP *group) + { + EC_PRE_COMP *ret = NULL; + + if (!group) + return NULL; + + ret = (EC_PRE_COMP *)OPENSSL_malloc(sizeof(EC_PRE_COMP)); + if (!ret) + return ret; + ret->group = group; + ret->blocksize = 8; /* default */ + ret->numblocks = 0; + ret->w = 4; /* default */ + ret->points = NULL; + ret->num = 0; + return ret; + } + +static void *ec_pre_comp_dup(void *src_) + { + const EC_PRE_COMP *src = src_; + EC_PRE_COMP *ret = NULL; + + ret = ec_pre_comp_new(src->group); + if (!ret) + return ret; + ret->blocksize = src->blocksize; + ret->numblocks = src->numblocks; + ret->w = src->w; + ret->num = 0; + + if (src->points) + { + EC_POINT **src_var, **dest_var; + + ret->points = (EC_POINT **)OPENSSL_malloc((src->num + 1) * sizeof(EC_POINT *)); + if (!ret->points) + { + ec_pre_comp_free(ret); + return NULL; + } + + for (dest_var = ret->points, src_var = src->points; *src_var != NULL; src_var++, dest_var++) + { + *dest_var = EC_POINT_dup(*src_var, src->group); + if (*dest_var == NULL) + { + ec_pre_comp_free(ret); + return NULL; + } + ret->num++; + } + + ret->points[ret->num] = NULL; + if (ret->num != src->num) + { + ec_pre_comp_free(ret); + ECerr(EC_F_EC_PRE_COMP_DUP, ERR_R_INTERNAL_ERROR); + return NULL; + } + } + + return ret; + } + +static void ec_pre_comp_free(void *pre_) + { + EC_PRE_COMP *pre = pre_; + + if (!pre) + return; + if (pre->points) + { + EC_POINT **var; + + for (var = pre->points; *var != NULL; var++) + EC_POINT_free(*var); + OPENSSL_free(pre->points); + } + OPENSSL_free(pre); + } + +static void ec_pre_comp_clear_free(void *pre_) + { + EC_PRE_COMP *pre = pre_; + + if (!pre) + return; + if (pre->points) + { + EC_POINT **p; + + for (p = pre->points; *p != NULL; p++) + EC_POINT_clear_free(*p); + OPENSSL_cleanse(pre->points, sizeof pre->points); + OPENSSL_free(pre->points); + } + OPENSSL_cleanse(pre, sizeof pre); + OPENSSL_free(pre); + } + + + + /* Determine the modified width-(w+1) Non-Adjacent Form (wNAF) of 'scalar'. * This is an array r[] of values that are either zero or odd with an * absolute value less than 2^w satisfying @@ -108,7 +229,9 @@ static signed char *compute_wNAF(const BIGNUM *scalar, int w, size_t *ret_len) } len = BN_num_bits(scalar); - r = OPENSSL_malloc(len + 1); /* modified wNAF may be one digit longer than binary representation */ + r = OPENSSL_malloc(len + 1); /* modified wNAF may be one digit longer than binary representation + * (*ret_len will be set to the actual length, i.e. at most + * BN_num_bits(scalar) + 1) */ if (r == NULL) goto err; if (scalar->d == NULL || scalar->top == 0) @@ -224,6 +347,8 @@ int ec_wNAF_mul(const EC_GROUP *group, EC_POINT *r, const BIGNUM *scalar, EC_POINT *generator = NULL; EC_POINT *tmp = NULL; size_t totalnum; + size_t blocksize = 0, numblocks = 0; /* for wNAF splitting */ + size_t pre_points_per_block = 0; size_t i, j; int k; int r_is_inverted = 0; @@ -235,19 +360,23 @@ int ec_wNAF_mul(const EC_GROUP *group, EC_POINT *r, const BIGNUM *scalar, size_t num_val; EC_POINT **val = NULL; /* precomputation */ EC_POINT **v; - EC_POINT ***val_sub = NULL; /* pointers to sub-arrays of 'val' */ + EC_POINT ***val_sub = NULL; /* pointers to sub-arrays of 'val' or 'pre_comp->points' */ + EC_PRE_COMP *pre_comp = NULL; + int num_scalar = 0; /* flag: will be set to 1 if 'scalar' must be treated like other scalars, + * i.e. precomputation is not available */ int ret = 0; - if (scalar != NULL) + if (group->meth != r->meth) { - generator = EC_GROUP_get0_generator(group); - if (generator == NULL) - { - ECerr(EC_F_EC_WNAF_MUL, EC_R_UNDEFINED_GENERATOR); - return 0; - } + ECerr(EC_F_EC_WNAF_MUL, EC_R_INCOMPATIBLE_OBJECTS); + return 0; } - + + if ((scalar == NULL) && (num == 0)) + { + return EC_POINT_set_to_infinity(group, r); + } + for (i = 0; i < num; i++) { if (group->meth != points[i]->meth) @@ -257,40 +386,209 @@ int ec_wNAF_mul(const EC_GROUP *group, EC_POINT *r, const BIGNUM *scalar, } } - totalnum = num + (scalar != NULL); - - wsize = OPENSSL_malloc(totalnum * sizeof wsize[0]); - wNAF_len = OPENSSL_malloc(totalnum * sizeof wNAF_len[0]); - wNAF = OPENSSL_malloc((totalnum + 1) * sizeof wNAF[0]); - if (wNAF != NULL) + if (ctx == NULL) { - wNAF[0] = NULL; /* preliminary pivot */ + ctx = new_ctx = BN_CTX_new(); + if (ctx == NULL) + goto err; } - if (wsize == NULL || wNAF_len == NULL || wNAF == NULL) goto err; - /* num_val := total number of points to precompute */ + if (scalar != NULL) + { + generator = EC_GROUP_get0_generator(group); + if (generator == NULL) + { + ECerr(EC_F_EC_WNAF_MUL, EC_R_UNDEFINED_GENERATOR); + goto err; + } + + /* look if we can use precomputed multiples of generator */ + + pre_comp = EC_GROUP_get_extra_data(group, ec_pre_comp_dup, ec_pre_comp_free, ec_pre_comp_clear_free); + + if (pre_comp && pre_comp->numblocks && (EC_POINT_cmp(group, generator, pre_comp->points[0], ctx) == 0)) + { + blocksize = pre_comp->blocksize; + + /* determine maximum number of blocks that wNAF splitting may yield + * (NB: maximum wNAF length is bit length plus one) */ + numblocks = (BN_num_bits(scalar) / blocksize) + 1; + + /* we cannot use more blocks than we have precomputation for */ + if (numblocks > pre_comp->numblocks) + numblocks = pre_comp->numblocks; + + pre_points_per_block = 1u << (pre_comp->w - 1); + + /* check that pre_comp looks sane */ + if (pre_comp->num != (pre_comp->numblocks * pre_points_per_block)) + { + ECerr(EC_F_EC_WNAF_MUL, ERR_R_INTERNAL_ERROR); + goto err; + } + } + else + { + /* can't use precomputation */ + pre_comp = NULL; + numblocks = 1; + num_scalar = 1; /* treat 'scalar' like 'num'-th element of 'scalars' */ + } + } + + totalnum = num + numblocks; + + wsize = OPENSSL_malloc(totalnum * sizeof wsize[0]); + wNAF_len = OPENSSL_malloc(totalnum * sizeof wNAF_len[0]); + wNAF = OPENSSL_malloc((totalnum + 1) * sizeof wNAF[0]); /* includes space for pivot */ + val_sub = OPENSSL_malloc(totalnum * sizeof val_sub[0]); + + if (!wsize || !wNAF_len || !wNAF || !val_sub) + goto err; + + wNAF[0] = NULL; /* preliminary pivot */ + + /* num_val will be the total number of temporarily precomputed points */ num_val = 0; - for (i = 0; i < totalnum; i++) + + for (i = 0; i < num + num_scalar; i++) { size_t bits; bits = i < num ? BN_num_bits(scalars[i]) : BN_num_bits(scalar); wsize[i] = EC_window_bits_for_scalar_size(bits); num_val += 1u << (wsize[i] - 1); + wNAF[i + 1] = NULL; /* make sure we always have a pivot */ + wNAF[i] = compute_wNAF((i < num ? scalars[i] : scalar), wsize[i], &wNAF_len[i]); + if (wNAF[i] == NULL) + goto err; + if (wNAF_len[i] > max_len) + max_len = wNAF_len[i]; } - /* all precomputed points go into a single array 'val', - * 'val_sub[i]' is a pointer to the subarray for the i-th point */ + if (numblocks) + { + /* we go here iff scalar != NULL */ + + if (pre_comp == NULL) + { + if (num_scalar != 1) + { + ECerr(EC_F_EC_WNAF_MUL, ERR_R_INTERNAL_ERROR); + goto err; + } + /* we have already generated a wNAF for 'scalar' */ + } + else + { + signed char *tmp_wNAF = NULL; + size_t tmp_len = 0; + + if (num_scalar != 0) + { + ECerr(EC_F_EC_WNAF_MUL, ERR_R_INTERNAL_ERROR); + goto err; + } + + /* use the window size for which we have precomputation */ + wsize[num] = pre_comp->w; + tmp_wNAF = compute_wNAF(scalar, wsize[num], &tmp_len); + if (!tmp_wNAF) + goto err; + + if (tmp_len <= max_len) + { + /* One of the other wNAFs is at least as long + * as the wNAF belonging to the generator, + * so wNAF splitting will not buy us anything. */ + + numblocks = 1; + totalnum = num + 1; /* don't use wNAF splitting */ + wNAF[num] = tmp_wNAF; + wNAF[num + 1] = NULL; + wNAF_len[num] = tmp_len; + if (tmp_len > max_len) + max_len = tmp_len; + /* pre_comp->points starts with the points that we need here: */ + val_sub[num] = pre_comp->points; + } + else + { + /* don't include tmp_wNAF directly into wNAF array + * - use wNAF splitting and include the blocks */ + + signed char *pp; + EC_POINT **tmp_points; + + if (tmp_len < numblocks * blocksize) + { + /* possibly we can do with fewer blocks than estimated */ + numblocks = (tmp_len + blocksize - 1) / blocksize; + if (numblocks > pre_comp->numblocks) + { + ECerr(EC_F_EC_WNAF_MUL, ERR_R_INTERNAL_ERROR); + goto err; + } + totalnum = num + numblocks; + } + + /* split wNAF in 'numblocks' parts */ + pp = tmp_wNAF; + tmp_points = pre_comp->points; + + for (i = num; i < totalnum; i++) + { + if (i < totalnum - 1) + { + wNAF_len[i] = blocksize; + if (tmp_len < blocksize) + { + ECerr(EC_F_EC_WNAF_MUL, ERR_R_INTERNAL_ERROR); + goto err; + } + tmp_len -= blocksize; + } + else + /* last block gets whatever is left + * (this could be more or less than 'blocksize'!) */ + wNAF_len[i] = tmp_len; + + wNAF[i + 1] = NULL; + wNAF[i] = OPENSSL_malloc(wNAF_len[i]); + if (wNAF[i] == NULL) + { + OPENSSL_free(tmp_wNAF); + goto err; + } + memcpy(wNAF[i], pp, wNAF_len[i]); + if (wNAF_len[i] > max_len) + max_len = wNAF_len[i]; + + if (*tmp_points == NULL) + { + ECerr(EC_F_EC_WNAF_MUL, ERR_R_INTERNAL_ERROR); + OPENSSL_free(tmp_wNAF); + goto err; + } + val_sub[i] = tmp_points; + tmp_points += pre_points_per_block; + pp += blocksize; + } + OPENSSL_free(tmp_wNAF); + } + } + } + + /* All points we precompute now go into a single array 'val'. + * 'val_sub[i]' is a pointer to the subarray for the i-th point, + * or to a subarray of 'pre_comp->points' if we already have precomputation. */ val = OPENSSL_malloc((num_val + 1) * sizeof val[0]); if (val == NULL) goto err; val[num_val] = NULL; /* pivot element */ - val_sub = OPENSSL_malloc(totalnum * sizeof val_sub[0]); - if (val_sub == NULL) goto err; - /* allocate points for precomputation */ v = val; - for (i = 0; i < totalnum; i++) + for (i = 0; i < num + num_scalar; i++) { val_sub[i] = v; for (j = 0; j < (1u << (wsize[i] - 1)); j++) @@ -306,15 +604,8 @@ int ec_wNAF_mul(const EC_GROUP *group, EC_POINT *r, const BIGNUM *scalar, goto err; } - if (ctx == NULL) - { - ctx = new_ctx = BN_CTX_new(); - if (ctx == NULL) - goto err; - } - - tmp = EC_POINT_new(group); - if (tmp == NULL) goto err; + if (!(tmp = EC_POINT_new(group))) + goto err; /* prepare precomputed values: * val_sub[i][0] := points[i] @@ -322,7 +613,7 @@ int ec_wNAF_mul(const EC_GROUP *group, EC_POINT *r, const BIGNUM *scalar, * val_sub[i][2] := 5 * points[i] * ... */ - for (i = 0; i < totalnum; i++) + for (i = 0; i < num + num_scalar; i++) { if (i < num) { @@ -341,16 +632,11 @@ int ec_wNAF_mul(const EC_GROUP *group, EC_POINT *r, const BIGNUM *scalar, if (!EC_POINT_add(group, val_sub[i][j], val_sub[i][j - 1], tmp, ctx)) goto err; } } - - wNAF[i + 1] = NULL; /* make sure we always have a pivot */ - wNAF[i] = compute_wNAF((i < num ? scalars[i] : scalar), wsize[i], &wNAF_len[i]); - if (wNAF[i] == NULL) goto err; - if (wNAF_len[i] > max_len) - max_len = wNAF_len[i]; } #if 1 /* optional; EC_window_bits_for_scalar_size assumes we do this step */ - if (!EC_POINTs_make_affine(group, num_val, val, ctx)) goto err; + if (!EC_POINTs_make_affine(group, num_val, val, ctx)) + goto err; #endif r_is_at_infinity = 1; @@ -446,86 +732,203 @@ int ec_wNAF_mul(const EC_GROUP *group, EC_POINT *r, const BIGNUM *scalar, } -/* Generic multiplication method. - * If group->meth does not provide a multiplication method, default to ec_wNAF_mul; - * otherwise use the group->meth's multiplication. +/* ec_wNAF_precompute_mult() + * creates an EC_PRE_COMP object with preprecomputed multiples of the generator + * for use with wNAF splitting as implemented in ec_wNAF_mul(). + * + * 'pre_comp->points' is an array of multiples of the generator + * of the following form: + * points[0] = generator; + * points[1] = 3 * generator; + * ... + * points[2^(w-1)-1] = (2^(w-1)-1) * generator; + * points[2^(w-1)] = 2^blocksize * generator; + * points[2^(w-1)+1] = 3 * 2^blocksize * generator; + * ... + * points[2^(w-1)*(numblocks-1)-1] = (2^(w-1)) * 2^(blocksize*(numblocks-2)) * generator + * points[2^(w-1)*(numblocks-1)] = 2^(blocksize*(numblocks-1)) * generator + * ... + * points[2^(w-1)*numblocks-1] = (2^(w-1)) * 2^(blocksize*(numblocks-1)) * generator + * points[2^(w-1)*numblocks] = NULL */ -int EC_POINTs_mul(const EC_GROUP *group, EC_POINT *r, const BIGNUM *scalar, - size_t num, const EC_POINT *points[], const BIGNUM *scalars[], BN_CTX *ctx) - { - if (group->meth->mul == 0) - return ec_wNAF_mul(group, r, scalar, num, points, scalars, ctx); - else - return group->meth->mul(group, r, scalar, num, points, scalars, ctx); - } - - -int EC_POINT_mul(const EC_GROUP *group, EC_POINT *r, const BIGNUM *g_scalar, const EC_POINT *point, const BIGNUM *p_scalar, BN_CTX *ctx) - { - const EC_POINT *points[1]; - const BIGNUM *scalars[1]; - - points[0] = point; - scalars[0] = p_scalar; - - return EC_POINTs_mul(group, r, g_scalar, (point != NULL && p_scalar != NULL), points, scalars, ctx); - } - - int ec_wNAF_precompute_mult(EC_GROUP *group, BN_CTX *ctx) { const EC_POINT *generator; + EC_POINT *tmp_point = NULL, *base = NULL, **var; BN_CTX *new_ctx = NULL; BIGNUM *order; + size_t i, bits, w, pre_points_per_block, blocksize, numblocks, num; + EC_POINT **points = NULL; + EC_PRE_COMP *pre_comp, *new_pre_comp = NULL; int ret = 0; + pre_comp = EC_GROUP_get_extra_data(group, ec_pre_comp_dup, ec_pre_comp_free, ec_pre_comp_clear_free); + if (pre_comp == NULL) + if ((pre_comp = new_pre_comp = ec_pre_comp_new(group)) == NULL) + return 0; + +CRYPTO_push_info("ec_wNAF_precompute_mult"); + generator = EC_GROUP_get0_generator(group); if (generator == NULL) { ECerr(EC_F_EC_WNAF_PRECOMPUTE_MULT, EC_R_UNDEFINED_GENERATOR); - return 0; + goto err; } if (ctx == NULL) { ctx = new_ctx = BN_CTX_new(); if (ctx == NULL) - return 0; + goto err; } BN_CTX_start(ctx); order = BN_CTX_get(ctx); if (order == NULL) goto err; - if (!EC_GROUP_get_order(group, order, ctx)) return 0; + if (!EC_GROUP_get_order(group, order, ctx)) goto err; if (BN_is_zero(order)) { ECerr(EC_F_EC_WNAF_PRECOMPUTE_MULT, EC_R_UNKNOWN_ORDER); goto err; } - /* TODO */ + bits = BN_num_bits(order); + blocksize = 8; + w = 4; + if (EC_window_bits_for_scalar_size(bits) > w) + { + /* let's not make the window too small ... */ + w = EC_window_bits_for_scalar_size(bits); + } + + numblocks = (bits + blocksize - 1) / blocksize; /* max. number of blocks to use for wNAF splitting */ + + pre_points_per_block = 1u << (w - 1); + num = pre_points_per_block * numblocks; /* number of points to compute and store */ + + points = OPENSSL_malloc(sizeof (EC_POINT*)*(num + 1)); + if (!points) + { + ECerr(EC_F_EC_WNAF_PRECOMPUTE_MULT, ERR_R_MALLOC_FAILURE); + goto err; + } + + var = points; + var[num] = NULL; /* pivot */ + for (i = 0; i < num; i++) + { + if ((var[i] = EC_POINT_new(group)) == NULL) + { + ECerr(EC_F_EC_WNAF_PRECOMPUTE_MULT, ERR_R_MALLOC_FAILURE); + goto err; + } + } + + if (!(tmp_point = EC_POINT_new(group)) || !(base = EC_POINT_new(group))) + { + ECerr(EC_F_EC_WNAF_PRECOMPUTE_MULT, ERR_R_MALLOC_FAILURE); + goto err; + } + + if (!EC_POINT_copy(base, generator)) + goto err; + + /* do the precomputation */ + for (i = 0; i < numblocks; i++) + { + size_t j; + + if (!EC_POINT_dbl(group, tmp_point, base, ctx)) + goto err; + + if (!EC_POINT_copy(*var++, base)) + goto err; + + for (j = 1; j < pre_points_per_block; j++, var++) + { + /* calculate odd multiples of the current base point */ + if (!EC_POINT_add(group, *var, tmp_point, *(var - 1), ctx)) + goto err; + } + + if (i < numblocks - 1) + { + /* get the next base (multiply current one by 2^blocksize) */ + size_t k; + + if (blocksize <= 2) + { + ECerr(EC_F_EC_WNAF_PRECOMPUTE_MULT, ERR_R_INTERNAL_ERROR); + goto err; + } + + if (!EC_POINT_dbl(group, base, tmp_point, ctx)) + goto err; + for (k = 2; k < blocksize; k++) + { + if (!EC_POINT_dbl(group,base,base,ctx)) + goto err; + } + } + } + + if (!EC_POINTs_make_affine(group, num, points, ctx)) + goto err; + + pre_comp->group = group; + pre_comp->blocksize = blocksize; + pre_comp->numblocks = numblocks; + pre_comp->w = w; + if (pre_comp->points) + { + EC_POINT **p; + + for (p = pre_comp->points; *p != NULL; p++) + EC_POINT_free(*p); + OPENSSL_free(pre_comp->points); + } + pre_comp->points = points; + points = NULL; + pre_comp->num = num; + + if (new_pre_comp) + { + if (!EC_GROUP_set_extra_data(group, new_pre_comp, ec_pre_comp_dup, ec_pre_comp_free, ec_pre_comp_clear_free)) + goto err; + new_pre_comp = NULL; + } ret = 1; - err: + CRYPTO_pop_info(); + BN_CTX_end(ctx); if (new_ctx != NULL) BN_CTX_free(new_ctx); + if (new_pre_comp) + ec_pre_comp_free(new_pre_comp); + if (points) + { + EC_POINT **p; + + for (p = points; *p != NULL; p++) + EC_POINT_free(*p); + OPENSSL_free(points); + } + if (tmp_point) + EC_POINT_free(tmp_point); + if (base) + EC_POINT_free(base); return ret; } -/* Generic multiplicaiton precomputation method. - * If group->meth does not provide a multiplication method, default to ec_wNAF_mul and do its - * precomputation; otherwise use the group->meth's precomputation if it exists. - */ -int EC_GROUP_precompute_mult(EC_GROUP *group, BN_CTX *ctx) +int ec_wNAF_have_precompute_mult(const EC_GROUP *group) { - if (group->meth->mul == 0) - return ec_wNAF_precompute_mult(group, ctx); - else if (group->meth->precompute_mult != 0) - return group->meth->precompute_mult(group, ctx); - else + if (EC_GROUP_get_extra_data(group, ec_pre_comp_dup, ec_pre_comp_free, ec_pre_comp_clear_free) != NULL) return 1; + else + return 0; } diff --git a/crypto/ec/ecp_mont.c b/crypto/ec/ecp_mont.c index 36f8236864..b64fa68b56 100644 --- a/crypto/ec/ecp_mont.c +++ b/crypto/ec/ecp_mont.c @@ -93,13 +93,14 @@ const EC_METHOD *EC_GFp_mont_method(void) ec_GFp_simple_add, ec_GFp_simple_dbl, ec_GFp_simple_invert, - 0 /* mul */, - 0 /* precompute_mult */, ec_GFp_simple_is_at_infinity, ec_GFp_simple_is_on_curve, ec_GFp_simple_cmp, ec_GFp_simple_make_affine, ec_GFp_simple_points_make_affine, + 0 /* mul */, + 0 /* precompute_mult */, + 0 /* have_precompute_mult */, ec_GFp_mont_field_mul, ec_GFp_mont_field_sqr, 0 /* field_div */, diff --git a/crypto/ec/ecp_nist.c b/crypto/ec/ecp_nist.c index ba5d180e1d..c28b27530e 100644 --- a/crypto/ec/ecp_nist.c +++ b/crypto/ec/ecp_nist.c @@ -92,13 +92,14 @@ const EC_METHOD *EC_GFp_nist_method(void) ec_GFp_simple_add, ec_GFp_simple_dbl, ec_GFp_simple_invert, - 0 /* mul */, - 0 /* precompute_mult */, ec_GFp_simple_is_at_infinity, ec_GFp_simple_is_on_curve, ec_GFp_simple_cmp, ec_GFp_simple_make_affine, ec_GFp_simple_points_make_affine, + 0 /* mul */, + 0 /* precompute_mult */, + 0 /* have_precompute_mult */, ec_GFp_nist_field_mul, ec_GFp_nist_field_sqr, 0 /* field_div */, diff --git a/crypto/ec/ecp_recp.c b/crypto/ec/ecp_recp.c index bf456dbc47..e0b28c1cfa 100644 --- a/crypto/ec/ecp_recp.c +++ b/crypto/ec/ecp_recp.c @@ -91,13 +91,14 @@ const EC_METHOD *EC_GFp_recp_method(void) ec_GFp_simple_add, ec_GFp_simple_dbl, ec_GFp_simple_invert, - 0 /* mul */, - 0 /* precompute_mult */, ec_GFp_simple_is_at_infinity, ec_GFp_simple_is_on_curve, ec_GFp_simple_cmp, ec_GFp_simple_make_affine, ec_GFp_simple_points_make_affine, + 0 /* mul */, + 0 /* precompute_mult */, + 0 /* have_precompute_mult */, ec_GFp_recp_field_mul, ec_GFp_recp_field_sqr, 0 /* field_div */, diff --git a/crypto/ec/ecp_smpl.c b/crypto/ec/ecp_smpl.c index 267134af4b..1abe831a37 100644 --- a/crypto/ec/ecp_smpl.c +++ b/crypto/ec/ecp_smpl.c @@ -94,13 +94,14 @@ const EC_METHOD *EC_GFp_simple_method(void) ec_GFp_simple_add, ec_GFp_simple_dbl, ec_GFp_simple_invert, - 0 /* mul */, - 0 /* precompute_mult */, ec_GFp_simple_is_at_infinity, ec_GFp_simple_is_on_curve, ec_GFp_simple_cmp, ec_GFp_simple_make_affine, ec_GFp_simple_points_make_affine, + 0 /* mul */, + 0 /* precompute_mult */, + 0 /* have_precompute_mult */, ec_GFp_simple_field_mul, ec_GFp_simple_field_sqr, 0 /* field_div */, diff --git a/crypto/evp/Makefile.ssl b/crypto/evp/Makefile.ssl index f6fcb9a4f8..8fd8c718a4 100644 --- a/crypto/evp/Makefile.ssl +++ b/crypto/evp/Makefile.ssl @@ -141,13 +141,18 @@ bio_ok.o: ../../include/openssl/stack.h ../../include/openssl/symhacks.h bio_ok.o: ../cryptlib.h bio_ok.c c_all.o: ../../e_os.h ../../include/openssl/asn1.h ../../include/openssl/bio.h c_all.o: ../../include/openssl/bn.h ../../include/openssl/buffer.h -c_all.o: ../../include/openssl/crypto.h ../../include/openssl/e_os2.h +c_all.o: ../../include/openssl/crypto.h ../../include/openssl/dh.h +c_all.o: ../../include/openssl/dsa.h ../../include/openssl/e_os2.h +c_all.o: ../../include/openssl/ec.h ../../include/openssl/ecdh.h +c_all.o: ../../include/openssl/ecdsa.h ../../include/openssl/engine.h c_all.o: ../../include/openssl/err.h ../../include/openssl/evp.h c_all.o: ../../include/openssl/lhash.h ../../include/openssl/obj_mac.h c_all.o: ../../include/openssl/objects.h ../../include/openssl/opensslconf.h c_all.o: ../../include/openssl/opensslv.h ../../include/openssl/ossl_typ.h +c_all.o: ../../include/openssl/rand.h ../../include/openssl/rsa.h c_all.o: ../../include/openssl/safestack.h ../../include/openssl/stack.h -c_all.o: ../../include/openssl/symhacks.h ../cryptlib.h c_all.c +c_all.o: ../../include/openssl/symhacks.h ../../include/openssl/ui.h +c_all.o: ../cryptlib.h c_all.c c_allc.o: ../../e_os.h ../../include/openssl/asn1.h ../../include/openssl/bio.h c_allc.o: ../../include/openssl/bn.h ../../include/openssl/buffer.h c_allc.o: ../../include/openssl/crypto.h ../../include/openssl/dh.h diff --git a/util/mkerr.pl b/util/mkerr.pl index 4105047b21..f1178602ef 100644 --- a/util/mkerr.pl +++ b/util/mkerr.pl @@ -262,7 +262,7 @@ foreach $lib (keys %csrc) } else { push @out, "/* ====================================================================\n", -" * Copyright (c) 2001-2002 The OpenSSL Project. All rights reserved.\n", +" * Copyright (c) 2001-2003 The OpenSSL Project. All rights reserved.\n", " *\n", " * Redistribution and use in source and binary forms, with or without\n", " * modification, are permitted provided that the following conditions\n", @@ -404,7 +404,7 @@ EOF print OUT <<"EOF"; /* $cfile */ /* ==================================================================== - * Copyright (c) 1999-2002 The OpenSSL Project. All rights reserved. + * Copyright (c) 1999-2003 The OpenSSL Project. All rights reserved. * * Redistribution and use in source and binary forms, with or without * modification, are permitted provided that the following conditions From 27a9bf17c77bd528bab9457ff42df4650e2bf101 Mon Sep 17 00:00:00 2001 From: Richard Levitte Date: Thu, 6 Feb 2003 19:30:06 +0000 Subject: [PATCH 061/393] PKCS#1 has a new RFC, which we do implement --- doc/standards.txt | 9 +++++---- 1 file changed, 5 insertions(+), 4 deletions(-) diff --git a/doc/standards.txt b/doc/standards.txt index 44d263bd1a..edbe2f3a57 100644 --- a/doc/standards.txt +++ b/doc/standards.txt @@ -45,10 +45,6 @@ whole or at least great parts) in OpenSSL. 2315 PKCS 7: Cryptographic Message Syntax Version 1.5. B. Kaliski. March 1998. (Format: TXT=69679 bytes) (Status: INFORMATIONAL) -2437 PKCS #1: RSA Cryptography Specifications Version 2.0. B. Kaliski, - J. Staddon. October 1998. (Format: TXT=73529 bytes) (Obsoletes - RFC2313) (Status: INFORMATIONAL) - PKCS#8: Private-Key Information Syntax Standard PKCS#12: Personal Information Exchange Syntax Standard, version 1.0. @@ -87,6 +83,11 @@ PKCS#12: Personal Information Exchange Syntax Standard, version 1.0. Ford, D. Solo. April 2002. (Format: TXT=295556 bytes) (Obsoletes RFC2459) (Status: PROPOSED STANDARD) +3447 Public-Key Cryptography Standards (PKCS) #1: RSA Cryptography + Specifications Version 2.1. J. Jonsson, B. Kaliski. February 2003. + (Format: TXT=143173 bytes) (Obsoletes RFC2437) (Status: + INFORMATIONAL) + Related: -------- From 24893ca9990eaf8d341a8a91dd9a366d81520552 Mon Sep 17 00:00:00 2001 From: =?UTF-8?q?Bodo=20M=C3=B6ller?= Date: Thu, 6 Feb 2003 19:32:06 +0000 Subject: [PATCH 062/393] typo --- CHANGES | 4 ++-- crypto/ec/ec_lcl.h | 2 +- 2 files changed, 3 insertions(+), 3 deletions(-) diff --git a/CHANGES b/CHANGES index 36c6bd1765..f7ab583942 100644 --- a/CHANGES +++ b/CHANGES @@ -5,9 +5,9 @@ Changes between 0.9.7 and 0.9.8 [xx XXX xxxx] *) In crypto/ec/ec_mult.c, implement fast point multiplication with - precomputation, based one wNAF splitting: EC_GROUP_precompute_mult() + precomputation, based on wNAF splitting: EC_GROUP_precompute_mult() will now compute a table of multiples of the generator that - makes subsequent invocations of EC_POINTs_mul() or EC_POINT_mul + makes subsequent invocations of EC_POINTs_mul() or EC_POINT_mul() faster (notably in the case of a single point multiplication, scalar * generator). [Nils Larsch, Bodo Moeller] diff --git a/crypto/ec/ec_lcl.h b/crypto/ec/ec_lcl.h index 54b6a45f30..06e666983d 100644 --- a/crypto/ec/ec_lcl.h +++ b/crypto/ec/ec_lcl.h @@ -251,7 +251,7 @@ struct ec_point_st { /* method functions in ec_mult.c - * (ec_lib.c uses these as defaults if group->method->mul is 0 */ + * (ec_lib.c uses these as defaults if group->method->mul is 0) */ int ec_wNAF_mul(const EC_GROUP *group, EC_POINT *r, const BIGNUM *scalar, size_t num, const EC_POINT *points[], const BIGNUM *scalars[], BN_CTX *); int ec_wNAF_precompute_mult(EC_GROUP *group, BN_CTX *); From 82871eaa177142f6d420bf7fabf6502e5a13166f Mon Sep 17 00:00:00 2001 From: =?UTF-8?q?Bodo=20M=C3=B6ller?= Date: Fri, 7 Feb 2003 11:54:57 +0000 Subject: [PATCH 063/393] comment --- crypto/ec/ec_mult.c | 7 +++++++ 1 file changed, 7 insertions(+) diff --git a/crypto/ec/ec_mult.c b/crypto/ec/ec_mult.c index 42cd98181c..937004ac45 100644 --- a/crypto/ec/ec_mult.c +++ b/crypto/ec/ec_mult.c @@ -795,6 +795,13 @@ CRYPTO_push_info("ec_wNAF_precompute_mult"); } bits = BN_num_bits(order); + /* The following parameters mean we precompute (approximately) + * one point per bit. + * + * TBD: The combination 8, 4 is perfect for 160 bits; for other + * bit lengths, other parameter combinations might provide better + * efficiency. + */ blocksize = 8; w = 4; if (EC_window_bits_for_scalar_size(bits) > w) From 65b254e8c02a52be4fa3af47e62c19eb8dab4169 Mon Sep 17 00:00:00 2001 From: =?UTF-8?q?Bodo=20M=C3=B6ller?= Date: Sat, 8 Feb 2003 15:56:05 +0000 Subject: [PATCH 064/393] remove debugging leftovers --- crypto/ec/ec_mult.c | 4 ---- 1 file changed, 4 deletions(-) diff --git a/crypto/ec/ec_mult.c b/crypto/ec/ec_mult.c index 937004ac45..2ebb2af720 100644 --- a/crypto/ec/ec_mult.c +++ b/crypto/ec/ec_mult.c @@ -767,8 +767,6 @@ int ec_wNAF_precompute_mult(EC_GROUP *group, BN_CTX *ctx) if ((pre_comp = new_pre_comp = ec_pre_comp_new(group)) == NULL) return 0; -CRYPTO_push_info("ec_wNAF_precompute_mult"); - generator = EC_GROUP_get0_generator(group); if (generator == NULL) { @@ -909,8 +907,6 @@ CRYPTO_push_info("ec_wNAF_precompute_mult"); ret = 1; err: - CRYPTO_pop_info(); - BN_CTX_end(ctx); if (new_ctx != NULL) BN_CTX_free(new_ctx); From d42d2d1ab6a558769d84f31b6c7088192f311b62 Mon Sep 17 00:00:00 2001 From: =?UTF-8?q?Bodo=20M=C3=B6ller?= Date: Sat, 8 Feb 2003 19:49:16 +0000 Subject: [PATCH 065/393] avoid coredump Submitted by: Nils Larsch --- apps/speed.c | 2 +- 1 file changed, 1 insertion(+), 1 deletion(-) diff --git a/apps/speed.c b/apps/speed.c index d6f78fb5d4..df892c51fb 100644 --- a/apps/speed.c +++ b/apps/speed.c @@ -2051,7 +2051,7 @@ int MAIN(int argc, char **argv) } else { - ecdh_b[j]->group = ecdh_a[j]->group; + ecdh_b[j]->group = EC_GROUP_dup(ecdh_a[j]->group); /* generate two ECDH key pairs */ if (!EC_KEY_generate_key(ecdh_a[j]) || From e2c9c91b5b4b836fef2839c50eca4fe574242a7f Mon Sep 17 00:00:00 2001 From: =?UTF-8?q?Bodo=20M=C3=B6ller?= Date: Sat, 8 Feb 2003 19:51:37 +0000 Subject: [PATCH 066/393] fix EC_GROUP_copy for EC_GFp_nist_method() Submitted by: Nils Larsch --- crypto/ec/ec_lcl.h | 1 + crypto/ec/ecp_nist.c | 8 +++++++- 2 files changed, 8 insertions(+), 1 deletion(-) diff --git a/crypto/ec/ec_lcl.h b/crypto/ec/ec_lcl.h index 06e666983d..f4e9700bb8 100644 --- a/crypto/ec/ec_lcl.h +++ b/crypto/ec/ec_lcl.h @@ -322,6 +322,7 @@ int ec_GFp_recp_field_sqr(const EC_GROUP *, BIGNUM *r, const BIGNUM *a, BN_CTX * /* method functions in ecp_nist.c */ +int ec_GFp_nist_group_copy(EC_GROUP *dest, const EC_GROUP *src); int ec_GFp_nist_group_set_curve(EC_GROUP *, const BIGNUM *p, const BIGNUM *a, const BIGNUM *b, BN_CTX *); int ec_GFp_nist_field_mul(const EC_GROUP *, BIGNUM *r, const BIGNUM *a, const BIGNUM *b, BN_CTX *); int ec_GFp_nist_field_sqr(const EC_GROUP *, BIGNUM *r, const BIGNUM *a, BN_CTX *); diff --git a/crypto/ec/ecp_nist.c b/crypto/ec/ecp_nist.c index c28b27530e..d2dbfe6743 100644 --- a/crypto/ec/ecp_nist.c +++ b/crypto/ec/ecp_nist.c @@ -72,7 +72,7 @@ const EC_METHOD *EC_GFp_nist_method(void) ec_GFp_simple_group_init, ec_GFp_simple_group_finish, ec_GFp_simple_group_clear_finish, - ec_GFp_simple_group_copy, + ec_GFp_nist_group_copy, ec_GFp_nist_group_set_curve, ec_GFp_simple_group_get_curve, ec_GFp_simple_group_get_degree, @@ -114,6 +114,12 @@ const EC_METHOD *EC_GFp_nist_method(void) #define NO_32_BIT_TYPE #endif +int ec_GFp_nist_group_copy(EC_GROUP *dest, const EC_GROUP *src) + { + dest->field_mod_func = src->field_mod_func; + + return ec_GFp_simple_group_copy(dest, src); + } int ec_GFp_nist_group_set_curve(EC_GROUP *group, const BIGNUM *p, const BIGNUM *a, const BIGNUM *b, BN_CTX *ctx) From 28f573a28dcfba4da90605d17f614c8ecb2243fc Mon Sep 17 00:00:00 2001 From: Richard Levitte Date: Mon, 10 Feb 2003 11:14:35 +0000 Subject: [PATCH 067/393] Make sure memcpy() is properly declared by including string.h. --- crypto/ec/ec_mult.c | 2 ++ 1 file changed, 2 insertions(+) diff --git a/crypto/ec/ec_mult.c b/crypto/ec/ec_mult.c index 2ebb2af720..f4e5f90847 100644 --- a/crypto/ec/ec_mult.c +++ b/crypto/ec/ec_mult.c @@ -61,6 +61,8 @@ * and contributed to the OpenSSL project. */ +#include + #include #include "ec_lcl.h" From 33075f229ed85825ee3ec3bb5f231f1a692e7868 Mon Sep 17 00:00:00 2001 From: "Dr. Stephen Henson" Date: Mon, 10 Feb 2003 17:52:10 +0000 Subject: [PATCH 068/393] Typo. --- apps/pkcs12.c | 2 +- 1 file changed, 1 insertion(+), 1 deletion(-) diff --git a/apps/pkcs12.c b/apps/pkcs12.c index dd56a2b808..a00b438f96 100644 --- a/apps/pkcs12.c +++ b/apps/pkcs12.c @@ -558,7 +558,7 @@ int MAIN(int argc, char **argv) CRYPTO_push_info("creating PKCS#12 structure"); #endif - p12 = PKCS12_create(pass, name, key, ucert, certs, + p12 = PKCS12_create(cpass, name, key, ucert, certs, key_pbe, cert_pbe, iter, -1, keytype); if (!p12) From a8f5b2ed50f0aedc618d0364fa5b517b50216f48 Mon Sep 17 00:00:00 2001 From: "Dr. Stephen Henson" Date: Tue, 11 Feb 2003 14:06:27 +0000 Subject: [PATCH 069/393] GeneralString support in mini-ASN1 compiler --- crypto/asn1/asn1_gen.c | 2 ++ doc/crypto/ASN1_generate_nconf.pod | 2 +- 2 files changed, 3 insertions(+), 1 deletion(-) diff --git a/crypto/asn1/asn1_gen.c b/crypto/asn1/asn1_gen.c index 097b4b8ecf..3d9d2ce07b 100644 --- a/crypto/asn1/asn1_gen.c +++ b/crypto/asn1/asn1_gen.c @@ -578,6 +578,8 @@ static int asn1_str2tag(const char *tagstr, int len) ASN1_GEN_STR("T61", V_ASN1_T61STRING), ASN1_GEN_STR("T61STRING", V_ASN1_T61STRING), ASN1_GEN_STR("TELETEXSTRING", V_ASN1_T61STRING), + ASN1_GEN_STR("GeneralString", V_ASN1_GENERALSTRING), + ASN1_GEN_STR("GENSTR", V_ASN1_GENERALSTRING), /* Special cases */ ASN1_GEN_STR("SEQUENCE", V_ASN1_SEQUENCE), diff --git a/doc/crypto/ASN1_generate_nconf.pod b/doc/crypto/ASN1_generate_nconf.pod index b4c89377f6..ba6e3c2e81 100644 --- a/doc/crypto/ASN1_generate_nconf.pod +++ b/doc/crypto/ASN1_generate_nconf.pod @@ -97,7 +97,7 @@ bits is set to zero. =item B, B, B, B, B, B, B, B, B, B, B, B, B, -B, B +B, B, B These encode the corresponding string types. B represents the contents of this structure. The format can be B or B. From 8537943e8bb9e191f764f8e7f6c691cd41a8c8d2 Mon Sep 17 00:00:00 2001 From: =?UTF-8?q?Bodo=20M=C3=B6ller?= Date: Tue, 11 Feb 2003 16:42:30 +0000 Subject: [PATCH 070/393] first section is now "Changes between 0.9.7a and 0.9.8", not "... 0.9.7 and 0.9.8" --- CHANGES | 2 +- 1 file changed, 1 insertion(+), 1 deletion(-) diff --git a/CHANGES b/CHANGES index f7ab583942..d3765179a9 100644 --- a/CHANGES +++ b/CHANGES @@ -2,7 +2,7 @@ OpenSSL CHANGES _______________ - Changes between 0.9.7 and 0.9.8 [xx XXX xxxx] + Changes between 0.9.7a and 0.9.8 [xx XXX xxxx] *) In crypto/ec/ec_mult.c, implement fast point multiplication with precomputation, based on wNAF splitting: EC_GROUP_precompute_mult() From ea513641d05cfaa3f787de4ad19fdf9307869ad3 Mon Sep 17 00:00:00 2001 From: =?UTF-8?q?Bodo=20M=C3=B6ller?= Date: Wed, 12 Feb 2003 14:17:41 +0000 Subject: [PATCH 071/393] comments --- ssl/s3_enc.c | 4 +++- 1 file changed, 3 insertions(+), 1 deletion(-) diff --git a/ssl/s3_enc.c b/ssl/s3_enc.c index 35fde29c8a..559924d368 100644 --- a/ssl/s3_enc.c +++ b/ssl/s3_enc.c @@ -474,6 +474,7 @@ int ssl3_enc(SSL *s, int send) ssl3_send_alert(s,SSL3_AL_FATAL,SSL_AD_DECRYPTION_FAILED); return 0; } + /* otherwise, rec->length >= bs */ } EVP_Cipher(ds,rec->data,rec->input,l); @@ -482,7 +483,7 @@ int ssl3_enc(SSL *s, int send) { i=rec->data[l-1]+1; /* SSL 3.0 bounds the number of padding bytes by the block size; - * padding bytes (except that last) are arbitrary */ + * padding bytes (except the last one) are arbitrary */ if (i > bs) { /* Incorrect padding. SSLerr() and ssl3_alert are done @@ -491,6 +492,7 @@ int ssl3_enc(SSL *s, int send) * (see http://www.openssl.org/~bodo/tls-cbc.txt) */ return -1; } + /* now i <= bs <= rec->length */ rec->length-=i; } } From cf56663fb71ce279eb8ea603faf0a3c98cc7bc47 Mon Sep 17 00:00:00 2001 From: "Dr. Stephen Henson" Date: Wed, 12 Feb 2003 17:06:02 +0000 Subject: [PATCH 072/393] Option to disable SSL auto chain build --- CHANGES | 18 ++++++++++++++++++ ssl/s3_both.c | 17 ++++++++++++++--- ssl/ssl.h | 2 ++ 3 files changed, 34 insertions(+), 3 deletions(-) diff --git a/CHANGES b/CHANGES index d3765179a9..cde8cca58b 100644 --- a/CHANGES +++ b/CHANGES @@ -420,6 +420,24 @@ TODO: bug: pad x with leading zeros if necessary Changes between 0.9.7 and 0.9.7a [XX xxx 2003] + *) Allow an application to disable the automatic SSL chain building. + Before this a rather primitive chain build was always performed in + ssl3_output_cert_chain(): an application had no way to send the + correct chain if the automatic operation produced an incorrect result. + + Now the chain builder is disabled if either: + + 1. Extra certificates are added via SSL_CTX_add_extra_chain_cert(). + + 2. The mode flag SSL_MODE_NO_AUTO_CHAIN is set. + + The reasoning behind this is that an application would not want the + auto chain building to take place if extra chain certificates are + present and it might also want a means of sending no additional + certificates (for example the chain has two certificates and the + root is omitted). + [Steve Henson] + *) Add the possibility to build without the ENGINE framework. [Steven Reddie via Richard Levitte] diff --git a/ssl/s3_both.c b/ssl/s3_both.c index a17b87273a..94df0e5c6c 100644 --- a/ssl/s3_both.c +++ b/ssl/s3_both.c @@ -273,6 +273,13 @@ unsigned long ssl3_output_cert_chain(SSL *s, X509 *x) X509_STORE_CTX xs_ctx; X509_OBJECT obj; + int no_chain; + + if ((s->mode & SSL_MODE_NO_AUTO_CHAIN) || s->ctx->extra_certs) + no_chain = 1; + else + no_chain = 0; + /* TLSv1 sends a chain with nothing in it, instead of an alert */ buf=s->init_buf; if (!BUF_MEM_grow_clean(buf,10)) @@ -282,7 +289,7 @@ unsigned long ssl3_output_cert_chain(SSL *s, X509 *x) } if (x != NULL) { - if(!X509_STORE_CTX_init(&xs_ctx,s->ctx->cert_store,NULL,NULL)) + if(!no_chain && !X509_STORE_CTX_init(&xs_ctx,s->ctx->cert_store,NULL,NULL)) { SSLerr(SSL_F_SSL3_OUTPUT_CERT_CHAIN,ERR_R_X509_LIB); return(0); @@ -300,6 +307,10 @@ unsigned long ssl3_output_cert_chain(SSL *s, X509 *x) l2n3(n,p); i2d_X509(x,&p); l+=n+3; + + if (no_chain) + break; + if (X509_NAME_cmp(X509_get_subject_name(x), X509_get_issuer_name(x)) == 0) break; @@ -311,8 +322,8 @@ unsigned long ssl3_output_cert_chain(SSL *s, X509 *x) * ref count */ X509_free(x); } - - X509_STORE_CTX_cleanup(&xs_ctx); + if (!no_chain) + X509_STORE_CTX_cleanup(&xs_ctx); } /* Thawte special :-) */ diff --git a/ssl/ssl.h b/ssl/ssl.h index 466b8a7122..97b313fd87 100644 --- a/ssl/ssl.h +++ b/ssl/ssl.h @@ -529,6 +529,8 @@ typedef struct ssl_session_st /* Never bother the application with retries if the transport * is blocking: */ #define SSL_MODE_AUTO_RETRY 0x00000004L +/* Don't attempt to automatically build certificate chain */ +#define SSL_MODE_NO_AUTO_CHAIN 0x00000008L /* Note: SSL[_CTX]_set_{options,mode} use |= op on the previous value, From 9ec1d35f29c5d3c0c6a2461610c7db494a0d9aa9 Mon Sep 17 00:00:00 2001 From: Richard Levitte Date: Wed, 12 Feb 2003 17:20:39 +0000 Subject: [PATCH 073/393] Adjust DES_cbc_cksum() so the returned value is the same as MIT's mit_des_cbc_cksum(). The difference was first observed, then verified by looking at the MIT source. --- CHANGES | 6 ++++++ crypto/des/cbc_cksm.c | 9 +++++++++ 2 files changed, 15 insertions(+) diff --git a/CHANGES b/CHANGES index cde8cca58b..08c0124893 100644 --- a/CHANGES +++ b/CHANGES @@ -420,6 +420,12 @@ TODO: bug: pad x with leading zeros if necessary Changes between 0.9.7 and 0.9.7a [XX xxx 2003] + *) Adjust DES_cbc_cksum() so it returns the same value as the MIT + Kerberos function mit_des_cbc_cksum(). Before this change, + the value returned by DES_cbc_cksum() was like the one from + mit_des_cbc_cksum(), except the bytes were swapped. + [Kevin Greaney and Richard Levitte] + *) Allow an application to disable the automatic SSL chain building. Before this a rather primitive chain build was always performed in ssl3_output_cert_chain(): an application had no way to send the diff --git a/crypto/des/cbc_cksm.c b/crypto/des/cbc_cksm.c index 6c5305b99d..09a7ba56aa 100644 --- a/crypto/des/cbc_cksm.c +++ b/crypto/des/cbc_cksm.c @@ -93,5 +93,14 @@ DES_LONG DES_cbc_cksum(const unsigned char *in, DES_cblock *output, l2c(tout1,out); } tout0=tin0=tin1=tin[0]=tin[1]=0; + /* + Transform the data in tout1 so that it will + match the return value that the MIT Kerberos + mit_des_cbc_cksum API returns. + */ + tout1 = ((tout1 >> 24L) & 0x000000FF) + | ((tout1 >> 8L) & 0x0000FF00) + | ((tout1 << 8L) & 0x00FF0000) + | ((tout1 << 24L) & 0xFF000000); return(tout1); } From ba729265a819d4c36df730449aeb301927ca74f2 Mon Sep 17 00:00:00 2001 From: =?UTF-8?q?Bodo=20M=C3=B6ller?= Date: Wed, 12 Feb 2003 18:30:16 +0000 Subject: [PATCH 074/393] Allow EC_GROUP objects to share precomputation for improved memory efficiency (EC_PRE_COMP objects are now constant once completed). Extend 'extra_data' API to support arbitrarily many slots (although we need only one at the moment). Modify EC internal 'extra_data' API: EC_GROUP_[clear_]free_extra_data now frees only a single slot (the previous functions are available as EC_GROUP_[clear_]free_all_extra_data). Submitted by: Nils Larsch Reviewed by: Bodo Moeller --- crypto/ec/ec_lcl.h | 31 ++++--- crypto/ec/ec_lib.c | 191 +++++++++++++++++++++++++++++++------------- crypto/ec/ec_mult.c | 99 ++++++++--------------- 3 files changed, 187 insertions(+), 134 deletions(-) diff --git a/crypto/ec/ec_lcl.h b/crypto/ec/ec_lcl.h index f4e9700bb8..f59fe0e448 100644 --- a/crypto/ec/ec_lcl.h +++ b/crypto/ec/ec_lcl.h @@ -167,6 +167,13 @@ struct ec_method_st { int (*field_set_to_one)(const EC_GROUP *, BIGNUM *r, BN_CTX *); } /* EC_METHOD */; +typedef struct ec_extra_data_st { + struct ec_extra_data_st *next; + void *data; + void *(*dup_func)(void *); + void (*free_func)(void *); + void (*clear_free_func)(void *); +} EC_EXTRA_DATA; /* used in EC_GROUP */ struct ec_group_st { const EC_METHOD *meth; @@ -181,10 +188,7 @@ struct ec_group_st { unsigned char *seed; /* optional seed for parameters (appears in ASN1) */ size_t seed_len; - void *extra_data; - void *(*extra_data_dup_func)(void *); - void (*extra_data_free_func)(void *); - void (*extra_data_clear_free_func)(void *); + EC_EXTRA_DATA *extra_data; /* linked list */ /* The following members are handled by the method functions, * even if they appear generic */ @@ -224,14 +228,17 @@ struct ec_group_st { * (with visibility limited to 'package' level for now). * We use the function pointers as index for retrieval; this obviates * global ex_data-style index tables. - * (Currently, we have one slot only, but is is possible to extend this - * if necessary.) */ -int EC_GROUP_set_extra_data(EC_GROUP *, void *extra_data, void *(*extra_data_dup_func)(void *), - void (*extra_data_free_func)(void *), void (*extra_data_clear_free_func)(void *)); -void *EC_GROUP_get_extra_data(const EC_GROUP *, void *(*extra_data_dup_func)(void *), - void (*extra_data_free_func)(void *), void (*extra_data_clear_free_func)(void *)); -void EC_GROUP_free_extra_data(EC_GROUP *); -void EC_GROUP_clear_free_extra_data(EC_GROUP *); + */ +int EC_GROUP_set_extra_data(EC_GROUP *, void *data, + void *(*dup_func)(void *), void (*free_func)(void *), void (*clear_free_func)(void *)); +void *EC_GROUP_get_extra_data(const EC_GROUP *, + void *(*dup_func)(void *), void (*free_func)(void *), void (*clear_free_func)(void *)); +void EC_GROUP_free_extra_data(EC_GROUP*, + void *(*dup_func)(void *), void (*free_func)(void *), void (*clear_free_func)(void *)); +void EC_GROUP_clear_free_extra_data(EC_GROUP*, + void *(*dup_func)(void *), void (*free_func)(void *), void (*clear_free_func)(void *)); +void EC_GROUP_free_all_extra_data(EC_GROUP *); +void EC_GROUP_clear_free_all_extra_data(EC_GROUP *); diff --git a/crypto/ec/ec_lib.c b/crypto/ec/ec_lib.c index 5e3fb5c20b..c00875cd73 100644 --- a/crypto/ec/ec_lib.c +++ b/crypto/ec/ec_lib.c @@ -98,9 +98,6 @@ EC_GROUP *EC_GROUP_new(const EC_METHOD *meth) ret->meth = meth; ret->extra_data = NULL; - ret->extra_data_dup_func = 0; - ret->extra_data_free_func = 0; - ret->extra_data_clear_free_func = 0; ret->generator = NULL; BN_init(&ret->order); @@ -130,7 +127,7 @@ void EC_GROUP_free(EC_GROUP *group) if (group->meth->group_finish != 0) group->meth->group_finish(group); - EC_GROUP_free_extra_data(group); + EC_GROUP_free_all_extra_data(group); if (group->generator != NULL) EC_POINT_free(group->generator); @@ -153,7 +150,7 @@ void EC_GROUP_clear_free(EC_GROUP *group) else if (group->meth != NULL && group->meth->group_finish != 0) group->meth->group_finish(group); - EC_GROUP_clear_free_extra_data(group); + EC_GROUP_clear_free_all_extra_data(group); if (group->generator != NULL) EC_POINT_clear_free(group->generator); @@ -173,6 +170,8 @@ void EC_GROUP_clear_free(EC_GROUP *group) int EC_GROUP_copy(EC_GROUP *dest, const EC_GROUP *src) { + EC_EXTRA_DATA *d; + if (dest->meth->group_copy == 0) { ECerr(EC_F_EC_GROUP_COPY, ERR_R_SHOULD_NOT_HAVE_BEEN_CALLED); @@ -186,19 +185,16 @@ int EC_GROUP_copy(EC_GROUP *dest, const EC_GROUP *src) if (dest == src) return 1; - EC_GROUP_clear_free_extra_data(dest); - if (src->extra_data_dup_func) - { - if (src->extra_data != NULL) - { - dest->extra_data = src->extra_data_dup_func(src->extra_data); - if (dest->extra_data == NULL) - return 0; - } + EC_GROUP_free_all_extra_data(dest); - dest->extra_data_dup_func = src->extra_data_dup_func; - dest->extra_data_free_func = src->extra_data_free_func; - dest->extra_data_clear_free_func = src->extra_data_clear_free_func; + for (d = src->extra_data; d != NULL; d = d->next) + { + void *t = d->dup_func(d->data); + + if (t == NULL) + return 0; + if (!EC_GROUP_set_extra_data(dest, t, d->dup_func, d->free_func, d->clear_free_func)) + return 0; } if (src->generator != NULL) @@ -475,67 +471,148 @@ int EC_GROUP_check_discriminant(const EC_GROUP *group, BN_CTX *ctx) /* this has 'package' visibility */ -int EC_GROUP_set_extra_data(EC_GROUP *group, void *extra_data, void *(*extra_data_dup_func)(void *), - void (*extra_data_free_func)(void *), void (*extra_data_clear_free_func)(void *)) +int EC_GROUP_set_extra_data(EC_GROUP *group, void *data, + void *(*dup_func)(void *), void (*free_func)(void *), void (*clear_free_func)(void *)) { - if ((group->extra_data != NULL) - || (group->extra_data_dup_func != 0) - || (group->extra_data_free_func != 0) - || (group->extra_data_clear_free_func != 0)) - { - ECerr(EC_F_EC_GROUP_SET_EXTRA_DATA, EC_R_SLOT_FULL); + EC_EXTRA_DATA *d; + + if (group == NULL) return 0; + + for (d = group->extra_data; d != NULL; d = d->next) + { + if (d->dup_func == dup_func && d->free_func == free_func && d->clear_free_func == clear_free_func) + { + ECerr(EC_F_EC_GROUP_SET_EXTRA_DATA, EC_R_SLOT_FULL); + return 0; + } } - group->extra_data = extra_data; - group->extra_data_dup_func = extra_data_dup_func; - group->extra_data_free_func = extra_data_free_func; - group->extra_data_clear_free_func = extra_data_clear_free_func; + if (data == NULL) + /* no explicit entry needed */ + return 1; + + d = OPENSSL_malloc(sizeof *d); + if (d == NULL) + return 0; + + d->data = data; + d->dup_func = dup_func; + d->free_func = free_func; + d->clear_free_func = clear_free_func; + + d->next = group->extra_data; + group->extra_data = d; + return 1; } - /* this has 'package' visibility */ -void *EC_GROUP_get_extra_data(const EC_GROUP *group, void *(*extra_data_dup_func)(void *), - void (*extra_data_free_func)(void *), void (*extra_data_clear_free_func)(void *)) +void *EC_GROUP_get_extra_data(const EC_GROUP *group, + void *(*dup_func)(void *), void (*free_func)(void *), void (*clear_free_func)(void *)) { - if ((group->extra_data_dup_func != extra_data_dup_func) - || (group->extra_data_free_func != extra_data_free_func) - || (group->extra_data_clear_free_func != extra_data_clear_free_func)) - { -#if 0 /* this was an error in 0.9.7, but that does not make a lot of sense */ - ECerr(EC_F_EC_GROUP_GET_EXTRA_DATA, EC_R_NO_SUCH_EXTRA_DATA); -#endif + EC_EXTRA_DATA *d; + + if (group == NULL) return NULL; + + for (d = group->extra_data; d != NULL; d = d->next) + { + if (d->dup_func == dup_func && d->free_func == free_func && d->clear_free_func == clear_free_func) + return d->data; } - - return group->extra_data; + + return NULL; } - /* this has 'package' visibility */ -void EC_GROUP_free_extra_data(EC_GROUP *group) +void EC_GROUP_free_extra_data(EC_GROUP *group, + void *(*dup_func)(void *), void (*free_func)(void *), void (*clear_free_func)(void *)) { - if (group->extra_data_free_func) - group->extra_data_free_func(group->extra_data); - group->extra_data = NULL; - group->extra_data_dup_func = 0; - group->extra_data_free_func = 0; - group->extra_data_clear_free_func = 0; + EC_EXTRA_DATA **p; + + if (group == NULL) + return; + + for (p = &group->extra_data; *p != NULL; p = &((*p)->next)) + { + if ((*p)->dup_func == dup_func && (*p)->free_func == free_func && (*p)->clear_free_func == clear_free_func) + { + EC_EXTRA_DATA *next = (*p)->next; + + (*p)->free_func((*p)->data); + OPENSSL_free(*p); + + *p = next; + return; + } + } } +/* this has 'package' visibility */ +void EC_GROUP_clear_free_extra_data(EC_GROUP *group, + void *(*dup_func)(void *), void (*free_func)(void *), void (*clear_free_func)(void *)) + { + EC_EXTRA_DATA **p; + + if (group == NULL) + return; + + for (p = &group->extra_data; *p != NULL; p = &((*p)->next)) + { + if ((*p)->dup_func == dup_func && (*p)->free_func == free_func && (*p)->clear_free_func == clear_free_func) + { + EC_EXTRA_DATA *next = (*p)->next; + + (*p)->clear_free_func((*p)->data); + OPENSSL_free(*p); + + *p = next; + return; + } + } + } /* this has 'package' visibility */ -void EC_GROUP_clear_free_extra_data(EC_GROUP *group) +void EC_GROUP_free_all_extra_data(EC_GROUP *group) { - if (group->extra_data_clear_free_func) - group->extra_data_clear_free_func(group->extra_data); - else if (group->extra_data_free_func) - group->extra_data_free_func(group->extra_data); + EC_EXTRA_DATA *d; + + if (group == NULL) + return; + + d = group->extra_data; + while (d) + { + EC_EXTRA_DATA *next = d->next; + + d->free_func(d->data); + OPENSSL_free(d); + + d = next; + } + group->extra_data = NULL; + } + +/* this has 'package' visibility */ +void EC_GROUP_clear_free_all_extra_data(EC_GROUP *group) + { + EC_EXTRA_DATA *d; + + if (group == NULL) + return; + + d = group->extra_data; + while (d) + { + EC_EXTRA_DATA *next = d->next; + + d->clear_free_func(d->data); + OPENSSL_free(d); + + d = next; + } group->extra_data = NULL; - group->extra_data_dup_func = 0; - group->extra_data_free_func = 0; - group->extra_data_clear_free_func = 0; } diff --git a/crypto/ec/ec_mult.c b/crypto/ec/ec_mult.c index f4e5f90847..c71a69ac0d 100644 --- a/crypto/ec/ec_mult.c +++ b/crypto/ec/ec_mult.c @@ -87,6 +87,7 @@ typedef struct ec_pre_comp_st { EC_POINT **points; /* array with pre-calculated multiples of generator: * 'num' pointers to EC_POINT objects followed by a NULL */ size_t num; /* numblocks * 2^(w-1) */ + int references; } EC_PRE_COMP; /* functions to manage EC_PRE_COMP within the EC_GROUP extra_data framework */ @@ -110,68 +111,39 @@ static EC_PRE_COMP *ec_pre_comp_new(const EC_GROUP *group) ret->w = 4; /* default */ ret->points = NULL; ret->num = 0; + ret->references = 1; return ret; } static void *ec_pre_comp_dup(void *src_) { - const EC_PRE_COMP *src = src_; - EC_PRE_COMP *ret = NULL; + EC_PRE_COMP *src = src_; - ret = ec_pre_comp_new(src->group); - if (!ret) - return ret; - ret->blocksize = src->blocksize; - ret->numblocks = src->numblocks; - ret->w = src->w; - ret->num = 0; + /* no need to actually copy, these objects never change! */ - if (src->points) - { - EC_POINT **src_var, **dest_var; + CRYPTO_add(&src->references, 1, CRYPTO_LOCK_EC_PRE_COMP); - ret->points = (EC_POINT **)OPENSSL_malloc((src->num + 1) * sizeof(EC_POINT *)); - if (!ret->points) - { - ec_pre_comp_free(ret); - return NULL; - } - - for (dest_var = ret->points, src_var = src->points; *src_var != NULL; src_var++, dest_var++) - { - *dest_var = EC_POINT_dup(*src_var, src->group); - if (*dest_var == NULL) - { - ec_pre_comp_free(ret); - return NULL; - } - ret->num++; - } - - ret->points[ret->num] = NULL; - if (ret->num != src->num) - { - ec_pre_comp_free(ret); - ECerr(EC_F_EC_PRE_COMP_DUP, ERR_R_INTERNAL_ERROR); - return NULL; - } - } - - return ret; + return src_; } static void ec_pre_comp_free(void *pre_) { + int i; EC_PRE_COMP *pre = pre_; if (!pre) return; + + i = CRYPTO_add(&pre->references, -1, CRYPTO_LOCK_EC_PRE_COMP); + if (i > 0) + return; + if (pre->points) { - EC_POINT **var; + EC_POINT **p; - for (var = pre->points; *var != NULL; var++) - EC_POINT_free(*var); + for (p = pre->points; *p != NULL; p++) + EC_POINT_free(*p); OPENSSL_free(pre->points); } OPENSSL_free(pre); @@ -179,10 +151,16 @@ static void ec_pre_comp_free(void *pre_) static void ec_pre_comp_clear_free(void *pre_) { + int i; EC_PRE_COMP *pre = pre_; if (!pre) return; + + i = CRYPTO_add(&pre->references, -1, CRYPTO_LOCK_EC_PRE_COMP); + if (i > 0) + return; + if (pre->points) { EC_POINT **p; @@ -363,7 +341,7 @@ int ec_wNAF_mul(const EC_GROUP *group, EC_POINT *r, const BIGNUM *scalar, EC_POINT **val = NULL; /* precomputation */ EC_POINT **v; EC_POINT ***val_sub = NULL; /* pointers to sub-arrays of 'val' or 'pre_comp->points' */ - EC_PRE_COMP *pre_comp = NULL; + const EC_PRE_COMP *pre_comp = NULL; int num_scalar = 0; /* flag: will be set to 1 if 'scalar' must be treated like other scalars, * i.e. precomputation is not available */ int ret = 0; @@ -761,13 +739,14 @@ int ec_wNAF_precompute_mult(EC_GROUP *group, BN_CTX *ctx) BIGNUM *order; size_t i, bits, w, pre_points_per_block, blocksize, numblocks, num; EC_POINT **points = NULL; - EC_PRE_COMP *pre_comp, *new_pre_comp = NULL; + EC_PRE_COMP *pre_comp; int ret = 0; - pre_comp = EC_GROUP_get_extra_data(group, ec_pre_comp_dup, ec_pre_comp_free, ec_pre_comp_clear_free); - if (pre_comp == NULL) - if ((pre_comp = new_pre_comp = ec_pre_comp_new(group)) == NULL) - return 0; + /* if there is an old EC_PRE_COMP object, throw it away */ + EC_GROUP_free_extra_data(group, ec_pre_comp_dup, ec_pre_comp_free, ec_pre_comp_clear_free); + + if ((pre_comp = ec_pre_comp_new(group)) == NULL) + return 0; generator = EC_GROUP_get0_generator(group); if (generator == NULL) @@ -888,32 +867,22 @@ int ec_wNAF_precompute_mult(EC_GROUP *group, BN_CTX *ctx) pre_comp->blocksize = blocksize; pre_comp->numblocks = numblocks; pre_comp->w = w; - if (pre_comp->points) - { - EC_POINT **p; - - for (p = pre_comp->points; *p != NULL; p++) - EC_POINT_free(*p); - OPENSSL_free(pre_comp->points); - } pre_comp->points = points; points = NULL; pre_comp->num = num; - if (new_pre_comp) - { - if (!EC_GROUP_set_extra_data(group, new_pre_comp, ec_pre_comp_dup, ec_pre_comp_free, ec_pre_comp_clear_free)) - goto err; - new_pre_comp = NULL; - } + if (!EC_GROUP_set_extra_data(group, pre_comp, + ec_pre_comp_dup, ec_pre_comp_free, ec_pre_comp_clear_free)) + goto err; + pre_comp = NULL; ret = 1; err: BN_CTX_end(ctx); if (new_ctx != NULL) BN_CTX_free(new_ctx); - if (new_pre_comp) - ec_pre_comp_free(new_pre_comp); + if (pre_comp) + ec_pre_comp_free(pre_comp); if (points) { EC_POINT **p; From abd22c9c46e089cda5023b6dc6f872723d95fd24 Mon Sep 17 00:00:00 2001 From: =?UTF-8?q?Bodo=20M=C3=B6ller?= Date: Wed, 12 Feb 2003 22:01:12 +0000 Subject: [PATCH 075/393] new lock for EC_PRE_COMP structures Submitted by: Nils Larsch --- crypto/cryptlib.c | 5 +++-- crypto/crypto.h | 5 +++-- 2 files changed, 6 insertions(+), 4 deletions(-) diff --git a/crypto/cryptlib.c b/crypto/cryptlib.c index fb3e93fe27..bc023e3f44 100644 --- a/crypto/cryptlib.c +++ b/crypto/cryptlib.c @@ -1,6 +1,6 @@ /* crypto/cryptlib.c */ /* ==================================================================== - * Copyright (c) 1998-2002 The OpenSSL Project. All rights reserved. + * Copyright (c) 1998-2003 The OpenSSL Project. All rights reserved. * * Redistribution and use in source and binary forms, with or without * modification, are permitted provided that the following conditions @@ -166,7 +166,8 @@ static const char* lock_names[CRYPTO_NUM_LOCKS] = "ec", "ecdh", "bn", -#if CRYPTO_NUM_LOCKS != 36 + "ec_pre_comp", +#if CRYPTO_NUM_LOCKS != 37 # error "Inconsistency between crypto.h and cryptlib.c" #endif }; diff --git a/crypto/crypto.h b/crypto/crypto.h index a7491fde13..fa799a7623 100644 --- a/crypto/crypto.h +++ b/crypto/crypto.h @@ -1,6 +1,6 @@ /* crypto/crypto.h */ /* ==================================================================== - * Copyright (c) 1998-2002 The OpenSSL Project. All rights reserved. + * Copyright (c) 1998-2003 The OpenSSL Project. All rights reserved. * * Redistribution and use in source and binary forms, with or without * modification, are permitted provided that the following conditions @@ -189,7 +189,8 @@ extern "C" { #define CRYPTO_LOCK_EC 33 #define CRYPTO_LOCK_ECDH 34 #define CRYPTO_LOCK_BN 35 -#define CRYPTO_NUM_LOCKS 36 +#define CRYPTO_LOCK_EC_PRE_COMP 36 +#define CRYPTO_NUM_LOCKS 37 #define CRYPTO_LOCK 1 #define CRYPTO_UNLOCK 2 From e4b52ac3530849a48aae3b18b9781019cb16826b Mon Sep 17 00:00:00 2001 From: Richard Levitte Date: Thu, 13 Feb 2003 08:53:40 +0000 Subject: [PATCH 076/393] Oh, the destest program did look at the return value... --- crypto/des/destest.c | 4 ++++ 1 file changed, 4 insertions(+) diff --git a/crypto/des/destest.c b/crypto/des/destest.c index 7799e6e4bf..687c00c792 100644 --- a/crypto/des/destest.c +++ b/crypto/des/destest.c @@ -320,7 +320,11 @@ static unsigned char ofb_cipher[24]= 0x3d,0x6d,0x5b,0xe3,0x25,0x5a,0xf8,0xc3 }; +#if 0 static DES_LONG cbc_cksum_ret=0xB462FEF7L; +#else +static DES_LONG cbc_cksum_ret=0xF7FE62B4L; +#endif static unsigned char cbc_cksum_data[8]={0x1D,0x26,0x93,0x97,0xf7,0xfe,0x62,0xb4}; static char *pt(unsigned char *p); From 4989f0599f408aeed89bf559c58d60d951823713 Mon Sep 17 00:00:00 2001 From: Richard Levitte Date: Thu, 13 Feb 2003 13:21:13 +0000 Subject: [PATCH 077/393] Another long name to deal with --- crypto/symhacks.h | 2 ++ 1 file changed, 2 insertions(+) diff --git a/crypto/symhacks.h b/crypto/symhacks.h index c225602064..a40e4fa468 100644 --- a/crypto/symhacks.h +++ b/crypto/symhacks.h @@ -199,6 +199,8 @@ #define EC_GROUP_set_point_conversion_form EC_GROUP_set_point_conv_form #undef EC_GROUP_get_point_conversion_form #define EC_GROUP_get_point_conversion_form EC_GROUP_get_point_conv_form +#undef EC_GROUP_clear_free_all_extra_data +#define EC_GROUP_clear_free_all_extra_data EC_GROUP_clr_free_all_xtra_data #undef EC_POINT_set_Jprojective_coordinates_GFp #define EC_POINT_set_Jprojective_coordinates_GFp \ EC_POINT_set_Jproj_coords_GFp From 2d3de726c5cc64d419dcdebf427b0cb58c608b36 Mon Sep 17 00:00:00 2001 From: Richard Levitte Date: Thu, 13 Feb 2003 23:52:54 +0000 Subject: [PATCH 078/393] Add full support for -rpath/-R, both in shared libraries and applications, at least on the platforms where it's known how to do it. Note: this has only been tested on GNU-based platforms (Linux), and needs to be tested on all others. Additionally, it's not yet supported on the following platforms, for lack of information: Darwin (MacOS X) Cygwin OSF1/Alpha SVR3 ReliantUNIX Please help out with testing and the platforms we don't yet know well enough. --- CHANGES | 5 + Makefile.org | 1 + Makefile.shared | 201 +++++++++++++++++++++----- apps/Makefile.ssl | 22 ++- test/Makefile.ssl | 351 ++++++++++++++++++++++++++++++++++------------ 5 files changed, 453 insertions(+), 127 deletions(-) diff --git a/CHANGES b/CHANGES index 08c0124893..4439a673a9 100644 --- a/CHANGES +++ b/CHANGES @@ -4,6 +4,11 @@ Changes between 0.9.7a and 0.9.8 [xx XXX xxxx] + *) Add full support for -rpath/-R, both in shared libraries and + applications, at least on the platforms where it's known how + to do it. + [Richard Levitte] + *) In crypto/ec/ec_mult.c, implement fast point multiplication with precomputation, based on wNAF splitting: EC_GROUP_precompute_mult() will now compute a table of multiples of the generator that diff --git a/Makefile.org b/Makefile.org index 3568efc314..847bcebad1 100644 --- a/Makefile.org +++ b/Makefile.org @@ -286,6 +286,7 @@ do_$(SHLIB_TARGET): LIBNAME=$$i LIBVERSION=${SHLIB_MAJOR}.${SHLIB_MINOR} \ LIBCOMPATVERSIONS=";${SHLIB_VERSION_HISTORY}" \ LIBDEPS="$$libs $(EX_LIBS)" \ + LIBRPATH="$(INSTALLTOP)/lib" \ link_a.$(SHLIB_TARGET); \ libs="$$libs -l$$i"; \ done diff --git a/Makefile.shared b/Makefile.shared index a3acc9877a..9178b829a2 100644 --- a/Makefile.shared +++ b/Makefile.shared @@ -7,19 +7,32 @@ # CC contains the current compiler. This one MUST be defined CC=cc -# LDFLAGS contains flags to be used when the temporary object file is -# created. SHARED_LDFLAGS contains flags to be used when the shared -# library is created. +# LDFLAGS contains flags to be used when temporary object files (when building +# shared libraries) are created, or when an application is linked. +# SHARED_LDFLAGS contains flags to be used when the shared library is created. LDFLAGS= SHARED_LDFLAGS= -# LIBNAME contains just the name of thhe library, without prefix ("lib" +# LIBNAME contains just the name of the library, without prefix ("lib" # on Unix, "cyg" for certain forms under Cygwin...) or suffix (.a, .so, -# .dll, ...). This one MUST have a value when using this makefile. +# .dll, ...). This one MUST have a value when using this makefile to +# build shared libraries. # For example, to build libfoo.so, you need to do the following: #LIBNAME=foo LIBNAME= +# APPNAME contains just the name of the application, without suffix ("" +# on Unix, ".exe" on Windows, ...). This one MUST have a value when using +# this makefile to build applications. +# For example, to build foo, you need to do the following: +#APPNAME=foo +APPNAME= + +# OBJECTS contains all the object files to link together into the application. +# This must contain at least one object file. +#OBJECTS=foo.o +OBJECTS= + # LIBEXTRAS contains extra modules to link together with the library. # For example, if a second library, say libbar.a needs to be linked into # libfoo.so, you need to do the following: @@ -73,8 +86,12 @@ CALC_VERSIONS= \ done; \ fi +LINK_APP= \ + ( $(DEBUG); \ + $$LDCMD $(LDFLAGS) $$LDFLAGS -o $$APPNAME $(OBJECTS) $$LIBDEPS ) + LINK_SO= \ - ( $(DEBUG); \ + ( $(DEBUG); \ nm -Pg $$SHOBJECTS | grep ' [BDT] ' | cut -f1 -d' ' > lib$(LIBNAME).exp; \ $$SHAREDCMD $(SHARED_LDFLAGS) $$SHAREDFLAGS -o $$SHLIB$$SHLIB_SOVER$$SHLIB_SUFFIX \ $$ALLSYMSFLAGS $$SHOBJECTS $$NOALLSYMSFLAGS $$LIBDEPS ) && \ @@ -111,19 +128,25 @@ LINK_SO_A_UNPACKED= \ DETECT_GNU_LD=(${CC} -Wl,-V /dev/null 2>&1 | grep '^GNU ld' )>/dev/null -DO_GNU=$(CALC_VERSIONS); \ +DO_GNU_SO=$(CALC_VERSIONS); \ SHLIB=lib$(LIBNAME).so; \ SHLIB_SUFFIX=; \ LIBDEPS="$(LIBDEPS) -lc"; \ ALLSYMSFLAGS='-Wl,--whole-archive'; \ NOALLSYMSFLAGS='-Wl,--no-whole-archive'; \ - SHAREDFLAGS="-shared -Wl,-Bsymbolic -Wl,-soname=$$SHLIB$$SHLIB_SOVER$$SHLIB_SUFFIX"; \ + SHAREDFLAGS="-shared -Wl,-Bsymbolic -Wl,-soname=$$SHLIB$$SHLIB_SOVER$$SHLIB_SUFFIX -Wl,-rpath,$(LIBRPATH)"; \ SHAREDCMD='$(CC)' +DO_GNU_APP=LDCMD=$(CC);\ + LDFLAGS="-Wl,-rpath,$(LIBRPATH)"; \ + LIBDEPS="$(LIBDEPS) -lc"; \ + APPNAME=$(APPNAME) link_o.gnu: - @ $(DO_GNU); $(LINK_SO_O) + @ $(DO_GNU_SO); $(LINK_SO_O) link_a.gnu: - @ $(DO_GNU); $(LINK_SO_A) + @ $(DO_GNU_SO); $(LINK_SO_A) +link_app.gnu: + @ $(DO_GNU_APP); $(LINK_APP) # For Darwin AKA Mac OS/X (dyld) link_o.darwin: @@ -158,6 +181,12 @@ link_a.darwin: SHAREDFLAGS="$$SHAREDFLAGS -compatibility_version $$SHLIB_SOVER_NODOT"; \ fi; \ $(LINK_SO_A) +link_app.darwin: + LDCMD=$(CC);\ + LDFLAGS=""; \ + LIBDEPS="$(LIBDEPS) -lc"; \ + APPNAME="$(APPNAME)"; \ + $(LINK_APP) link_o.cygwin: @ $(CALC_VERSIONS); \ @@ -183,10 +212,16 @@ link_a.cygwin: SHAREDFLAGS="-shared -Wl,-Bsymbolic -Wl,--out-implib,lib$(LIBNAME).dll.a"; \ SHAREDCMD='${CC}'; \ $(LINK_SO_A) +link_app.cygwin: + LDCMD=$(CC);\ + LDFLAGS=""; \ + LIBDEPS="$(LIBDEPS) -lc"; \ + APPNAME="$(APPNAME).exe" + $(LINK_APP) link_o.alpha-osf1: @ if ${DETECT_GNU_LD}; then \ - $(DO_GNU); \ + $(DO_GNU_SO); \ else \ SHLIB=lib$(LIBNAME).so; \ SHLIB_SUFFIX=; \ @@ -209,7 +244,7 @@ link_o.alpha-osf1: $(LINK_SO_O) link_a.alpha-osf1: @ if ${DETECT_GNU_LD}; then \ - $(DO_GNU); \ + $(DO_GNU_SO); \ else \ SHLIB=lib$(LIBNAME).so; \ SHLIB_SUFFIX=; \ @@ -230,12 +265,22 @@ link_a.alpha-osf1: fi; \ fi; \ $(LINK_SO_A) +link_app.alpha-osf1: + @ if ${DETECT_GNU_LD}; then \ + $(DO_GNU_APP); \ + else \ + LDCMD=$(CC);\ + LDFLAGS=""; \ + LIBDEPS="$(LIBDEPS) -lc"; \ + APPNAME="$(APPNAME)" + fi; \ + $(LINK_APP) # The difference between alpha-osf1-shared and tru64-shared is the `-msym' # option passed to the linker. link_o.tru64: @ if ${DETECT_GNU_LD}; then \ - $(DO_GNU); \ + $(DO_GNU_SO); \ else \ SHLIB=lib$(LIBNAME).so; \ SHLIB_SUFFIX=; \ @@ -249,7 +294,7 @@ link_o.tru64: SHLIB_SOVER=; \ ALLSYMSFLAGS='-all'; \ NOALLSYMSFLAGS='-none'; \ - SHAREDFLAGS="-shared -msym"; \ + SHAREDFLAGS="-shared -msym -rpath $(LIBRPATH)"; \ SHAREDCMD='$(CC)'; \ if [ -n "$$SHLIB_HIST" ]; then \ SHAREDFLAGS="$$SHAREDFLAGS -set_version \"$$SHLIB_HIST\""; \ @@ -258,7 +303,7 @@ link_o.tru64: $(LINK_SO_O) link_a.tru64: @ if ${DETECT_GNU_LD}; then \ - $(DO_GNU); \ + $(DO_GNU_SO); \ else \ SHLIB=lib$(LIBNAME).so; \ SHLIB_SUFFIX=; \ @@ -272,19 +317,29 @@ link_a.tru64: SHLIB_SOVER=; \ ALLSYMSFLAGS='-all'; \ NOALLSYMSFLAGS='-none'; \ - SHAREDFLAGS="-shared -msym"; \ + SHAREDFLAGS="-shared -msym -rpath $(LIBRPATH)"; \ SHAREDCMD='$(CC)'; \ if [ -n "$$SHLIB_HIST" ]; then \ SHAREDFLAGS="$$SHAREDFLAGS -set_version \"$$SHLIB_HIST\""; \ fi; \ fi; \ $(LINK_SO_A) +link_app.tru64: + @ if ${DETECT_GNU_LD}; then \ + $(DO_GNU_APP); \ + else \ + LDCMD=$(CC);\ + LDFLAGS="-rpath $(LIBRPATH)"; \ + LIBDEPS="$(LIBDEPS) -lc"; \ + APPNAME="$(APPNAME)"; \ + fi; \ + $(LINK_APP) # The difference between tru64-shared and tru64-shared-rpath is the # -rpath ${LIBRPATH} passed to the linker. link_o.tru64-rpath: @ if ${DETECT_GNU_LD}; then \ - $(DO_GNU); \ + $(DO_GNU_SO); \ else \ SHLIB=lib$(LIBNAME).so; \ SHLIB_SUFFIX=; \ @@ -307,7 +362,7 @@ link_o.tru64-rpath: $(LINK_SO_O) link_a.tru64-rpath: @ if ${DETECT_GNU_LD}; then \ - $(DO_GNU); \ + $(DO_GNU_SO); \ else \ SHLIB=lib$(LIBNAME).so; \ SHLIB_SUFFIX=; \ @@ -328,10 +383,20 @@ link_a.tru64-rpath: fi; \ fi; \ $(LINK_SO_A) +link_app.tru64-rpath: + @ if ${DETECT_GNU_LD}; then \ + $(DO_GNU_APP); \ + else \ + LDCMD=$(CC);\ + LDFLAGS="-rpath $(LIBRPATH)"; \ + LIBDEPS="$(LIBDEPS) -lc"; \ + APPNAME="$(APPNAME)"; \ + fi; \ + $(LINK_APP) link_o.solaris: @ if ${DETECT_GNU_LD}; then \ - $(DO_GNU); \ + $(DO_GNU_SO); \ else \ $(CALC_VERSIONS); \ MINUSZ='-z '; \ @@ -341,13 +406,13 @@ link_o.solaris: LIBDEPS="$(LIBDEPS) -lc"; \ ALLSYMSFLAGS="$${MINUSZ}allextract"; \ NOALLSYMSFLAGS="$${MINUSZ}defaultextract"; \ - SHAREDFLAGS="-G -dy -z text -h $$SHLIB$$SHLIB_SOVER$$SHLIB_SUFFIX"; \ + SHAREDFLAGS="-G -dy -z text -h $$SHLIB$$SHLIB_SOVER$$SHLIB_SUFFIX -R $(LIBRPATH)"; \ SHAREDCMD='$(CC)'; \ fi; \ $(LINK_SO_O) link_a.solaris: @ if ${DETECT_GNU_LD}; then \ - $(DO_GNU); \ + $(DO_GNU_SO); \ else \ $(CALC_VERSIONS); \ MINUSZ='-z '; \ @@ -357,16 +422,26 @@ link_a.solaris: LIBDEPS="$(LIBDEPS) -lc"; \ ALLSYMSFLAGS="$${MINUSZ}allextract"; \ NOALLSYMSFLAGS="$${MINUSZ}defaultextract"; \ - SHAREDFLAGS="-G -dy -z text -h $$SHLIB$$SHLIB_SOVER$$SHLIB_SUFFIX"; \ + SHAREDFLAGS="-G -dy -z text -h $$SHLIB$$SHLIB_SOVER$$SHLIB_SUFFIX -R $(LIBRPATH)"; \ SHAREDCMD='$(CC)'; \ fi; \ $(LINK_SO_A) +link_app.solaris: + @ if ${DETECT_GNU_LD}; then \ + $(DO_GNU_APP); \ + else \ + LDCMD=$(CC);\ + LDFLAGS="-R $(LIBRPATH)"; \ + LIBDEPS="$(LIBDEPS) -lc"; \ + APPNAME="$(APPNAME)"; \ + fi; \ + $(LINK_APP) # OpenServer 5 native compilers used # UnixWare 7 and OpenUNIX 8 native compilers used link_o.svr3: @ if ${DETECT_GNU_LD}; then \ - $(DO_GNU); \ + $(DO_GNU_SO); \ else \ $(CALC_VERSIONS); \ SHLIB=lib$(LIBNAME).so; \ @@ -380,7 +455,7 @@ link_o.svr3: $(LINK_SO_O) link_a.svr3: @ if ${DETECT_GNU_LD}; then \ - $(DO_GNU); \ + $(DO_GNU_SO); \ else \ $(CALC_VERSIONS); \ SHLIB=lib$(LIBNAME).so; \ @@ -392,10 +467,20 @@ link_a.svr3: SHAREDCMD='$(CC)'; \ fi; \ $(LINK_SO_A_UNPACKED) +link_app.svr3: + @ if ${DETECT_GNU_LD}; then \ + $(DO_GNU_APP); \ + else \ + LDCMD=$(CC);\ + LDFLAGS=""; \ + LIBDEPS="$(LIBDEPS) -lc"; \ + APPNAME="$(APPNAME)"; \ + fi; \ + $(LINK_APP) link_o.irix: @ if ${DETECT_GNU_LD}; then \ - $(DO_GNU); \ + $(DO_GNU_SO); \ else \ $(CALC_VERSIONS); \ SHLIB=lib$(LIBNAME).so; \ @@ -403,13 +488,13 @@ link_o.irix: LIBDEPS="$(LIBDEPS) -lc"; \ ALLSYMSFLAGS='-all'; \ NOALLSYMSFLAGS=''; \ - SHAREDFLAGS="-shared -Wl,-soname,$$SHLIB$$SHLIB_SOVER$$SHLIB_SUFFIX"; \ + SHAREDFLAGS="-shared -Wl,-soname,$$SHLIB$$SHLIB_SOVER$$SHLIB_SUFFIX -Wl,-rpath,$(LIBRPATH)"; \ SHAREDCMD='$(CC)'; \ fi; \ $(LINK_SO_O) link_a.irix: @ if ${DETECT_GNU_LD}; then \ - $(DO_GNU); \ + $(DO_GNU_SO); \ else \ $(CALC_VERSIONS); \ SHLIB=lib$(LIBNAME).so; \ @@ -417,10 +502,20 @@ link_a.irix: LIBDEPS="$(LIBDEPS) -lc"; \ ALLSYMSFLAGS='-all'; \ NOALLSYMSFLAGS=''; \ - SHAREDFLAGS="-shared -Wl,-soname,$$SHLIB$$SHLIB_SOVER$$SHLIB_SUFFIX"; \ + SHAREDFLAGS="-shared -Wl,-soname,$$SHLIB$$SHLIB_SOVER$$SHLIB_SUFFIX -Wl,-rpath,$(LIBRPATH)"; \ SHAREDCMD='$(CC)'; \ fi; \ $(LINK_SO_A) +link_app.irix: + @ if ${DETECT_GNU_LD}; then \ + $(DO_GNU_APP); \ + else \ + LDCMD=$(CC);\ + LDFLAGS="-Wl,-rpath,$(LIBRPATH)"; \ + LIBDEPS="$(LIBDEPS) -lc"; \ + APPNAME="$(APPNAME)"; \ + fi; \ + $(LINK_APP) # HP-UX includes the full pathname of libs we depend on, so we would get # ./libcrypto (with ./ as path information) compiled into libssl, hence @@ -439,7 +534,7 @@ link_o.hpux32: LIBDEPS="$(LIBDEPS) -lc"; \ ALLSYMSFLAGS='-Fl'; \ NOALLSYMSFLAGS=''; \ - SHAREDFLAGS="+vnocompatwarnings -b -z +s +h $$SHLIB$$SHLIB_SOVER$$SHLIB_SUFFIX"; \ + SHAREDFLAGS="+vnocompatwarnings -b -z +s +h $$SHLIB$$SHLIB_SOVER$$SHLIB_SUFFIX +b $(LIBRPATH)"; \ SHAREDCMD='/usr/ccs/bin/ld'; \ $(LINK_SO_O) && chmod a=rx $$SHLIB$$SHLIB_SOVER$$SHLIB_SUFFIX link_a.hpux32: @@ -449,9 +544,15 @@ link_a.hpux32: LIBDEPS="$(LIBDEPS) -lc"; \ ALLSYMSFLAGS='-Fl'; \ NOALLSYMSFLAGS=''; \ - SHAREDFLAGS="+vnocompatwarnings -b -z +s +h $$SHLIB$$SHLIB_SOVER$$SHLIB_SUFFIX"; \ + SHAREDFLAGS="+vnocompatwarnings -b -z +s +h $$SHLIB$$SHLIB_SOVER$$SHLIB_SUFFIX +b $(LIBRPATH)"; \ SHAREDCMD='/usr/ccs/bin/ld'; \ $(LINK_SO_A) && chmod a=rx $$SHLIB$$SHLIB_SOVER$$SHLIB_SUFFIX +link_app.hpux32: + LDCMD=$(CC);\ + LDFLAGS="-Wl,+b,$(LIBRPATH)"; \ + LIBDEPS="$(LIBDEPS) -lc"; \ + APPNAME="$(APPNAME)" + $(LINK_APP) # HP-UX includes the full pathname of libs we depend on, so we would get # ./libcrypto (with ./ as path information) compiled into libssl, hence @@ -468,7 +569,7 @@ link_o.hpux64: LIBDEPS="$(LIBDEPS) -lc"; \ ALLSYMSFLAGS='+forceload'; \ NOALLSYMSFLAGS=''; \ - SHAREDFLAGS="-b -z +h $$SHLIB$$SHLIB_SOVER$$SHLIB_SUFFIX"; \ + SHAREDFLAGS="-b -z +h $$SHLIB$$SHLIB_SOVER$$SHLIB_SUFFIX +b $(LIBRPATH)"; \ SHAREDCMD='/usr/ccs/bin/ld'; \ $(LINK_SO_O) && chmod a=rx $$SHLIB$$SHLIB_SOVER$$SHLIB_SUFFIX link_a.hpux64: @@ -478,9 +579,15 @@ link_a.hpux64: LIBDEPS="$(LIBDEPS) -lc"; \ ALLSYMSFLAGS='+forceload'; \ NOALLSYMSFLAGS=''; \ - SHAREDFLAGS="-b -z +h $$SHLIB$$SHLIB_SOVER$$SHLIB_SUFFIX"; \ + SHAREDFLAGS="-b -z +h $$SHLIB$$SHLIB_SOVER$$SHLIB_SUFFIX +b $(LIBRPATH)"; \ SHAREDCMD='/usr/ccs/bin/ld'; \ $(LINK_SO_A) && chmod a=rx $$SHLIB$$SHLIB_SOVER$$SHLIB_SUFFIX +link_app.hpux64: + LDCMD=$(CC);\ + LDFLAGS="-Wl,+b,$(LIBRPATH)"; \ + LIBDEPS="$(LIBDEPS) -lc"; \ + APPNAME="$(APPNAME)" + $(LINK_APP) link_o.aix: @ $(CALC_VERSIONS); \ @@ -489,7 +596,7 @@ link_o.aix: LIBDEPS="$(LIBDEPS) -lc"; \ ALLSYMSFLAGS='-bnogc'; \ NOALLSYMSFLAGS=''; \ - SHAREDFLAGS='-G -bE:lib$(LIBNAME).exp -bM:SRE'; \ + SHAREDFLAGS='-G -bE:lib$(LIBNAME).exp -bM:SRE -blibpath:$(LIBRPATH)'; \ SHAREDCMD='$(CC)'; \ $(LINK_SO_O) link_a.aix: @@ -499,9 +606,15 @@ link_a.aix: LIBDEPS="$(LIBDEPS) -lc"; \ ALLSYMSFLAGS='-bnogc'; \ NOALLSYMSFLAGS=''; \ - SHAREDFLAGS='-G -bE:lib$(LIBNAME).exp -bM:SRE'; \ + SHAREDFLAGS='-G -bE:lib$(LIBNAME).exp -bM:SRE -blibpath:$(LIBRPATH)'; \ SHAREDCMD='$(CC)'; \ $(LINK_SO_A_VIA_O) +link_app.aix: + LDCMD=$(CC);\ + LDFLAGS="-blibpath:$(LIBRPATH)"; \ + LIBDEPS="$(LIBDEPS) -lc"; \ + APPNAME="$(APPNAME)" + $(LINK_APP) link_o.reliantunix: @ $(CALC_VERSIONS); \ @@ -523,6 +636,12 @@ link_a.reliantunix: SHAREDFLAGS='-G'; \ SHAREDCMD='$(CC)'; \ $(LINK_SO_A_UNPACKED) +link_app.reliantunix: + LDCMD=$(CC);\ + LDFLAGS=""; \ + LIBDEPS="$(LIBDEPS) -lc"; \ + APPNAME="$(APPNAME)" + $(LINK_APP) # Targets to build symbolic links when needed symlink.gnu symlink.solaris symlink.svr3 symlink.irix \ @@ -545,43 +664,57 @@ symlink.cygwin symlib.alpha-osf1 symlink.tru64 symlink.tru64-rpath: # Compatibility targets link_o.bsd-gcc-shared link_o.linux-shared link_o.gnu-shared: link_o.gnu link_a.bsd-gcc-shared link_a.linux-shared link_a.gnu-shared: link_a.gnu +link_app.bsd-gcc-shared link_app.linux-shared link_app.gnu-shared: link_app.gnu symlink.bsd-gcc-shared symlink.linux-shared symlink.gnu-shared: symlink.gnu link_o.darwin-shared: link_o.darwin link_a.darwin-shared: link_a.darwin +link_app.darwin-shared: link_app.darwin symlink.darwin-shared: symlink.darwin link_o.cygwin-shared: link_o.cygwin link_a.cygwin-shared: link_a.cygwin +link_app.cygwin-shared: link_app.cygwin symlink.cygwin-shared: symlink.cygwin link_o.alpha-osf1-shared: link_o.alpha-osf1 link_a.alpha-osf1-shared: link_a.alpha-osf1 +link_app.alpha-osf1-shared: link_app.alpha-osf1 symlink.alpha-osf1-shared: symlink.alpha-osf1 link_o.tru64-shared: link_o.tru64 link_a.tru64-shared: link_a.tru64 +link_app.tru64-shared: link_app.tru64 symlink.tru64-shared: symlink.tru64 link_o.tru64-shared-rpath: link_o.tru64-rpath link_a.tru64-shared-rpath: link_a.tru64-rpath +link_app.tru64-shared-rpath: link_app.tru64-rpath symlink.tru64-shared-rpath: symlink.tru64-rpath link_o.solaris-shared: link_o.solaris link_a.solaris-shared: link_a.solaris +link_app.solaris-shared: link_app.solaris symlink.solaris-shared: symlink.solaris link_o.svr3-shared: link_o.svr3 link_a.svr3-shared: link_a.svr3 +link_app.svr3-shared: link_app.svr3 symlink.svr3-shared: symlink.svr3 link_o.svr5-shared: link_o.svr3 link_a.svr5-shared: link_a.svr3 +link_app.svr5-shared: link_app.svr3 symlink.svr5-shared: symlink.svr3 link_o.irix-shared: link_o.irix link_a.irix-shared: link_a.irix +link_app.irix-shared: link_app.irix symlink.irix-shared: symlink.irix link_o.hpux-shared: link_o.hpux32 link_a.hpux-shared: link_a.hpux32 +link_app.hpux-shared: link_app.hpux32 symlink.hpux-shared: symlink.hpux32 link_o.hpux64-shared: link_o.hpux64 link_a.hpux64-shared: link_a.hpux64 +link_app.hpux64-shared: link_app.hpux64 symlink.hpux64-shared: symlink.hpux64 link_o.aix-shared: link_o.aix link_a.aix-shared: link_a.aix +link_app.aix-shared: link_app.aix symlink.aix-shared: symlink.aix link_o.reliantunix-shared: link_o.reliantunix link_a.reliantunix-shared: link_a.reliantunix +link_app.reliantunix-shared: link_app.reliantunix symlink.reliantunix-shared: symlink.reliantunix diff --git a/apps/Makefile.ssl b/apps/Makefile.ssl index ab266f19b3..af0002341a 100644 --- a/apps/Makefile.ssl +++ b/apps/Makefile.ssl @@ -10,7 +10,8 @@ CFLAG= -g -static INSTALL_PREFIX= INSTALLTOP= /usr/local/ssl OPENSSLDIR= /usr/local/ssl -MAKE= make -f Makefile.ssl +NEWMAKE= make +MAKE= $(NEWMAKE) -f Makefile.ssl MAKEDEPPROG= makedepend MAKEDEPEND= $(TOP)/util/domd $(TOP) -MD $(MAKEDEPPROG) MAKEFILE= Makefile.ssl @@ -86,7 +87,12 @@ all: exe exe: $(PROGRAM) req: sreq.o $(A_OBJ) $(DLIBCRYPTO) - $(CC) -o req $(CFLAG) sreq.o $(A_OBJ) $(RAND_OBJ) $(PEX_LIBS) $(LIBCRYPTO) $(EX_LIBS) + $(NEWMAKE) -f $(TOP)/Makefile.shared \ + APPNAME=req LDFLAGS="$(CFLAG)" \ + OBJECTS="sreq.o $(A_OBJ) $(RAND_OBJ)" \ + LIBDEPS="$(PEX_LIBS) $(LIBCRYPTO) $(EX_LIBS)" \ + LIBRPATH=$(INSTALLTOP)/lib \ + link_app.$(SHLIB_TARGET) sreq.o: req.c $(CC) -c $(INCLUDES) $(CFLAG) -o sreq.o req.c @@ -144,10 +150,16 @@ $(DLIBCRYPTO): $(PROGRAM): progs.h $(E_OBJ) $(PROGRAM).o $(DLIBCRYPTO) $(DLIBSSL) $(RM) $(PROGRAM) if [ "$(SHLIB_TARGET)" = "hpux-shared" -o "$(SHLIB_TARGET)" = "darwin-shared" ] ; then \ - $(CC) -o $(PROGRAM) $(CFLAGS) $(PROGRAM).o $(E_OBJ) $(PEX_LIBS) $(DLIBSSL) $(LIBKRB5) $(DLIBCRYPTO) $(EX_LIBS) ; \ + LIBRARIES="$(DLIBSSL) $(LIBKRB5) $(DLIBCRYPTO)" ; \ else \ - $(CC) -o $(PROGRAM) $(CFLAGS) $(PROGRAM).o $(E_OBJ) $(PEX_LIBS) $(LIBSSL) $(LIBKRB5) $(LIBCRYPTO) $(EX_LIBS) ; \ - fi + LIBRARIES="$(LIBSSL) $(LIBKRB5) $(LIBCRYPTO)" ; \ + fi; \ + $(NEWMAKE) -f $(TOP)/Makefile.shared \ + APPNAME=$(PROGRAM) LDFLAGS="$(CFLAG)" \ + OBJECTS="$(PROGRAM).o $(E_OBJ)" \ + LIBDEPS="$(PEX_LIBS) $$LIBRARIES $(EX_LIBS)" \ + LIBRPATH=$(INSTALLTOP)/lib \ + link_app.$(SHLIB_TARGET) -(cd ..; OPENSSL="`pwd`/apps/openssl"; export OPENSSL; \ LIBPATH="`pwd`"; LD_LIBRARY_PATH="`pwd`"; DYLD_LIBRARY_PATH="`pwd`"; SHLIB_PATH="`pwd`"; \ if [ "$(PLATFORM)" = "Cygwin" ]; then PATH="`pwd`:$$PATH"; fi; \ diff --git a/test/Makefile.ssl b/test/Makefile.ssl index 6d4d6292bc..a75727b066 100644 --- a/test/Makefile.ssl +++ b/test/Makefile.ssl @@ -11,7 +11,8 @@ INSTALL_PREFIX= OPENSSLDIR= /usr/local/ssl INSTALLTOP= /usr/local/ssl MAKEFILE= Makefile.ssl -MAKE= make -f $(MAKEFILE) +NEWMAKE= make +MAKE= $(NEWMAKE) -f $(MAKEFILE) MAKEDEPPROG= makedepend MAKEDEPEND= $(TOP)/util/domd $(TOP) -MD $(MAKEDEPPROG) PERL= perl @@ -298,199 +299,367 @@ $(DLIBCRYPTO): $(RSATEST): $(RSATEST).o $(DLIBCRYPTO) if [ "$(SHLIB_TARGET)" = "hpux-shared" -o "$(SHLIB_TARGET)" = "darwin-shared" ] ; then \ - $(CC) -o $(RSATEST) $(CFLAGS) $(RSATEST).o $(PEX_LIBS) $(DLIBCRYPTO) $(EX_LIBS) ; \ + LIBRARIES="$(DLIBCRYPTO)"; \ else \ - $(CC) -o $(RSATEST) $(CFLAGS) $(RSATEST).o $(PEX_LIBS) $(LIBCRYPTO) $(EX_LIBS) ; \ - fi + LIBRARIES="$(LIBCRYPTO)"; \ + fi; \ + $(NEWMAKE) -f $(TOP)/Makefile.shared \ + APPNAME=$(RSATEST) LDFLAGS="$(CFLAGS)" \ + OBJECTS="$(RSATEST).o" \ + LIBDEPS="$(PEX_LIBS) $$LIBRARIES $(EX_LIBS)" \ + LIBRPATH=$(INSTALLTOP)/lib \ + link_app.$(SHLIB_TARGET) $(BNTEST): $(BNTEST).o $(DLIBCRYPTO) if [ "$(SHLIB_TARGET)" = "hpux-shared" -o "$(SHLIB_TARGET)" = "darwin-shared" ] ; then \ - $(CC) -o $(BNTEST) $(CFLAGS) $(BNTEST).o $(PEX_LIBS) $(DLIBCRYPTO) $(EX_LIBS) ; \ + LIBRARIES="$(DLIBCRYPTO)"; \ else \ - $(CC) -o $(BNTEST) $(CFLAGS) $(BNTEST).o $(PEX_LIBS) $(LIBCRYPTO) $(EX_LIBS) ; \ - fi + LIBRARIES="$(LIBCRYPTO)"; \ + fi; \ + $(NEWMAKE) -f $(TOP)/Makefile.shared \ + APPNAME=$(BNTEST) LDFLAGS="$(CFLAGS)" \ + OBJECTS="$(BNTEST).o" \ + LIBDEPS="$(PEX_LIBS) $$LIBRARIES $(EX_LIBS)" \ + LIBRPATH=$(INSTALLTOP)/lib \ + link_app.$(SHLIB_TARGET) $(ECTEST): $(ECTEST).o $(DLIBCRYPTO) if [ "$(SHLIB_TARGET)" = "hpux-shared" -o "$(SHLIB_TARGET)" = "darwin-shared" ] ; then \ - $(CC) -o $(ECTEST) $(CFLAGS) $(ECTEST).o $(PEX_LIBS) $(DLIBCRYPTO) $(EX_LIBS) ; \ + LIBRARIES="$(DLIBCRYPTO)"; \ else \ - $(CC) -o $(ECTEST) $(CFLAGS) $(ECTEST).o $(PEX_LIBS) $(LIBCRYPTO) $(EX_LIBS) ; \ - fi + LIBRARIES="$(LIBCRYPTO)"; \ + fi; \ + $(NEWMAKE) -f $(TOP)/Makefile.shared \ + APPNAME=$(ECTEST) LDFLAGS="$(CFLAGS)" \ + OBJECTS="$(ECTEST).o" \ + LIBDEPS="$(PEX_LIBS) $$LIBRARIES $(EX_LIBS)" \ + LIBRPATH=$(INSTALLTOP)/lib \ + link_app.$(SHLIB_TARGET) $(EXPTEST): $(EXPTEST).o $(DLIBCRYPTO) if [ "$(SHLIB_TARGET)" = "hpux-shared" -o "$(SHLIB_TARGET)" = "darwin-shared" ] ; then \ - $(CC) -o $(EXPTEST) $(CFLAGS) $(EXPTEST).o $(PEX_LIBS) $(DLIBCRYPTO) $(EX_LIBS) ; \ + LIBRARIES="$(DLIBCRYPTO)"; \ else \ - $(CC) -o $(EXPTEST) $(CFLAGS) $(EXPTEST).o $(PEX_LIBS) $(LIBCRYPTO) $(EX_LIBS) ; \ - fi + LIBRARIES="$(LIBCRYPTO)"; \ + fi; \ + $(NEWMAKE) -f $(TOP)/Makefile.shared \ + APPNAME=$(EXPTEST) LDFLAGS="$(CFLAGS)" \ + OBJECTS="$(EXPTEST).o" \ + LIBDEPS="$(PEX_LIBS) $$LIBRARIES $(EX_LIBS)" \ + LIBRPATH=$(INSTALLTOP)/lib \ + link_app.$(SHLIB_TARGET) $(IDEATEST): $(IDEATEST).o $(DLIBCRYPTO) if [ "$(SHLIB_TARGET)" = "hpux-shared" -o "$(SHLIB_TARGET)" = "darwin-shared" ] ; then \ - $(CC) -o $(IDEATEST) $(CFLAGS) $(IDEATEST).o $(PEX_LIBS) $(DLIBCRYPTO) $(EX_LIBS) ; \ + LIBRARIES="$(DLIBCRYPTO)"; \ else \ - $(CC) -o $(IDEATEST) $(CFLAGS) $(IDEATEST).o $(PEX_LIBS) $(LIBCRYPTO) $(EX_LIBS) ; \ - fi + LIBRARIES="$(LIBCRYPTO)"; \ + fi; \ + $(NEWMAKE) -f $(TOP)/Makefile.shared \ + APPNAME=$(IDEATEST) LDFLAGS="$(CFLAGS)" \ + OBJECTS="$(IDEATEST).o" \ + LIBDEPS="$(PEX_LIBS) $$LIBRARIES $(EX_LIBS)" \ + LIBRPATH=$(INSTALLTOP)/lib \ + link_app.$(SHLIB_TARGET) $(MD2TEST): $(MD2TEST).o $(DLIBCRYPTO) if [ "$(SHLIB_TARGET)" = "hpux-shared" -o "$(SHLIB_TARGET)" = "darwin-shared" ] ; then \ - $(CC) -o $(MD2TEST) $(CFLAGS) $(MD2TEST).o $(PEX_LIBS) $(DLIBCRYPTO) $(EX_LIBS) ; \ + LIBRARIES="$(DLIBCRYPTO)"; \ else \ - $(CC) -o $(MD2TEST) $(CFLAGS) $(MD2TEST).o $(PEX_LIBS) $(LIBCRYPTO) $(EX_LIBS) ; \ - fi + LIBRARIES="$(LIBCRYPTO)"; \ + fi; \ + $(NEWMAKE) -f $(TOP)/Makefile.shared \ + APPNAME=$(MD2TEST) LDFLAGS="$(CFLAGS)" \ + OBJECTS="$(MD2TEST).o" \ + LIBDEPS="$(PEX_LIBS) $$LIBRARIES $(EX_LIBS)" \ + LIBRPATH=$(INSTALLTOP)/lib \ + link_app.$(SHLIB_TARGET) $(SHATEST): $(SHATEST).o $(DLIBCRYPTO) if [ "$(SHLIB_TARGET)" = "hpux-shared" -o "$(SHLIB_TARGET)" = "darwin-shared" ] ; then \ - $(CC) -o $(SHATEST) $(CFLAGS) $(SHATEST).o $(PEX_LIBS) $(DLIBCRYPTO) $(EX_LIBS) ; \ + LIBRARIES="$(DLIBCRYPTO)"; \ else \ - $(CC) -o $(SHATEST) $(CFLAGS) $(SHATEST).o $(PEX_LIBS) $(LIBCRYPTO) $(EX_LIBS) ; \ - fi + LIBRARIES="$(LIBCRYPTO)"; \ + fi; \ + $(NEWMAKE) -f $(TOP)/Makefile.shared \ + APPNAME=$(SHATEST) LDFLAGS="$(CFLAGS)" \ + OBJECTS="$(SHATEST).o" \ + LIBDEPS="$(PEX_LIBS) $$LIBRARIES $(EX_LIBS)" \ + LIBRPATH=$(INSTALLTOP)/lib \ + link_app.$(SHLIB_TARGET) $(SHA1TEST): $(SHA1TEST).o $(DLIBCRYPTO) if [ "$(SHLIB_TARGET)" = "hpux-shared" -o "$(SHLIB_TARGET)" = "darwin-shared" ] ; then \ - $(CC) -o $(SHA1TEST) $(CFLAGS) $(SHA1TEST).o $(PEX_LIBS) $(DLIBCRYPTO) $(EX_LIBS) ; \ + LIBRARIES="$(DLIBCRYPTO)"; \ else \ - $(CC) -o $(SHA1TEST) $(CFLAGS) $(SHA1TEST).o $(PEX_LIBS) $(LIBCRYPTO) $(EX_LIBS) ; \ - fi + LIBRARIES="$(LIBCRYPTO)"; \ + fi; \ + $(NEWMAKE) -f $(TOP)/Makefile.shared \ + APPNAME=$(SHA1TEST) LDFLAGS="$(CFLAGS)" \ + OBJECTS="$(SHA1TEST).o" \ + LIBDEPS="$(PEX_LIBS) $$LIBRARIES $(EX_LIBS)" \ + LIBRPATH=$(INSTALLTOP)/lib \ + link_app.$(SHLIB_TARGET) $(RMDTEST): $(RMDTEST).o $(DLIBCRYPTO) if [ "$(SHLIB_TARGET)" = "hpux-shared" -o "$(SHLIB_TARGET)" = "darwin-shared" ] ; then \ - $(CC) -o $(RMDTEST) $(CFLAGS) $(RMDTEST).o $(PEX_LIBS) $(DLIBCRYPTO) $(EX_LIBS) ; \ + LIBRARIES="$(DLIBCRYPTO)"; \ else \ - $(CC) -o $(RMDTEST) $(CFLAGS) $(RMDTEST).o $(PEX_LIBS) $(LIBCRYPTO) $(EX_LIBS) ; \ - fi + LIBRARIES="$(LIBCRYPTO)"; \ + fi; \ + $(NEWMAKE) -f $(TOP)/Makefile.shared \ + APPNAME=$(RMDTEST) LDFLAGS="$(CFLAGS)" \ + OBJECTS="$(RMDTEST).o" \ + LIBDEPS="$(PEX_LIBS) $$LIBRARIES $(EX_LIBS)" \ + LIBRPATH=$(INSTALLTOP)/lib \ + link_app.$(SHLIB_TARGET) $(MDC2TEST): $(MDC2TEST).o $(DLIBCRYPTO) if [ "$(SHLIB_TARGET)" = "hpux-shared" -o "$(SHLIB_TARGET)" = "darwin-shared" ] ; then \ - $(CC) -o $(MDC2TEST) $(CFLAGS) $(MDC2TEST).o $(PEX_LIBS) $(DLIBCRYPTO) $(EX_LIBS) ; \ + LIBRARIES="$(DLIBCRYPTO)"; \ else \ - $(CC) -o $(MDC2TEST) $(CFLAGS) $(MDC2TEST).o $(PEX_LIBS) $(LIBCRYPTO) $(EX_LIBS) ; \ - fi + LIBRARIES="$(LIBCRYPTO)"; \ + fi; \ + $(NEWMAKE) -f $(TOP)/Makefile.shared \ + APPNAME=$(MDC2TEST) LDFLAGS="$(CFLAGS)" \ + OBJECTS="$(MDC2TEST).o" \ + LIBDEPS="$(PEX_LIBS) $$LIBRARIES $(EX_LIBS)" \ + LIBRPATH=$(INSTALLTOP)/lib \ + link_app.$(SHLIB_TARGET) $(MD4TEST): $(MD4TEST).o $(DLIBCRYPTO) if [ "$(SHLIB_TARGET)" = "hpux-shared" -o "$(SHLIB_TARGET)" = "darwin-shared" ] ; then \ - $(CC) -o $(MD4TEST) $(CFLAGS) $(MD4TEST).o $(PEX_LIBS) $(DLIBCRYPTO) $(EX_LIBS) ; \ + LIBRARIES="$(DLIBCRYPTO)"; \ else \ - $(CC) -o $(MD4TEST) $(CFLAGS) $(MD4TEST).o $(PEX_LIBS) $(LIBCRYPTO) $(EX_LIBS) ; \ - fi + LIBRARIES="$(LIBCRYPTO)"; \ + fi; \ + $(NEWMAKE) -f $(TOP)/Makefile.shared \ + APPNAME=$(MD4TEST) LDFLAGS="$(CFLAGS)" \ + OBJECTS="$(MD4TEST).o" \ + LIBDEPS="$(PEX_LIBS) $$LIBRARIES $(EX_LIBS)" \ + LIBRPATH=$(INSTALLTOP)/lib \ + link_app.$(SHLIB_TARGET) $(MD5TEST): $(MD5TEST).o $(DLIBCRYPTO) if [ "$(SHLIB_TARGET)" = "hpux-shared" -o "$(SHLIB_TARGET)" = "darwin-shared" ] ; then \ - $(CC) -o $(MD5TEST) $(CFLAGS) $(MD5TEST).o $(PEX_LIBS) $(DLIBCRYPTO) $(EX_LIBS) ; \ + LIBRARIES="$(DLIBCRYPTO)"; \ else \ - $(CC) -o $(MD5TEST) $(CFLAGS) $(MD5TEST).o $(PEX_LIBS) $(LIBCRYPTO) $(EX_LIBS) ; \ - fi + LIBRARIES="$(LIBCRYPTO)"; \ + fi; \ + $(NEWMAKE) -f $(TOP)/Makefile.shared \ + APPNAME=$(MD5TEST) LDFLAGS="$(CFLAGS)" \ + OBJECTS="$(MD5TEST).o" \ + LIBDEPS="$(PEX_LIBS) $$LIBRARIES $(EX_LIBS)" \ + LIBRPATH=$(INSTALLTOP)/lib \ + link_app.$(SHLIB_TARGET) $(HMACTEST): $(HMACTEST).o $(DLIBCRYPTO) if [ "$(SHLIB_TARGET)" = "hpux-shared" -o "$(SHLIB_TARGET)" = "darwin-shared" ] ; then \ - $(CC) -o $(HMACTEST) $(CFLAGS) $(HMACTEST).o $(PEX_LIBS) $(DLIBCRYPTO) $(EX_LIBS) ; \ + LIBRARIES="$(DLIBCRYPTO)"; \ else \ - $(CC) -o $(HMACTEST) $(CFLAGS) $(HMACTEST).o $(PEX_LIBS) $(LIBCRYPTO) $(EX_LIBS) ; \ - fi + LIBRARIES="$(LIBCRYPTO)"; \ + fi; \ + $(NEWMAKE) -f $(TOP)/Makefile.shared \ + APPNAME=$(HMACTEST) LDFLAGS="$(CFLAGS)" \ + OBJECTS="$(HMACTEST).o" \ + LIBDEPS="$(PEX_LIBS) $$LIBRARIES $(EX_LIBS)" \ + LIBRPATH=$(INSTALLTOP)/lib \ + link_app.$(SHLIB_TARGET) $(RC2TEST): $(RC2TEST).o $(DLIBCRYPTO) if [ "$(SHLIB_TARGET)" = "hpux-shared" -o "$(SHLIB_TARGET)" = "darwin-shared" ] ; then \ - $(CC) -o $(RC2TEST) $(CFLAGS) $(RC2TEST).o $(PEX_LIBS) $(DLIBCRYPTO) $(EX_LIBS) ; \ + LIBRARIES="$(DLIBCRYPTO)"; \ else \ - $(CC) -o $(RC2TEST) $(CFLAGS) $(RC2TEST).o $(PEX_LIBS) $(LIBCRYPTO) $(EX_LIBS) ; \ - fi + LIBRARIES="$(LIBCRYPTO)"; \ + fi; \ + $(NEWMAKE) -f $(TOP)/Makefile.shared \ + APPNAME=$(RC2TEST) LDFLAGS="$(CFLAGS)" \ + OBJECTS="$(RC2TEST).o" \ + LIBDEPS="$(PEX_LIBS) $$LIBRARIES $(EX_LIBS)" \ + LIBRPATH=$(INSTALLTOP)/lib \ + link_app.$(SHLIB_TARGET) $(BFTEST): $(BFTEST).o $(DLIBCRYPTO) if [ "$(SHLIB_TARGET)" = "hpux-shared" -o "$(SHLIB_TARGET)" = "darwin-shared" ] ; then \ - $(CC) -o $(BFTEST) $(CFLAGS) $(BFTEST).o $(PEX_LIBS) $(DLIBCRYPTO) $(EX_LIBS) ; \ + LIBRARIES="$(DLIBCRYPTO)"; \ else \ - $(CC) -o $(BFTEST) $(CFLAGS) $(BFTEST).o $(PEX_LIBS) $(LIBCRYPTO) $(EX_LIBS) ; \ - fi + LIBRARIES="$(LIBCRYPTO)"; \ + fi; \ + $(NEWMAKE) -f $(TOP)/Makefile.shared \ + APPNAME=$(BFTEST) LDFLAGS="$(CFLAGS)" \ + OBJECTS="$(BFTEST).o" \ + LIBDEPS="$(PEX_LIBS) $$LIBRARIES $(EX_LIBS)" \ + LIBRPATH=$(INSTALLTOP)/lib \ + link_app.$(SHLIB_TARGET) $(CASTTEST): $(CASTTEST).o $(DLIBCRYPTO) if [ "$(SHLIB_TARGET)" = "hpux-shared" -o "$(SHLIB_TARGET)" = "darwin-shared" ] ; then \ - $(CC) -o $(CASTTEST) $(CFLAGS) $(CASTTEST).o $(PEX_LIBS) $(DLIBCRYPTO) $(EX_LIBS) ; \ + LIBRARIES="$(DLIBCRYPTO)"; \ else \ - $(CC) -o $(CASTTEST) $(CFLAGS) $(CASTTEST).o $(PEX_LIBS) $(LIBCRYPTO) $(EX_LIBS) ; \ - fi + LIBRARIES="$(LIBCRYPTO)"; \ + fi; \ + $(NEWMAKE) -f $(TOP)/Makefile.shared \ + APPNAME=$(CASTTEST) LDFLAGS="$(CFLAGS)" \ + OBJECTS="$(CASTTEST).o" \ + LIBDEPS="$(PEX_LIBS) $$LIBRARIES $(EX_LIBS)" \ + LIBRPATH=$(INSTALLTOP)/lib \ + link_app.$(SHLIB_TARGET) $(RC4TEST): $(RC4TEST).o $(DLIBCRYPTO) if [ "$(SHLIB_TARGET)" = "hpux-shared" -o "$(SHLIB_TARGET)" = "darwin-shared" ] ; then \ - $(CC) -o $(RC4TEST) $(CFLAGS) $(RC4TEST).o $(PEX_LIBS) $(DLIBCRYPTO) $(EX_LIBS) ; \ + LIBRARIES="$(DLIBCRYPTO)"; \ else \ - $(CC) -o $(RC4TEST) $(CFLAGS) $(RC4TEST).o $(PEX_LIBS) $(LIBCRYPTO) $(EX_LIBS) ; \ - fi + LIBRARIES="$(LIBCRYPTO)"; \ + fi; \ + $(NEWMAKE) -f $(TOP)/Makefile.shared \ + APPNAME=$(RC4TEST) LDFLAGS="$(CFLAGS)" \ + OBJECTS="$(RC4TEST).o" \ + LIBDEPS="$(PEX_LIBS) $$LIBRARIES $(EX_LIBS)" \ + LIBRPATH=$(INSTALLTOP)/lib \ + link_app.$(SHLIB_TARGET) $(RC5TEST): $(RC5TEST).o $(DLIBCRYPTO) if [ "$(SHLIB_TARGET)" = "hpux-shared" -o "$(SHLIB_TARGET)" = "darwin-shared" ] ; then \ - $(CC) -o $(RC5TEST) $(CFLAGS) $(RC5TEST).o $(PEX_LIBS) $(DLIBCRYPTO) $(EX_LIBS) ; \ + LIBRARIES="$(DLIBCRYPTO)"; \ else \ - $(CC) -o $(RC5TEST) $(CFLAGS) $(RC5TEST).o $(PEX_LIBS) $(LIBCRYPTO) $(EX_LIBS) ; \ - fi + LIBRARIES="$(LIBCRYPTO)"; \ + fi; \ + $(NEWMAKE) -f $(TOP)/Makefile.shared \ + APPNAME=$(RC5TEST) LDFLAGS="$(CFLAGS)" \ + OBJECTS="$(RC5TEST).o" \ + LIBDEPS="$(PEX_LIBS) $$LIBRARIES $(EX_LIBS)" \ + LIBRPATH=$(INSTALLTOP)/lib \ + link_app.$(SHLIB_TARGET) $(DESTEST): $(DESTEST).o $(DLIBCRYPTO) if [ "$(SHLIB_TARGET)" = "hpux-shared" -o "$(SHLIB_TARGET)" = "darwin-shared" ] ; then \ - $(CC) -o $(DESTEST) $(CFLAGS) $(DESTEST).o $(PEX_LIBS) $(DLIBCRYPTO) $(EX_LIBS) ; \ + LIBRARIES="$(DLIBCRYPTO)"; \ else \ - $(CC) -o $(DESTEST) $(CFLAGS) $(DESTEST).o $(PEX_LIBS) $(LIBCRYPTO) $(EX_LIBS) ; \ - fi + LIBRARIES="$(LIBCRYPTO)"; \ + fi; \ + $(NEWMAKE) -f $(TOP)/Makefile.shared \ + APPNAME=$(DESTEST) LDFLAGS="$(CFLAGS)" \ + OBJECTS="$(DESTEST).o" \ + LIBDEPS="$(PEX_LIBS) $$LIBRARIES $(EX_LIBS)" \ + LIBRPATH=$(INSTALLTOP)/lib \ + link_app.$(SHLIB_TARGET) $(RANDTEST): $(RANDTEST).o $(DLIBCRYPTO) if [ "$(SHLIB_TARGET)" = "hpux-shared" -o "$(SHLIB_TARGET)" = "darwin-shared" ] ; then \ - $(CC) -o $(RANDTEST) $(CFLAGS) $(RANDTEST).o $(PEX_LIBS) $(DLIBCRYPTO) $(EX_LIBS) ; \ + LIBRARIES="$(DLIBCRYPTO)"; \ else \ - $(CC) -o $(RANDTEST) $(CFLAGS) $(RANDTEST).o $(PEX_LIBS) $(LIBCRYPTO) $(EX_LIBS) ; \ - fi + LIBRARIES="$(LIBCRYPTO)"; \ + fi; \ + $(NEWMAKE) -f $(TOP)/Makefile.shared \ + APPNAME=$(RANDTEST) LDFLAGS="$(CFLAGS)" \ + OBJECTS="$(RANDTEST).o" \ + LIBDEPS="$(PEX_LIBS) $$LIBRARIES $(EX_LIBS)" \ + LIBRPATH=$(INSTALLTOP)/lib \ + link_app.$(SHLIB_TARGET) $(DHTEST): $(DHTEST).o $(DLIBCRYPTO) if [ "$(SHLIB_TARGET)" = "hpux-shared" -o "$(SHLIB_TARGET)" = "darwin-shared" ] ; then \ - $(CC) -o $(DHTEST) $(CFLAGS) $(DHTEST).o $(PEX_LIBS) $(DLIBCRYPTO) $(EX_LIBS) ; \ + LIBRARIES="$(DLIBCRYPTO)"; \ else \ - $(CC) -o $(DHTEST) $(CFLAGS) $(DHTEST).o $(PEX_LIBS) $(LIBCRYPTO) $(EX_LIBS) ; \ - fi + LIBRARIES="$(LIBCRYPTO)"; \ + fi; \ + $(NEWMAKE) -f $(TOP)/Makefile.shared \ + APPNAME=$(DHTEST) LDFLAGS="$(CFLAGS)" \ + OBJECTS="$(DHTEST).o" \ + LIBDEPS="$(PEX_LIBS) $$LIBRARIES $(EX_LIBS)" \ + LIBRPATH=$(INSTALLTOP)/lib \ + link_app.$(SHLIB_TARGET) $(DSATEST): $(DSATEST).o $(DLIBCRYPTO) if [ "$(SHLIB_TARGET)" = "hpux-shared" -o "$(SHLIB_TARGET)" = "darwin-shared" ] ; then \ - $(CC) -o $(DSATEST) $(CFLAGS) $(DSATEST).o $(PEX_LIBS) $(DLIBCRYPTO) $(EX_LIBS) ; \ + LIBRARIES="$(DLIBCRYPTO)"; \ else \ - $(CC) -o $(DSATEST) $(CFLAGS) $(DSATEST).o $(PEX_LIBS) $(LIBCRYPTO) $(EX_LIBS) ; \ - fi + LIBRARIES="$(LIBCRYPTO)"; \ + fi; \ + $(NEWMAKE) -f $(TOP)/Makefile.shared \ + APPNAME=$(DSATEST) LDFLAGS="$(CFLAGS)" \ + OBJECTS="$(DSATEST).o" \ + LIBDEPS="$(PEX_LIBS) $$LIBRARIES $(EX_LIBS)" \ + LIBRPATH=$(INSTALLTOP)/lib \ + link_app.$(SHLIB_TARGET) $(METHTEST): $(METHTEST).o $(DLIBCRYPTO) if [ "$(SHLIB_TARGET)" = "hpux-shared" -o "$(SHLIB_TARGET)" = "darwin-shared" ] ; then \ - $(CC) -o $(METHTEST) $(CFLAGS) $(METHTEST).o $(PEX_LIBS) $(DLIBCRYPTO) $(EX_LIBS) ; \ + LIBRARIES="$(DLIBCRYPTO)"; \ else \ - $(CC) -o $(METHTEST) $(CFLAGS) $(METHTEST).o $(PEX_LIBS) $(LIBCRYPTO) $(EX_LIBS) ; \ - fi + LIBRARIES="$(LIBCRYPTO)"; \ + fi; \ + $(NEWMAKE) -f $(TOP)/Makefile.shared \ + APPNAME=$(METHTEST) LDFLAGS="$(CFLAGS)" \ + OBJECTS="$(METHTEST).o" \ + LIBDEPS="$(PEX_LIBS) $$LIBRARIES $(EX_LIBS)" \ + LIBRPATH=$(INSTALLTOP)/lib \ + link_app.$(SHLIB_TARGET) $(SSLTEST): $(SSLTEST).o $(DLIBSSL) $(DLIBCRYPTO) if [ "$(SHLIB_TARGET)" = "hpux-shared" -o "$(SHLIB_TARGET)" = "darwin-shared" ] ; then \ - $(CC) -o $(SSLTEST) $(CFLAGS) $(SSLTEST).o $(PEX_LIBS) $(DLIBSSL) $(LIBKRB5) $(DLIBCRYPTO) $(EX_LIBS) ; \ + LIBRARIES="$(DLIBSSL) $(LIBKRB5) $(DLIBCRYPTO)"; \ else \ - $(CC) -o $(SSLTEST) $(CFLAGS) $(SSLTEST).o $(PEX_LIBS) $(LIBSSL) $(LIBKRB5) $(LIBCRYPTO) $(EX_LIBS) ; \ - fi + LIBRARIES="$(LIBSSL) $(LIBKRB5) $(LIBCRYPTO)"; \ + fi; \ + $(NEWMAKE) -f $(TOP)/Makefile.shared \ + APPNAME=$(SSLTEST) LDFLAGS="$(CFLAGS)" \ + OBJECTS="$(SSLTEST).o" \ + LIBDEPS="$(PEX_LIBS) $$LIBRARIES $(EX_LIBS)" \ + LIBRPATH=$(INSTALLTOP)/lib \ + link_app.$(SHLIB_TARGET) $(ENGINETEST): $(ENGINETEST).o $(DLIBCRYPTO) if [ "$(SHLIB_TARGET)" = "hpux-shared" -o "$(SHLIB_TARGET)" = "darwin-shared" ] ; then \ - $(CC) -o $(ENGINETEST) $(CFLAGS) $(ENGINETEST).o $(PEX_LIBS) $(DLIBCRYPTO) $(EX_LIBS) ; \ + LIBRARIES="$(DLIBCRYPTO)"; \ else \ - $(CC) -o $(ENGINETEST) $(CFLAGS) $(ENGINETEST).o $(PEX_LIBS) $(LIBCRYPTO) $(EX_LIBS) ; \ - fi + LIBRARIES="$(LIBCRYPTO)"; \ + fi; \ + $(NEWMAKE) -f $(TOP)/Makefile.shared \ + APPNAME=$(ENGINETEST) LDFLAGS="$(CFLAGS)" \ + OBJECTS="$(ENGINETEST).o" \ + LIBDEPS="$(PEX_LIBS) $$LIBRARIES $(EX_LIBS)" \ + LIBRPATH=$(INSTALLTOP)/lib \ + link_app.$(SHLIB_TARGET) $(EVPTEST): $(EVPTEST).o $(DLIBCRYPTO) if [ "$(SHLIB_TARGET)" = "hpux-shared" -o "$(SHLIB_TARGET)" = "darwin-shared" ] ; then \ - $(CC) -o $(EVPTEST) $(CFLAGS) $(EVPTEST).o $(PEX_LIBS) $(DLIBCRYPTO) $(EX_LIBS) ; \ + LIBRARIES="$(DLIBCRYPTO)"; \ else \ - $(CC) -o $(EVPTEST) $(CFLAGS) $(EVPTEST).o $(PEX_LIBS) $(LIBCRYPTO) $(EX_LIBS) ; \ - fi + LIBRARIES="$(LIBCRYPTO)"; \ + fi; \ + $(NEWMAKE) -f $(TOP)/Makefile.shared \ + APPNAME=$(EVPTEST) LDFLAGS="$(CFLAGS)" \ + OBJECTS="$(EVPTEST).o" \ + LIBDEPS="$(PEX_LIBS) $$LIBRARIES $(EX_LIBS)" \ + LIBRPATH=$(INSTALLTOP)/lib \ + link_app.$(SHLIB_TARGET) $(ECDSATEST): $(ECDSATEST).o $(DLIBCRYPTO) if [ "$(SHLIB_TARGET)" = "hpux-shared" -o "$(SHLIB_TARGET)" = "darwin-shared" ] ; then \ - $(CC) -o $(ECDSATEST) $(CFLAGS) $(ECDSATEST).o $(PEX_LIBS) $(DLIBCRYPTO) $(EX_LIBS) ; \ + LIBRARIES="$(DLIBCRYPTO)"; \ else \ - $(CC) -o $(ECDSATEST) $(CFLAGS) $(ECDSATEST).o $(PEX_LIBS) $(LIBCRYPTO) $(EX_LIBS) ; \ - fi + LIBRARIES="$(LIBCRYPTO)"; \ + fi; \ + $(NEWMAKE) -f $(TOP)/Makefile.shared \ + APPNAME=$(ECDSATEST) LDFLAGS="$(CFLAGS)" \ + OBJECTS="$(ECDSATEST).o" \ + LIBDEPS="$(PEX_LIBS) $$LIBRARIES $(EX_LIBS)" \ + LIBRPATH=$(INSTALLTOP)/lib \ + link_app.$(SHLIB_TARGET) $(ECDHTEST): $(ECDHTEST).o $(DLIBCRYPTO) if [ "$(SHLIB_TARGET)" = "hpux-shared" -o "$(SHLIB_TARGET)" = "darwin-shared" ] ; then \ - $(CC) -o $(ECDHTEST) $(CFLAGS) $(ECDHTEST).o $(PEX_LIBS) $(DLIBCRYPTO) $(EX_LIBS) ; \ + LIBRARIES="$(DLIBCRYPTO)"; \ else \ - $(CC) -o $(ECDHTEST) $(CFLAGS) $(ECDHTEST).o $(PEX_LIBS) $(LIBCRYPTO) $(EX_LIBS) ; \ - fi + LIBRARIES="$(LIBCRYPTO)"; \ + fi; \ + $(NEWMAKE) -f $(TOP)/Makefile.shared \ + APPNAME=$(ECDHTEST) LDFLAGS="$(CFLAGS)" \ + OBJECTS="$(ECDHTEST).o" \ + LIBDEPS="$(PEX_LIBS) $$LIBRARIES $(EX_LIBS)" \ + LIBRPATH=$(INSTALLTOP)/lib \ + link_app.$(SHLIB_TARGET) #$(AESTEST).o: $(AESTEST).c # $(CC) -c $(CFLAGS) -DINTERMEDIATE_VALUE_KAT -DTRACE_KAT_MCT $(AESTEST).c @@ -504,10 +673,16 @@ $(ECDHTEST): $(ECDHTEST).o $(DLIBCRYPTO) dummytest: dummytest.o $(DLIBCRYPTO) if [ "$(SHLIB_TARGET)" = "hpux-shared" -o "$(SHLIB_TARGET)" = "darwin-shared" ] ; then \ - $(CC) -o dummytest $(CFLAGS) dummytest.o $(PEX_LIBS) $(DLIBCRYPTO) $(EX_LIBS) ; \ + LIBRARIES="$(DLIBCRYPTO)"; \ else \ - $(CC) -o dummytest $(CFLAGS) dummytest.o $(PEX_LIBS) $(LIBCRYPTO) $(EX_LIBS) ; \ - fi + LIBRARIES="$(LIBCRYPTO)"; \ + fi; \ + $(NEWMAKE) -f $(TOP)/Makefile.shared \ + APPNAME=dummytest LDFLAGS="$(CFLAGS)" \ + OBJECTS="dummytest.o" \ + LIBDEPS="$(PEX_LIBS) $$LIBRARIES $(EX_LIBS)" \ + LIBRPATH=$(INSTALLTOP)/lib \ + link_app.$(SHLIB_TARGET) # DO NOT DELETE THIS LINE -- make depend depends on it. From 85d686e7231b2cf04ec73457ac6d7009724569c0 Mon Sep 17 00:00:00 2001 From: Richard Levitte Date: Fri, 14 Feb 2003 01:02:58 +0000 Subject: [PATCH 079/393] Make it possible to disable OCSP, the speed application, and the use of sockets. PR: 358 --- apps/ocsp.c | 11 +++++++++++ apps/progs.h | 2 ++ apps/speed.c | 3 +++ crypto/x509v3/ext_dat.h | 6 ++++++ crypto/x509v3/v3_ocsp.c | 3 +++ ssl/bio_ssl.c | 2 ++ 6 files changed, 27 insertions(+) diff --git a/apps/ocsp.c b/apps/ocsp.c index 92922bc8ad..6182410f6a 100644 --- a/apps/ocsp.c +++ b/apps/ocsp.c @@ -55,6 +55,7 @@ * Hudson (tjh@cryptsoft.com). * */ +#ifndef OPENSSL_NO_OCSP #include #include @@ -722,7 +723,12 @@ int MAIN(int argc, char **argv) } else if (host) { +#ifndef OPENSSL_NO_SOCK cbio = BIO_new_connect(host); +#else + BIO_printf(bio_err, "Error creating connect BIO - sockets not supported.\n"); + goto end; +#endif if (!cbio) { BIO_printf(bio_err, "Error creating connect BIO\n"); @@ -1139,7 +1145,11 @@ static BIO *init_responder(char *port) bufbio = BIO_new(BIO_f_buffer()); if (!bufbio) goto err; +#ifndef OPENSSL_NO_SOCK acbio = BIO_new_accept(port); +#else + BIO_printf(bio_err, "Error setting up accept BIO - sockets not supported.\n"); +#endif if (!acbio) goto err; BIO_set_accept_bios(acbio, bufbio); @@ -1226,3 +1236,4 @@ static int send_ocsp_response(BIO *cbio, OCSP_RESPONSE *resp) return 1; } +#endif diff --git a/apps/progs.h b/apps/progs.h index b551e1de95..131a721a39 100644 --- a/apps/progs.h +++ b/apps/progs.h @@ -102,7 +102,9 @@ FUNCTION functions[] = { #if !defined(OPENSSL_NO_SOCK) && !(defined(OPENSSL_NO_SSL2) && defined(OPENSSL_NO_SSL3)) {FUNC_TYPE_GENERAL,"s_client",s_client_main}, #endif +#ifndef OPENSSL_NO_SPEED {FUNC_TYPE_GENERAL,"speed",speed_main}, +#endif #if !defined(OPENSSL_NO_SOCK) && !(defined(OPENSSL_NO_SSL2) && defined(OPENSSL_NO_SSL3)) {FUNC_TYPE_GENERAL,"s_time",s_time_main}, #endif diff --git a/apps/speed.c b/apps/speed.c index df892c51fb..8a2abf73d3 100644 --- a/apps/speed.c +++ b/apps/speed.c @@ -71,6 +71,8 @@ /* most of this code has been pilfered from my libdes speed.c program */ +#ifndef OPENSSL_NO_SPEED + #undef SECONDS #define SECONDS 3 #define RSA_SECONDS 10 @@ -2579,3 +2581,4 @@ static int do_multi(int multi) return 1; } #endif +#endif diff --git a/crypto/x509v3/ext_dat.h b/crypto/x509v3/ext_dat.h index 2fb97d8925..5442480595 100644 --- a/crypto/x509v3/ext_dat.h +++ b/crypto/x509v3/ext_dat.h @@ -90,17 +90,23 @@ static X509V3_EXT_METHOD *standard_exts[] = { &v3_crld, &v3_ext_ku, &v3_crl_reason, +#ifndef OPENSSL_NO_OCSP &v3_crl_invdate, +#endif &v3_sxnet, &v3_info, +#ifndef OPENSSL_NO_OCSP &v3_ocsp_nonce, &v3_ocsp_crlid, &v3_ocsp_accresp, &v3_ocsp_nocheck, &v3_ocsp_acutoff, &v3_ocsp_serviceloc, +#endif &v3_sinfo, +#ifndef OPENSSL_NO_OCSP &v3_crl_hold +#endif }; /* Number of standard extensions */ diff --git a/crypto/x509v3/v3_ocsp.c b/crypto/x509v3/v3_ocsp.c index 083112314e..21badc13f9 100644 --- a/crypto/x509v3/v3_ocsp.c +++ b/crypto/x509v3/v3_ocsp.c @@ -56,6 +56,8 @@ * */ +#ifndef OPENSSL_NO_OCSP + #include #include "cryptlib.h" #include @@ -270,3 +272,4 @@ static int i2r_ocsp_serviceloc(X509V3_EXT_METHOD *method, void *in, BIO *bp, int err: return 0; } +#endif diff --git a/ssl/bio_ssl.c b/ssl/bio_ssl.c index 1301549e21..d683ee43e1 100644 --- a/ssl/bio_ssl.c +++ b/ssl/bio_ssl.c @@ -513,6 +513,7 @@ static int ssl_puts(BIO *bp, const char *str) BIO *BIO_new_buffer_ssl_connect(SSL_CTX *ctx) { +#ifndef OPENSSL_NO_SOCK BIO *ret=NULL,*buf=NULL,*ssl=NULL; if ((buf=BIO_new(BIO_f_buffer())) == NULL) @@ -525,6 +526,7 @@ BIO *BIO_new_buffer_ssl_connect(SSL_CTX *ctx) err: if (buf != NULL) BIO_free(buf); if (ssl != NULL) BIO_free(ssl); +#endif return(NULL); } From 7e38616d1f142fba491a27bd2e8ae88f6ec1cf52 Mon Sep 17 00:00:00 2001 From: Richard Levitte Date: Fri, 14 Feb 2003 05:20:25 +0000 Subject: [PATCH 080/393] Change no_rmd160 to no_ripemd for consistency. PR: 500 --- util/mk1mf.pl | 6 +++--- 1 file changed, 3 insertions(+), 3 deletions(-) diff --git a/util/mk1mf.pl b/util/mk1mf.pl index e14391164f..4e768fa568 100755 --- a/util/mk1mf.pl +++ b/util/mk1mf.pl @@ -222,7 +222,7 @@ $cflags.=" -DOPENSSL_NO_MD4" if $no_md4; $cflags.=" -DOPENSSL_NO_MD5" if $no_md5; $cflags.=" -DOPENSSL_NO_SHA" if $no_sha; $cflags.=" -DOPENSSL_NO_SHA1" if $no_sha1; -$cflags.=" -DOPENSSL_NO_RIPEMD" if $no_rmd160; +$cflags.=" -DOPENSSL_NO_RIPEMD" if $no_ripemd; $cflags.=" -DOPENSSL_NO_MDC2" if $no_mdc2; $cflags.=" -DOPENSSL_NO_BF" if $no_bf; $cflags.=" -DOPENSSL_NO_CAST" if $no_cast; @@ -714,7 +714,7 @@ sub var_add @a=grep(!/(^md2)|(_md2$)/,@a) if $no_md2; @a=grep(!/(^md4)|(_md4$)/,@a) if $no_md4; @a=grep(!/(^md5)|(_md5$)/,@a) if $no_md5; - @a=grep(!/(rmd)|(ripemd)/,@a) if $no_rmd160; + @a=grep(!/(rmd)|(ripemd)/,@a) if $no_ripemd; @a=grep(!/(^d2i_r_)|(^i2d_r_)/,@a) if $no_rsa; @a=grep(!/(^p_open$)|(^p_seal$)/,@a) if $no_rsa; @@ -941,7 +941,7 @@ sub read_options elsif (/^just-ssl$/) { $no_rc2=$no_idea=$no_des=$no_bf=$no_cast=1; $no_md2=$no_sha=$no_mdc2=$no_dsa=$no_dh=1; - $no_ssl2=$no_err=$no_rmd160=$no_rc5=1; + $no_ssl2=$no_err=$no_ripemd=$no_rc5=1; $no_aes=1; } elsif (/^rsaref$/) { } From e270cf9c5ec253ca74a55ab6d537394e764c4d9a Mon Sep 17 00:00:00 2001 From: Richard Levitte Date: Fri, 14 Feb 2003 05:24:22 +0000 Subject: [PATCH 081/393] Pay attention to disabled SSL versions. PR: 500 --- apps/ocsp.c | 9 +++++++++ 1 file changed, 9 insertions(+) diff --git a/apps/ocsp.c b/apps/ocsp.c index 6182410f6a..f05ec0e655 100644 --- a/apps/ocsp.c +++ b/apps/ocsp.c @@ -738,7 +738,16 @@ int MAIN(int argc, char **argv) if (use_ssl == 1) { BIO *sbio; +#if !defined(OPENSSL_NO_SSL2) && !defined(OPENSSL_NO_SSL3) ctx = SSL_CTX_new(SSLv23_client_method()); +#elif !defined(OPENSSL_NO_SSL3) + ctx = SSL_CTX_new(SSLv3_client_method()); +#elif !defined(OPENSSL_NO_SSL2) + ctx = SSL_CTX_new(SSLv2_client_method()); +#else + BIO_printf(bio_err, "SSL is disabled\n"); + goto end; +#endif SSL_CTX_set_mode(ctx, SSL_MODE_AUTO_RETRY); sbio = BIO_new_ssl(ctx, 1); cbio = BIO_push(sbio, cbio); From 794a386af3cf5617929f3c689b2caf7c5b34f2f7 Mon Sep 17 00:00:00 2001 From: Richard Levitte Date: Fri, 14 Feb 2003 08:56:21 +0000 Subject: [PATCH 082/393] Update linux-mips and linux-mipsel to support threads and shared libraries. I also updated the bn_ops field with values taken from OpenBSD-mips. PR: 498 --- Configure | 4 ++-- 1 file changed, 2 insertions(+), 2 deletions(-) diff --git a/Configure b/Configure index 0f270d72ea..1230958527 100755 --- a/Configure +++ b/Configure @@ -383,8 +383,8 @@ my %table=( "debug-linux-elf","gcc:-DBN_DEBUG -DREF_CHECK -DCONF_DEBUG -DBN_CTX_DEBUG -DCRYPTO_MDEBUG -DL_ENDIAN -DTERMIO -g -m486 -Wall::-D_REENTRANT::-lefence -ldl:BN_LLONG ${x86_gcc_des} ${x86_gcc_opts}:${x86_elf_asm}:dlfcn:linux-shared:-fPIC::.so.\$(SHLIB_MAJOR).\$(SHLIB_MINOR)", "debug-linux-elf-noefence","gcc:-DBN_DEBUG -DREF_CHECK -DCONF_DEBUG -DBN_CTX_DEBUG -DCRYPTO_MDEBUG -DL_ENDIAN -DTERMIO -g -m486 -Wall::-D_REENTRANT::-ldl:BN_LLONG ${x86_gcc_des} ${x86_gcc_opts}:${x86_elf_asm}:dlfcn", "linux-aout", "gcc:-DL_ENDIAN -DTERMIO -O3 -fomit-frame-pointer -m486 -Wall::(unknown):::BN_LLONG ${x86_gcc_des} ${x86_gcc_opts}:${x86_out_asm}", -"linux-mipsel", "gcc:-DL_ENDIAN -DTERMIO -O3 -fomit-frame-pointer -Wall::(unknown):::BN_LLONG:::", -"linux-mips", "gcc:-DB_ENDIAN -DTERMIO -O3 -fomit-frame-pointer -Wall::(unknown):::BN_LLONG:::", +"linux-mipsel", "gcc:-DL_ENDIAN -DTERMIO -O3 -fomit-frame-pointer -Wall::-D_REENTRANT::-ldl:BN_LLONG RC2_CHAR RC4_INDEX DES_INT DES_UNROLL DES_RISC2::::::::::dlfcn:linux-shared:-fPIC::.so.\$(SHLIB_MAJOR).\$(SHLIB_MINOR)", +"linux-mips", "gcc:-DB_ENDIAN -DTERMIO -O3 -fomit-frame-pointer -Wall::-D_REENTRANT::-ldl:BN_LLONG RC2_CHAR RC4_INDEX DES_INT DES_UNROLL DES_RISC2::::::::::dlfcn:linux-shared:-fPIC::.so.\$(SHLIB_MAJOR).\$(SHLIB_MINOR)", "linux-ppc", "gcc:-DB_ENDIAN -DTERMIO -O3 -fomit-frame-pointer -Wall::-D_REENTRANT::-ldl:BN_LLONG RC4_CHAR RC4_CHUNK DES_RISC1 DES_UNROLL::::::::::dlfcn:linux-shared:-fPIC::.so.\$(SHLIB_MAJOR).\$(SHLIB_MINOR)", "linux-m68k", "gcc:-DB_ENDIAN -DTERMIO -O2 -fomit-frame-pointer -Wall::-D_REENTRANT:::BN_LLONG::", "linux-s390", "gcc:-DB_ENDIAN -DTERMIO -DNO_ASM -O3 -fomit-frame-pointer -Wall::-D_REENTRANT::-ldl:BN_LLONG::::::::::dlfcn:linux-shared:-fPIC::.so.\$(SHLIB_MAJOR).\$(SHLIB_MINOR)", From c1269c81fd52a031595ec69a4a88ed80df100008 Mon Sep 17 00:00:00 2001 From: Richard Levitte Date: Fri, 14 Feb 2003 13:12:00 +0000 Subject: [PATCH 083/393] Handle krb5 libraries separately and make sure only libssl.so depends on it. --- Configure | 4 ++-- Makefile.org | 6 +++++- apps/Makefile.ssl | 1 + test/Makefile.ssl | 3 +++ 4 files changed, 11 insertions(+), 3 deletions(-) diff --git a/Configure b/Configure index 1230958527..3b649de252 100755 --- a/Configure +++ b/Configure @@ -650,6 +650,7 @@ my $openssl_thread_defines; my $openssl_sys_defines=""; my $openssl_other_defines; my $libs; +my $libkrb5=""; my $target; my $options; my $symlink; @@ -1037,8 +1038,6 @@ else $withargs{"krb5-include"} = "-I".$withargs{"krb5-dir"}."/include" if $withargs{"krb5-include"} eq "" && $withargs{"krb5-dir"} ne ""; - - $libs.=$withargs{"krb5-lib"}." " if $withargs{"krb5-lib"} ne ""; } # The DSO code currently always implements all functions so that no @@ -1273,6 +1272,7 @@ while () s/^ARFLAGS=.*/ARFLAGS= $arflags/; s/^PERL=.*/PERL= $perl/; s/^KRB5_INCLUDES=.*/KRB5_INCLUDES=$withargs{"krb5-include"}/; + s/^LIBKRB5=.*/LIBKRB5=$withargs{"krb5-lib"}/; s/^SHLIB_TARGET=.*/SHLIB_TARGET=$shared_target/; s/^SHLIB_MARK=.*/SHLIB_MARK=$shared_mark/; s/^SHARED_LIBS=.*/SHARED_LIBS=\$(SHARED_CRYPTO) \$(SHARED_SSL)/ if (!$no_shared); diff --git a/Makefile.org b/Makefile.org index 847bcebad1..1baf7e8b44 100644 --- a/Makefile.org +++ b/Makefile.org @@ -167,6 +167,7 @@ RMD160_ASM_OBJ= asm/rm86-out.o # KRB5 stuff KRB5_INCLUDES= +LIBKRB5= DIRS= crypto ssl engines apps test tools SHLIBDIRS= crypto ssl @@ -280,6 +281,9 @@ build-shared: do_$(SHLIB_TARGET) link-shared do_$(SHLIB_TARGET): @ libs='-L. ${SHLIBDEPS}'; for i in ${SHLIBDIRS}; do \ + if [ "${SHLIBDIRS}" = "ssl" -a -n "$(LIBKRB5)" ]; then \ + libs="$(LIBKRB5) $$libs"; \ + fi; \ $(NEWMAKE) -f Makefile.shared \ CC="$(CC)" LDFLAGS="$(LDFLAGS)" \ SHARED_LDFLAGS="$(SHARED_LDFLAGS)" \ @@ -288,7 +292,7 @@ do_$(SHLIB_TARGET): LIBDEPS="$$libs $(EX_LIBS)" \ LIBRPATH="$(INSTALLTOP)/lib" \ link_a.$(SHLIB_TARGET); \ - libs="$$libs -l$$i"; \ + libs="-l$$i $$libs"; \ done openssl.pc: Makefile.ssl diff --git a/apps/Makefile.ssl b/apps/Makefile.ssl index af0002341a..7dce73d610 100644 --- a/apps/Makefile.ssl +++ b/apps/Makefile.ssl @@ -19,6 +19,7 @@ PERL= perl RM= rm -f # KRB5 stuff KRB5_INCLUDES= +LIBKRB5= PEX_LIBS= EX_LIBS= diff --git a/test/Makefile.ssl b/test/Makefile.ssl index a75727b066..344d21ef85 100644 --- a/test/Makefile.ssl +++ b/test/Makefile.ssl @@ -16,6 +16,9 @@ MAKE= $(NEWMAKE) -f $(MAKEFILE) MAKEDEPPROG= makedepend MAKEDEPEND= $(TOP)/util/domd $(TOP) -MD $(MAKEDEPPROG) PERL= perl +# KRB5 stuff +KRB5_INCLUDES= +LIBKRB5= PEX_LIBS= EX_LIBS= #-lnsl -lsocket From b7bbac72c42bec0f8bf3d7cd96ee10cd54f66c2f Mon Sep 17 00:00:00 2001 From: Richard Levitte Date: Fri, 14 Feb 2003 13:30:35 +0000 Subject: [PATCH 084/393] Add support for IA64. PR: 454 --- CHANGES | 3 +++ Configure | 1 + config | 1 + 3 files changed, 5 insertions(+) diff --git a/CHANGES b/CHANGES index 4439a673a9..1bfbb2741f 100644 --- a/CHANGES +++ b/CHANGES @@ -425,6 +425,9 @@ TODO: bug: pad x with leading zeros if necessary Changes between 0.9.7 and 0.9.7a [XX xxx 2003] + *) Add support for FreeBSD on IA64. + [dirk.meyer@dinoex.sub.org via Richard Levitte, resolves #454] + *) Adjust DES_cbc_cksum() so it returns the same value as the MIT Kerberos function mit_des_cbc_cksum(). Before this change, the value returned by DES_cbc_cksum() was like the one from diff --git a/Configure b/Configure index 3b649de252..717d79a801 100755 --- a/Configure +++ b/Configure @@ -396,6 +396,7 @@ my %table=( "NetBSD-x86", "gcc:-DTERMIOS -O3 -fomit-frame-pointer -m486 -Wall::(unknown):::BN_LLONG ${x86_gcc_des} ${x86_gcc_opts}::::::::::dlfcn:bsd-gcc-shared:-fPIC::.so.\$(SHLIB_MAJOR).\$(SHLIB_MINOR)", "FreeBSD-elf", "gcc:-DTERMIOS -DL_ENDIAN -fomit-frame-pointer -O3 -m486 -Wall::-pthread -D_REENTRANT -D_THREAD_SAFE -D_THREADSAFE:::BN_LLONG ${x86_gcc_des} ${x86_gcc_opts}:${x86_elf_asm}:dlfcn:bsd-gcc-shared:-fPIC::.so.\$(SHLIB_MAJOR).\$(SHLIB_MINOR)", "FreeBSD-sparc64","gcc:-DB_ENDIAN -DTERMIOS -O3 -fomit-frame-pointer::-pthread -D_REENTRANT -D_THREAD_SAFE -D_THREADSAFE:::SIXTY_FOUR_BIT_LONG DES_INT DES_PTR DES_RISC2 BF_PTR::::::::::dlfcn:bsd-gcc-shared:-fPIC::.so.\$(SHLIB_MAJOR).\$(SHLIB_MINOR)", +"FreeBSD-ia64","gcc:-DL_ENDIAN -DTERMIOS -O -fomit-frame-pointer::(unknown):::SIXTY_FOUR_BIT_LONG RC4_CHUNK RC4_CHAR:asm/ia64-cpp.o:::::::::dlfcn:bsd-gcc-shared:-fPIC::.so.\$(SHLIB_MAJOR).\$(SHLIB_MINOR)", "FreeBSD", "gcc:-DTERMIOS -DL_ENDIAN -fomit-frame-pointer -O3 -m486 -Wall::(unknown):::BN_LLONG ${x86_gcc_des} ${x86_gcc_opts}:${x86_out_asm}", "bsdi-gcc", "gcc:-O3 -ffast-math -DL_ENDIAN -DPERL5 -m486::(unknown):::RSA_LLONG ${x86_gcc_des} ${x86_gcc_opts}:${x86_bsdi_asm}", "bsdi-elf-gcc", "gcc:-DPERL5 -DL_ENDIAN -fomit-frame-pointer -O3 -m486 -Wall::(unknown)::-ldl:BN_LLONG ${x86_gcc_des} ${x86_gcc_opts}:${x86_elf_asm}:dlfcn:bsd-gcc-shared:-fPIC::.so.\$(SHLIB_MAJOR).\$(SHLIB_MINOR)", diff --git a/config b/config index 72905c90ed..7bbd1c2489 100755 --- a/config +++ b/config @@ -641,6 +641,7 @@ EOF *-*-sunos4) OUT="sunos-$CC" ;; alpha*-*-freebsd*) OUT="FreeBSD-alpha" ;; sparc64-*-freebsd*) OUT="FreeBSD-sparc64" ;; + ia64-*-freebsd*) OUT="FreeBSD-ia64" ;; *-freebsd[3-9]*) OUT="FreeBSD-elf" ;; *-freebsd[1-2]*) OUT="FreeBSD" ;; *86*-*-netbsd) OUT="NetBSD-x86" ;; From ffa49dc3d98b08db46522781f7537155e00d44d7 Mon Sep 17 00:00:00 2001 From: =?UTF-8?q?Bodo=20M=C3=B6ller?= Date: Fri, 14 Feb 2003 14:21:58 +0000 Subject: [PATCH 085/393] make update --- TABLE | 53 ++++++++++++++++++++++++++++++++++++------------- util/libeay.num | 3 +++ 2 files changed, 42 insertions(+), 14 deletions(-) diff --git a/TABLE b/TABLE index bf14584c2c..e029431f0b 100644 --- a/TABLE +++ b/TABLE @@ -225,6 +225,31 @@ $shared_extension = .so.$(SHLIB_MAJOR).$(SHLIB_MINOR) $ranlib = $arflags = +*** FreeBSD-ia64 +$cc = gcc +$cflags = -DL_ENDIAN -DTERMIOS -O -fomit-frame-pointer +$unistd = +$thread_cflag = (unknown) +$sys_id = +$lflags = +$bn_ops = SIXTY_FOUR_BIT_LONG RC4_CHUNK RC4_CHAR +$bn_obj = asm/ia64-cpp.o +$des_obj = +$bf_obj = +$md5_obj = +$sha1_obj = +$cast_obj = +$rc4_obj = +$rmd160_obj = +$rc5_obj = +$dso_scheme = dlfcn +$shared_target= bsd-gcc-shared +$shared_cflag = -fPIC +$shared_ldflag = +$shared_extension = .so.$(SHLIB_MAJOR).$(SHLIB_MINOR) +$ranlib = +$arflags = + *** FreeBSD-sparc64 $cc = gcc $cflags = -DB_ENDIAN -DTERMIOS -O3 -fomit-frame-pointer @@ -3104,10 +3129,10 @@ $arflags = $cc = gcc $cflags = -DB_ENDIAN -DTERMIO -O3 -fomit-frame-pointer -Wall $unistd = -$thread_cflag = (unknown) +$thread_cflag = -D_REENTRANT $sys_id = -$lflags = -$bn_ops = BN_LLONG +$lflags = -ldl +$bn_ops = BN_LLONG RC2_CHAR RC4_INDEX DES_INT DES_UNROLL DES_RISC2 $bn_obj = $des_obj = $bf_obj = @@ -3117,11 +3142,11 @@ $cast_obj = $rc4_obj = $rmd160_obj = $rc5_obj = -$dso_scheme = -$shared_target= -$shared_cflag = +$dso_scheme = dlfcn +$shared_target= linux-shared +$shared_cflag = -fPIC $shared_ldflag = -$shared_extension = +$shared_extension = .so.$(SHLIB_MAJOR).$(SHLIB_MINOR) $ranlib = $arflags = @@ -3129,10 +3154,10 @@ $arflags = $cc = gcc $cflags = -DL_ENDIAN -DTERMIO -O3 -fomit-frame-pointer -Wall $unistd = -$thread_cflag = (unknown) +$thread_cflag = -D_REENTRANT $sys_id = -$lflags = -$bn_ops = BN_LLONG +$lflags = -ldl +$bn_ops = BN_LLONG RC2_CHAR RC4_INDEX DES_INT DES_UNROLL DES_RISC2 $bn_obj = $des_obj = $bf_obj = @@ -3142,11 +3167,11 @@ $cast_obj = $rc4_obj = $rmd160_obj = $rc5_obj = -$dso_scheme = -$shared_target= -$shared_cflag = +$dso_scheme = dlfcn +$shared_target= linux-shared +$shared_cflag = -fPIC $shared_ldflag = -$shared_extension = +$shared_extension = .so.$(SHLIB_MAJOR).$(SHLIB_MINOR) $ranlib = $arflags = diff --git a/util/libeay.num b/util/libeay.num index efaf93c942..bfddc357f1 100755 --- a/util/libeay.num +++ b/util/libeay.num @@ -2996,3 +2996,6 @@ BN_generate_prime_ex 3430 EXIST::FUNCTION: DH_generate_parameters_ex 3431 EXIST::FUNCTION:DH BN_is_prime_fasttest_ex 3432 EXIST::FUNCTION: ENGINE_load_gmp 3433 EXIST::FUNCTION:ENGINE,STATIC_ENGINE +a2i_IPADDRESS 3434 EXIST::FUNCTION: +ENGINE_setup_bsd_cryptodev 3435 EXIST:__FreeBSD__:FUNCTION:ENGINE +EC_GROUP_have_precompute_mult 3436 EXIST::FUNCTION:EC From 79221bc26587c2f58c7198cc73d89eda6bdd6025 Mon Sep 17 00:00:00 2001 From: Geoff Thorpe Date: Fri, 14 Feb 2003 23:21:19 +0000 Subject: [PATCH 086/393] David Brumley noted and corrected a case in the verification step of CRT private key operations in the RSA code - previously no montgomery form was checked or used for 'n', and so it would be generated on the fly each time. As a result, private key operations are now a percent or two faster. Rather than adding this as another repetition of the nearly-identical montgomery "check for first-use" initialisation code blocks, I've taken this chance to create a helper function and macro-wrapper to replace them. PR: 475 --- crypto/rsa/rsa_eay.c | 145 ++++++++++++++----------------------------- 1 file changed, 45 insertions(+), 100 deletions(-) diff --git a/crypto/rsa/rsa_eay.c b/crypto/rsa/rsa_eay.c index d4e30647d1..04cefd38b7 100644 --- a/crypto/rsa/rsa_eay.c +++ b/crypto/rsa/rsa_eay.c @@ -100,6 +100,43 @@ const RSA_METHOD *RSA_PKCS1_SSLeay(void) return(&rsa_pkcs1_eay_meth); } +/* Static helper to reduce oodles of code duplication. As a slight + * optimisation, the "MONT_HELPER() macro must be used as front-end to this + * function, to prevent unnecessary function calls - there is an initial test + * that is performed by the macro-generated code. */ +static int rsa_eay_mont_helper(BN_MONT_CTX **ptr, const BIGNUM *modulus, BN_CTX *ctx) + { + BN_MONT_CTX *bn_mont_ctx; + if((bn_mont_ctx = BN_MONT_CTX_new()) == NULL) + return 0; + if(!BN_MONT_CTX_set(bn_mont_ctx, modulus, ctx)) + { + BN_MONT_CTX_free(bn_mont_ctx); + return 0; + } + if (*ptr == NULL) /* other thread may have finished first */ + { + CRYPTO_w_lock(CRYPTO_LOCK_RSA); + if (*ptr == NULL) /* check again in the lock to stop races */ + { + *ptr = bn_mont_ctx; + bn_mont_ctx = NULL; + } + CRYPTO_w_unlock(CRYPTO_LOCK_RSA); + } + if (bn_mont_ctx) + BN_MONT_CTX_free(bn_mont_ctx); + return 1; + } +/* Usage example; + * MONT_HELPER(rsa, bn_ctx, p, rsa->flags & RSA_FLAG_CACHE_PRIVATE, goto err); + */ +#define MONT_HELPER(rsa, ctx, m, pre_cond, err_instr) \ + if((pre_cond) && ((rsa)->_method_mod_##m == NULL) && \ + !rsa_eay_mont_helper(&((rsa)->_method_mod_##m), \ + (rsa)->m, (ctx))) \ + err_instr + static int RSA_eay_public_encrypt(int flen, const unsigned char *from, unsigned char *to, RSA *rsa, int padding) { @@ -149,30 +186,8 @@ static int RSA_eay_public_encrypt(int flen, const unsigned char *from, goto err; } - if ((rsa->_method_mod_n == NULL) && (rsa->flags & RSA_FLAG_CACHE_PUBLIC)) - { - BN_MONT_CTX* bn_mont_ctx; - if ((bn_mont_ctx=BN_MONT_CTX_new()) == NULL) - goto err; - if (!BN_MONT_CTX_set(bn_mont_ctx,rsa->n,ctx)) - { - BN_MONT_CTX_free(bn_mont_ctx); - goto err; - } - if (rsa->_method_mod_n == NULL) /* other thread may have finished first */ - { - CRYPTO_w_lock(CRYPTO_LOCK_RSA); - if (rsa->_method_mod_n == NULL) - { - rsa->_method_mod_n = bn_mont_ctx; - bn_mont_ctx = NULL; - } - CRYPTO_w_unlock(CRYPTO_LOCK_RSA); - } - if (bn_mont_ctx) - BN_MONT_CTX_free(bn_mont_ctx); - } - + MONT_HELPER(rsa, ctx, n, rsa->flags & RSA_FLAG_CACHE_PUBLIC, goto err); + if (!rsa->meth->bn_mod_exp(&ret,&f,rsa->e,rsa->n,ctx, rsa->_method_mod_n)) goto err; @@ -418,31 +433,8 @@ static int RSA_eay_public_decrypt(int flen, const unsigned char *from, goto err; } - /* do the decrypt */ - if ((rsa->_method_mod_n == NULL) && (rsa->flags & RSA_FLAG_CACHE_PUBLIC)) - { - BN_MONT_CTX* bn_mont_ctx; - if ((bn_mont_ctx=BN_MONT_CTX_new()) == NULL) - goto err; - if (!BN_MONT_CTX_set(bn_mont_ctx,rsa->n,ctx)) - { - BN_MONT_CTX_free(bn_mont_ctx); - goto err; - } - if (rsa->_method_mod_n == NULL) /* other thread may have finished first */ - { - CRYPTO_w_lock(CRYPTO_LOCK_RSA); - if (rsa->_method_mod_n == NULL) - { - rsa->_method_mod_n = bn_mont_ctx; - bn_mont_ctx = NULL; - } - CRYPTO_w_unlock(CRYPTO_LOCK_RSA); - } - if (bn_mont_ctx) - BN_MONT_CTX_free(bn_mont_ctx); - } - + MONT_HELPER(rsa, ctx, n, rsa->flags & RSA_FLAG_CACHE_PUBLIC, goto err); + if (!rsa->meth->bn_mod_exp(&ret,&f,rsa->e,rsa->n,ctx, rsa->_method_mod_n)) goto err; @@ -487,57 +479,10 @@ static int RSA_eay_mod_exp(BIGNUM *r0, const BIGNUM *I, RSA *rsa) BN_init(&vrfy); if ((ctx=BN_CTX_new()) == NULL) goto err; - if (rsa->flags & RSA_FLAG_CACHE_PRIVATE) - { - if (rsa->_method_mod_p == NULL) - { - BN_MONT_CTX* bn_mont_ctx; - if ((bn_mont_ctx=BN_MONT_CTX_new()) == NULL) - goto err; - if (!BN_MONT_CTX_set(bn_mont_ctx,rsa->p,ctx)) - { - BN_MONT_CTX_free(bn_mont_ctx); - goto err; - } - if (rsa->_method_mod_p == NULL) /* other thread may have finished first */ - { - CRYPTO_w_lock(CRYPTO_LOCK_RSA); - if (rsa->_method_mod_p == NULL) - { - rsa->_method_mod_p = bn_mont_ctx; - bn_mont_ctx = NULL; - } - CRYPTO_w_unlock(CRYPTO_LOCK_RSA); - } - if (bn_mont_ctx) - BN_MONT_CTX_free(bn_mont_ctx); - } + MONT_HELPER(rsa, ctx, p, rsa->flags & RSA_FLAG_CACHE_PRIVATE, goto err); + MONT_HELPER(rsa, ctx, q, rsa->flags & RSA_FLAG_CACHE_PRIVATE, goto err); + MONT_HELPER(rsa, ctx, n, rsa->flags & RSA_FLAG_CACHE_PRIVATE, goto err); - if (rsa->_method_mod_q == NULL) - { - BN_MONT_CTX* bn_mont_ctx; - if ((bn_mont_ctx=BN_MONT_CTX_new()) == NULL) - goto err; - if (!BN_MONT_CTX_set(bn_mont_ctx,rsa->q,ctx)) - { - BN_MONT_CTX_free(bn_mont_ctx); - goto err; - } - if (rsa->_method_mod_q == NULL) /* other thread may have finished first */ - { - CRYPTO_w_lock(CRYPTO_LOCK_RSA); - if (rsa->_method_mod_q == NULL) - { - rsa->_method_mod_q = bn_mont_ctx; - bn_mont_ctx = NULL; - } - CRYPTO_w_unlock(CRYPTO_LOCK_RSA); - } - if (bn_mont_ctx) - BN_MONT_CTX_free(bn_mont_ctx); - } - } - if (!BN_mod(&r1,I,rsa->q,ctx)) goto err; if (!rsa->meth->bn_mod_exp(&m1,&r1,rsa->dmq1,rsa->q,ctx, rsa->_method_mod_q)) goto err; @@ -568,7 +513,7 @@ static int RSA_eay_mod_exp(BIGNUM *r0, const BIGNUM *I, RSA *rsa) if (rsa->e && rsa->n) { - if (!rsa->meth->bn_mod_exp(&vrfy,r0,rsa->e,rsa->n,ctx,NULL)) goto err; + if (!rsa->meth->bn_mod_exp(&vrfy,r0,rsa->e,rsa->n,ctx,rsa->_method_mod_n)) goto err; /* If 'I' was greater than (or equal to) rsa->n, the operation * will be equivalent to using 'I mod n'. However, the result of * the verify will *always* be less than 'n' so we don't check From b12753dffcf096c7d7110397ea9905b07a2ed573 Mon Sep 17 00:00:00 2001 From: Geoff Thorpe Date: Sat, 15 Feb 2003 00:18:38 +0000 Subject: [PATCH 087/393] We cache a montgomery form for 'n' if the PUBLIC flag is set, not PRIVATE. Also, I've added handling for other mod_exp calls that were not using any cached montgomery forms. These cases matter only for special RSA keys (eg. ones that are missing information) so are unlikely to be used in normal circumstances. --- crypto/rsa/rsa_eay.c | 13 +++++++++---- 1 file changed, 9 insertions(+), 4 deletions(-) diff --git a/crypto/rsa/rsa_eay.c b/crypto/rsa/rsa_eay.c index 04cefd38b7..24c77699fe 100644 --- a/crypto/rsa/rsa_eay.c +++ b/crypto/rsa/rsa_eay.c @@ -269,7 +269,9 @@ static int RSA_eay_private_encrypt(int flen, const unsigned char *from, { if (!rsa->meth->rsa_mod_exp(&ret,&f,rsa)) goto err; } else { - if (!rsa->meth->bn_mod_exp(&ret,&f,rsa->d,rsa->n,ctx,NULL)) goto err; + MONT_HELPER(rsa, ctx, n, rsa->flags & RSA_FLAG_CACHE_PUBLIC, goto err); + if (!rsa->meth->bn_mod_exp(&ret,&f,rsa->d,rsa->n,ctx, + rsa->_method_mod_n)) goto err; } if (rsa->flags & RSA_FLAG_BLINDING) @@ -349,7 +351,9 @@ static int RSA_eay_private_decrypt(int flen, const unsigned char *from, { if (!rsa->meth->rsa_mod_exp(&ret,&f,rsa)) goto err; } else { - if (!rsa->meth->bn_mod_exp(&ret,&f,rsa->d,rsa->n,ctx,NULL)) + MONT_HELPER(rsa, ctx, n, rsa->flags & RSA_FLAG_CACHE_PUBLIC, goto err); + if (!rsa->meth->bn_mod_exp(&ret,&f,rsa->d,rsa->n,ctx, + rsa->_method_mod_n)) goto err; } @@ -481,7 +485,7 @@ static int RSA_eay_mod_exp(BIGNUM *r0, const BIGNUM *I, RSA *rsa) MONT_HELPER(rsa, ctx, p, rsa->flags & RSA_FLAG_CACHE_PRIVATE, goto err); MONT_HELPER(rsa, ctx, q, rsa->flags & RSA_FLAG_CACHE_PRIVATE, goto err); - MONT_HELPER(rsa, ctx, n, rsa->flags & RSA_FLAG_CACHE_PRIVATE, goto err); + MONT_HELPER(rsa, ctx, n, rsa->flags & RSA_FLAG_CACHE_PUBLIC, goto err); if (!BN_mod(&r1,I,rsa->q,ctx)) goto err; if (!rsa->meth->bn_mod_exp(&m1,&r1,rsa->dmq1,rsa->q,ctx, @@ -526,7 +530,8 @@ static int RSA_eay_mod_exp(BIGNUM *r0, const BIGNUM *I, RSA *rsa) /* 'I' and 'vrfy' aren't congruent mod n. Don't leak * miscalculated CRT output, just do a raw (slower) * mod_exp and return that instead. */ - if (!rsa->meth->bn_mod_exp(r0,I,rsa->d,rsa->n,ctx,NULL)) goto err; + if (!rsa->meth->bn_mod_exp(r0,I,rsa->d,rsa->n,ctx, + rsa->_method_mod_n)) goto err; } ret=1; err: From 27068df7e05d5d3cadd4b0f10762b32cf8b01beb Mon Sep 17 00:00:00 2001 From: "Dr. Stephen Henson" Date: Sat, 15 Feb 2003 00:50:55 +0000 Subject: [PATCH 088/393] Single pass processing to cleartext S/MIME signing. --- CHANGES | 11 ++++++++ apps/smime.c | 12 ++++++--- crypto/pkcs7/pk7_mime.c | 56 +++++++++++++++++++++++++++++++++++----- crypto/pkcs7/pk7_smime.c | 22 +++++++++------- crypto/pkcs7/pkcs7.h | 1 + 5 files changed, 82 insertions(+), 20 deletions(-) diff --git a/CHANGES b/CHANGES index 1bfbb2741f..aab19157d6 100644 --- a/CHANGES +++ b/CHANGES @@ -4,6 +4,17 @@ Changes between 0.9.7a and 0.9.8 [xx XXX xxxx] + *) Support for single pass processing for S/MIME signing. This now + means that S/MIME signing can be done from a pipe, in addition + cleartext signing (multipart/signed type) is effectively streaming + and the signed data does not need to be all held in memory. + + This is done with a new flag PKCS7_PARTSIGN. When this flag is set + PKCS7_sign() only initializes the PKCS7 structure and the actual signing + is done after the data is output (and digests calculated) in + SMIME_write_PKCS7(). + [Steve Henson] + *) Add full support for -rpath/-R, both in shared libraries and applications, at least on the platforms where it's known how to do it. diff --git a/apps/smime.c b/apps/smime.c index cc248d377b..83daa71ca1 100644 --- a/apps/smime.c +++ b/apps/smime.c @@ -1,9 +1,9 @@ /* smime.c */ /* Written by Dr Stephen N Henson (shenson@bigfoot.com) for the OpenSSL - * project 1999. + * project. */ /* ==================================================================== - * Copyright (c) 1999 The OpenSSL Project. All rights reserved. + * Copyright (c) 1999-2003 The OpenSSL Project. All rights reserved. * * Redistribution and use in source and binary forms, with or without * modification, are permitted provided that the following conditions @@ -478,8 +478,14 @@ int MAIN(int argc, char **argv) if(operation == SMIME_ENCRYPT) { p7 = PKCS7_encrypt(encerts, in, cipher, flags); } else if(operation == SMIME_SIGN) { + /* If detached data and SMIME output enable partial + * signing. + */ + if ((flags & PKCS7_DETACHED) && (outformat == FORMAT_SMIME)) + flags |= PKCS7_PARTSIGN; p7 = PKCS7_sign(signer, key, other, in, flags); - if (BIO_reset(in) != 0 && (flags & PKCS7_DETACHED)) { + /* Don't need to rewind for partial signing */ + if (!(flags & PKCS7_PARTSIGN) && (BIO_reset(in) != 0)) { BIO_printf(bio_err, "Can't rewind input file\n"); goto end; } diff --git a/crypto/pkcs7/pk7_mime.c b/crypto/pkcs7/pk7_mime.c index 5100c84b88..51be777687 100644 --- a/crypto/pkcs7/pk7_mime.c +++ b/crypto/pkcs7/pk7_mime.c @@ -1,9 +1,9 @@ /* pk7_mime.c */ /* Written by Dr Stephen N Henson (shenson@bigfoot.com) for the OpenSSL - * project 1999. + * project. */ /* ==================================================================== - * Copyright (c) 1999 The OpenSSL Project. All rights reserved. + * Copyright (c) 1999-2003 The OpenSSL Project. All rights reserved. * * Redistribution and use in source and binary forms, with or without * modification, are permitted provided that the following conditions @@ -86,6 +86,7 @@ STACK_OF(MIME_PARAM) *params; /* Zero or more parameters */ DECLARE_STACK_OF(MIME_HEADER) IMPLEMENT_STACK_OF(MIME_HEADER) +static int pkcs7_output_data(BIO *bio, BIO *data, PKCS7 *p7, int flags); static int B64_write_PKCS7(BIO *bio, PKCS7 *p7); static PKCS7 *B64_read_PKCS7(BIO *bio); static char * strip_ends(char *name); @@ -150,7 +151,6 @@ static PKCS7 *B64_read_PKCS7(BIO *bio) int SMIME_write_PKCS7(BIO *bio, PKCS7 *p7, BIO *data, int flags) { - char linebuf[MAX_SMLEN]; char bound[33], c; int i; if((flags & PKCS7_DETACHED) && data) { @@ -171,9 +171,9 @@ int SMIME_write_PKCS7(BIO *bio, PKCS7 *p7, BIO *data, int flags) BIO_printf(bio, "This is an S/MIME signed message\n\n"); /* Now write out the first part */ BIO_printf(bio, "------%s\r\n", bound); - if(flags & PKCS7_TEXT) BIO_printf(bio, "Content-Type: text/plain\n\n"); - while((i = BIO_read(data, linebuf, MAX_SMLEN)) > 0) - BIO_write(bio, linebuf, i); + + pkcs7_output_data(bio, data, p7, flags); + BIO_printf(bio, "\n------%s\n", bound); /* Headers for signature */ @@ -195,6 +195,47 @@ int SMIME_write_PKCS7(BIO *bio, PKCS7 *p7, BIO *data, int flags) return 1; } +/* Handle output of PKCS#7 data */ + + +static int pkcs7_output_data(BIO *out, BIO *data, PKCS7 *p7, int flags) + { + BIO *tmpbio, *p7bio; + + if (!(flags & PKCS7_PARTSIGN)) + { + SMIME_crlf_copy(data, out, flags); + return 1; + } + + /* Partial sign operation */ + + /* Initialize sign operation */ + p7bio = PKCS7_dataInit(p7, out); + + /* Copy data across, computing digests etc */ + SMIME_crlf_copy(data, p7bio, flags); + + /* Must be detached */ + PKCS7_set_detached(p7, 1); + + /* Finalize signatures */ + PKCS7_dataFinal(p7, p7bio); + + /* Now remove any digests from output BIO */ + + while (1) + { + tmpbio = BIO_pop(p7bio); + if (tmpbio == out) + break; + BIO_free(tmpbio); + } + + return 1; + + } + /* SMIME reader: handle multipart/signed and opaque signing. * in multipart case the content is placed in a memory BIO * pointed to by "bcont". In opaque this is set to NULL @@ -314,7 +355,8 @@ int SMIME_crlf_copy(BIO *in, BIO *out, int flags) BIO_write(out, linebuf, len); return 1; } - if(flags & PKCS7_TEXT) BIO_printf(out, "Content-Type: text/plain\r\n\r\n"); + if(flags & PKCS7_TEXT) + BIO_printf(out, "Content-Type: text/plain\r\n\r\n"); while ((len = BIO_gets(in, linebuf, MAX_SMLEN)) > 0) { eol = 0; while(iscrlf(linebuf[len - 1])) { diff --git a/crypto/pkcs7/pk7_smime.c b/crypto/pkcs7/pk7_smime.c index f0d071e282..b170fe285d 100644 --- a/crypto/pkcs7/pk7_smime.c +++ b/crypto/pkcs7/pk7_smime.c @@ -1,9 +1,9 @@ /* pk7_smime.c */ /* Written by Dr Stephen N Henson (shenson@bigfoot.com) for the OpenSSL - * project 1999. + * project. */ /* ==================================================================== - * Copyright (c) 1999 The OpenSSL Project. All rights reserved. + * Copyright (c) 1999-2003 The OpenSSL Project. All rights reserved. * * Redistribution and use in source and binary forms, with or without * modification, are permitted provided that the following conditions @@ -97,14 +97,6 @@ PKCS7 *PKCS7_sign(X509 *signcert, EVP_PKEY *pkey, STACK_OF(X509) *certs, PKCS7_add_certificate(p7, sk_X509_value(certs, i)); } - if(!(p7bio = PKCS7_dataInit(p7, NULL))) { - PKCS7err(PKCS7_F_PKCS7_SIGN,ERR_R_MALLOC_FAILURE); - return NULL; - } - - - SMIME_crlf_copy(data, p7bio, flags); - if(!(flags & PKCS7_NOATTR)) { PKCS7_add_signed_attribute(si, NID_pkcs9_contentType, V_ASN1_OBJECT, OBJ_nid2obj(NID_pkcs7_data)); @@ -133,6 +125,16 @@ PKCS7 *PKCS7_sign(X509 *signcert, EVP_PKEY *pkey, STACK_OF(X509) *certs, } } + if (flags & PKCS7_PARTSIGN) + return p7; + + if (!(p7bio = PKCS7_dataInit(p7, NULL))) { + PKCS7err(PKCS7_F_PKCS7_SIGN,ERR_R_MALLOC_FAILURE); + return NULL; + } + + SMIME_crlf_copy(data, p7bio, flags); + if(flags & PKCS7_DETACHED)PKCS7_set_detached(p7, 1); if (!PKCS7_dataFinal(p7,p7bio)) { diff --git a/crypto/pkcs7/pkcs7.h b/crypto/pkcs7/pkcs7.h index 226fb64348..a2956589ab 100644 --- a/crypto/pkcs7/pkcs7.h +++ b/crypto/pkcs7/pkcs7.h @@ -260,6 +260,7 @@ DECLARE_PKCS12_STACK_OF(PKCS7) #define PKCS7_BINARY 0x80 #define PKCS7_NOATTR 0x100 #define PKCS7_NOSMIMECAP 0x200 +#define PKCS7_PARTSIGN 0x400 /* Flags: for compatibility with older code */ From 4cadedef57d790c699bc672cd39a41861590fabc Mon Sep 17 00:00:00 2001 From: "Dr. Stephen Henson" Date: Sat, 15 Feb 2003 01:09:55 +0000 Subject: [PATCH 089/393] Update docs. --- doc/crypto/PKCS7_sign.pod | 24 ++++++++++++++++++++---- doc/crypto/SMIME_write_PKCS7.pod | 14 ++++++++------ 2 files changed, 28 insertions(+), 10 deletions(-) diff --git a/doc/crypto/PKCS7_sign.pod b/doc/crypto/PKCS7_sign.pod index fc7e649b34..ffd0c734b0 100644 --- a/doc/crypto/PKCS7_sign.pod +++ b/doc/crypto/PKCS7_sign.pod @@ -51,6 +51,24 @@ If present the SMIMECapabilities attribute indicates support for the following algorithms: triple DES, 128 bit RC2, 64 bit RC2, DES and 40 bit RC2. If any of these algorithms is disabled then it will not be included. +If the flags B is set then the returned B structure +is just initialized ready to perform the signing operation. The signing +is however B performed and the data to be signed is not read from +the B parameter. Signing is deferred until after the data has been +written. In this way data can be signed in a single pass. Currently the +flag B B also be set. + +=head1 NOTES + +Currently the flag B is only supported for detached +data. If this flag is set the returned B structure is B +complete and outputting its contents via a function that does not +properly finalize the B structure will give unpredictable +results. + +At present only the SMIME_write_PKCS7() function properly finalizes the +structure. + =head1 BUGS PKCS7_sign() is somewhat limited. It does not support multiple signers, some @@ -64,10 +82,6 @@ signed due to memory restraints. There should be a way to sign data without having to hold it all in memory, this would however require fairly major revisions of the OpenSSL ASN1 code. -Clear text signing does not store the content in memory but the way PKCS7_sign() -operates means that two passes of the data must typically be made: one to compute -the signatures and a second to output the data along with the signature. There -should be a way to process the data with only a single pass. =head1 RETURN VALUES @@ -82,4 +96,6 @@ L, L PKCS7_sign() was added to OpenSSL 0.9.5 +The B flag was added in OpenSSL 0.9.8 + =cut diff --git a/doc/crypto/SMIME_write_PKCS7.pod b/doc/crypto/SMIME_write_PKCS7.pod index 2cfad2e049..61945b3887 100644 --- a/doc/crypto/SMIME_write_PKCS7.pod +++ b/doc/crypto/SMIME_write_PKCS7.pod @@ -30,18 +30,20 @@ If the B flag is set MIME headers for type B are added to the content, this only makes sense if B is also set. -If cleartext signing is being used then the data must be read twice: -once to compute the signature in PKCS7_sign() and once to output the -S/MIME message. +If the B flag is set the signed data is finalized +and output along with the content. This flag should only be set +if B is also set and the previous call to PKCS7_sign() +also set these flags. + +If cleartext signing is being used and B not set then +the data must be read twice: once to compute the signature in PKCS7_sign() +and once to output the S/MIME message. =head1 BUGS SMIME_write_PKCS7() always base64 encodes PKCS#7 structures, there should be an option to disable this. -There should really be a way to produce cleartext signing using only -a single pass of the data. - =head1 RETURN VALUES SMIME_write_PKCS7() returns 1 for success or 0 for failure. From b653327d4746cff0906eff8e740622aae4439e80 Mon Sep 17 00:00:00 2001 From: Geoff Thorpe Date: Sat, 15 Feb 2003 20:32:13 +0000 Subject: [PATCH 090/393] Declare prototypes for function pointer types, even if they are likely to be cast later on. --- crypto/engine/engine.h | 8 ++++---- 1 file changed, 4 insertions(+), 4 deletions(-) diff --git a/crypto/engine/engine.h b/crypto/engine/engine.h index f56c1c67ee..d4d08d9629 100644 --- a/crypto/engine/engine.h +++ b/crypto/engine/engine.h @@ -276,11 +276,11 @@ typedef struct ENGINE_CMD_DEFN_st } ENGINE_CMD_DEFN; /* Generic function pointer */ -typedef int (*ENGINE_GEN_FUNC_PTR)(); +typedef int (*ENGINE_GEN_FUNC_PTR)(void); /* Generic function pointer taking no arguments */ typedef int (*ENGINE_GEN_INT_FUNC_PTR)(ENGINE *); /* Specific control function pointer */ -typedef int (*ENGINE_CTRL_FUNC_PTR)(ENGINE *, int, long, void *, void (*f)()); +typedef int (*ENGINE_CTRL_FUNC_PTR)(ENGINE *, int, long, void *, void (*f)(void)); /* Generic load_key function pointer */ typedef EVP_PKEY * (*ENGINE_LOAD_KEY_PTR)(ENGINE *, const char *, UI_METHOD *ui_method, void *callback_data); @@ -397,7 +397,7 @@ int ENGINE_register_all_complete(void); * reference to an engine, but many control commands may require the engine be * functional. The caller should be aware of trying commands that require an * operational ENGINE, and only use functional references in such situations. */ -int ENGINE_ctrl(ENGINE *e, int cmd, long i, void *p, void (*f)()); +int ENGINE_ctrl(ENGINE *e, int cmd, long i, void *p, void (*f)(void)); /* This function tests if an ENGINE-specific command is usable as a "setting". * Eg. in an application's config file that gets processed through @@ -410,7 +410,7 @@ int ENGINE_cmd_is_executable(ENGINE *e, int cmd); * See the comment on ENGINE_ctrl_cmd_string() for an explanation on how to * use the cmd_name and cmd_optional. */ int ENGINE_ctrl_cmd(ENGINE *e, const char *cmd_name, - long i, void *p, void (*f)(), int cmd_optional); + long i, void *p, void (*f)(void), int cmd_optional); /* This function passes a command-name and argument to an ENGINE. The cmd_name * is converted to a command number and the control command is called using From 4879ec7bf3dc684e33f330d8b5b9eed5f4a2c344 Mon Sep 17 00:00:00 2001 From: Geoff Thorpe Date: Sat, 15 Feb 2003 20:38:57 +0000 Subject: [PATCH 091/393] Session cache implementations shouldn't have to access SSL_SESSION elements directly, so this missing functionality is required. PR: 276 --- ssl/ssl.h | 1 + ssl/ssl_sess.c | 7 +++++++ 2 files changed, 8 insertions(+) diff --git a/ssl/ssl.h b/ssl/ssl.h index 97b313fd87..7cd7ece4cd 100644 --- a/ssl/ssl.h +++ b/ssl/ssl.h @@ -1266,6 +1266,7 @@ void SSL_copy_session_id(SSL *to,SSL *from); SSL_SESSION *SSL_SESSION_new(void); unsigned long SSL_SESSION_hash(SSL_SESSION *a); int SSL_SESSION_cmp(SSL_SESSION *a,SSL_SESSION *b); +const unsigned char *SSL_SESSION_get_id(const SSL_SESSION *s, unsigned int *len); #ifndef OPENSSL_NO_FP_API int SSL_SESSION_print_fp(FILE *fp,SSL_SESSION *ses); #endif diff --git a/ssl/ssl_sess.c b/ssl/ssl_sess.c index fbc30b94e6..b4fb90448f 100644 --- a/ssl/ssl_sess.c +++ b/ssl/ssl_sess.c @@ -127,6 +127,13 @@ SSL_SESSION *SSL_SESSION_new(void) return(ss); } +const unsigned char *SSL_SESSION_get_id(const SSL_SESSION *s, unsigned int *len) + { + if(len) + *len = s->session_id_length; + return s->session_id; + } + /* Even with SSLv2, we have 16 bytes (128 bits) of session ID space. SSLv3/TLSv1 * has 32 bytes (256 bits). As such, filling the ID with random gunk repeatedly * until we have no conflict is going to complete in one iteration pretty much From 26e97244588fef483bb905cd7947004fd0cf3569 Mon Sep 17 00:00:00 2001 From: =?UTF-8?q?Bodo=20M=C3=B6ller?= Date: Sun, 16 Feb 2003 20:10:23 +0000 Subject: [PATCH 092/393] Remove "+Olibcalls" option from HPUX targets. Reportedly this option is deprecated, and on some systems "make test" fails if it is included. PR: 495 --- Configure | 8 ++++---- TABLE | 8 ++++---- 2 files changed, 8 insertions(+), 8 deletions(-) diff --git a/Configure b/Configure index 717d79a801..ba190776d6 100755 --- a/Configure +++ b/Configure @@ -270,12 +270,12 @@ my %table=( # # Chris Ruemmler # Kevin Steves -"hpux-parisc-cc","cc:+O3 +Optrs_strongly_typed +Olibcalls -Ae +ESlit -DB_ENDIAN -DBN_DIV2W -DMD32_XARRAY::-D_REENTRANT::-Wl,+s -ldld:MD2_CHAR RC4_INDEX RC4_CHAR DES_UNROLL DES_RISC1 DES_INT::::::::::dl:hpux-shared:+Z::.sl.\$(SHLIB_MAJOR).\$(SHLIB_MINOR)", -"hpux-parisc2-cc","cc:+DA2.0 +DS2.0 +O3 +Optrs_strongly_typed +Olibcalls -Ae +ESlit -DB_ENDIAN -DMD32_XARRAY::-D_REENTRANT::-Wl,+s -ldld:SIXTY_FOUR_BIT MD2_CHAR RC4_INDEX RC4_CHAR DES_UNROLL DES_RISC1 DES_INT:asm/pa-risc2.o:::::::::dl:hpux-shared:+Z::.sl.\$(SHLIB_MAJOR).\$(SHLIB_MINOR)", -"hpux64-parisc2-cc","cc:+DD64 +O3 +Optrs_strongly_typed +Olibcalls -Ae +ESlit -DB_ENDIAN -DMD32_XARRAY::-D_REENTRANT::-ldl:SIXTY_FOUR_BIT_LONG MD2_CHAR RC4_INDEX RC4_CHAR DES_UNROLL DES_RISC1 DES_INT:asm/pa-risc2W.o:::::::::dlfcn:hpux64-shared:+Z::.sl.\$(SHLIB_MAJOR).\$(SHLIB_MINOR)", +"hpux-parisc-cc","cc:+O3 +Optrs_strongly_typed -Ae +ESlit -DB_ENDIAN -DBN_DIV2W -DMD32_XARRAY::-D_REENTRANT::-Wl,+s -ldld:MD2_CHAR RC4_INDEX RC4_CHAR DES_UNROLL DES_RISC1 DES_INT::::::::::dl:hpux-shared:+Z::.sl.\$(SHLIB_MAJOR).\$(SHLIB_MINOR)", +"hpux-parisc2-cc","cc:+DA2.0 +DS2.0 +O3 +Optrs_strongly_typed -Ae +ESlit -DB_ENDIAN -DMD32_XARRAY::-D_REENTRANT::-Wl,+s -ldld:SIXTY_FOUR_BIT MD2_CHAR RC4_INDEX RC4_CHAR DES_UNROLL DES_RISC1 DES_INT:asm/pa-risc2.o:::::::::dl:hpux-shared:+Z::.sl.\$(SHLIB_MAJOR).\$(SHLIB_MINOR)", +"hpux64-parisc2-cc","cc:+DD64 +O3 +Optrs_strongly_typed -Ae +ESlit -DB_ENDIAN -DMD32_XARRAY::-D_REENTRANT::-ldl:SIXTY_FOUR_BIT_LONG MD2_CHAR RC4_INDEX RC4_CHAR DES_UNROLL DES_RISC1 DES_INT:asm/pa-risc2W.o:::::::::dlfcn:hpux64-shared:+Z::.sl.\$(SHLIB_MAJOR).\$(SHLIB_MINOR)", # Isn't the line below meaningless? HP-UX cc optimizes for host by default. # hpux-parisc1_0-cc with +DAportable flag would make more sense. -"hpux-parisc1_1-cc","cc:+DA1.1 +DS1.1 +O3 +Optrs_strongly_typed +Olibcalls -Ae +ESlit -DB_ENDIAN -DMD32_XARRAY::-D_REENTRANT::-Wl,+s -ldld:MD2_CHAR RC4_INDEX RC4_CHAR DES_UNROLL DES_RISC1 DES_INT::::::::::dl:hpux-shared:+Z::.sl.\$(SHLIB_MAJOR).\$(SHLIB_MINOR)", +"hpux-parisc1_1-cc","cc:+DA1.1 +DS1.1 +O3 +Optrs_strongly_typed -Ae +ESlit -DB_ENDIAN -DMD32_XARRAY::-D_REENTRANT::-Wl,+s -ldld:MD2_CHAR RC4_INDEX RC4_CHAR DES_UNROLL DES_RISC1 DES_INT::::::::::dl:hpux-shared:+Z::.sl.\$(SHLIB_MAJOR).\$(SHLIB_MINOR)", # HPUX 9.X config. # Don't use the bundled cc. It is broken. Use HP ANSI C if possible, or diff --git a/TABLE b/TABLE index e029431f0b..0dbd4736ff 100644 --- a/TABLE +++ b/TABLE @@ -2352,7 +2352,7 @@ $arflags = *** hpux-parisc-cc $cc = cc -$cflags = +O3 +Optrs_strongly_typed +Olibcalls -Ae +ESlit -DB_ENDIAN -DBN_DIV2W -DMD32_XARRAY +$cflags = +O3 +Optrs_strongly_typed -Ae +ESlit -DB_ENDIAN -DBN_DIV2W -DMD32_XARRAY $unistd = $thread_cflag = -D_REENTRANT $sys_id = @@ -2427,7 +2427,7 @@ $arflags = *** hpux-parisc1_1-cc $cc = cc -$cflags = +DA1.1 +DS1.1 +O3 +Optrs_strongly_typed +Olibcalls -Ae +ESlit -DB_ENDIAN -DMD32_XARRAY +$cflags = +DA1.1 +DS1.1 +O3 +Optrs_strongly_typed -Ae +ESlit -DB_ENDIAN -DMD32_XARRAY $unistd = $thread_cflag = -D_REENTRANT $sys_id = @@ -2452,7 +2452,7 @@ $arflags = *** hpux-parisc2-cc $cc = cc -$cflags = +DA2.0 +DS2.0 +O3 +Optrs_strongly_typed +Olibcalls -Ae +ESlit -DB_ENDIAN -DMD32_XARRAY +$cflags = +DA2.0 +DS2.0 +O3 +Optrs_strongly_typed -Ae +ESlit -DB_ENDIAN -DMD32_XARRAY $unistd = $thread_cflag = -D_REENTRANT $sys_id = @@ -2652,7 +2652,7 @@ $arflags = *** hpux64-parisc2-cc $cc = cc -$cflags = +DD64 +O3 +Optrs_strongly_typed +Olibcalls -Ae +ESlit -DB_ENDIAN -DMD32_XARRAY +$cflags = +DD64 +O3 +Optrs_strongly_typed -Ae +ESlit -DB_ENDIAN -DMD32_XARRAY $unistd = $thread_cflag = -D_REENTRANT $sys_id = From 758f942b882ce8a9047595512f99a91a43060876 Mon Sep 17 00:00:00 2001 From: Richard Levitte Date: Tue, 18 Feb 2003 12:14:57 +0000 Subject: [PATCH 093/393] Make the no-err option work properly --- CHANGES | 11 +++++++++++ Configure | 5 +++++ crypto/err/err.c | 2 ++ 3 files changed, 18 insertions(+) diff --git a/CHANGES b/CHANGES index aab19157d6..6c07f91248 100644 --- a/CHANGES +++ b/CHANGES @@ -436,6 +436,17 @@ TODO: bug: pad x with leading zeros if necessary Changes between 0.9.7 and 0.9.7a [XX xxx 2003] + *) Make the no-err option work as intended. The intention with no-err + is not to have the whole error stack handling routines removed from + libcrypto, it's only intended to remove all the function name and + reason texts, thereby removing some of the footprint that may not + be interesting if those errors aren't displayed anyway. + + NOTE: it's still possible for any application or module to have it's + own set of error texts inserted. The routines are there, just not + used by default when no-err is given. + [Richard Levitte] + *) Add support for FreeBSD on IA64. [dirk.meyer@dinoex.sub.org via Richard Levitte, resolves #454] diff --git a/Configure b/Configure index ba190776d6..78ad1d8a87 100755 --- a/Configure +++ b/Configure @@ -692,6 +692,11 @@ PROCESS_ARGS: $flags .= "-DOPENSSL_NO_ASM "; $openssl_other_defines .= "#define OPENSSL_NO_ASM\n"; } + elsif (/^no-err$/) + { + $flags .= "-DOPENSSL_NO_ERR "; + $openssl_other_defines .= "#define OPENSSL_NO_ERR\n"; + } elsif (/^no-hw-(.+)$/) { my $hw=$1; diff --git a/crypto/err/err.c b/crypto/err/err.c index 85ff9a52dd..1f943c82a0 100644 --- a/crypto/err/err.c +++ b/crypto/err/err.c @@ -212,6 +212,7 @@ static ERR_STRING_DATA ERR_str_reasons[]= {0,NULL}, }; +#endif /* Define the predeclared (but externally opaque) "ERR_FNS" type */ @@ -492,6 +493,7 @@ static int int_err_get_next_lib(void) } +#ifndef OPENSSL_NO_ERR #define NUM_SYS_STR_REASONS 127 #define LEN_SYS_STR_REASON 32 From 988e8458ad365d61d7554b2d0094e083aa8ee82d Mon Sep 17 00:00:00 2001 From: "Dr. Stephen Henson" Date: Tue, 18 Feb 2003 12:46:47 +0000 Subject: [PATCH 094/393] Typo. --- crypto/asn1/asn1_gen.c | 2 +- 1 file changed, 1 insertion(+), 1 deletion(-) diff --git a/crypto/asn1/asn1_gen.c b/crypto/asn1/asn1_gen.c index 3d9d2ce07b..c162042a0c 100644 --- a/crypto/asn1/asn1_gen.c +++ b/crypto/asn1/asn1_gen.c @@ -597,7 +597,7 @@ static int asn1_str2tag(const char *tagstr, int len) /* SEQUENCE wrapper */ ASN1_GEN_STR("SEQWRAP", ASN1_GEN_FLAG_SEQWRAP), /* SET wrapper */ - ASN1_GEN_STR("SETWRAP", ASN1_GEN_FLAG_SEQWRAP), + ASN1_GEN_STR("SETWRAP", ASN1_GEN_FLAG_SETWRAP), /* BIT STRING wrapper */ ASN1_GEN_STR("BITWRAP", ASN1_GEN_FLAG_BITWRAP), ASN1_GEN_STR("FORM", ASN1_GEN_FLAG_FORMAT), From c893bffae7601a2010ac57212257bd4e9784af6b Mon Sep 17 00:00:00 2001 From: "Dr. Stephen Henson" Date: Wed, 19 Feb 2003 01:04:34 +0000 Subject: [PATCH 095/393] Update debub-steve* entries. --- Configure | 4 ++-- 1 file changed, 2 insertions(+), 2 deletions(-) diff --git a/Configure b/Configure index 78ad1d8a87..3df57f6338 100755 --- a/Configure +++ b/Configure @@ -143,8 +143,8 @@ my %table=( "debug-rse","cc:-DTERMIOS -DL_ENDIAN -pipe -O -g -ggdb3 -Wall::(unknown):::BN_LLONG ${x86_gcc_des} ${x86_gcc_opts}:${x86_elf_asm}", "debug-bodo", "gcc:-DL_ENDIAN -DBN_DEBUG -DREF_CHECK -DCONF_DEBUG -DBN_CTX_DEBUG -DBIO_PAIR_DEBUG -DPEDANTIC -g -m486 -pedantic -Wshadow -Wall::-D_REENTRANT:::BN_LLONG ${x86_gcc_des} ${x86_gcc_opts}:${x86_elf_asm}", "debug-ulf", "gcc:-DL_ENDIAN -DREF_CHECK -DCONF_DEBUG -DBN_DEBUG -DBN_CTX_DEBUG -DCRYPTO_MDEBUG_ALL -g -O2 -m486 -Wall -Werror -Wshadow -pipe::-D_REENTRANT:::${x86_gcc_des} ${x86_gcc_opts}:${x86_elf_asm}", -"debug-steve", "gcc:-DL_ENDIAN -DREF_CHECK -DCONF_DEBUG -DBN_CTX_DEBUG -DDEBUG_SAFESTACK -DCRYPTO_MDEBUG_ALL -DPEDANTIC -g -mcpu=i486 -pedantic -Wall -Werror -Wshadow -pipe::-D_REENTRANT::-rdynamic -ldl:${x86_gcc_des} ${x86_gcc_opts}:${x86_elf_asm}:dlfcn", -"debug-steve-linux-pseudo64", "gcc:-DL_ENDIAN -DREF_CHECK -DCONF_DEBUG -DBN_CTX_DEBUG -DDEBUG_SAFESTACK -DCRYPTO_MDEBUG_ALL -DOPENSSL_NO_ASM -g -mcpu=i486 -Wall -Werror -Wshadow -pipe::-D_REENTRANT::-rdynamic -ldl:SIXTY_FOUR_BIT::dlfcn", +"debug-steve", "gcc:-DL_ENDIAN -DREF_CHECK -DCONF_DEBUG -DBN_CTX_DEBUG -DDEBUG_SAFESTACK -DCRYPTO_MDEBUG_ALL -DPEDANTIC -g -mcpu=i486 -pedantic -Wall -Werror -Wshadow -pipe::-D_REENTRANT::-rdynamic -ldl:${x86_gcc_des} ${x86_gcc_opts}:${x86_elf_asm}:dlfcn:linux-shared", +"debug-steve-linux-pseudo64", "gcc:-DL_ENDIAN -DREF_CHECK -DCONF_DEBUG -DBN_CTX_DEBUG -DDEBUG_SAFESTACK -DCRYPTO_MDEBUG_ALL -DOPENSSL_NO_ASM -g -mcpu=i486 -Wall -Werror -Wshadow -pipe::-D_REENTRANT::-rdynamic -ldl:SIXTY_FOUR_BIT::dlfcn:linux-shared", "debug-levitte-linux-elf","gcc:-DLEVITTE_DEBUG -DREF_CHECK -DCONF_DEBUG -DBN_CTX_DEBUG -DCRYPTO_MDEBUG -DL_ENDIAN -DTERMIO -D_POSIX_SOURCE -DPEDANTIC -ggdb -g3 -mcpu=i486 -pedantic -ansi -Wall -Wshadow -Wcast-align -Wstrict-prototypes -Wmissing-prototypes -Wno-long-long -pipe::-D_REENTRANT::-ldl:BN_LLONG ${x86_gcc_des} ${x86_gcc_opts}:${x86_elf_asm}:dlfcn:linux-shared:-fPIC::.so.\$(SHLIB_MAJOR).\$(SHLIB_MINOR)", "debug-levitte-linux-noasm","gcc:-DLEVITTE_DEBUG -DREF_CHECK -DCONF_DEBUG -DBN_CTX_DEBUG -DCRYPTO_MDEBUG -DOPENSSL_NO_ASM -DL_ENDIAN -DTERMIO -D_POSIX_SOURCE -DPEDANTIC -ggdb -g3 -mcpu=i486 -pedantic -ansi -Wall -Wshadow -Wcast-align -Wstrict-prototypes -Wmissing-prototypes -Wno-long-long -pipe::-D_REENTRANT::-ldl:BN_LLONG ${x86_gcc_des} ${x86_gcc_opts}::::::::::dlfcn:linux-shared:-fPIC::.so.\$(SHLIB_MAJOR).\$(SHLIB_MINOR)", "debug-levitte-linux-elf-extreme","gcc:-DLEVITTE_DEBUG -DREF_CHECK -DCONF_DEBUG -DBN_CTX_DEBUG -DCRYPTO_MDEBUG -DL_ENDIAN -DTERMIO -D_POSIX_SOURCE -DPEDANTIC -ggdb -g3 -mcpu=i486 -pedantic -ansi -Wall -W -Wundef -Wshadow -Wcast-align -Wstrict-prototypes -Wmissing-prototypes -Wconversion -Wno-long-long -pipe::-D_REENTRANT::-ldl:BN_LLONG ${x86_gcc_des} ${x86_gcc_opts}:${x86_elf_asm}:dlfcn:linux-shared:-fPIC::.so.\$(SHLIB_MAJOR).\$(SHLIB_MINOR)", From 77e270d10e4c8ec047ef9080fccc281022ccb840 Mon Sep 17 00:00:00 2001 From: Richard Levitte Date: Wed, 19 Feb 2003 11:22:15 +0000 Subject: [PATCH 096/393] Borland C++ Builder 5 complains about unreachable statements. --- crypto/md2/md2test.c | 1 - 1 file changed, 1 deletion(-) diff --git a/crypto/md2/md2test.c b/crypto/md2/md2test.c index d2f6dce97f..901d0a7d8e 100644 --- a/crypto/md2/md2test.c +++ b/crypto/md2/md2test.c @@ -125,7 +125,6 @@ int main(int argc, char *argv[]) P++; } EXIT(err); - return(0); } static char *pt(unsigned char *md) From d5234c7b3a4ebcd6dcc31a042838d90a27b57c82 Mon Sep 17 00:00:00 2001 From: Richard Levitte Date: Wed, 19 Feb 2003 11:54:42 +0000 Subject: [PATCH 097/393] Make sure the memory allocation routines check for negative sizes --- crypto/mem.c | 10 ++++++++++ 1 file changed, 10 insertions(+) diff --git a/crypto/mem.c b/crypto/mem.c index d7d3cda5dc..57f295877d 100644 --- a/crypto/mem.c +++ b/crypto/mem.c @@ -252,6 +252,8 @@ void *CRYPTO_malloc_locked(int num, const char *file, int line) void *ret = NULL; extern unsigned char cleanse_ctr; + if (num < 0) return NULL; + allow_customize = 0; if (malloc_debug_func != NULL) { @@ -291,6 +293,8 @@ void *CRYPTO_malloc(int num, const char *file, int line) void *ret = NULL; extern unsigned char cleanse_ctr; + if (num < 0) return NULL; + allow_customize = 0; if (malloc_debug_func != NULL) { @@ -319,6 +323,9 @@ void *CRYPTO_realloc(void *str, int num, const char *file, int line) if (str == NULL) return CRYPTO_malloc(num, file, line); + + if (num < 0) return NULL; + if (realloc_debug_func != NULL) realloc_debug_func(str, NULL, num, file, line, 0); ret = realloc_ex_func(str,num,file,line); @@ -338,6 +345,9 @@ void *CRYPTO_realloc_clean(void *str, int old_len, int num, const char *file, if (str == NULL) return CRYPTO_malloc(num, file, line); + + if (num < 0) return NULL; + if (realloc_debug_func != NULL) realloc_debug_func(str, NULL, num, file, line, 0); ret=malloc_ex_func(num,file,line); From 5b0b0e98cec653ae1e65e2251c3e0fc273945df5 Mon Sep 17 00:00:00 2001 From: Richard Levitte Date: Wed, 19 Feb 2003 12:03:59 +0000 Subject: [PATCH 098/393] Security fix: Vaudenay timing attack on CBC. An advisory will be posted to the web. Expect a release within the hour. --- CHANGES | 24 +++++++++++++++++++++++- ssl/s3_pkt.c | 47 +++++++++++++++++++++++++++++++---------------- 2 files changed, 54 insertions(+), 17 deletions(-) diff --git a/CHANGES b/CHANGES index 6c07f91248..4c6ad1e31e 100644 --- a/CHANGES +++ b/CHANGES @@ -434,7 +434,17 @@ TODO: bug: pad x with leading zeros if necessary differing sizes. [Richard Levitte] - Changes between 0.9.7 and 0.9.7a [XX xxx 2003] + Changes between 0.9.7 and 0.9.7a [19 Feb 2003] + + *) In ssl3_get_record (ssl/s3_pkt.c), minimize information leaked + via timing by performing a MAC computation even if incorrrect + block cipher padding has been found. This is a countermeasure + against active attacks where the attacker has to distinguish + between bad padding and a MAC verification error. (CAN-2003-0078) + + [Bodo Moeller; problem pointed out by Brice Canvel (EPFL), + Alain Hiltgen (UBS), Serge Vaudenay (EPFL), and + Martin Vuagnoux (EPFL, Ilion)] *) Make the no-err option work as intended. The intention with no-err is not to have the whole error stack handling routines removed from @@ -2325,6 +2335,18 @@ des-cbc 3624.96k 5258.21k 5530.91k 5624.30k 5628.26k *) Clean old EAY MD5 hack from e_os.h. [Richard Levitte] + Changes between 0.9.6h and 0.9.6i [19 Feb 2003] + + *) In ssl3_get_record (ssl/s3_pkt.c), minimize information leaked + via timing by performing a MAC computation even if incorrrect + block cipher padding has been found. This is a countermeasure + against active attacks where the attacker has to distinguish + between bad padding and a MAC verification error. (CAN-2003-0078) + + [Bodo Moeller; problem pointed out by Brice Canvel (EPFL), + Alain Hiltgen (UBS), Serge Vaudenay (EPFL), and + Martin Vuagnoux (EPFL, Ilion)] + Changes between 0.9.6g and 0.9.6h [5 Dec 2002] *) New function OPENSSL_cleanse(), which is used to cleanse a section of diff --git a/ssl/s3_pkt.c b/ssl/s3_pkt.c index 6ccea9aee5..3f88429e79 100644 --- a/ssl/s3_pkt.c +++ b/ssl/s3_pkt.c @@ -238,6 +238,8 @@ static int ssl3_get_record(SSL *s) unsigned int mac_size; int clear=0; size_t extra; + int decryption_failed_or_bad_record_mac = 0; + unsigned char *mac = NULL; rr= &(s->s3->rrec); sess=s->session; @@ -353,8 +355,11 @@ again: /* SSLerr() and ssl3_send_alert() have been called */ goto err; - /* otherwise enc_err == -1 */ - goto decryption_failed_or_bad_record_mac; + /* Otherwise enc_err == -1, which indicates bad padding + * (rec->length has not been changed in this case). + * To minimize information leaked via timing, we will perform + * the MAC computation anyway. */ + decryption_failed_or_bad_record_mac = 1; } #ifdef TLS_DEBUG @@ -380,28 +385,46 @@ printf("\n"); SSLerr(SSL_F_SSL3_GET_RECORD,SSL_R_PRE_MAC_LENGTH_TOO_LONG); goto f_err; #else - goto decryption_failed_or_bad_record_mac; + decryption_failed_or_bad_record_mac = 1; #endif } /* check the MAC for rr->input (it's in mac_size bytes at the tail) */ - if (rr->length < mac_size) + if (rr->length >= mac_size) { + rr->length -= mac_size; + mac = &rr->data[rr->length]; + } + else + { + /* record (minus padding) is too short to contain a MAC */ #if 0 /* OK only for stream ciphers */ al=SSL_AD_DECODE_ERROR; SSLerr(SSL_F_SSL3_GET_RECORD,SSL_R_LENGTH_TOO_SHORT); goto f_err; #else - goto decryption_failed_or_bad_record_mac; + decryption_failed_or_bad_record_mac = 1; + rr->length = 0; #endif } - rr->length-=mac_size; i=s->method->ssl3_enc->mac(s,md,0); - if (memcmp(md,&(rr->data[rr->length]),mac_size) != 0) + if (mac == NULL || memcmp(md, mac, mac_size) != 0) { - goto decryption_failed_or_bad_record_mac; + decryption_failed_or_bad_record_mac = 1; } } + if (decryption_failed_or_bad_record_mac) + { + /* A separate 'decryption_failed' alert was introduced with TLS 1.0, + * SSL 3.0 only has 'bad_record_mac'. But unless a decryption + * failure is directly visible from the ciphertext anyway, + * we should not reveal which kind of error occured -- this + * might become visible to an attacker (e.g. via a logfile) */ + al=SSL_AD_BAD_RECORD_MAC; + SSLerr(SSL_F_SSL3_GET_RECORD,SSL_R_DECRYPTION_FAILED_OR_BAD_RECORD_MAC); + goto f_err; + } + /* r->length is now just compressed */ if (s->expand != NULL) { @@ -443,14 +466,6 @@ printf("\n"); return(1); -decryption_failed_or_bad_record_mac: - /* Separate 'decryption_failed' alert was introduced with TLS 1.0, - * SSL 3.0 only has 'bad_record_mac'. But unless a decryption - * failure is directly visible from the ciphertext anyway, - * we should not reveal which kind of error occured -- this - * might become visible to an attacker (e.g. via logfile) */ - al=SSL_AD_BAD_RECORD_MAC; - SSLerr(SSL_F_SSL3_GET_RECORD,SSL_R_DECRYPTION_FAILED_OR_BAD_RECORD_MAC); f_err: ssl3_send_alert(s,SSL3_AL_FATAL,al); err: From d8cbc9358545634c7f00666702e696814f258821 Mon Sep 17 00:00:00 2001 From: Richard Levitte Date: Wed, 19 Feb 2003 14:02:37 +0000 Subject: [PATCH 099/393] Update release information --- FAQ | 2 +- NEWS | 15 +++++++++++++++ STATUS | 4 +++- 3 files changed, 19 insertions(+), 2 deletions(-) diff --git a/FAQ b/FAQ index d6673b183f..389d786dab 100644 --- a/FAQ +++ b/FAQ @@ -68,7 +68,7 @@ OpenSSL - Frequently Asked Questions * Which is the current version of OpenSSL? The current version is available from . -OpenSSL 0.9.7 was released on December 31, 2002. +OpenSSL 0.9.7a was released on February 19, 2003. In addition to the current stable release, you can also access daily snapshots of the OpenSSL development version at Date: Wed, 19 Feb 2003 16:29:47 +0000 Subject: [PATCH 100/393] typo PR: 511 Submitted by: Eric Cronin --- crypto/ec/ec_key.c | 2 +- 1 file changed, 1 insertion(+), 1 deletion(-) diff --git a/crypto/ec/ec_key.c b/crypto/ec/ec_key.c index d7758c91d3..aef3934c17 100644 --- a/crypto/ec/ec_key.c +++ b/crypto/ec/ec_key.c @@ -199,7 +199,7 @@ EC_KEY *EC_KEY_dup(const EC_KEY *eckey) /* copy the private key */ if (eckey->priv_key) { - ret->priv_key = BN_dup(ret->priv_key); + ret->priv_key = BN_dup(eckey->priv_key); if (ret->priv_key == NULL) ok = 0; } From 5672e3a32152ec5f844cd0999494c129606ff9b9 Mon Sep 17 00:00:00 2001 From: "Dr. Stephen Henson" Date: Thu, 20 Feb 2003 13:37:48 +0000 Subject: [PATCH 101/393] Fix bug in base64 bios during write an non blocking I/O: if the write fails when flushing the buffer return the value to the application so it can retry. --- crypto/evp/bio_b64.c | 5 +---- 1 file changed, 1 insertion(+), 4 deletions(-) diff --git a/crypto/evp/bio_b64.c b/crypto/evp/bio_b64.c index 6e550f6a43..66004922eb 100644 --- a/crypto/evp/bio_b64.c +++ b/crypto/evp/bio_b64.c @@ -484,10 +484,7 @@ again: { i=b64_write(b,NULL,0); if (i < 0) - { - ret=i; - break; - } + return i; } if (BIO_get_flags(b) & BIO_FLAGS_BASE64_NO_NL) { From 542a1b1a2ef205d1869614dd83ff19eae36437c3 Mon Sep 17 00:00:00 2001 From: "Dr. Stephen Henson" Date: Thu, 20 Feb 2003 13:39:30 +0000 Subject: [PATCH 102/393] Re enable the read side non blocking test BIO code. For some reason it was disabled... --- crypto/bio/bf_nbio.c | 4 ++-- 1 file changed, 2 insertions(+), 2 deletions(-) diff --git a/crypto/bio/bf_nbio.c b/crypto/bio/bf_nbio.c index 1ce2bfacc0..c72a23c2e1 100644 --- a/crypto/bio/bf_nbio.c +++ b/crypto/bio/bf_nbio.c @@ -127,7 +127,7 @@ static int nbiof_read(BIO *b, char *out, int outl) { NBIO_TEST *nt; int ret=0; -#if 0 +#if 1 int num; unsigned char n; #endif @@ -137,7 +137,7 @@ static int nbiof_read(BIO *b, char *out, int outl) nt=(NBIO_TEST *)b->ptr; BIO_clear_retry_flags(b); -#if 0 +#if 1 RAND_pseudo_bytes(&n,1); num=(n&0x07); From 8214e74f7680156c6ce5fd7ff37bef12311d1796 Mon Sep 17 00:00:00 2001 From: "Dr. Stephen Henson" Date: Thu, 20 Feb 2003 17:13:21 +0000 Subject: [PATCH 103/393] Ooops forgot to recognise V_ASN1_GENERALSTRING. --- crypto/asn1/asn1_gen.c | 1 + 1 file changed, 1 insertion(+) diff --git a/crypto/asn1/asn1_gen.c b/crypto/asn1/asn1_gen.c index c162042a0c..c035cc0f5d 100644 --- a/crypto/asn1/asn1_gen.c +++ b/crypto/asn1/asn1_gen.c @@ -722,6 +722,7 @@ static ASN1_TYPE *asn1_str2type(const char *str, int format, int utype) case V_ASN1_UTF8STRING: case V_ASN1_VISIBLESTRING: case V_ASN1_UNIVERSALSTRING: + case V_ASN1_GENERALSTRING: if (format == ASN1_GEN_FORMAT_ASCII) format = MBSTRING_ASC; From 62e3163b1b153a2414d5c258ace557a3b4d373c5 Mon Sep 17 00:00:00 2001 From: =?UTF-8?q?Bodo=20M=C3=B6ller?= Date: Fri, 21 Feb 2003 13:58:23 +0000 Subject: [PATCH 104/393] ECPublicKey_set_octet_string and ECPublicKey_get_octet_string behaviour was not quite consistent with the conventions for d2i and i2d functions as far as handling of the 'out' or 'in' pointer is concerned. This patch changes this behaviour, and renames the functions to o2i_ECPublicKey and i2o_ECPublicKey (not 'd2i' and 'i2d' because the external encoding is just a raw object string without any DER icing). Submitted by: Nils Larsch --- crypto/asn1/d2i_pu.c | 5 ++--- crypto/asn1/i2d_pu.c | 2 +- crypto/ec/ec.h | 16 ++++++++-------- crypto/ec/ec_asn1.c | 20 ++++++++++---------- crypto/ec/ec_err.c | 4 ++-- util/libeay.num | 4 ++-- 6 files changed, 25 insertions(+), 26 deletions(-) diff --git a/crypto/asn1/d2i_pu.c b/crypto/asn1/d2i_pu.c index cf97b83eac..4c2bd4e5c8 100644 --- a/crypto/asn1/d2i_pu.c +++ b/crypto/asn1/d2i_pu.c @@ -113,9 +113,8 @@ EVP_PKEY *d2i_PublicKey(int type, EVP_PKEY **a, unsigned char **pp, #endif #ifndef OPENSSL_NO_EC case EVP_PKEY_EC: - if ((ret->pkey.eckey = ECPublicKey_set_octet_string( - &(ret->pkey.eckey), (const unsigned char **)pp, - length)) == NULL) + if ((ret->pkey.eckey = o2i_ECPublicKey(&(ret->pkey.eckey), + (const unsigned char **)pp, length)) == NULL) { ASN1err(ASN1_F_D2I_PUBLICKEY, ERR_R_ASN1_LIB); goto err; diff --git a/crypto/asn1/i2d_pu.c b/crypto/asn1/i2d_pu.c index 85220b44d6..44f186442e 100644 --- a/crypto/asn1/i2d_pu.c +++ b/crypto/asn1/i2d_pu.c @@ -85,7 +85,7 @@ int i2d_PublicKey(EVP_PKEY *a, unsigned char **pp) #endif #ifndef OPENSSL_NO_EC case EVP_PKEY_EC: - return(ECPublicKey_get_octet_string(a->pkey.eckey, pp)); + return(i2o_ECPublicKey(a->pkey.eckey, pp)); #endif default: ASN1err(ASN1_F_I2D_PUBLICKEY,ASN1_R_UNSUPPORTED_PUBLIC_KEY_TYPE); diff --git a/crypto/ec/ec.h b/crypto/ec/ec.h index f68963e66f..1013bd8fa4 100644 --- a/crypto/ec/ec.h +++ b/crypto/ec/ec.h @@ -319,16 +319,16 @@ int EC_KEY_generate_key(EC_KEY *); /* EC_KEY_check_key() */ int EC_KEY_check_key(const EC_KEY *); -/* de- and encode functions for the SEC1 ECPrivateKey */ +/* de- and encoding functions for SEC1 ECPrivateKey */ EC_KEY *d2i_ECPrivateKey(EC_KEY **a, const unsigned char **in, long len); int i2d_ECPrivateKey(EC_KEY *a, unsigned char **out); -/* de- and encode functions for the elliptic curve parameters */ +/* de- and encoding functions for EC parameters */ EC_KEY *d2i_ECParameters(EC_KEY **a, const unsigned char **in, long len); int i2d_ECParameters(EC_KEY *a, unsigned char **out); - -EC_KEY *ECPublicKey_set_octet_string(EC_KEY **a, const unsigned char **in, - long len); -int ECPublicKey_get_octet_string(EC_KEY *a, unsigned char **out); +/* de- and encoding functions for EC public key + * (octet string, not DER -- hence 'o2i' and 'i2o') */ +EC_KEY *o2i_ECPublicKey(EC_KEY **a, const unsigned char **in, long len); +int i2o_ECPublicKey(EC_KEY *a, unsigned char **out); #ifndef OPENSSL_NO_BIO int ECParameters_print(BIO *bp, const EC_KEY *x); @@ -359,8 +359,6 @@ void ERR_load_EC_strings(void); #define EC_F_ECPARAMETERS_PRINT_FP 148 #define EC_F_ECPKPARAMETERS_PRINT 149 #define EC_F_ECPKPARAMETERS_PRINT_FP 150 -#define EC_F_ECPUBLICKEY_GET_OCTET 151 -#define EC_F_ECPUBLICKEY_SET_OCTET 152 #define EC_F_ECP_NIST_MOD_192 203 #define EC_F_ECP_NIST_MOD_224 204 #define EC_F_ECP_NIST_MOD_256 205 @@ -455,6 +453,8 @@ void ERR_load_EC_strings(void); #define EC_F_I2D_ECPARAMETERS 190 #define EC_F_I2D_ECPKPARAMETERS 191 #define EC_F_I2D_ECPRIVATEKEY 192 +#define EC_F_I2O_ECPUBLICKEY 151 +#define EC_F_O2I_ECPUBLICKEY 152 /* Reason codes. */ #define EC_R_ASN1_ERROR 115 diff --git a/crypto/ec/ec_asn1.c b/crypto/ec/ec_asn1.c index c1c6ffee5a..927a3716cf 100644 --- a/crypto/ec/ec_asn1.c +++ b/crypto/ec/ec_asn1.c @@ -1406,8 +1406,7 @@ EC_KEY *d2i_ECParameters(EC_KEY **a, const unsigned char **in, long len) return ret; } -EC_KEY *ECPublicKey_set_octet_string(EC_KEY **a, const unsigned char **in, - long len) +EC_KEY *o2i_ECPublicKey(EC_KEY **a, const unsigned char **in, long len) { EC_KEY *ret=NULL; @@ -1415,33 +1414,34 @@ EC_KEY *ECPublicKey_set_octet_string(EC_KEY **a, const unsigned char **in, { /* sorry, but a EC_GROUP-structur is necessary * to set the public key */ - ECerr(EC_F_ECPUBLICKEY_SET_OCTET, ERR_R_PASSED_NULL_PARAMETER); + ECerr(EC_F_O2I_ECPUBLICKEY, ERR_R_PASSED_NULL_PARAMETER); return 0; } ret = *a; if (ret->pub_key == NULL && (ret->pub_key = EC_POINT_new(ret->group)) == NULL) { - ECerr(EC_F_ECPUBLICKEY_SET_OCTET, ERR_R_MALLOC_FAILURE); + ECerr(EC_F_O2I_ECPUBLICKEY, ERR_R_MALLOC_FAILURE); return 0; } if (!EC_POINT_oct2point(ret->group, ret->pub_key, *in, len, NULL)) { - ECerr(EC_F_ECPUBLICKEY_SET_OCTET, ERR_R_EC_LIB); + ECerr(EC_F_O2I_ECPUBLICKEY, ERR_R_EC_LIB); return 0; } /* save the point conversion form */ ret->conv_form = (point_conversion_form_t)(*in[0] & ~0x01); + *in += len; return ret; } -int ECPublicKey_get_octet_string(EC_KEY *a, unsigned char **out) +int i2o_ECPublicKey(EC_KEY *a, unsigned char **out) { size_t buf_len=0; if (a == NULL) { - ECerr(EC_F_ECPUBLICKEY_GET_OCTET, ERR_R_PASSED_NULL_PARAMETER); + ECerr(EC_F_I2O_ECPUBLICKEY, ERR_R_PASSED_NULL_PARAMETER); return 0; } @@ -1455,17 +1455,17 @@ int ECPublicKey_get_octet_string(EC_KEY *a, unsigned char **out) if (*out == NULL) if ((*out = OPENSSL_malloc(buf_len)) == NULL) { - ECerr(EC_F_ECPUBLICKEY_GET_OCTET, - ERR_R_MALLOC_FAILURE); + ECerr(EC_F_I2O_ECPUBLICKEY, ERR_R_MALLOC_FAILURE); return 0; } if (!EC_POINT_point2oct(a->group, a->pub_key, a->conv_form, *out, buf_len, NULL)) { - ECerr(EC_F_ECPUBLICKEY_GET_OCTET, ERR_R_EC_LIB); + ECerr(EC_F_I2O_ECPUBLICKEY, ERR_R_EC_LIB); OPENSSL_free(*out); *out = NULL; return 0; } + *out += buf_len; return buf_len; } diff --git a/crypto/ec/ec_err.c b/crypto/ec/ec_err.c index 7730402d09..d74ddace58 100644 --- a/crypto/ec/ec_err.c +++ b/crypto/ec/ec_err.c @@ -74,8 +74,6 @@ static ERR_STRING_DATA EC_str_functs[]= {ERR_PACK(0,EC_F_ECPARAMETERS_PRINT_FP,0), "ECParameters_print_fp"}, {ERR_PACK(0,EC_F_ECPKPARAMETERS_PRINT,0), "ECPKParameters_print"}, {ERR_PACK(0,EC_F_ECPKPARAMETERS_PRINT_FP,0), "ECPKParameters_print_fp"}, -{ERR_PACK(0,EC_F_ECPUBLICKEY_GET_OCTET,0), "ECPUBLICKEY_GET_OCTET"}, -{ERR_PACK(0,EC_F_ECPUBLICKEY_SET_OCTET,0), "ECPUBLICKEY_SET_OCTET"}, {ERR_PACK(0,EC_F_ECP_NIST_MOD_192,0), "ECP_NIST_MOD_192"}, {ERR_PACK(0,EC_F_ECP_NIST_MOD_224,0), "ECP_NIST_MOD_224"}, {ERR_PACK(0,EC_F_ECP_NIST_MOD_256,0), "ECP_NIST_MOD_256"}, @@ -170,6 +168,8 @@ static ERR_STRING_DATA EC_str_functs[]= {ERR_PACK(0,EC_F_I2D_ECPARAMETERS,0), "i2d_ECParameters"}, {ERR_PACK(0,EC_F_I2D_ECPKPARAMETERS,0), "i2d_ECPKParameters"}, {ERR_PACK(0,EC_F_I2D_ECPRIVATEKEY,0), "i2d_ECPrivateKey"}, +{ERR_PACK(0,EC_F_I2O_ECPUBLICKEY,0), "i2o_ECPublicKey"}, +{ERR_PACK(0,EC_F_O2I_ECPUBLICKEY,0), "o2i_ECPublicKey"}, {0,NULL} }; diff --git a/util/libeay.num b/util/libeay.num index bfddc357f1..c03f58d64c 100755 --- a/util/libeay.num +++ b/util/libeay.num @@ -2871,7 +2871,7 @@ BN_GF2m_mod_mul 3309 EXIST::FUNCTION: EC_GROUP_set_seed 3310 EXIST::FUNCTION:EC EC_GROUP_get_curve_GF2m 3311 EXIST::FUNCTION:EC PEM_read_X509_CERT_PAIR 3312 EXIST:!WIN16:FUNCTION: -ECPublicKey_set_octet_string 3313 EXIST::FUNCTION:EC +o2i_ECPublicKey 3313 EXIST::FUNCTION:EC ECDSA_get_ex_data 3314 EXIST::FUNCTION:ECDSA BN_GF2m_mod 3315 EXIST::FUNCTION: EC_GROUP_get_seed_len 3316 EXIST::FUNCTION:EC @@ -2891,7 +2891,7 @@ BN_GF2m_mod_sqrt 3328 EXIST::FUNCTION: ECDH_set_default_method 3329 EXIST::FUNCTION:ECDH EC_KEY_generate_key 3330 EXIST::FUNCTION:EC BN_GF2m_arr2poly 3331 EXIST::FUNCTION: -ECPublicKey_get_octet_string 3332 EXIST::FUNCTION:EC +i2o_ECPublicKey 3332 EXIST::FUNCTION:EC EC_GROUP_check 3333 EXIST::FUNCTION:EC d2i_ECPrivateKey_bio 3334 EXIST::FUNCTION:BIO,EC d2i_ECPrivateKey 3335 EXIST::FUNCTION:EC From f2aa055ec63ab25ba606225cbb8977857d3039d2 Mon Sep 17 00:00:00 2001 From: =?UTF-8?q?Bodo=20M=C3=B6ller?= Date: Fri, 21 Feb 2003 16:06:39 +0000 Subject: [PATCH 105/393] treat 'out' like i2d functions do; cf. asn1_item_flags_i2d (crypto/asn/tasn_enc.c) --- crypto/ec/ec_asn1.c | 9 +++++++-- 1 file changed, 7 insertions(+), 2 deletions(-) diff --git a/crypto/ec/ec_asn1.c b/crypto/ec/ec_asn1.c index 927a3716cf..f31ac45d99 100644 --- a/crypto/ec/ec_asn1.c +++ b/crypto/ec/ec_asn1.c @@ -1437,7 +1437,8 @@ EC_KEY *o2i_ECPublicKey(EC_KEY **a, const unsigned char **in, long len) int i2o_ECPublicKey(EC_KEY *a, unsigned char **out) { - size_t buf_len=0; + size_t buf_len=0; + int new_buffer = 0; if (a == NULL) { @@ -1453,11 +1454,14 @@ int i2o_ECPublicKey(EC_KEY *a, unsigned char **out) return buf_len; if (*out == NULL) + { if ((*out = OPENSSL_malloc(buf_len)) == NULL) { ECerr(EC_F_I2O_ECPUBLICKEY, ERR_R_MALLOC_FAILURE); return 0; } + new_buffer = 1; + } if (!EC_POINT_point2oct(a->group, a->pub_key, a->conv_form, *out, buf_len, NULL)) { @@ -1466,6 +1470,7 @@ int i2o_ECPublicKey(EC_KEY *a, unsigned char **out) *out = NULL; return 0; } - *out += buf_len; + if (!new_buffer) + *out += buf_len; return buf_len; } From 5be4a42e9903c453257beb98d5a33b904b9d6a37 Mon Sep 17 00:00:00 2001 From: =?UTF-8?q?Ulf=20M=C3=B6ller?= Date: Fri, 21 Feb 2003 22:09:52 +0000 Subject: [PATCH 106/393] update mingw info --- INSTALL.W32 | 552 ++++++++++++++++++++++++++-------------------------- 1 file changed, 274 insertions(+), 278 deletions(-) diff --git a/INSTALL.W32 b/INSTALL.W32 index fd182595c5..de09fcba4a 100644 --- a/INSTALL.W32 +++ b/INSTALL.W32 @@ -1,278 +1,274 @@ - - INSTALLATION ON THE WIN32 PLATFORM - ---------------------------------- - - [Instructions for building for Windows CE can be found in INSTALL.WCE] - - Heres a few comments about building OpenSSL in Windows environments. Most - of this is tested on Win32 but it may also work in Win 3.1 with some - modification. - - You need Perl for Win32. Unless you will build on Cygwin, you will need - ActiveState Perl, available from http://www.activestate.com/ActivePerl. - For Cygwin users, there's more info in the Cygwin section. - - and one of the following C compilers: - - * Visual C++ - * Borland C - * GNU C (Mingw32 or Cygwin) - - If you want to compile in the assembly language routines with Visual C++ then - you will need an assembler. This is worth doing because it will result in - faster code: for example it will typically result in a 2 times speedup in the - RSA routines. Currently the following assemblers are supported: - - * Microsoft MASM (aka "ml") - * Free Netwide Assembler NASM. - - MASM is distributed with most versions of VC++. For the versions where it is - not included in VC++, it is also distributed with some Microsoft DDKs, for - example the Windows NT 4.0 DDK and the Windows 98 DDK. If you do not have - either of these DDKs then you can just download the binaries for the Windows - 98 DDK and extract and rename the two files XXXXXml.exe and XXXXXml.err, to - ml.exe and ml.err and install somewhere on your PATH. Both DDKs can be - downloaded from the Microsoft developers site www.msdn.com. - - NASM is freely available. Version 0.98 was used during testing: other versions - may also work. It is available from many places, see for example: - http://www.kernel.org/pub/software/devel/nasm/binaries/win32/ - The NASM binary nasmw.exe needs to be installed anywhere on your PATH. - - If you are compiling from a tarball or a CVS snapshot then the Win32 files - may well be not up to date. This may mean that some "tweaking" is required to - get it all to work. See the trouble shooting section later on for if (when?) - it goes wrong. - - Visual C++ - ---------- - - Firstly you should run Configure: - - > perl Configure VC-WIN32 - - Next you need to build the Makefiles and optionally the assembly language - files: - - - If you are using MASM then run: - - > ms\do_masm - - - If you are using NASM then run: - - > ms\do_nasm - - - If you don't want to use the assembly language files at all then run: - - > ms\do_ms - - If you get errors about things not having numbers assigned then check the - troubleshooting section: you probably won't be able to compile it as it - stands. - - Then from the VC++ environment at a prompt do: - - > nmake -f ms\ntdll.mak - - If all is well it should compile and you will have some DLLs and executables - in out32dll. If you want to try the tests then do: - - > cd out32dll - > ..\ms\test - - Tweaks: - - There are various changes you can make to the Win32 compile environment. By - default the library is not compiled with debugging symbols. If you add 'debug' - to the mk1mf.pl lines in the do_* batch file then debugging symbols will be - compiled in. Note that mk1mf.pl expects the platform to be the last argument - on the command line, so 'debug' must appear before that, as all other options. - - The default Win32 environment is to leave out any Windows NT specific - features. - - If you want to enable the NT specific features of OpenSSL (currently only the - logging BIO) follow the instructions above but call the batch file do_nt.bat - instead of do_ms.bat. - - You can also build a static version of the library using the Makefile - ms\nt.mak - - Borland C++ builder 5 - --------------------- - - * Configure for building with Borland Builder: - > perl Configure BC-32 - - * Create the appropriate makefile - > ms\do_nasm - - * Build - > make -f ms\bcb.mak - - Borland C++ builder 3 and 4 - --------------------------- - - * Setup PATH. First must be GNU make then bcb4/bin - - * Run ms\bcb4.bat - - * Run make: - > make -f bcb.mak - - GNU C (Mingw32) - --------------- - - To build OpenSSL, you need the Mingw32 package and GNU make. - - * Compiler installation: - - Mingw32 is available from . Extract it - to a directory such as C:\gcc-2.95.2 and add c:\gcc-2.95.2\bin to - the PATH environment variable in "System Properties"; or edit and - run C:\gcc-2.95.2\mingw32.bat to set the PATH. - - * Compile OpenSSL: - - > ms\mingw32 - - This will create the library and binaries in out. In case any problems - occur, try - > ms\mingw32 no-asm - instead. - - libcrypto.a and libssl.a are the static libraries. To use the DLLs, - link with libeay32.a and libssl32.a instead. - - See troubleshooting if you get error messages about functions not having - a number assigned. - - * You can now try the tests: - - > cd out - > ..\ms\test - - GNU C (Cygwin) - -------------- - - Cygwin provides a bash shell and GNU tools environment running - on NT 4.0, Windows 9x, Windows ME, Windows 2000, and Windows XP. - Consequently, a make of OpenSSL with Cygwin is closer to a GNU - bash environment such as Linux than to other W32 makes which are - based on a single makefile approach. Cygwin implements Posix/Unix - calls through cygwin1.dll, and is contrasted to Mingw32 which links - dynamically to msvcrt.dll or crtdll.dll. - - To build OpenSSL using Cygwin: - - * Install Cygwin (see http://cygwin.com/) - - * Install Perl and ensure it is in the path (recent Cygwin perl - (version 5.6.1-2 of the latter has been reported to work) or - ActivePerl) - - * Run the Cygwin bash shell - - * $ tar zxvf openssl-x.x.x.tar.gz - $ cd openssl-x.x.x - $ ./config - [...] - $ make - [...] - $ make test - $ make install - - This will create a default install in /usr/local/ssl. - - Cygwin Notes: - - "make test" and normal file operations may fail in directories - mounted as text (i.e. mount -t c:\somewhere /home) due to Cygwin - stripping of carriage returns. To avoid this ensure that a binary - mount is used, e.g. mount -b c:\somewhere /home. - - "bc" is not provided in older Cygwin distribution. This causes a - non-fatal error in "make test" but is otherwise harmless. If - desired and needed, GNU bc can be built with Cygwin without change. - - - Installation - ------------ - - If you used the Cygwin procedure above, you have already installed and - can skip this section. For all other procedures, there's currently no real - installation procedure for Win32. There are, however, some suggestions: - - - do nothing. The include files are found in the inc32/ subdirectory, - all binaries are found in out32dll/ or out32/ depending if you built - dynamic or static libraries. - - - do as is written in INSTALL.Win32 that comes with modssl: - - $ md c:\openssl - $ md c:\openssl\bin - $ md c:\openssl\lib - $ md c:\openssl\include - $ md c:\openssl\include\openssl - $ copy /b inc32\* c:\openssl\include\openssl - $ copy /b out32dll\ssleay32.lib c:\openssl\lib - $ copy /b out32dll\libeay32.lib c:\openssl\lib - $ copy /b out32dll\ssleay32.dll c:\openssl\bin - $ copy /b out32dll\libeay32.dll c:\openssl\bin - $ copy /b out32dll\openssl.exe c:\openssl\bin - - Of course, you can choose another device than c:. C: is used here - because that's usually the first (and often only) harddisk device. - Note: in the modssl INSTALL.Win32, p: is used rather than c:. - - - Troubleshooting - --------------- - - Since the Win32 build is only occasionally tested it may not always compile - cleanly. If you get an error about functions not having numbers assigned - when you run ms\do_ms then this means the Win32 ordinal files are not up to - date. You can do: - - > perl util\mkdef.pl crypto ssl update - - then ms\do_XXX should not give a warning any more. However the numbers that - get assigned by this technique may not match those that eventually get - assigned in the CVS tree: so anything linked against this version of the - library may need to be recompiled. - - If you get errors about unresolved symbols there are several possible - causes. - - If this happens when the DLL is being linked and you have disabled some - ciphers then it is possible the DEF file generator hasn't removed all - the disabled symbols: the easiest solution is to edit the DEF files manually - to delete them. The DEF files are ms\libeay32.def ms\ssleay32.def. - - Another cause is if you missed or ignored the errors about missing numbers - mentioned above. - - If you get warnings in the code then the compilation will halt. - - The default Makefile for Win32 halts whenever any warnings occur. Since VC++ - has its own ideas about warnings which don't always match up to other - environments this can happen. The best fix is to edit the file with the - warning in and fix it. Alternatively you can turn off the halt on warnings by - editing the CFLAG line in the Makefile and deleting the /WX option. - - You might get compilation errors. Again you will have to fix these or report - them. - - One final comment about compiling applications linked to the OpenSSL library. - If you don't use the multithreaded DLL runtime library (/MD option) your - program will almost certainly crash because malloc gets confused -- the - OpenSSL DLLs are statically linked to one version, the application must - not use a different one. You might be able to work around such problems - by adding CRYPTO_malloc_init() to your program before any calls to the - OpenSSL libraries: This tells the OpenSSL libraries to use the same - malloc(), free() and realloc() as the application. However there are many - standard library functions used by OpenSSL that call malloc() internally - (e.g. fopen()), and OpenSSL cannot change these; so in general you cannot - rely on CRYPTO_malloc_init() solving your problem, and you should - consistently use the multithreaded library. + + INSTALLATION ON THE WIN32 PLATFORM + ---------------------------------- + + [Instructions for building for Windows CE can be found in INSTALL.WCE] + + Heres a few comments about building OpenSSL in Windows environments. Most + of this is tested on Win32 but it may also work in Win 3.1 with some + modification. + + You need Perl for Win32. Unless you will build on Cygwin, you will need + ActiveState Perl, available from http://www.activestate.com/ActivePerl. + For Cygwin users, there's more info in the Cygwin section. + + and one of the following C compilers: + + * Visual C++ + * Borland C + * GNU C (MinGW or Cygwin) + + If you want to compile in the assembly language routines with Visual C++ then + you will need an assembler. This is worth doing because it will result in + faster code: for example it will typically result in a 2 times speedup in the + RSA routines. Currently the following assemblers are supported: + + * Microsoft MASM (aka "ml") + * Free Netwide Assembler NASM. + + MASM is distributed with most versions of VC++. For the versions where it is + not included in VC++, it is also distributed with some Microsoft DDKs, for + example the Windows NT 4.0 DDK and the Windows 98 DDK. If you do not have + either of these DDKs then you can just download the binaries for the Windows + 98 DDK and extract and rename the two files XXXXXml.exe and XXXXXml.err, to + ml.exe and ml.err and install somewhere on your PATH. Both DDKs can be + downloaded from the Microsoft developers site www.msdn.com. + + NASM is freely available. Version 0.98 was used during testing: other versions + may also work. It is available from many places, see for example: + http://www.kernel.org/pub/software/devel/nasm/binaries/win32/ + The NASM binary nasmw.exe needs to be installed anywhere on your PATH. + + If you are compiling from a tarball or a CVS snapshot then the Win32 files + may well be not up to date. This may mean that some "tweaking" is required to + get it all to work. See the trouble shooting section later on for if (when?) + it goes wrong. + + Visual C++ + ---------- + + Firstly you should run Configure: + + > perl Configure VC-WIN32 + + Next you need to build the Makefiles and optionally the assembly language + files: + + - If you are using MASM then run: + + > ms\do_masm + + - If you are using NASM then run: + + > ms\do_nasm + + - If you don't want to use the assembly language files at all then run: + + > ms\do_ms + + If you get errors about things not having numbers assigned then check the + troubleshooting section: you probably won't be able to compile it as it + stands. + + Then from the VC++ environment at a prompt do: + + > nmake -f ms\ntdll.mak + + If all is well it should compile and you will have some DLLs and executables + in out32dll. If you want to try the tests then do: + + > cd out32dll + > ..\ms\test + + Tweaks: + + There are various changes you can make to the Win32 compile environment. By + default the library is not compiled with debugging symbols. If you add 'debug' + to the mk1mf.pl lines in the do_* batch file then debugging symbols will be + compiled in. Note that mk1mf.pl expects the platform to be the last argument + on the command line, so 'debug' must appear before that, as all other options. + + The default Win32 environment is to leave out any Windows NT specific + features. + + If you want to enable the NT specific features of OpenSSL (currently only the + logging BIO) follow the instructions above but call the batch file do_nt.bat + instead of do_ms.bat. + + You can also build a static version of the library using the Makefile + ms\nt.mak + + Borland C++ builder 5 + --------------------- + + * Configure for building with Borland Builder: + > perl Configure BC-32 + + * Create the appropriate makefile + > ms\do_nasm + + * Build + > make -f ms\bcb.mak + + Borland C++ builder 3 and 4 + --------------------------- + + * Setup PATH. First must be GNU make then bcb4/bin + + * Run ms\bcb4.bat + + * Run make: + > make -f bcb.mak + + GNU C (MinGW) + ------------- + + * Compiler installation: + + MinGW is available from http://www.mingw.org. Run the installer and + set the MinGW \bin directory to the PATH in "System Properties" or + autoexec.bat. + + * Compile OpenSSL: + + > ms\mingw32 + + This will create the library and binaries in out. In case any problems + occur, try + > ms\mingw32 no-asm + instead. + + libcrypto.a and libssl.a are the static libraries. To use the DLLs, + link with libeay32.a and libssl32.a instead. + + See troubleshooting if you get error messages about functions not having + a number assigned. + + * You can now try the tests: + + > cd out + > ..\ms\test + + GNU C (Cygwin) + -------------- + + Cygwin provides a bash shell and GNU tools environment running + on NT 4.0, Windows 9x, Windows ME, Windows 2000, and Windows XP. + Consequently, a make of OpenSSL with Cygwin is closer to a GNU + bash environment such as Linux than to other W32 makes which are + based on a single makefile approach. Cygwin implements Posix/Unix + calls through cygwin1.dll, and is contrasted to MingW which links + dynamically to msvcrt.dll or crtdll.dll. + + To build OpenSSL using Cygwin: + + * Install Cygwin (see http://cygwin.com/) + + * Install Perl and ensure it is in the path (recent Cygwin perl + (version 5.6.1-2 of the latter has been reported to work) or + ActivePerl) + + * Run the Cygwin bash shell + + * $ tar zxvf openssl-x.x.x.tar.gz + $ cd openssl-x.x.x + $ ./config + [...] + $ make + [...] + $ make test + $ make install + + This will create a default install in /usr/local/ssl. + + Cygwin Notes: + + "make test" and normal file operations may fail in directories + mounted as text (i.e. mount -t c:\somewhere /home) due to Cygwin + stripping of carriage returns. To avoid this ensure that a binary + mount is used, e.g. mount -b c:\somewhere /home. + + "bc" is not provided in older Cygwin distribution. This causes a + non-fatal error in "make test" but is otherwise harmless. If + desired and needed, GNU bc can be built with Cygwin without change. + + + Installation + ------------ + + If you used the Cygwin procedure above, you have already installed and + can skip this section. For all other procedures, there's currently no real + installation procedure for Win32. There are, however, some suggestions: + + - do nothing. The include files are found in the inc32/ subdirectory, + all binaries are found in out32dll/ or out32/ depending if you built + dynamic or static libraries. + + - do as is written in INSTALL.Win32 that comes with modssl: + + $ md c:\openssl + $ md c:\openssl\bin + $ md c:\openssl\lib + $ md c:\openssl\include + $ md c:\openssl\include\openssl + $ copy /b inc32\* c:\openssl\include\openssl + $ copy /b out32dll\ssleay32.lib c:\openssl\lib + $ copy /b out32dll\libeay32.lib c:\openssl\lib + $ copy /b out32dll\ssleay32.dll c:\openssl\bin + $ copy /b out32dll\libeay32.dll c:\openssl\bin + $ copy /b out32dll\openssl.exe c:\openssl\bin + + Of course, you can choose another device than c:. C: is used here + because that's usually the first (and often only) harddisk device. + Note: in the modssl INSTALL.Win32, p: is used rather than c:. + + + Troubleshooting + --------------- + + Since the Win32 build is only occasionally tested it may not always compile + cleanly. If you get an error about functions not having numbers assigned + when you run ms\do_ms then this means the Win32 ordinal files are not up to + date. You can do: + + > perl util\mkdef.pl crypto ssl update + + then ms\do_XXX should not give a warning any more. However the numbers that + get assigned by this technique may not match those that eventually get + assigned in the CVS tree: so anything linked against this version of the + library may need to be recompiled. + + If you get errors about unresolved symbols there are several possible + causes. + + If this happens when the DLL is being linked and you have disabled some + ciphers then it is possible the DEF file generator hasn't removed all + the disabled symbols: the easiest solution is to edit the DEF files manually + to delete them. The DEF files are ms\libeay32.def ms\ssleay32.def. + + Another cause is if you missed or ignored the errors about missing numbers + mentioned above. + + If you get warnings in the code then the compilation will halt. + + The default Makefile for Win32 halts whenever any warnings occur. Since VC++ + has its own ideas about warnings which don't always match up to other + environments this can happen. The best fix is to edit the file with the + warning in and fix it. Alternatively you can turn off the halt on warnings by + editing the CFLAG line in the Makefile and deleting the /WX option. + + You might get compilation errors. Again you will have to fix these or report + them. + + One final comment about compiling applications linked to the OpenSSL library. + If you don't use the multithreaded DLL runtime library (/MD option) your + program will almost certainly crash because malloc gets confused -- the + OpenSSL DLLs are statically linked to one version, the application must + not use a different one. You might be able to work around such problems + by adding CRYPTO_malloc_init() to your program before any calls to the + OpenSSL libraries: This tells the OpenSSL libraries to use the same + malloc(), free() and realloc() as the application. However there are many + standard library functions used by OpenSSL that call malloc() internally + (e.g. fopen()), and OpenSSL cannot change these; so in general you cannot + rely on CRYPTO_malloc_init() solving your problem, and you should + consistently use the multithreaded library. From 0214893e6a2cf9eed6545729b72dbfeddcd0107d Mon Sep 17 00:00:00 2001 From: =?UTF-8?q?Ulf=20M=C3=B6ller?= Date: Fri, 21 Feb 2003 22:59:20 +0000 Subject: [PATCH 107/393] clean up MinGW build. MinGW make now supports the Windows path name conventions. --- ms/mingw32.bat | 9 ++---- util/pl/Mingw32.pl | 34 ++++++++++----------- util/pl/Mingw32f.pl | 73 --------------------------------------------- 3 files changed, 19 insertions(+), 97 deletions(-) delete mode 100644 util/pl/Mingw32f.pl diff --git a/ms/mingw32.bat b/ms/mingw32.bat index 1968f4150b..df8e0af15f 100644 --- a/ms/mingw32.bat +++ b/ms/mingw32.bat @@ -66,21 +66,16 @@ cd ..\..\.. echo Generating makefile perl util\mkfiles.pl >MINFO perl util\mk1mf.pl gaswin Mingw32 >ms\mingw32a.mak -perl util\mk1mf.pl gaswin Mingw32-files >ms\mingw32f.mak echo Generating DLL definition files perl util\mkdef.pl 32 libeay >ms\libeay32.def if errorlevel 1 goto end perl util\mkdef.pl 32 ssleay >ms\ssleay32.def if errorlevel 1 goto end -rem Create files -- this can be skipped if using the GNU file utilities -make -f ms/mingw32f.mak -echo You can ignore the error messages above - -copy ms\tlhelp32.h outinc +rem copy ms\tlhelp32.h outinc echo Building the libraries -make -f ms/mingw32a.mak +mingw32-make -f ms/mingw32a.mak if errorlevel 1 goto end echo Generating the DLLs and input libraries diff --git a/util/pl/Mingw32.pl b/util/pl/Mingw32.pl index 45ab685974..043a3a53ee 100644 --- a/util/pl/Mingw32.pl +++ b/util/pl/Mingw32.pl @@ -1,17 +1,17 @@ #!/usr/local/bin/perl # -# Mingw32.pl -- Mingw32 with GNU cp (Mingw32f.pl uses DOS tools) +# Mingw32.pl -- Mingw # $o='/'; $cp='cp'; -$rm='rem'; # use 'rm -f' if using GNU file utilities +$rm='rm -f'; $mkdir='gmkdir'; -# gcc wouldn't accept backslashes in paths -#$o='\\'; -#$cp='copy'; -#$rm='del'; +$o='\\'; +$cp='copy'; +$rm='del'; +$mkdir='mkdir'; # C compiler stuff @@ -19,29 +19,29 @@ $cc='gcc'; if ($debug) { $cflags="-DL_ENDIAN -DDSO_WIN32 -g2 -ggdb"; } else - { $cflags="-DL_ENDIAN -DDSO_WIN32 -fomit-frame-pointer -O3 -m486 -Wall"; } + { $cflags="-DL_ENDIAN -DDSO_WIN32 -fomit-frame-pointer -O3 -mcpu=i486 -Wall"; } if ($gaswin and !$no_asm) { - $bn_asm_obj='$(OBJ_D)/bn-win32.o'; + $bn_asm_obj='$(OBJ_D)\bn-win32.o'; $bn_asm_src='crypto/bn/asm/bn-win32.s'; - $bnco_asm_obj='$(OBJ_D)/co-win32.o'; + $bnco_asm_obj='$(OBJ_D)\co-win32.o'; $bnco_asm_src='crypto/bn/asm/co-win32.s'; - $des_enc_obj='$(OBJ_D)/d-win32.o $(OBJ_D)/y-win32.o'; + $des_enc_obj='$(OBJ_D)\d-win32.o $(OBJ_D)\y-win32.o'; $des_enc_src='crypto/des/asm/d-win32.s crypto/des/asm/y-win32.s'; - $bf_enc_obj='$(OBJ_D)/b-win32.o'; + $bf_enc_obj='$(OBJ_D)\b-win32.o'; $bf_enc_src='crypto/bf/asm/b-win32.s'; -# $cast_enc_obj='$(OBJ_D)/c-win32.o'; +# $cast_enc_obj='$(OBJ_D)\c-win32.o'; # $cast_enc_src='crypto/cast/asm/c-win32.s'; - $rc4_enc_obj='$(OBJ_D)/r4-win32.o'; + $rc4_enc_obj='$(OBJ_D)\r4-win32.o'; $rc4_enc_src='crypto/rc4/asm/r4-win32.s'; - $rc5_enc_obj='$(OBJ_D)/r5-win32.o'; + $rc5_enc_obj='$(OBJ_D)\r5-win32.o'; $rc5_enc_src='crypto/rc5/asm/r5-win32.s'; - $md5_asm_obj='$(OBJ_D)/m5-win32.o'; + $md5_asm_obj='$(OBJ_D)\m5-win32.o'; $md5_asm_src='crypto/md5/asm/m5-win32.s'; - $rmd160_asm_obj='$(OBJ_D)/rm-win32.o'; + $rmd160_asm_obj='$(OBJ_D)\rm-win32.o'; $rmd160_asm_src='crypto/ripemd/asm/rm-win32.s'; - $sha1_asm_obj='$(OBJ_D)/s1-win32.o'; + $sha1_asm_obj='$(OBJ_D)\s1-win32.o'; $sha1_asm_src='crypto/sha/asm/s1-win32.s'; $cflags.=" -DBN_ASM -DMD5_ASM -DSHA1_ASM"; } diff --git a/util/pl/Mingw32f.pl b/util/pl/Mingw32f.pl deleted file mode 100644 index 44f5673d7a..0000000000 --- a/util/pl/Mingw32f.pl +++ /dev/null @@ -1,73 +0,0 @@ -#!/usr/local/bin/perl -# -# Mingw32f.pl -- copy files; Mingw32.pl is needed to do the compiling. -# - -$o='\\'; -$cp='copy'; -$rm='del'; - -# C compiler stuff - -$cc='gcc'; -if ($debug) - { $cflags="-g2 -ggdb -DDSO_WIN32"; } -else - { $cflags="-O3 -fomit-frame-pointer -DDSO_WIN32"; } - -$obj='.o'; -$ofile='-o '; - -# EXE linking stuff -$link='${CC}'; -$lflags='${CFLAGS}'; -$efile='-o '; -$exep=''; -$ex_libs="-lwsock32 -lgdi32"; - -# static library stuff -$mklib='ar r'; -$mlflags=''; -$ranlib='ranlib'; -$plib='lib'; -$libp=".a"; -$shlibp=".a"; -$lfile=''; - -$asm='as'; -$afile='-o '; -$bn_asm_obj=""; -$bn_asm_src=""; -$des_enc_obj=""; -$des_enc_src=""; -$bf_enc_obj=""; -$bf_enc_src=""; - -sub do_lib_rule - { - local($obj,$target,$name,$shlib)=@_; - local($ret,$_,$Name); - - $target =~ s/\//$o/g if $o ne '/'; - $target="$target"; - ($Name=$name) =~ tr/a-z/A-Z/; - - $ret.="$target: \$(${Name}OBJ)\n"; - $ret.="\t\$(RM) $target\n"; - $ret.="\t\$(MKLIB) $target \$(${Name}OBJ)\n"; - $ret.="\t\$(RANLIB) $target\n\n"; - } - -sub do_link_rule - { - local($target,$files,$dep_libs,$libs)=@_; - local($ret,$_); - - $file =~ s/\//$o/g if $o ne '/'; - $n=&bname($target); - $ret.="$target: $files $dep_libs\n"; - $ret.="\t\$(LINK) ${efile}$target \$(LFLAGS) $files $libs\n\n"; - return($ret); - } -1; - From 94949a50aa4605a65ca1f92244bca772be139f8a Mon Sep 17 00:00:00 2001 From: =?UTF-8?q?Ulf=20M=C3=B6ller?= Date: Fri, 21 Feb 2003 23:19:50 +0000 Subject: [PATCH 108/393] avoid duplicate definiton of bn_sub_part_words --- util/pl/Mingw32.pl | 2 +- util/pl/linux.pl | 2 +- 2 files changed, 2 insertions(+), 2 deletions(-) diff --git a/util/pl/Mingw32.pl b/util/pl/Mingw32.pl index 043a3a53ee..d0472df278 100644 --- a/util/pl/Mingw32.pl +++ b/util/pl/Mingw32.pl @@ -43,7 +43,7 @@ if ($gaswin and !$no_asm) $rmd160_asm_src='crypto/ripemd/asm/rm-win32.s'; $sha1_asm_obj='$(OBJ_D)\s1-win32.o'; $sha1_asm_src='crypto/sha/asm/s1-win32.s'; - $cflags.=" -DBN_ASM -DMD5_ASM -DSHA1_ASM"; + $cflags.=" -DBN_ASM -DMD5_ASM -DSHA1_ASM -DOPENSSL_BN_ASM_PART_WORDS"; } diff --git a/util/pl/linux.pl b/util/pl/linux.pl index 8924ed5480..d24f7b7291 100644 --- a/util/pl/linux.pl +++ b/util/pl/linux.pl @@ -39,7 +39,7 @@ if (!$no_asm) $rmd160_asm_src='crypto/ripemd/asm/rm86unix.cpp'; $sha1_asm_obj='$(OBJ_D)/sx86-elf.o'; $sha1_asm_src='crypto/sha/asm/sx86unix.cpp'; - $cflags.=" -DBN_ASM -DMD5_ASM -DSHA1_ASM"; + $cflags.=" -DBN_ASM -DMD5_ASM -DSHA1_ASM -DOPENSSL_BN_ASM_PART_WORDS"; } $cflags.=" -DTERMIO -DL_ENDIAN -m486 -Wall"; From c8252b71b5930216367bdd4b5b3a23fc75ee3845 Mon Sep 17 00:00:00 2001 From: =?UTF-8?q?Ulf=20M=C3=B6ller?= Date: Sat, 22 Feb 2003 01:20:55 +0000 Subject: [PATCH 109/393] add test --- ms/test.bat | 4 ++++ 1 file changed, 4 insertions(+) diff --git a/ms/test.bat b/ms/test.bat index 8f69194283..c3a1b0c28d 100755 --- a/ms/test.bat +++ b/ms/test.bat @@ -67,6 +67,10 @@ echo dsatest dsatest if errorlevel 1 goto done +echo ectest +ectest +if errorlevel 1 goto done + echo testenc call %test%\testenc openssl if errorlevel 1 goto done From 5562cfaca4f3a007ce7e322f98e7ef57835771a7 Mon Sep 17 00:00:00 2001 From: "Dr. Stephen Henson" Date: Sat, 22 Feb 2003 02:12:52 +0000 Subject: [PATCH 110/393] Base64 bio fixes. The base64 bio was seriously broken when reading from a non blocking BIO. It would incorrectly interpret retries as EOF, incorrectly buffer initial data and have no buffering at all after initial data (data would be sent one byte at a time to EVP_DecodeUpdate). --- CHANGES | 5 +++++ crypto/evp/bio_b64.c | 33 +++++++++++++++++++++++++++------ 2 files changed, 32 insertions(+), 6 deletions(-) diff --git a/CHANGES b/CHANGES index 4c6ad1e31e..0e70062f11 100644 --- a/CHANGES +++ b/CHANGES @@ -4,6 +4,11 @@ Changes between 0.9.7a and 0.9.8 [xx XXX xxxx] + *) Various fixes to base64 BIO and non blocking I/O. On write + flushes were not handled properly if the BIO retried. On read + data was not being buffered properly and had various logic bugs. + [Steve Henson] + *) Support for single pass processing for S/MIME signing. This now means that S/MIME signing can be done from a pipe, in addition cleartext signing (multipart/signed type) is effectively streaming diff --git a/crypto/evp/bio_b64.c b/crypto/evp/bio_b64.c index 66004922eb..33349c2f98 100644 --- a/crypto/evp/bio_b64.c +++ b/crypto/evp/bio_b64.c @@ -184,7 +184,9 @@ static int b64_read(BIO *b, char *out, int outl) ret_code=0; while (outl > 0) { - if (ctx->cont <= 0) break; + + if (ctx->cont <= 0) + break; i=BIO_read(b->next_bio,&(ctx->tmp[ctx->tmp_len]), B64_BLOCK_SIZE-ctx->tmp_len); @@ -195,11 +197,21 @@ static int b64_read(BIO *b, char *out, int outl) /* Should be continue next time we are called? */ if (!BIO_should_retry(b->next_bio)) + { ctx->cont=i; - /* else we should continue when called again */ - break; + /* If buffer empty break */ + if(ctx->tmp_len == 0) + break; + /* Fall through and process what we have */ + else + i = 0; + } + /* else we retry and add more data to buffer */ + else + break; } i+=ctx->tmp_len; + ctx->tmp_len = i; /* We need to scan, a line at a time until we * have a valid line if we are starting. */ @@ -255,8 +267,12 @@ static int b64_read(BIO *b, char *out, int outl) * reading until a new line. */ if (p == (unsigned char *)&(ctx->tmp[0])) { - ctx->tmp_nl=1; - ctx->tmp_len=0; + /* Check buffer full */ + if (i == B64_BLOCK_SIZE) + { + ctx->tmp_nl=1; + ctx->tmp_len=0; + } } else if (p != q) /* finished on a '\n' */ { @@ -271,6 +287,11 @@ static int b64_read(BIO *b, char *out, int outl) else ctx->tmp_len=0; } + /* If buffer isn't full and we can retry then + * restart to read in more data. + */ + else if ((i < B64_BLOCK_SIZE) && (ctx->cont > 0)) + continue; if (BIO_get_flags(b) & BIO_FLAGS_BASE64_NO_NL) { @@ -310,8 +331,8 @@ static int b64_read(BIO *b, char *out, int outl) i=EVP_DecodeUpdate(&(ctx->base64), (unsigned char *)ctx->buf,&ctx->buf_len, (unsigned char *)ctx->tmp,i); + ctx->tmp_len = 0; } - ctx->cont=i; ctx->buf_off=0; if (i < 0) { From 132eaa59dafcc36b513ab081b9f76a49e2525cc6 Mon Sep 17 00:00:00 2001 From: Richard Levitte Date: Sat, 22 Feb 2003 14:41:34 +0000 Subject: [PATCH 111/393] Allow building applications against static libraries with Makefile.shared. --- CHANGES | 8 ++ Makefile.shared | 12 +++ apps/Makefile.ssl | 12 ++- test/Makefile.ssl | 203 +++++++++++++++++++++++++++++++++------------- 4 files changed, 174 insertions(+), 61 deletions(-) diff --git a/CHANGES b/CHANGES index 0e70062f11..bedf11efc3 100644 --- a/CHANGES +++ b/CHANGES @@ -4,6 +4,10 @@ Changes between 0.9.7a and 0.9.8 [xx XXX xxxx] + *) Make it possible to link applications using Makefile.shared. + Make that possible even when linking against static libraries! + [Richard Levitte] + *) Various fixes to base64 BIO and non blocking I/O. On write flushes were not handled properly if the BIO retried. On read data was not being buffered properly and had various logic bugs. @@ -439,6 +443,10 @@ TODO: bug: pad x with leading zeros if necessary differing sizes. [Richard Levitte] + Changes between 0.9.7a and 0.9.7b [xx XXX 2003] + + *) + Changes between 0.9.7 and 0.9.7a [19 Feb 2003] *) In ssl3_get_record (ssl/s3_pkt.c), minimize information leaked diff --git a/Makefile.shared b/Makefile.shared index 9178b829a2..e33c10b5ae 100644 --- a/Makefile.shared +++ b/Makefile.shared @@ -141,6 +141,18 @@ DO_GNU_APP=LDCMD=$(CC);\ LIBDEPS="$(LIBDEPS) -lc"; \ APPNAME=$(APPNAME) +#This is rather special. It's a special target with which one can link +#applications without bothering with any features that have anything to +#do with shared libraries, for example when linking against static +#libraries. It's mostly here to avoid a lot of conditionals everywhere +#else... +link_app.: + LDCMD=$(CC); \ + LDFLAGS=""; \ + LIBDEPS="$(LIBDEPS)"; \ + APPNAME="$(APPNAME)"; \ + $(LINK_APP) + link_o.gnu: @ $(DO_GNU_SO); $(LINK_SO_O) link_a.gnu: diff --git a/apps/Makefile.ssl b/apps/Makefile.ssl index 7dce73d610..593c9a5ac9 100644 --- a/apps/Makefile.ssl +++ b/apps/Makefile.ssl @@ -88,12 +88,15 @@ all: exe exe: $(PROGRAM) req: sreq.o $(A_OBJ) $(DLIBCRYPTO) + shlib_target=; if [ -n "$(SHARED_LIBS)" ]; then \ + shlib_target="$(SHLIB_TARGET)"; \ + fi; \ $(NEWMAKE) -f $(TOP)/Makefile.shared \ APPNAME=req LDFLAGS="$(CFLAG)" \ OBJECTS="sreq.o $(A_OBJ) $(RAND_OBJ)" \ LIBDEPS="$(PEX_LIBS) $(LIBCRYPTO) $(EX_LIBS)" \ LIBRPATH=$(INSTALLTOP)/lib \ - link_app.$(SHLIB_TARGET) + link_app.$${shlib_target} sreq.o: req.c $(CC) -c $(INCLUDES) $(CFLAG) -o sreq.o req.c @@ -150,7 +153,10 @@ $(DLIBCRYPTO): $(PROGRAM): progs.h $(E_OBJ) $(PROGRAM).o $(DLIBCRYPTO) $(DLIBSSL) $(RM) $(PROGRAM) - if [ "$(SHLIB_TARGET)" = "hpux-shared" -o "$(SHLIB_TARGET)" = "darwin-shared" ] ; then \ + shlib_target=; if [ -n "$(SHARED_LIBS)" ]; then \ + shlib_target="$(SHLIB_TARGET)"; \ + fi; \ + if [ "$${shlib_target}" = "hpux-shared" -o "$${shlib_target}" = "darwin-shared" ] ; then \ LIBRARIES="$(DLIBSSL) $(LIBKRB5) $(DLIBCRYPTO)" ; \ else \ LIBRARIES="$(LIBSSL) $(LIBKRB5) $(LIBCRYPTO)" ; \ @@ -160,7 +166,7 @@ $(PROGRAM): progs.h $(E_OBJ) $(PROGRAM).o $(DLIBCRYPTO) $(DLIBSSL) OBJECTS="$(PROGRAM).o $(E_OBJ)" \ LIBDEPS="$(PEX_LIBS) $$LIBRARIES $(EX_LIBS)" \ LIBRPATH=$(INSTALLTOP)/lib \ - link_app.$(SHLIB_TARGET) + link_app.$${shlib_target} -(cd ..; OPENSSL="`pwd`/apps/openssl"; export OPENSSL; \ LIBPATH="`pwd`"; LD_LIBRARY_PATH="`pwd`"; DYLD_LIBRARY_PATH="`pwd`"; SHLIB_PATH="`pwd`"; \ if [ "$(PLATFORM)" = "Cygwin" ]; then PATH="`pwd`:$$PATH"; fi; \ diff --git a/test/Makefile.ssl b/test/Makefile.ssl index 344d21ef85..26ae0dcb6f 100644 --- a/test/Makefile.ssl +++ b/test/Makefile.ssl @@ -301,7 +301,10 @@ $(DLIBCRYPTO): (cd ..; $(MAKE) DIRS=crypto all) $(RSATEST): $(RSATEST).o $(DLIBCRYPTO) - if [ "$(SHLIB_TARGET)" = "hpux-shared" -o "$(SHLIB_TARGET)" = "darwin-shared" ] ; then \ + shlib_target=; if [ -n "$(SHARED_LIBS)" ]; then \ + shlib_target="$(SHLIB_TARGET)"; \ + fi; \ + if [ "$${shlib_target}" = "hpux-shared" -o "$${shlib_target}" = "darwin-shared" ] ; then \ LIBRARIES="$(DLIBCRYPTO)"; \ else \ LIBRARIES="$(LIBCRYPTO)"; \ @@ -311,10 +314,13 @@ $(RSATEST): $(RSATEST).o $(DLIBCRYPTO) OBJECTS="$(RSATEST).o" \ LIBDEPS="$(PEX_LIBS) $$LIBRARIES $(EX_LIBS)" \ LIBRPATH=$(INSTALLTOP)/lib \ - link_app.$(SHLIB_TARGET) + link_app.$${shlib_target} $(BNTEST): $(BNTEST).o $(DLIBCRYPTO) - if [ "$(SHLIB_TARGET)" = "hpux-shared" -o "$(SHLIB_TARGET)" = "darwin-shared" ] ; then \ + shlib_target=; if [ -n "$(SHARED_LIBS)" ]; then \ + shlib_target="$(SHLIB_TARGET)"; \ + fi; \ + if [ "$${shlib_target}" = "hpux-shared" -o "$${shlib_target}" = "darwin-shared" ] ; then \ LIBRARIES="$(DLIBCRYPTO)"; \ else \ LIBRARIES="$(LIBCRYPTO)"; \ @@ -324,10 +330,13 @@ $(BNTEST): $(BNTEST).o $(DLIBCRYPTO) OBJECTS="$(BNTEST).o" \ LIBDEPS="$(PEX_LIBS) $$LIBRARIES $(EX_LIBS)" \ LIBRPATH=$(INSTALLTOP)/lib \ - link_app.$(SHLIB_TARGET) + link_app.$${shlib_target} $(ECTEST): $(ECTEST).o $(DLIBCRYPTO) - if [ "$(SHLIB_TARGET)" = "hpux-shared" -o "$(SHLIB_TARGET)" = "darwin-shared" ] ; then \ + shlib_target=; if [ -n "$(SHARED_LIBS)" ]; then \ + shlib_target="$(SHLIB_TARGET)"; \ + fi; \ + if [ "$${shlib_target}" = "hpux-shared" -o "$${shlib_target}" = "darwin-shared" ] ; then \ LIBRARIES="$(DLIBCRYPTO)"; \ else \ LIBRARIES="$(LIBCRYPTO)"; \ @@ -337,10 +346,13 @@ $(ECTEST): $(ECTEST).o $(DLIBCRYPTO) OBJECTS="$(ECTEST).o" \ LIBDEPS="$(PEX_LIBS) $$LIBRARIES $(EX_LIBS)" \ LIBRPATH=$(INSTALLTOP)/lib \ - link_app.$(SHLIB_TARGET) + link_app.$${shlib_target} $(EXPTEST): $(EXPTEST).o $(DLIBCRYPTO) - if [ "$(SHLIB_TARGET)" = "hpux-shared" -o "$(SHLIB_TARGET)" = "darwin-shared" ] ; then \ + shlib_target=; if [ -n "$(SHARED_LIBS)" ]; then \ + shlib_target="$(SHLIB_TARGET)"; \ + fi; \ + if [ "$${shlib_target}" = "hpux-shared" -o "$${shlib_target}" = "darwin-shared" ] ; then \ LIBRARIES="$(DLIBCRYPTO)"; \ else \ LIBRARIES="$(LIBCRYPTO)"; \ @@ -350,10 +362,13 @@ $(EXPTEST): $(EXPTEST).o $(DLIBCRYPTO) OBJECTS="$(EXPTEST).o" \ LIBDEPS="$(PEX_LIBS) $$LIBRARIES $(EX_LIBS)" \ LIBRPATH=$(INSTALLTOP)/lib \ - link_app.$(SHLIB_TARGET) + link_app.$${shlib_target} $(IDEATEST): $(IDEATEST).o $(DLIBCRYPTO) - if [ "$(SHLIB_TARGET)" = "hpux-shared" -o "$(SHLIB_TARGET)" = "darwin-shared" ] ; then \ + shlib_target=; if [ -n "$(SHARED_LIBS)" ]; then \ + shlib_target="$(SHLIB_TARGET)"; \ + fi; \ + if [ "$${shlib_target}" = "hpux-shared" -o "$${shlib_target}" = "darwin-shared" ] ; then \ LIBRARIES="$(DLIBCRYPTO)"; \ else \ LIBRARIES="$(LIBCRYPTO)"; \ @@ -363,10 +378,13 @@ $(IDEATEST): $(IDEATEST).o $(DLIBCRYPTO) OBJECTS="$(IDEATEST).o" \ LIBDEPS="$(PEX_LIBS) $$LIBRARIES $(EX_LIBS)" \ LIBRPATH=$(INSTALLTOP)/lib \ - link_app.$(SHLIB_TARGET) + link_app.$${shlib_target} $(MD2TEST): $(MD2TEST).o $(DLIBCRYPTO) - if [ "$(SHLIB_TARGET)" = "hpux-shared" -o "$(SHLIB_TARGET)" = "darwin-shared" ] ; then \ + shlib_target=; if [ -n "$(SHARED_LIBS)" ]; then \ + shlib_target="$(SHLIB_TARGET)"; \ + fi; \ + if [ "$${shlib_target}" = "hpux-shared" -o "$${shlib_target}" = "darwin-shared" ] ; then \ LIBRARIES="$(DLIBCRYPTO)"; \ else \ LIBRARIES="$(LIBCRYPTO)"; \ @@ -376,10 +394,13 @@ $(MD2TEST): $(MD2TEST).o $(DLIBCRYPTO) OBJECTS="$(MD2TEST).o" \ LIBDEPS="$(PEX_LIBS) $$LIBRARIES $(EX_LIBS)" \ LIBRPATH=$(INSTALLTOP)/lib \ - link_app.$(SHLIB_TARGET) + link_app.$${shlib_target} $(SHATEST): $(SHATEST).o $(DLIBCRYPTO) - if [ "$(SHLIB_TARGET)" = "hpux-shared" -o "$(SHLIB_TARGET)" = "darwin-shared" ] ; then \ + shlib_target=; if [ -n "$(SHARED_LIBS)" ]; then \ + shlib_target="$(SHLIB_TARGET)"; \ + fi; \ + if [ "$${shlib_target}" = "hpux-shared" -o "$${shlib_target}" = "darwin-shared" ] ; then \ LIBRARIES="$(DLIBCRYPTO)"; \ else \ LIBRARIES="$(LIBCRYPTO)"; \ @@ -389,10 +410,13 @@ $(SHATEST): $(SHATEST).o $(DLIBCRYPTO) OBJECTS="$(SHATEST).o" \ LIBDEPS="$(PEX_LIBS) $$LIBRARIES $(EX_LIBS)" \ LIBRPATH=$(INSTALLTOP)/lib \ - link_app.$(SHLIB_TARGET) + link_app.$${shlib_target} $(SHA1TEST): $(SHA1TEST).o $(DLIBCRYPTO) - if [ "$(SHLIB_TARGET)" = "hpux-shared" -o "$(SHLIB_TARGET)" = "darwin-shared" ] ; then \ + shlib_target=; if [ -n "$(SHARED_LIBS)" ]; then \ + shlib_target="$(SHLIB_TARGET)"; \ + fi; \ + if [ "$${shlib_target}" = "hpux-shared" -o "$${shlib_target}" = "darwin-shared" ] ; then \ LIBRARIES="$(DLIBCRYPTO)"; \ else \ LIBRARIES="$(LIBCRYPTO)"; \ @@ -402,10 +426,13 @@ $(SHA1TEST): $(SHA1TEST).o $(DLIBCRYPTO) OBJECTS="$(SHA1TEST).o" \ LIBDEPS="$(PEX_LIBS) $$LIBRARIES $(EX_LIBS)" \ LIBRPATH=$(INSTALLTOP)/lib \ - link_app.$(SHLIB_TARGET) + link_app.$${shlib_target} $(RMDTEST): $(RMDTEST).o $(DLIBCRYPTO) - if [ "$(SHLIB_TARGET)" = "hpux-shared" -o "$(SHLIB_TARGET)" = "darwin-shared" ] ; then \ + shlib_target=; if [ -n "$(SHARED_LIBS)" ]; then \ + shlib_target="$(SHLIB_TARGET)"; \ + fi; \ + if [ "$${shlib_target}" = "hpux-shared" -o "$${shlib_target}" = "darwin-shared" ] ; then \ LIBRARIES="$(DLIBCRYPTO)"; \ else \ LIBRARIES="$(LIBCRYPTO)"; \ @@ -415,10 +442,13 @@ $(RMDTEST): $(RMDTEST).o $(DLIBCRYPTO) OBJECTS="$(RMDTEST).o" \ LIBDEPS="$(PEX_LIBS) $$LIBRARIES $(EX_LIBS)" \ LIBRPATH=$(INSTALLTOP)/lib \ - link_app.$(SHLIB_TARGET) + link_app.$${shlib_target} $(MDC2TEST): $(MDC2TEST).o $(DLIBCRYPTO) - if [ "$(SHLIB_TARGET)" = "hpux-shared" -o "$(SHLIB_TARGET)" = "darwin-shared" ] ; then \ + shlib_target=; if [ -n "$(SHARED_LIBS)" ]; then \ + shlib_target="$(SHLIB_TARGET)"; \ + fi; \ + if [ "$${shlib_target}" = "hpux-shared" -o "$${shlib_target}" = "darwin-shared" ] ; then \ LIBRARIES="$(DLIBCRYPTO)"; \ else \ LIBRARIES="$(LIBCRYPTO)"; \ @@ -428,10 +458,13 @@ $(MDC2TEST): $(MDC2TEST).o $(DLIBCRYPTO) OBJECTS="$(MDC2TEST).o" \ LIBDEPS="$(PEX_LIBS) $$LIBRARIES $(EX_LIBS)" \ LIBRPATH=$(INSTALLTOP)/lib \ - link_app.$(SHLIB_TARGET) + link_app.$${shlib_target} $(MD4TEST): $(MD4TEST).o $(DLIBCRYPTO) - if [ "$(SHLIB_TARGET)" = "hpux-shared" -o "$(SHLIB_TARGET)" = "darwin-shared" ] ; then \ + shlib_target=; if [ -n "$(SHARED_LIBS)" ]; then \ + shlib_target="$(SHLIB_TARGET)"; \ + fi; \ + if [ "$${shlib_target}" = "hpux-shared" -o "$${shlib_target}" = "darwin-shared" ] ; then \ LIBRARIES="$(DLIBCRYPTO)"; \ else \ LIBRARIES="$(LIBCRYPTO)"; \ @@ -441,10 +474,13 @@ $(MD4TEST): $(MD4TEST).o $(DLIBCRYPTO) OBJECTS="$(MD4TEST).o" \ LIBDEPS="$(PEX_LIBS) $$LIBRARIES $(EX_LIBS)" \ LIBRPATH=$(INSTALLTOP)/lib \ - link_app.$(SHLIB_TARGET) + link_app.$${shlib_target} $(MD5TEST): $(MD5TEST).o $(DLIBCRYPTO) - if [ "$(SHLIB_TARGET)" = "hpux-shared" -o "$(SHLIB_TARGET)" = "darwin-shared" ] ; then \ + shlib_target=; if [ -n "$(SHARED_LIBS)" ]; then \ + shlib_target="$(SHLIB_TARGET)"; \ + fi; \ + if [ "$${shlib_target}" = "hpux-shared" -o "$${shlib_target}" = "darwin-shared" ] ; then \ LIBRARIES="$(DLIBCRYPTO)"; \ else \ LIBRARIES="$(LIBCRYPTO)"; \ @@ -454,10 +490,13 @@ $(MD5TEST): $(MD5TEST).o $(DLIBCRYPTO) OBJECTS="$(MD5TEST).o" \ LIBDEPS="$(PEX_LIBS) $$LIBRARIES $(EX_LIBS)" \ LIBRPATH=$(INSTALLTOP)/lib \ - link_app.$(SHLIB_TARGET) + link_app.$${shlib_target} $(HMACTEST): $(HMACTEST).o $(DLIBCRYPTO) - if [ "$(SHLIB_TARGET)" = "hpux-shared" -o "$(SHLIB_TARGET)" = "darwin-shared" ] ; then \ + shlib_target=; if [ -n "$(SHARED_LIBS)" ]; then \ + shlib_target="$(SHLIB_TARGET)"; \ + fi; \ + if [ "$${shlib_target}" = "hpux-shared" -o "$${shlib_target}" = "darwin-shared" ] ; then \ LIBRARIES="$(DLIBCRYPTO)"; \ else \ LIBRARIES="$(LIBCRYPTO)"; \ @@ -467,10 +506,13 @@ $(HMACTEST): $(HMACTEST).o $(DLIBCRYPTO) OBJECTS="$(HMACTEST).o" \ LIBDEPS="$(PEX_LIBS) $$LIBRARIES $(EX_LIBS)" \ LIBRPATH=$(INSTALLTOP)/lib \ - link_app.$(SHLIB_TARGET) + link_app.$${shlib_target} $(RC2TEST): $(RC2TEST).o $(DLIBCRYPTO) - if [ "$(SHLIB_TARGET)" = "hpux-shared" -o "$(SHLIB_TARGET)" = "darwin-shared" ] ; then \ + shlib_target=; if [ -n "$(SHARED_LIBS)" ]; then \ + shlib_target="$(SHLIB_TARGET)"; \ + fi; \ + if [ "$${shlib_target}" = "hpux-shared" -o "$${shlib_target}" = "darwin-shared" ] ; then \ LIBRARIES="$(DLIBCRYPTO)"; \ else \ LIBRARIES="$(LIBCRYPTO)"; \ @@ -480,10 +522,13 @@ $(RC2TEST): $(RC2TEST).o $(DLIBCRYPTO) OBJECTS="$(RC2TEST).o" \ LIBDEPS="$(PEX_LIBS) $$LIBRARIES $(EX_LIBS)" \ LIBRPATH=$(INSTALLTOP)/lib \ - link_app.$(SHLIB_TARGET) + link_app.$${shlib_target} $(BFTEST): $(BFTEST).o $(DLIBCRYPTO) - if [ "$(SHLIB_TARGET)" = "hpux-shared" -o "$(SHLIB_TARGET)" = "darwin-shared" ] ; then \ + shlib_target=; if [ -n "$(SHARED_LIBS)" ]; then \ + shlib_target="$(SHLIB_TARGET)"; \ + fi; \ + if [ "$${shlib_target}" = "hpux-shared" -o "$${shlib_target}" = "darwin-shared" ] ; then \ LIBRARIES="$(DLIBCRYPTO)"; \ else \ LIBRARIES="$(LIBCRYPTO)"; \ @@ -493,10 +538,13 @@ $(BFTEST): $(BFTEST).o $(DLIBCRYPTO) OBJECTS="$(BFTEST).o" \ LIBDEPS="$(PEX_LIBS) $$LIBRARIES $(EX_LIBS)" \ LIBRPATH=$(INSTALLTOP)/lib \ - link_app.$(SHLIB_TARGET) + link_app.$${shlib_target} $(CASTTEST): $(CASTTEST).o $(DLIBCRYPTO) - if [ "$(SHLIB_TARGET)" = "hpux-shared" -o "$(SHLIB_TARGET)" = "darwin-shared" ] ; then \ + shlib_target=; if [ -n "$(SHARED_LIBS)" ]; then \ + shlib_target="$(SHLIB_TARGET)"; \ + fi; \ + if [ "$${shlib_target}" = "hpux-shared" -o "$${shlib_target}" = "darwin-shared" ] ; then \ LIBRARIES="$(DLIBCRYPTO)"; \ else \ LIBRARIES="$(LIBCRYPTO)"; \ @@ -506,10 +554,13 @@ $(CASTTEST): $(CASTTEST).o $(DLIBCRYPTO) OBJECTS="$(CASTTEST).o" \ LIBDEPS="$(PEX_LIBS) $$LIBRARIES $(EX_LIBS)" \ LIBRPATH=$(INSTALLTOP)/lib \ - link_app.$(SHLIB_TARGET) + link_app.$${shlib_target} $(RC4TEST): $(RC4TEST).o $(DLIBCRYPTO) - if [ "$(SHLIB_TARGET)" = "hpux-shared" -o "$(SHLIB_TARGET)" = "darwin-shared" ] ; then \ + shlib_target=; if [ -n "$(SHARED_LIBS)" ]; then \ + shlib_target="$(SHLIB_TARGET)"; \ + fi; \ + if [ "$${shlib_target}" = "hpux-shared" -o "$${shlib_target}" = "darwin-shared" ] ; then \ LIBRARIES="$(DLIBCRYPTO)"; \ else \ LIBRARIES="$(LIBCRYPTO)"; \ @@ -519,10 +570,13 @@ $(RC4TEST): $(RC4TEST).o $(DLIBCRYPTO) OBJECTS="$(RC4TEST).o" \ LIBDEPS="$(PEX_LIBS) $$LIBRARIES $(EX_LIBS)" \ LIBRPATH=$(INSTALLTOP)/lib \ - link_app.$(SHLIB_TARGET) + link_app.$${shlib_target} $(RC5TEST): $(RC5TEST).o $(DLIBCRYPTO) - if [ "$(SHLIB_TARGET)" = "hpux-shared" -o "$(SHLIB_TARGET)" = "darwin-shared" ] ; then \ + shlib_target=; if [ -n "$(SHARED_LIBS)" ]; then \ + shlib_target="$(SHLIB_TARGET)"; \ + fi; \ + if [ "$${shlib_target}" = "hpux-shared" -o "$${shlib_target}" = "darwin-shared" ] ; then \ LIBRARIES="$(DLIBCRYPTO)"; \ else \ LIBRARIES="$(LIBCRYPTO)"; \ @@ -532,10 +586,13 @@ $(RC5TEST): $(RC5TEST).o $(DLIBCRYPTO) OBJECTS="$(RC5TEST).o" \ LIBDEPS="$(PEX_LIBS) $$LIBRARIES $(EX_LIBS)" \ LIBRPATH=$(INSTALLTOP)/lib \ - link_app.$(SHLIB_TARGET) + link_app.$${shlib_target} $(DESTEST): $(DESTEST).o $(DLIBCRYPTO) - if [ "$(SHLIB_TARGET)" = "hpux-shared" -o "$(SHLIB_TARGET)" = "darwin-shared" ] ; then \ + shlib_target=; if [ -n "$(SHARED_LIBS)" ]; then \ + shlib_target="$(SHLIB_TARGET)"; \ + fi; \ + if [ "$${shlib_target}" = "hpux-shared" -o "$${shlib_target}" = "darwin-shared" ] ; then \ LIBRARIES="$(DLIBCRYPTO)"; \ else \ LIBRARIES="$(LIBCRYPTO)"; \ @@ -545,10 +602,13 @@ $(DESTEST): $(DESTEST).o $(DLIBCRYPTO) OBJECTS="$(DESTEST).o" \ LIBDEPS="$(PEX_LIBS) $$LIBRARIES $(EX_LIBS)" \ LIBRPATH=$(INSTALLTOP)/lib \ - link_app.$(SHLIB_TARGET) + link_app.$${shlib_target} $(RANDTEST): $(RANDTEST).o $(DLIBCRYPTO) - if [ "$(SHLIB_TARGET)" = "hpux-shared" -o "$(SHLIB_TARGET)" = "darwin-shared" ] ; then \ + shlib_target=; if [ -n "$(SHARED_LIBS)" ]; then \ + shlib_target="$(SHLIB_TARGET)"; \ + fi; \ + if [ "$${shlib_target}" = "hpux-shared" -o "$${shlib_target}" = "darwin-shared" ] ; then \ LIBRARIES="$(DLIBCRYPTO)"; \ else \ LIBRARIES="$(LIBCRYPTO)"; \ @@ -558,10 +618,13 @@ $(RANDTEST): $(RANDTEST).o $(DLIBCRYPTO) OBJECTS="$(RANDTEST).o" \ LIBDEPS="$(PEX_LIBS) $$LIBRARIES $(EX_LIBS)" \ LIBRPATH=$(INSTALLTOP)/lib \ - link_app.$(SHLIB_TARGET) + link_app.$${shlib_target} $(DHTEST): $(DHTEST).o $(DLIBCRYPTO) - if [ "$(SHLIB_TARGET)" = "hpux-shared" -o "$(SHLIB_TARGET)" = "darwin-shared" ] ; then \ + shlib_target=; if [ -n "$(SHARED_LIBS)" ]; then \ + shlib_target="$(SHLIB_TARGET)"; \ + fi; \ + if [ "$${shlib_target}" = "hpux-shared" -o "$${shlib_target}" = "darwin-shared" ] ; then \ LIBRARIES="$(DLIBCRYPTO)"; \ else \ LIBRARIES="$(LIBCRYPTO)"; \ @@ -571,10 +634,13 @@ $(DHTEST): $(DHTEST).o $(DLIBCRYPTO) OBJECTS="$(DHTEST).o" \ LIBDEPS="$(PEX_LIBS) $$LIBRARIES $(EX_LIBS)" \ LIBRPATH=$(INSTALLTOP)/lib \ - link_app.$(SHLIB_TARGET) + link_app.$${shlib_target} $(DSATEST): $(DSATEST).o $(DLIBCRYPTO) - if [ "$(SHLIB_TARGET)" = "hpux-shared" -o "$(SHLIB_TARGET)" = "darwin-shared" ] ; then \ + shlib_target=; if [ -n "$(SHARED_LIBS)" ]; then \ + shlib_target="$(SHLIB_TARGET)"; \ + fi; \ + if [ "$${shlib_target}" = "hpux-shared" -o "$${shlib_target}" = "darwin-shared" ] ; then \ LIBRARIES="$(DLIBCRYPTO)"; \ else \ LIBRARIES="$(LIBCRYPTO)"; \ @@ -584,10 +650,13 @@ $(DSATEST): $(DSATEST).o $(DLIBCRYPTO) OBJECTS="$(DSATEST).o" \ LIBDEPS="$(PEX_LIBS) $$LIBRARIES $(EX_LIBS)" \ LIBRPATH=$(INSTALLTOP)/lib \ - link_app.$(SHLIB_TARGET) + link_app.$${shlib_target} $(METHTEST): $(METHTEST).o $(DLIBCRYPTO) - if [ "$(SHLIB_TARGET)" = "hpux-shared" -o "$(SHLIB_TARGET)" = "darwin-shared" ] ; then \ + shlib_target=; if [ -n "$(SHARED_LIBS)" ]; then \ + shlib_target="$(SHLIB_TARGET)"; \ + fi; \ + if [ "$${shlib_target}" = "hpux-shared" -o "$${shlib_target}" = "darwin-shared" ] ; then \ LIBRARIES="$(DLIBCRYPTO)"; \ else \ LIBRARIES="$(LIBCRYPTO)"; \ @@ -597,10 +666,13 @@ $(METHTEST): $(METHTEST).o $(DLIBCRYPTO) OBJECTS="$(METHTEST).o" \ LIBDEPS="$(PEX_LIBS) $$LIBRARIES $(EX_LIBS)" \ LIBRPATH=$(INSTALLTOP)/lib \ - link_app.$(SHLIB_TARGET) + link_app.$${shlib_target} $(SSLTEST): $(SSLTEST).o $(DLIBSSL) $(DLIBCRYPTO) - if [ "$(SHLIB_TARGET)" = "hpux-shared" -o "$(SHLIB_TARGET)" = "darwin-shared" ] ; then \ + shlib_target=; if [ -n "$(SHARED_LIBS)" ]; then \ + shlib_target="$(SHLIB_TARGET)"; \ + fi; \ + if [ "$${shlib_target}" = "hpux-shared" -o "$${shlib_target}" = "darwin-shared" ] ; then \ LIBRARIES="$(DLIBSSL) $(LIBKRB5) $(DLIBCRYPTO)"; \ else \ LIBRARIES="$(LIBSSL) $(LIBKRB5) $(LIBCRYPTO)"; \ @@ -610,10 +682,13 @@ $(SSLTEST): $(SSLTEST).o $(DLIBSSL) $(DLIBCRYPTO) OBJECTS="$(SSLTEST).o" \ LIBDEPS="$(PEX_LIBS) $$LIBRARIES $(EX_LIBS)" \ LIBRPATH=$(INSTALLTOP)/lib \ - link_app.$(SHLIB_TARGET) + link_app.$${shlib_target} $(ENGINETEST): $(ENGINETEST).o $(DLIBCRYPTO) - if [ "$(SHLIB_TARGET)" = "hpux-shared" -o "$(SHLIB_TARGET)" = "darwin-shared" ] ; then \ + shlib_target=; if [ -n "$(SHARED_LIBS)" ]; then \ + shlib_target="$(SHLIB_TARGET)"; \ + fi; \ + if [ "$${shlib_target}" = "hpux-shared" -o "$${shlib_target}" = "darwin-shared" ] ; then \ LIBRARIES="$(DLIBCRYPTO)"; \ else \ LIBRARIES="$(LIBCRYPTO)"; \ @@ -623,10 +698,13 @@ $(ENGINETEST): $(ENGINETEST).o $(DLIBCRYPTO) OBJECTS="$(ENGINETEST).o" \ LIBDEPS="$(PEX_LIBS) $$LIBRARIES $(EX_LIBS)" \ LIBRPATH=$(INSTALLTOP)/lib \ - link_app.$(SHLIB_TARGET) + link_app.$${shlib_target} $(EVPTEST): $(EVPTEST).o $(DLIBCRYPTO) - if [ "$(SHLIB_TARGET)" = "hpux-shared" -o "$(SHLIB_TARGET)" = "darwin-shared" ] ; then \ + shlib_target=; if [ -n "$(SHARED_LIBS)" ]; then \ + shlib_target="$(SHLIB_TARGET)"; \ + fi; \ + if [ "$${shlib_target}" = "hpux-shared" -o "$${shlib_target}" = "darwin-shared" ] ; then \ LIBRARIES="$(DLIBCRYPTO)"; \ else \ LIBRARIES="$(LIBCRYPTO)"; \ @@ -636,10 +714,13 @@ $(EVPTEST): $(EVPTEST).o $(DLIBCRYPTO) OBJECTS="$(EVPTEST).o" \ LIBDEPS="$(PEX_LIBS) $$LIBRARIES $(EX_LIBS)" \ LIBRPATH=$(INSTALLTOP)/lib \ - link_app.$(SHLIB_TARGET) + link_app.$${shlib_target} $(ECDSATEST): $(ECDSATEST).o $(DLIBCRYPTO) - if [ "$(SHLIB_TARGET)" = "hpux-shared" -o "$(SHLIB_TARGET)" = "darwin-shared" ] ; then \ + shlib_target=; if [ -n "$(SHARED_LIBS)" ]; then \ + shlib_target="$(SHLIB_TARGET)"; \ + fi; \ + if [ "$${shlib_target}" = "hpux-shared" -o "$${shlib_target}" = "darwin-shared" ] ; then \ LIBRARIES="$(DLIBCRYPTO)"; \ else \ LIBRARIES="$(LIBCRYPTO)"; \ @@ -649,10 +730,13 @@ $(ECDSATEST): $(ECDSATEST).o $(DLIBCRYPTO) OBJECTS="$(ECDSATEST).o" \ LIBDEPS="$(PEX_LIBS) $$LIBRARIES $(EX_LIBS)" \ LIBRPATH=$(INSTALLTOP)/lib \ - link_app.$(SHLIB_TARGET) + link_app.$${shlib_target} $(ECDHTEST): $(ECDHTEST).o $(DLIBCRYPTO) - if [ "$(SHLIB_TARGET)" = "hpux-shared" -o "$(SHLIB_TARGET)" = "darwin-shared" ] ; then \ + shlib_target=; if [ -n "$(SHARED_LIBS)" ]; then \ + shlib_target="$(SHLIB_TARGET)"; \ + fi; \ + if [ "$${shlib_target}" = "hpux-shared" -o "$${shlib_target}" = "darwin-shared" ] ; then \ LIBRARIES="$(DLIBCRYPTO)"; \ else \ LIBRARIES="$(LIBCRYPTO)"; \ @@ -662,7 +746,7 @@ $(ECDHTEST): $(ECDHTEST).o $(DLIBCRYPTO) OBJECTS="$(ECDHTEST).o" \ LIBDEPS="$(PEX_LIBS) $$LIBRARIES $(EX_LIBS)" \ LIBRPATH=$(INSTALLTOP)/lib \ - link_app.$(SHLIB_TARGET) + link_app.$${shlib_target} #$(AESTEST).o: $(AESTEST).c # $(CC) -c $(CFLAGS) -DINTERMEDIATE_VALUE_KAT -DTRACE_KAT_MCT $(AESTEST).c @@ -675,7 +759,10 @@ $(ECDHTEST): $(ECDHTEST).o $(DLIBCRYPTO) # fi dummytest: dummytest.o $(DLIBCRYPTO) - if [ "$(SHLIB_TARGET)" = "hpux-shared" -o "$(SHLIB_TARGET)" = "darwin-shared" ] ; then \ + shlib_target=; if [ -n "$(SHARED_LIBS)" ]; then \ + shlib_target="$(SHLIB_TARGET)"; \ + fi; \ + if [ "$${shlib_target}" = "hpux-shared" -o "$${shlib_target}" = "darwin-shared" ] ; then \ LIBRARIES="$(DLIBCRYPTO)"; \ else \ LIBRARIES="$(LIBCRYPTO)"; \ @@ -685,7 +772,7 @@ dummytest: dummytest.o $(DLIBCRYPTO) OBJECTS="dummytest.o" \ LIBDEPS="$(PEX_LIBS) $$LIBRARIES $(EX_LIBS)" \ LIBRPATH=$(INSTALLTOP)/lib \ - link_app.$(SHLIB_TARGET) + link_app.$${shlib_target} # DO NOT DELETE THIS LINE -- make depend depends on it. From 7841edc9c1aa18b4b2454b18c6e72eb5cb2f4ae5 Mon Sep 17 00:00:00 2001 From: Richard Levitte Date: Sat, 22 Feb 2003 15:04:03 +0000 Subject: [PATCH 112/393] Remove duplication and have clean depend on libclean --- Makefile.org | 8 ++++---- 1 file changed, 4 insertions(+), 4 deletions(-) diff --git a/Makefile.org b/Makefile.org index 1baf7e8b44..3956dfccea 100644 --- a/Makefile.org +++ b/Makefile.org @@ -314,10 +314,10 @@ Makefile.ssl: Makefile.org @false libclean: - rm -f *.so *.so.* engines/*.so *.a */lib */*/lib + rm -f *.map *.so *.so.* engines/*.so *.a */lib */*/lib -clean: - rm -f shlib/*.o *.o core a.out fluff *.map rehash.time testlog make.log cctest cctest.c +clean: libclean + rm -f shlib/*.o *.o core a.out fluff rehash.time testlog make.log cctest cctest.c @for i in $(DIRS) ;\ do \ if [ -d "$$i" ]; then \ @@ -327,7 +327,7 @@ clean: fi; \ done; rm -f openssl.pc - rm -f *.a *.o speed.* *.map *.so .pure core + rm -f speed.* .pure rm -f $(TARFILE) @for i in $(ONEDIRS) ;\ do \ From 66ecdf3bfb0320647b8e2ab9f93ffc3f231e54e8 Mon Sep 17 00:00:00 2001 From: =?UTF-8?q?Ulf=20M=C3=B6ller?= Date: Sat, 22 Feb 2003 18:00:14 +0000 Subject: [PATCH 113/393] more mingw related cleanups. --- Configure | 6 ++---- apps/apps.c | 4 ---- crypto/bn/bntest.c | 9 --------- crypto/bn/exptest.c | 3 --- crypto/dh/dhtest.c | 7 ------- crypto/dsa/dsatest.c | 3 --- crypto/threads/mttest.c | 5 ----- ms/mingw32.bat | 2 +- ms/mw.bat | 5 ----- ssl/ssltest.c | 1 - 10 files changed, 3 insertions(+), 42 deletions(-) diff --git a/Configure b/Configure index 3df57f6338..0f64c4cb0a 100755 --- a/Configure +++ b/Configure @@ -506,10 +506,8 @@ my %table=( "BC-32","bcc32::::WIN32::BN_LLONG DES_PTR RC4_INDEX EXPORT_VAR_AS_FN::::::::::win32", "BC-16","bcc:::(unknown):WIN16::BN_LLONG DES_PTR RC4_INDEX SIXTEEN_BIT:::", -# Mingw32 -# (Note: the real CFLAGS for Windows builds are defined by util/mk1mf.pl -# and its library files in util/pl/*) -"Mingw32", "gcc:-DL_ENDIAN -fomit-frame-pointer -O3 -m486 -Wall:::::BN_LLONG ${x86_gcc_des} ${x86_gcc_opts}::::::::::win32", +# MinGW +"mingw", "gcc:-DL_ENDIAN -fomit-frame-pointer -O3 -march=i486 -mno-cygwin -Wall:::MINGW32:-mno-cygwin -lwsock32 -lgdi32:BN_LLONG ${x86_gcc_des} ${x86_gcc_opts}:${x86_out_asm}:win32::::.dll", # UWIN "UWIN", "cc:-DTERMIOS -DL_ENDIAN -O -Wall:::UWIN::BN_LLONG ${x86_gcc_des} ${x86_gcc_opts}::::::::::win32", diff --git a/apps/apps.c b/apps/apps.c index ec3e391b66..007e3e06c3 100644 --- a/apps/apps.c +++ b/apps/apps.c @@ -140,10 +140,6 @@ #include "apps.h" #undef NON_MAIN -#ifdef OPENSSL_SYS_WINDOWS -# include "bss_file.c" -#endif - typedef struct { char *name; unsigned long flag; diff --git a/crypto/bn/bntest.c b/crypto/bn/bntest.c index 0149e8c3c4..fe057dc22f 100644 --- a/crypto/bn/bntest.c +++ b/crypto/bn/bntest.c @@ -87,10 +87,6 @@ #include #include -#ifdef OPENSSL_SYS_WINDOWS -#include "../bio/bss_file.c" -#endif - const int num0 = 100; /* number of tests */ const int num1 = 50; /* additional tests for some functions */ const int num2 = 5; /* number of tests for slow functions */ @@ -124,11 +120,6 @@ int test_sqrt(BIO *bp,BN_CTX *ctx); int rand_neg(void); static int results=0; -#ifdef OPENSSL_NO_STDIO -#define APPS_WIN16 -#include "bss_file.c" -#endif - static unsigned char lst[]="\xC6\x4F\x43\x04\x2A\xEA\xCA\x6E\x58\x36\x80\x5B\xE8\xC9" "\x9B\x04\x5D\x48\x36\xC2\xFD\x16\xC9\x64\xF0"; diff --git a/crypto/bn/exptest.c b/crypto/bn/exptest.c index 621e6a9eee..b09cf88705 100644 --- a/crypto/bn/exptest.c +++ b/crypto/bn/exptest.c @@ -66,9 +66,6 @@ #include #include #include -#ifdef OPENSSL_SYS_WINDOWS -#include "../bio/bss_file.c" -#endif #define NUM_BITS (BN_BITS*2) diff --git a/crypto/dh/dhtest.c b/crypto/dh/dhtest.c index 33a49f2d7d..dc25283f7c 100644 --- a/crypto/dh/dhtest.c +++ b/crypto/dh/dhtest.c @@ -68,9 +68,6 @@ #include "../e_os.h" -#ifdef OPENSSL_SYS_WINDOWS -#include "../bio/bss_file.c" -#endif #include #include #include @@ -93,10 +90,6 @@ int main(int argc, char *argv[]) #endif static void MS_CALLBACK cb(int p, int n, void *arg); -#ifdef OPENSSL_NO_STDIO -#define APPS_WIN16 -#include "bss_file.c" -#endif static const char rnd_seed[] = "string to make the random number generator think it has entropy"; diff --git a/crypto/dsa/dsatest.c b/crypto/dsa/dsatest.c index 75eca097a5..940d97d0e6 100644 --- a/crypto/dsa/dsatest.c +++ b/crypto/dsa/dsatest.c @@ -77,9 +77,6 @@ #ifndef OPENSSL_NO_ENGINE #include #endif -#ifdef OPENSSL_SYS_WINDOWS -#include "../bio/bss_file.c" -#endif #ifdef OPENSSL_NO_DSA int main(int argc, char *argv[]) diff --git a/crypto/threads/mttest.c b/crypto/threads/mttest.c index 7142e4edc7..54d598565d 100644 --- a/crypto/threads/mttest.c +++ b/crypto/threads/mttest.c @@ -86,11 +86,6 @@ #include #include -#ifdef OPENSSL_NO_FP_API -#define APPS_WIN16 -#include "../buffer/bss_file.c" -#endif - #define TEST_SERVER_CERT "../../apps/server.pem" #define TEST_CLIENT_CERT "../../apps/client.pem" diff --git a/ms/mingw32.bat b/ms/mingw32.bat index df8e0af15f..8c7c63e0f2 100644 --- a/ms/mingw32.bat +++ b/ms/mingw32.bat @@ -1,7 +1,7 @@ @rem OpenSSL with Mingw32+GNU as @rem --------------------------- -perl Configure Mingw32 %1 %2 %3 %4 %5 %6 %7 %8 +perl Configure mingw %1 %2 %3 %4 %5 %6 %7 %8 @echo off diff --git a/ms/mw.bat b/ms/mw.bat index dc37913b71..c5ccd693e3 100644 --- a/ms/mw.bat +++ b/ms/mw.bat @@ -4,17 +4,12 @@ @rem Makefile perl util\mkfiles.pl >MINFO perl util\mk1mf.pl Mingw32 >ms\mingw32.mak -perl util\mk1mf.pl Mingw32-files >ms\mingw32f.mak @rem DLL definition files perl util\mkdef.pl 32 libeay >ms\libeay32.def if errorlevel 1 goto end perl util\mkdef.pl 32 ssleay >ms\ssleay32.def if errorlevel 1 goto end -@rem Create files -- this can be skipped if using the GNU file utilities -make -f ms/mingw32f.mak -echo You can ignore the error messages above - @rem Build the libraries make -f ms/mingw32.mak if errorlevel 1 goto end diff --git a/ssl/ssltest.c b/ssl/ssltest.c index 49360d5f9f..45b211b4c6 100644 --- a/ssl/ssltest.c +++ b/ssl/ssltest.c @@ -147,7 +147,6 @@ #ifdef OPENSSL_SYS_WINDOWS #include -#include "../crypto/bio/bss_file.c" #else #include OPENSSL_UNISTD #endif From c8c5cec1f9fb290f6a1273f91b529475051ff16e Mon Sep 17 00:00:00 2001 From: =?UTF-8?q?Ulf=20M=C3=B6ller?= Date: Sat, 22 Feb 2003 22:15:31 +0000 Subject: [PATCH 114/393] remove some more useless code. The mingw target can now be built under cygwin. --- crypto/ecdh/ecdhtest.c | 8 -------- 1 file changed, 8 deletions(-) diff --git a/crypto/ecdh/ecdhtest.c b/crypto/ecdh/ecdhtest.c index 8af35322bb..6e0c14dc13 100644 --- a/crypto/ecdh/ecdhtest.c +++ b/crypto/ecdh/ecdhtest.c @@ -73,9 +73,6 @@ #include "../e_os.h" -#ifdef OPENSSL_SYS_WINDOWS -#include "../bio/bss_file.c" -#endif #include #include #include @@ -103,11 +100,6 @@ int main(int argc, char *argv[]) static void MS_CALLBACK cb(int p, int n, void *arg); #endif -#ifdef OPENSSL_NO_STDIO -#define APPS_WIN16 -#include "bss_file.c" -#endif - static const char rnd_seed[] = "string to make the random number generator think it has entropy"; int test_ecdh_curve(int , char *, BN_CTX *, BIO *); From b4f43344d5b517e4c620cbc4b7eb6b5859e18161 Mon Sep 17 00:00:00 2001 From: =?UTF-8?q?Ulf=20M=C3=B6ller?= Date: Sat, 22 Feb 2003 22:19:48 +0000 Subject: [PATCH 115/393] Copy rather than symlink the test data. This is needed because Windows doesn't support symlinks. The Cygwin/MinGW build now passes "make test". --- crypto/evp/Makefile.ssl | 2 +- 1 file changed, 1 insertion(+), 1 deletion(-) diff --git a/crypto/evp/Makefile.ssl b/crypto/evp/Makefile.ssl index 8fd8c718a4..0f82cf78df 100644 --- a/crypto/evp/Makefile.ssl +++ b/crypto/evp/Makefile.ssl @@ -70,7 +70,7 @@ links: @$(TOP)/util/point.sh Makefile.ssl Makefile @$(PERL) $(TOP)/util/mklink.pl ../../include/openssl $(EXHEADER) @$(PERL) $(TOP)/util/mklink.pl ../../test $(TEST) - @$(PERL) $(TOP)/util/mklink.pl ../../test $(TESTDATA) + cp $(TESTDATA) ../../test @$(PERL) $(TOP)/util/mklink.pl ../../apps $(APPS) install: From 63ff3e83fc549c342786dff6f59fc671701fac87 Mon Sep 17 00:00:00 2001 From: =?UTF-8?q?Ulf=20M=C3=B6ller?= Date: Sat, 22 Feb 2003 23:03:42 +0000 Subject: [PATCH 116/393] Add instructions for building the MinGW target in Cygwin, and rearrange some of the other text for better readability. --- CHANGES | 4 +- INSTALL.W32 | 122 +++++++++++++++++++++++++++++----------------------- 2 files changed, 71 insertions(+), 55 deletions(-) diff --git a/CHANGES b/CHANGES index bedf11efc3..98b44d561c 100644 --- a/CHANGES +++ b/CHANGES @@ -445,7 +445,9 @@ TODO: bug: pad x with leading zeros if necessary Changes between 0.9.7a and 0.9.7b [xx XXX 2003] - *) + *) Target "mingw" now allows native Windows code to be generated in + the Cygwin environment as well as with the MinGW compiler. + [Ulf Moeller] Changes between 0.9.7 and 0.9.7a [19 Feb 2003] diff --git a/INSTALL.W32 b/INSTALL.W32 index de09fcba4a..d4996560dd 100644 --- a/INSTALL.W32 +++ b/INSTALL.W32 @@ -10,13 +10,20 @@ You need Perl for Win32. Unless you will build on Cygwin, you will need ActiveState Perl, available from http://www.activestate.com/ActivePerl. - For Cygwin users, there's more info in the Cygwin section. and one of the following C compilers: * Visual C++ * Borland C - * GNU C (MinGW or Cygwin) + * GNU C (Cygwin or MinGW) + + If you are compiling from a tarball or a CVS snapshot then the Win32 files + may well be not up to date. This may mean that some "tweaking" is required to + get it all to work. See the trouble shooting section later on for if (when?) + it goes wrong. + + Visual C++ + ---------- If you want to compile in the assembly language routines with Visual C++ then you will need an assembler. This is worth doing because it will result in @@ -39,14 +46,6 @@ http://www.kernel.org/pub/software/devel/nasm/binaries/win32/ The NASM binary nasmw.exe needs to be installed anywhere on your PATH. - If you are compiling from a tarball or a CVS snapshot then the Win32 files - may well be not up to date. This may mean that some "tweaking" is required to - get it all to work. See the trouble shooting section later on for if (when?) - it goes wrong. - - Visual C++ - ---------- - Firstly you should run Configure: > perl Configure VC-WIN32 @@ -120,13 +119,71 @@ * Run make: > make -f bcb.mak + GNU C (Cygwin) + -------------- + + Cygwin provides a bash shell and GNU tools environment running + on NT 4.0, Windows 9x, Windows ME, Windows 2000, and Windows XP. + Consequently, a make of OpenSSL with Cygwin is closer to a GNU + bash environment such as Linux than to other the other Win32 + makes. + + Cygwin implements a Posix/Unix runtime system (cygwin1.dll). + It is also possible to create Win32 binaries that only use the + Microsoft C runtime system (msvcrt.dll or crtdll.dll) using + MinGW. MinGW can be used in the Cygwin development environment + or in a standalone setup as described in the following section. + + To build OpenSSL using Cygwin: + + * Install Cygwin (see http://cygwin.com/) + + * Install Perl and ensure it is in the path. Both Cygwin perl + (5.6.1-2 or newer) and ActivePerl work. + + * Run the Cygwin bash shell + + * $ tar zxvf openssl-x.x.x.tar.gz + $ cd openssl-x.x.x + + To build the Cygwin version of OpenSSL: + + $ ./config + [...] + $ make + [...] + $ make test + $ make install + + This will create a default install in /usr/local/ssl. + + To build the MinGW version (native Windows) in Cygwin: + + $ ./Configure mingw + [...] + $ make + [...] + $ make test + $ make install + + Cygwin Notes: + + "make test" and normal file operations may fail in directories + mounted as text (i.e. mount -t c:\somewhere /home) due to Cygwin + stripping of carriage returns. To avoid this ensure that a binary + mount is used, e.g. mount -b c:\somewhere /home. + + "bc" is not provided in older Cygwin distribution. This causes a + non-fatal error in "make test" but is otherwise harmless. If + desired and needed, GNU bc can be built with Cygwin without change. + GNU C (MinGW) ------------- * Compiler installation: MinGW is available from http://www.mingw.org. Run the installer and - set the MinGW \bin directory to the PATH in "System Properties" or + set the MinGW bin directory to the PATH in "System Properties" or autoexec.bat. * Compile OpenSSL: @@ -149,49 +206,6 @@ > cd out > ..\ms\test - GNU C (Cygwin) - -------------- - - Cygwin provides a bash shell and GNU tools environment running - on NT 4.0, Windows 9x, Windows ME, Windows 2000, and Windows XP. - Consequently, a make of OpenSSL with Cygwin is closer to a GNU - bash environment such as Linux than to other W32 makes which are - based on a single makefile approach. Cygwin implements Posix/Unix - calls through cygwin1.dll, and is contrasted to MingW which links - dynamically to msvcrt.dll or crtdll.dll. - - To build OpenSSL using Cygwin: - - * Install Cygwin (see http://cygwin.com/) - - * Install Perl and ensure it is in the path (recent Cygwin perl - (version 5.6.1-2 of the latter has been reported to work) or - ActivePerl) - - * Run the Cygwin bash shell - - * $ tar zxvf openssl-x.x.x.tar.gz - $ cd openssl-x.x.x - $ ./config - [...] - $ make - [...] - $ make test - $ make install - - This will create a default install in /usr/local/ssl. - - Cygwin Notes: - - "make test" and normal file operations may fail in directories - mounted as text (i.e. mount -t c:\somewhere /home) due to Cygwin - stripping of carriage returns. To avoid this ensure that a binary - mount is used, e.g. mount -b c:\somewhere /home. - - "bc" is not provided in older Cygwin distribution. This causes a - non-fatal error in "make test" but is otherwise harmless. If - desired and needed, GNU bc can be built with Cygwin without change. - Installation ------------ From 5c9a9c9c332b8def46e849ea5df88afe7ced2a30 Mon Sep 17 00:00:00 2001 From: =?UTF-8?q?Bodo=20M=C3=B6ller?= Date: Mon, 24 Feb 2003 17:15:28 +0000 Subject: [PATCH 117/393] include OpenSSL license (in addition to EAY license) --- crypto/evp/m_ecdsa.c | 53 ++++++++++++++++++++++++++++++++++++++++++++ 1 file changed, 53 insertions(+) diff --git a/crypto/evp/m_ecdsa.c b/crypto/evp/m_ecdsa.c index 4e8b010709..26e4206e5a 100644 --- a/crypto/evp/m_ecdsa.c +++ b/crypto/evp/m_ecdsa.c @@ -1,4 +1,57 @@ /* crypto/evp/m_ecdsa.c */ +/* ==================================================================== + * Copyright (c) 1998-2002 The OpenSSL Project. All rights reserved. + * + * Redistribution and use in source and binary forms, with or without + * modification, are permitted provided that the following conditions + * are met: + * + * 1. Redistributions of source code must retain the above copyright + * notice, this list of conditions and the following disclaimer. + * + * 2. Redistributions in binary form must reproduce the above copyright + * notice, this list of conditions and the following disclaimer in + * the documentation and/or other materials provided with the + * distribution. + * + * 3. All advertising materials mentioning features or use of this + * software must display the following acknowledgment: + * "This product includes software developed by the OpenSSL Project + * for use in the OpenSSL Toolkit. (http://www.openssl.org/)" + * + * 4. The names "OpenSSL Toolkit" and "OpenSSL Project" must not be used to + * endorse or promote products derived from this software without + * prior written permission. For written permission, please contact + * openssl-core@openssl.org. + * + * 5. Products derived from this software may not be called "OpenSSL" + * nor may "OpenSSL" appear in their names without prior written + * permission of the OpenSSL Project. + * + * 6. Redistributions of any form whatsoever must retain the following + * acknowledgment: + * "This product includes software developed by the OpenSSL Project + * for use in the OpenSSL Toolkit (http://www.openssl.org/)" + * + * THIS SOFTWARE IS PROVIDED BY THE OpenSSL PROJECT ``AS IS'' AND ANY + * EXPRESSED OR IMPLIED WARRANTIES, INCLUDING, BUT NOT LIMITED TO, THE + * IMPLIED WARRANTIES OF MERCHANTABILITY AND FITNESS FOR A PARTICULAR + * PURPOSE ARE DISCLAIMED. IN NO EVENT SHALL THE OpenSSL PROJECT OR + * ITS CONTRIBUTORS BE LIABLE FOR ANY DIRECT, INDIRECT, INCIDENTAL, + * SPECIAL, EXEMPLARY, OR CONSEQUENTIAL DAMAGES (INCLUDING, BUT + * NOT LIMITED TO, PROCUREMENT OF SUBSTITUTE GOODS OR SERVICES; + * LOSS OF USE, DATA, OR PROFITS; OR BUSINESS INTERRUPTION) + * HOWEVER CAUSED AND ON ANY THEORY OF LIABILITY, WHETHER IN CONTRACT, + * STRICT LIABILITY, OR TORT (INCLUDING NEGLIGENCE OR OTHERWISE) + * ARISING IN ANY WAY OUT OF THE USE OF THIS SOFTWARE, EVEN IF ADVISED + * OF THE POSSIBILITY OF SUCH DAMAGE. + * ==================================================================== + * + * This product includes cryptographic software written by Eric Young + * (eay@cryptsoft.com). This product includes software written by Tim + * Hudson (tjh@cryptsoft.com). + * + */ /* Copyright (C) 1995-1998 Eric Young (eay@cryptsoft.com) * All rights reserved. * From 0185803cc224c8d88ca39ae07c296a4f1854e478 Mon Sep 17 00:00:00 2001 From: =?UTF-8?q?Bodo=20M=C3=B6ller?= Date: Mon, 24 Feb 2003 17:18:01 +0000 Subject: [PATCH 118/393] year 2003 --- LICENSE | 2 +- 1 file changed, 1 insertion(+), 1 deletion(-) diff --git a/LICENSE b/LICENSE index 7b93e0dbce..dddb07842b 100644 --- a/LICENSE +++ b/LICENSE @@ -12,7 +12,7 @@ --------------- /* ==================================================================== - * Copyright (c) 1998-2002 The OpenSSL Project. All rights reserved. + * Copyright (c) 1998-2003 The OpenSSL Project. All rights reserved. * * Redistribution and use in source and binary forms, with or without * modification, are permitted provided that the following conditions From e9ec63961be610bbd386f482335772bc23dc095e Mon Sep 17 00:00:00 2001 From: "Dr. Stephen Henson" Date: Tue, 25 Feb 2003 19:03:31 +0000 Subject: [PATCH 119/393] Fix indefinite length encoding so EOC correctly updates the buffer pointer. Rename PKCS7_PARTSIGN to PKCS7_STREAM. Guess what that's for :-) --- CHANGES | 2 +- apps/smime.c | 4 ++-- crypto/asn1/tasn_enc.c | 6 ++++-- crypto/pkcs7/pk7_mime.c | 2 +- crypto/pkcs7/pk7_smime.c | 2 +- crypto/pkcs7/pkcs7.h | 2 +- 6 files changed, 10 insertions(+), 8 deletions(-) diff --git a/CHANGES b/CHANGES index 98b44d561c..b032498a2e 100644 --- a/CHANGES +++ b/CHANGES @@ -18,7 +18,7 @@ cleartext signing (multipart/signed type) is effectively streaming and the signed data does not need to be all held in memory. - This is done with a new flag PKCS7_PARTSIGN. When this flag is set + This is done with a new flag PKCS7_STREAM. When this flag is set PKCS7_sign() only initializes the PKCS7 structure and the actual signing is done after the data is output (and digests calculated) in SMIME_write_PKCS7(). diff --git a/apps/smime.c b/apps/smime.c index 83daa71ca1..1d7d828e01 100644 --- a/apps/smime.c +++ b/apps/smime.c @@ -482,10 +482,10 @@ int MAIN(int argc, char **argv) * signing. */ if ((flags & PKCS7_DETACHED) && (outformat == FORMAT_SMIME)) - flags |= PKCS7_PARTSIGN; + flags |= PKCS7_STREAM; p7 = PKCS7_sign(signer, key, other, in, flags); /* Don't need to rewind for partial signing */ - if (!(flags & PKCS7_PARTSIGN) && (BIO_reset(in) != 0)) { + if (!(flags & PKCS7_STREAM) && (BIO_reset(in) != 0)) { BIO_printf(bio_err, "Can't rewind input file\n"); goto end; } diff --git a/crypto/asn1/tasn_enc.c b/crypto/asn1/tasn_enc.c index 5ce38e1920..2e80655074 100644 --- a/crypto/asn1/tasn_enc.c +++ b/crypto/asn1/tasn_enc.c @@ -494,7 +494,10 @@ static int asn1_i2d_ex_primitive(ASN1_VALUE **pval, unsigned char **out, const A if(out) { if(usetag) ASN1_put_object(out, ndef, len, tag, aclass); asn1_ex_i2c(pval, *out, &utype, it); - *out += len; + if (ndef) + ASN1_put_eoc(out); + else + *out += len; } if(usetag) return ASN1_object_size(ndef, len, tag); @@ -598,7 +601,6 @@ int asn1_ex_i2c(ASN1_VALUE **pval, unsigned char *cout, int *putype, const ASN1_ { strtmp->data = cout; strtmp->length = 0; - ASN1_put_eoc(&cout); } /* Special return code */ return -2; diff --git a/crypto/pkcs7/pk7_mime.c b/crypto/pkcs7/pk7_mime.c index 51be777687..431aff94f0 100644 --- a/crypto/pkcs7/pk7_mime.c +++ b/crypto/pkcs7/pk7_mime.c @@ -202,7 +202,7 @@ static int pkcs7_output_data(BIO *out, BIO *data, PKCS7 *p7, int flags) { BIO *tmpbio, *p7bio; - if (!(flags & PKCS7_PARTSIGN)) + if (!(flags & PKCS7_STREAM)) { SMIME_crlf_copy(data, out, flags); return 1; diff --git a/crypto/pkcs7/pk7_smime.c b/crypto/pkcs7/pk7_smime.c index b170fe285d..333a8aa38d 100644 --- a/crypto/pkcs7/pk7_smime.c +++ b/crypto/pkcs7/pk7_smime.c @@ -125,7 +125,7 @@ PKCS7 *PKCS7_sign(X509 *signcert, EVP_PKEY *pkey, STACK_OF(X509) *certs, } } - if (flags & PKCS7_PARTSIGN) + if (flags & PKCS7_STREAM) return p7; if (!(p7bio = PKCS7_dataInit(p7, NULL))) { diff --git a/crypto/pkcs7/pkcs7.h b/crypto/pkcs7/pkcs7.h index a2956589ab..e6f6572666 100644 --- a/crypto/pkcs7/pkcs7.h +++ b/crypto/pkcs7/pkcs7.h @@ -260,7 +260,7 @@ DECLARE_PKCS12_STACK_OF(PKCS7) #define PKCS7_BINARY 0x80 #define PKCS7_NOATTR 0x100 #define PKCS7_NOSMIMECAP 0x200 -#define PKCS7_PARTSIGN 0x400 +#define PKCS7_STREAM 0x400 /* Flags: for compatibility with older code */ From f0dc08e6564df980f3c38965f6f85c7c807cfbb8 Mon Sep 17 00:00:00 2001 From: "Dr. Stephen Henson" Date: Thu, 27 Feb 2003 01:54:11 +0000 Subject: [PATCH 120/393] Support for dirName from config files in GeneralName extensions. --- CHANGES | 4 ++++ crypto/x509v3/v3_alt.c | 32 ++++++++++++++++++++++++++++++++ crypto/x509v3/v3_conf.c | 12 +++++++++++- crypto/x509v3/v3_utl.c | 35 +++++++++++++++++++++++++++++++++++ crypto/x509v3/v3err.c | 8 +++++++- crypto/x509v3/x509v3.h | 8 ++++++++ 6 files changed, 97 insertions(+), 2 deletions(-) diff --git a/CHANGES b/CHANGES index b032498a2e..749bc19f7e 100644 --- a/CHANGES +++ b/CHANGES @@ -4,6 +4,10 @@ Changes between 0.9.7a and 0.9.8 [xx XXX xxxx] + *) Support for directoryName in GeneralName related extensions + in config files. + [Steve Henson] + *) Make it possible to link applications using Makefile.shared. Make that possible even when linking against static libraries! [Richard Levitte] diff --git a/crypto/x509v3/v3_alt.c b/crypto/x509v3/v3_alt.c index 64e51d6129..8642dd5104 100644 --- a/crypto/x509v3/v3_alt.c +++ b/crypto/x509v3/v3_alt.c @@ -66,6 +66,7 @@ static GENERAL_NAMES *v2i_issuer_alt(X509V3_EXT_METHOD *method, X509V3_CTX *ctx, static int copy_email(X509V3_CTX *ctx, GENERAL_NAMES *gens, int move_p); static int copy_issuer(X509V3_CTX *ctx, GENERAL_NAMES *gens); static int do_othername(GENERAL_NAME *gen, char *value, X509V3_CTX *ctx); +static int do_dirname(GENERAL_NAME *gen, char *value, X509V3_CTX *ctx); X509V3_EXT_METHOD v3_alt[] = { { NID_subject_alt_name, 0, ASN1_ITEM_ref(GENERAL_NAMES), @@ -452,6 +453,13 @@ if(!name_cmp(name, "email")) { goto err; } type = GEN_IPADD; +} else if(!name_cmp(name, "dirName")) { + type = GEN_DIRNAME; + if (!do_dirname(gen, value, ctx)) + { + X509V3err(X509V3_F_V2I_GENERAL_NAME,X509V3_R_DIRNAME_ERROR); + goto err; + } } else if(!name_cmp(name, "otherName")) { if (!do_othername(gen, value, ctx)) { @@ -507,3 +515,27 @@ static int do_othername(GENERAL_NAME *gen, char *value, X509V3_CTX *ctx) return 0; return 1; } + +static int do_dirname(GENERAL_NAME *gen, char *value, X509V3_CTX *ctx) + { + int ret; + STACK_OF(CONF_VALUE) *sk; + X509_NAME *nm; + if (!(nm = X509_NAME_new())) + return 0; + sk = X509V3_get_section(ctx, value); + if (!sk) + { + X509V3err(X509V3_F_DO_DIRNAME,X509V3_R_SECTION_NOT_FOUND); + ERR_add_error_data(2, "section=", value); + X509_NAME_free(nm); + return 0; + } + /* FIXME: should allow other character types... */ + ret = X509V3_NAME_from_section(nm, sk, MBSTRING_ASC); + if (!ret) + X509_NAME_free(nm); + gen->d.dirn = nm; + + return ret; + } diff --git a/crypto/x509v3/v3_conf.c b/crypto/x509v3/v3_conf.c index 372c65d885..eeb365b081 100644 --- a/crypto/x509v3/v3_conf.c +++ b/crypto/x509v3/v3_conf.c @@ -151,7 +151,7 @@ static X509_EXTENSION *do_ext_nconf(CONF *conf, X509V3_CTX *ctx, int ext_nid, } else if(method->r2i) { - if(!ctx->db) + if(!ctx->db || !ctx->db_meth) { X509V3err(X509V3_F_X509V3_EXT_CONF,X509V3_R_NO_CONFIG_DATABASE); return NULL; @@ -383,6 +383,11 @@ int X509V3_EXT_REQ_add_nconf(CONF *conf, X509V3_CTX *ctx, char *section, char * X509V3_get_string(X509V3_CTX *ctx, char *name, char *section) { + if(!ctx->db || !ctx->db_meth || !ctx->db_meth->get_string) + { + X509V3err(X509V3_F_X509V3_GET_STRING,X509V3_R_OPERATION_NOT_DEFINED); + return NULL; + } if (ctx->db_meth->get_string) return ctx->db_meth->get_string(ctx->db, name, section); return NULL; @@ -390,6 +395,11 @@ char * X509V3_get_string(X509V3_CTX *ctx, char *name, char *section) STACK_OF(CONF_VALUE) * X509V3_get_section(X509V3_CTX *ctx, char *section) { + if(!ctx->db || !ctx->db_meth || !ctx->db_meth->get_section) + { + X509V3err(X509V3_F_X509V3_GET_SECTION,X509V3_R_OPERATION_NOT_DEFINED); + return NULL; + } if (ctx->db_meth->get_section) return ctx->db_meth->get_section(ctx->db, section); return NULL; diff --git a/crypto/x509v3/v3_utl.c b/crypto/x509v3/v3_utl.c index 4b85378e94..2af05e555b 100644 --- a/crypto/x509v3/v3_utl.c +++ b/crypto/x509v3/v3_utl.c @@ -740,3 +740,38 @@ static int ipv6_hex(unsigned char *out, const char *in, int inlen) return 1; } + +int X509V3_NAME_from_section(X509_NAME *nm, STACK_OF(CONF_VALUE)*dn_sk, + unsigned long chtype) + { + CONF_VALUE *v; + int i; + char *p, *type; + if (!nm) + return 0; + + for (i = 0; i < sk_CONF_VALUE_num(dn_sk); i++) + { + v=sk_CONF_VALUE_value(dn_sk,i); + type=v->name; + /* Skip past any leading X. X: X, etc to allow for + * multiple instances + */ + for(p = type; *p ; p++) +#ifndef CHARSET_EBCDIC + if ((*p == ':') || (*p == ',') || (*p == '.')) +#else + if ((*p == os_toascii[':']) || (*p == os_toascii[',']) || (*p == os_toascii['.'])) +#endif + { + p++; + if(*p) type = p; + break; + } + if (!X509_NAME_add_entry_by_txt(nm,type, chtype, + (unsigned char *) v->value,-1,-1,0)) + return 0; + + } + return 1; + } diff --git a/crypto/x509v3/v3err.c b/crypto/x509v3/v3err.c index 3cb543e629..28f44e00c6 100644 --- a/crypto/x509v3/v3err.c +++ b/crypto/x509v3/v3err.c @@ -1,6 +1,6 @@ /* crypto/x509v3/v3err.c */ /* ==================================================================== - * Copyright (c) 1999-2002 The OpenSSL Project. All rights reserved. + * Copyright (c) 1999-2003 The OpenSSL Project. All rights reserved. * * Redistribution and use in source and binary forms, with or without * modification, are permitted provided that the following conditions @@ -68,6 +68,7 @@ static ERR_STRING_DATA X509V3_str_functs[]= { {ERR_PACK(0,X509V3_F_COPY_EMAIL,0), "COPY_EMAIL"}, {ERR_PACK(0,X509V3_F_COPY_ISSUER,0), "COPY_ISSUER"}, +{ERR_PACK(0,X509V3_F_DO_DIRNAME,0), "DO_DIRNAME"}, {ERR_PACK(0,X509V3_F_DO_EXT_CONF,0), "DO_EXT_CONF"}, {ERR_PACK(0,X509V3_F_DO_EXT_I2D,0), "DO_EXT_I2D"}, {ERR_PACK(0,X509V3_F_HEX_TO_STRING,0), "hex_to_string"}, @@ -104,6 +105,8 @@ static ERR_STRING_DATA X509V3_str_functs[]= {ERR_PACK(0,X509V3_F_X509V3_EXT_ADD_ALIAS,0), "X509V3_EXT_add_alias"}, {ERR_PACK(0,X509V3_F_X509V3_EXT_CONF,0), "X509V3_EXT_conf"}, {ERR_PACK(0,X509V3_F_X509V3_EXT_I2D,0), "X509V3_EXT_i2d"}, +{ERR_PACK(0,X509V3_F_X509V3_GET_SECTION,0), "X509V3_get_section"}, +{ERR_PACK(0,X509V3_F_X509V3_GET_STRING,0), "X509V3_get_string"}, {ERR_PACK(0,X509V3_F_X509V3_GET_VALUE_BOOL,0), "X509V3_get_value_bool"}, {ERR_PACK(0,X509V3_F_X509V3_PARSE_LIST,0), "X509V3_parse_list"}, {ERR_PACK(0,X509V3_F_X509_PURPOSE_ADD,0), "X509_PURPOSE_add"}, @@ -117,6 +120,7 @@ static ERR_STRING_DATA X509V3_str_reasons[]= {X509V3_R_BAD_OBJECT ,"bad object"}, {X509V3_R_BN_DEC2BN_ERROR ,"bn dec2bn error"}, {X509V3_R_BN_TO_ASN1_INTEGER_ERROR ,"bn to asn1 integer error"}, +{X509V3_R_DIRNAME_ERROR ,"dirname error"}, {X509V3_R_DUPLICATE_ZONE_ID ,"duplicate zone id"}, {X509V3_R_ERROR_CONVERTING_ZONE ,"error converting zone"}, {X509V3_R_ERROR_CREATING_EXTENSION ,"error creating extension"}, @@ -152,7 +156,9 @@ static ERR_STRING_DATA X509V3_str_reasons[]= {X509V3_R_NO_PUBLIC_KEY ,"no public key"}, {X509V3_R_NO_SUBJECT_DETAILS ,"no subject details"}, {X509V3_R_ODD_NUMBER_OF_DIGITS ,"odd number of digits"}, +{X509V3_R_OPERATION_NOT_DEFINED ,"operation not defined"}, {X509V3_R_OTHERNAME_ERROR ,"othername error"}, +{X509V3_R_SECTION_NOT_FOUND ,"section not found"}, {X509V3_R_UNABLE_TO_GET_ISSUER_DETAILS ,"unable to get issuer details"}, {X509V3_R_UNABLE_TO_GET_ISSUER_KEYID ,"unable to get issuer keyid"}, {X509V3_R_UNKNOWN_BIT_STRING_ARGUMENT ,"unknown bit string argument"}, diff --git a/crypto/x509v3/x509v3.h b/crypto/x509v3/x509v3.h index a720ff2b9e..d2edc9f650 100644 --- a/crypto/x509v3/x509v3.h +++ b/crypto/x509v3/x509v3.h @@ -548,6 +548,8 @@ STACK *X509_REQ_get1_email(X509_REQ *x); void X509_email_free(STACK *sk); ASN1_OCTET_STRING *a2i_IPADDRESS(const char *ipasc); +int X509V3_NAME_from_section(X509_NAME *nm, STACK_OF(CONF_VALUE)*dn_sk, + unsigned long chtype); /* BEGIN ERROR CODES */ /* The following lines are auto generated by the script mkerr.pl. Any changes @@ -560,6 +562,7 @@ void ERR_load_X509V3_strings(void); /* Function codes. */ #define X509V3_F_COPY_EMAIL 122 #define X509V3_F_COPY_ISSUER 123 +#define X509V3_F_DO_DIRNAME 144 #define X509V3_F_DO_EXT_CONF 124 #define X509V3_F_DO_EXT_I2D 135 #define X509V3_F_HEX_TO_STRING 111 @@ -596,6 +599,8 @@ void ERR_load_X509V3_strings(void); #define X509V3_F_X509V3_EXT_ADD_ALIAS 106 #define X509V3_F_X509V3_EXT_CONF 107 #define X509V3_F_X509V3_EXT_I2D 136 +#define X509V3_F_X509V3_GET_SECTION 142 +#define X509V3_F_X509V3_GET_STRING 143 #define X509V3_F_X509V3_GET_VALUE_BOOL 110 #define X509V3_F_X509V3_PARSE_LIST 109 #define X509V3_F_X509_PURPOSE_ADD 137 @@ -606,6 +611,7 @@ void ERR_load_X509V3_strings(void); #define X509V3_R_BAD_OBJECT 119 #define X509V3_R_BN_DEC2BN_ERROR 100 #define X509V3_R_BN_TO_ASN1_INTEGER_ERROR 101 +#define X509V3_R_DIRNAME_ERROR 149 #define X509V3_R_DUPLICATE_ZONE_ID 133 #define X509V3_R_ERROR_CONVERTING_ZONE 131 #define X509V3_R_ERROR_CREATING_EXTENSION 144 @@ -641,7 +647,9 @@ void ERR_load_X509V3_strings(void); #define X509V3_R_NO_PUBLIC_KEY 114 #define X509V3_R_NO_SUBJECT_DETAILS 125 #define X509V3_R_ODD_NUMBER_OF_DIGITS 112 +#define X509V3_R_OPERATION_NOT_DEFINED 148 #define X509V3_R_OTHERNAME_ERROR 147 +#define X509V3_R_SECTION_NOT_FOUND 150 #define X509V3_R_UNABLE_TO_GET_ISSUER_DETAILS 122 #define X509V3_R_UNABLE_TO_GET_ISSUER_KEYID 123 #define X509V3_R_UNKNOWN_BIT_STRING_ARGUMENT 111 From 155bd1137e3c87c64be1f09ddfa2120adcd25e67 Mon Sep 17 00:00:00 2001 From: =?UTF-8?q?Bodo=20M=C3=B6ller?= Date: Thu, 27 Feb 2003 12:25:35 +0000 Subject: [PATCH 121/393] add Certicom licensing e-mail address --- crypto/ec/ec2_smpt.c | 3 ++- 1 file changed, 2 insertions(+), 1 deletion(-) diff --git a/crypto/ec/ec2_smpt.c b/crypto/ec/ec2_smpt.c index 1b014e5d96..f7e3d38150 100644 --- a/crypto/ec/ec2_smpt.c +++ b/crypto/ec/ec2_smpt.c @@ -61,7 +61,8 @@ * compressed coordinates. Uses algorithm 2.3.4 of SEC 1. * Note that the simple implementation only uses affine coordinates. * - * This algorithm is patented by Certicom Corp. under US Patent 6,141,420. + * This algorithm is patented by Certicom Corp. under US Patent 6,141,420 + * (for licensing information, contact licensing@certicom.com). * This function is disabled by default and can be enabled by defining the * preprocessor macro OPENSSL_EC_BIN_PT_COMP at Configure-time. */ From 6ac26a5ce5e2891c35a283961a5aa0d9dcc65d6e Mon Sep 17 00:00:00 2001 From: "Dr. Stephen Henson" Date: Thu, 27 Feb 2003 13:02:46 +0000 Subject: [PATCH 122/393] Typo. --- doc/crypto/BIO_f_cipher.pod | 2 +- 1 file changed, 1 insertion(+), 1 deletion(-) diff --git a/doc/crypto/BIO_f_cipher.pod b/doc/crypto/BIO_f_cipher.pod index 4182f2c309..02439cea94 100644 --- a/doc/crypto/BIO_f_cipher.pod +++ b/doc/crypto/BIO_f_cipher.pod @@ -28,7 +28,7 @@ BIO_flush() on an encryption BIO that is being written through is used to signal that no more data is to be encrypted: this is used to flush and possibly pad the final block through the BIO. -BIO_set_cipher() sets the cipher of BIO to B using key B +BIO_set_cipher() sets the cipher of BIO B to B using key B and IV B. B should be set to 1 for encryption and zero for decryption. From b8dc9693a73bb96688c3e8eaac232fc5b2393609 Mon Sep 17 00:00:00 2001 From: "Dr. Stephen Henson" Date: Thu, 27 Feb 2003 14:07:59 +0000 Subject: [PATCH 123/393] Encryption BIOs misbehave when used with non blocking I/O. Two fixes: 1. If BIO_write() fails inside enc_write() it should return the total number of bytes successfully written. 2. If BIO_write() fails during BIO_flush() it should return immediately with the error code: previously it would fall through to the final encrypt, corrupting the buffer. --- crypto/evp/bio_enc.c | 7 ++----- 1 file changed, 2 insertions(+), 5 deletions(-) diff --git a/crypto/evp/bio_enc.c b/crypto/evp/bio_enc.c index 510e1bc8a4..ab81851503 100644 --- a/crypto/evp/bio_enc.c +++ b/crypto/evp/bio_enc.c @@ -271,7 +271,7 @@ static int enc_write(BIO *b, const char *in, int inl) if (i <= 0) { BIO_copy_next_retry(b); - return(i); + return (ret == inl) ? i : ret - inl; } n-=i; ctx->buf_off+=i; @@ -325,10 +325,7 @@ again: { i=enc_write(b,NULL,0); if (i < 0) - { - ret=i; - break; - } + return i; } if (!ctx->finished) From 57376542a06dc756299b3b4ce9d5afaa9217cd2c Mon Sep 17 00:00:00 2001 From: =?UTF-8?q?Bodo=20M=C3=B6ller?= Date: Fri, 28 Feb 2003 15:07:10 +0000 Subject: [PATCH 124/393] use tabs for indentation, not spaces --- ssl/s3_clnt.c | 156 +++++++++++++++++++++++++------------------------- 1 file changed, 78 insertions(+), 78 deletions(-) diff --git a/ssl/s3_clnt.c b/ssl/s3_clnt.c index 477b681645..2f12695377 100644 --- a/ssl/s3_clnt.c +++ b/ssl/s3_clnt.c @@ -785,7 +785,7 @@ static int ssl3_get_server_certificate(SSL *s) STACK_OF(X509) *sk=NULL; SESS_CERT *sc; EVP_PKEY *pkey=NULL; - int need_cert = 1; /* VRS: 0=> will allow null cert if auth == KRB5 */ + int need_cert = 1; /* VRS: 0=> will allow null cert if auth == KRB5 */ n=ssl3_get_message(s, SSL3_ST_CR_CERT_A, @@ -860,10 +860,10 @@ static int ssl3_get_server_certificate(SSL *s) i=ssl_verify_cert_chain(s,sk); if ((s->verify_mode != SSL_VERIFY_NONE) && (!i) #ifndef OPENSSL_NO_KRB5 - && (s->s3->tmp.new_cipher->algorithms & (SSL_MKEY_MASK|SSL_AUTH_MASK)) - != (SSL_aKRB5|SSL_kKRB5) + && (s->s3->tmp.new_cipher->algorithms & (SSL_MKEY_MASK|SSL_AUTH_MASK)) + != (SSL_aKRB5|SSL_kKRB5) #endif /* OPENSSL_NO_KRB5 */ - ) + ) { al=ssl_verify_alarm_type(s->verify_result); SSLerr(SSL_F_SSL3_GET_SERVER_CERTIFICATE,SSL_R_CERTIFICATE_VERIFY_FAILED); @@ -886,16 +886,16 @@ static int ssl3_get_server_certificate(SSL *s) pkey=X509_get_pubkey(x); - /* VRS: allow null cert if auth == KRB5 */ - need_cert = ((s->s3->tmp.new_cipher->algorithms - & (SSL_MKEY_MASK|SSL_AUTH_MASK)) - == (SSL_aKRB5|SSL_kKRB5))? 0: 1; + /* VRS: allow null cert if auth == KRB5 */ + need_cert = ((s->s3->tmp.new_cipher->algorithms + & (SSL_MKEY_MASK|SSL_AUTH_MASK)) + == (SSL_aKRB5|SSL_kKRB5))? 0: 1; #ifdef KSSL_DEBUG printf("pkey,x = %p, %p\n", pkey,x); printf("ssl_cert_type(x,pkey) = %d\n", ssl_cert_type(x,pkey)); printf("cipher, alg, nc = %s, %lx, %d\n", s->s3->tmp.new_cipher->name, - s->s3->tmp.new_cipher->algorithms, need_cert); + s->s3->tmp.new_cipher->algorithms, need_cert); #endif /* KSSL_DEBUG */ if (need_cert && ((pkey == NULL) || EVP_PKEY_missing_parameters(pkey))) @@ -917,31 +917,31 @@ static int ssl3_get_server_certificate(SSL *s) goto f_err; } - if (need_cert) - { - sc->peer_cert_type=i; - CRYPTO_add(&x->references,1,CRYPTO_LOCK_X509); - /* Why would the following ever happen? - * We just created sc a couple of lines ago. */ - if (sc->peer_pkeys[i].x509 != NULL) - X509_free(sc->peer_pkeys[i].x509); - sc->peer_pkeys[i].x509=x; - sc->peer_key= &(sc->peer_pkeys[i]); + if (need_cert) + { + sc->peer_cert_type=i; + CRYPTO_add(&x->references,1,CRYPTO_LOCK_X509); + /* Why would the following ever happen? + * We just created sc a couple of lines ago. */ + if (sc->peer_pkeys[i].x509 != NULL) + X509_free(sc->peer_pkeys[i].x509); + sc->peer_pkeys[i].x509=x; + sc->peer_key= &(sc->peer_pkeys[i]); - if (s->session->peer != NULL) - X509_free(s->session->peer); - CRYPTO_add(&x->references,1,CRYPTO_LOCK_X509); - s->session->peer=x; - } - else - { - sc->peer_cert_type=i; - sc->peer_key= NULL; + if (s->session->peer != NULL) + X509_free(s->session->peer); + CRYPTO_add(&x->references,1,CRYPTO_LOCK_X509); + s->session->peer=x; + } + else + { + sc->peer_cert_type=i; + sc->peer_key= NULL; - if (s->session->peer != NULL) - X509_free(s->session->peer); - s->session->peer=NULL; - } + if (s->session->peer != NULL) + X509_free(s->session->peer); + s->session->peer=NULL; + } s->session->verify_result = s->verify_result; x=NULL; @@ -1584,7 +1584,7 @@ static int ssl3_send_client_key_exchange(SSL *s) EVP_PKEY *pkey=NULL; #endif #ifndef OPENSSL_NO_KRB5 - KSSL_ERR kssl_err; + KSSL_ERR kssl_err; #endif /* OPENSSL_NO_KRB5 */ #ifndef OPENSSL_NO_ECDH EC_KEY *clnt_ecdh = NULL; @@ -1602,8 +1602,8 @@ static int ssl3_send_client_key_exchange(SSL *s) l=s->s3->tmp.new_cipher->algorithms; - /* Fool emacs indentation */ - if (0) {} + /* Fool emacs indentation */ + if (0) {} #ifndef OPENSSL_NO_RSA else if (l & SSL_kRSA) { @@ -1665,12 +1665,12 @@ static int ssl3_send_client_key_exchange(SSL *s) #endif #ifndef OPENSSL_NO_KRB5 else if (l & SSL_kKRB5) - { - krb5_error_code krb5rc; - KSSL_CTX *kssl_ctx = s->kssl_ctx; - /* krb5_data krb5_ap_req; */ - krb5_data *enc_ticket; - krb5_data authenticator, *authp = NULL; + { + krb5_error_code krb5rc; + KSSL_CTX *kssl_ctx = s->kssl_ctx; + /* krb5_data krb5_ap_req; */ + krb5_data *enc_ticket; + krb5_data authenticator, *authp = NULL; EVP_CIPHER_CTX ciph_ctx; EVP_CIPHER *enc = NULL; unsigned char iv[EVP_MAX_IV_LENGTH]; @@ -1682,8 +1682,8 @@ static int ssl3_send_client_key_exchange(SSL *s) EVP_CIPHER_CTX_init(&ciph_ctx); #ifdef KSSL_DEBUG - printf("ssl3_send_client_key_exchange(%lx & %lx)\n", - l, SSL_kKRB5); + printf("ssl3_send_client_key_exchange(%lx & %lx)\n", + l, SSL_kKRB5); #endif /* KSSL_DEBUG */ authp = NULL; @@ -1691,37 +1691,37 @@ static int ssl3_send_client_key_exchange(SSL *s) if (KRB5SENDAUTH) authp = &authenticator; #endif /* KRB5SENDAUTH */ - krb5rc = kssl_cget_tkt(kssl_ctx, &enc_ticket, authp, + krb5rc = kssl_cget_tkt(kssl_ctx, &enc_ticket, authp, &kssl_err); enc = kssl_map_enc(kssl_ctx->enctype); - if (enc == NULL) - goto err; + if (enc == NULL) + goto err; #ifdef KSSL_DEBUG - { - printf("kssl_cget_tkt rtn %d\n", krb5rc); - if (krb5rc && kssl_err.text) + { + printf("kssl_cget_tkt rtn %d\n", krb5rc); + if (krb5rc && kssl_err.text) printf("kssl_cget_tkt kssl_err=%s\n", kssl_err.text); - } + } #endif /* KSSL_DEBUG */ - if (krb5rc) - { - ssl3_send_alert(s,SSL3_AL_FATAL, + if (krb5rc) + { + ssl3_send_alert(s,SSL3_AL_FATAL, SSL_AD_HANDSHAKE_FAILURE); - SSLerr(SSL_F_SSL3_SEND_CLIENT_KEY_EXCHANGE, + SSLerr(SSL_F_SSL3_SEND_CLIENT_KEY_EXCHANGE, kssl_err.reason); - goto err; - } + goto err; + } /* 20010406 VRS - Earlier versions used KRB5 AP_REQ ** in place of RFC 2712 KerberosWrapper, as in: ** - ** Send ticket (copy to *p, set n = length) - ** n = krb5_ap_req.length; - ** memcpy(p, krb5_ap_req.data, krb5_ap_req.length); - ** if (krb5_ap_req.data) - ** kssl_krb5_free_data_contents(NULL,&krb5_ap_req); - ** + ** Send ticket (copy to *p, set n = length) + ** n = krb5_ap_req.length; + ** memcpy(p, krb5_ap_req.data, krb5_ap_req.length); + ** if (krb5_ap_req.data) + ** kssl_krb5_free_data_contents(NULL,&krb5_ap_req); + ** ** Now using real RFC 2712 KerberosWrapper ** (Thanks to Simon Wilkinson ) ** Note: 2712 "opaque" types are here replaced @@ -1786,14 +1786,14 @@ static int ssl3_send_client_key_exchange(SSL *s) p+=outl; n+=outl + 2; - s->session->master_key_length= - s->method->ssl3_enc->generate_master_secret(s, + s->session->master_key_length= + s->method->ssl3_enc->generate_master_secret(s, s->session->master_key, tmp_buf, sizeof tmp_buf); OPENSSL_cleanse(tmp_buf, sizeof tmp_buf); OPENSSL_cleanse(epms, outl); - } + } #endif #ifndef OPENSSL_NO_DH else if (l & (SSL_kEDH|SSL_kDHr|SSL_kDHd)) @@ -1928,7 +1928,7 @@ static int ssl3_send_client_key_exchange(SSL *s) clnt_ecdh->group = srvr_group; if (ecdh_clnt_cert) { - /* Reuse key info from our certificate + /* Reuse key info from our certificate * We only need our private key to perform * the ECDH computation. */ @@ -1945,25 +1945,25 @@ static int ssl3_send_client_key_exchange(SSL *s) } } - /* use the 'p' output buffer for the ECDH key, but - * make sure to clear it out afterwards + /* use the 'p' output buffer for the ECDH key, but + * make sure to clear it out afterwards */ - n=ECDH_compute_key(p, srvr_ecpoint, clnt_ecdh); + n=ECDH_compute_key(p, srvr_ecpoint, clnt_ecdh); if (n <= 0) - { - SSLerr(SSL_F_SSL3_SEND_CLIENT_KEY_EXCHANGE, + { + SSLerr(SSL_F_SSL3_SEND_CLIENT_KEY_EXCHANGE, ERR_R_ECDH_LIB); - goto err; + goto err; } - /* generate master key from the result */ - s->session->master_key_length = s->method->ssl3_enc \ + /* generate master key from the result */ + s->session->master_key_length = s->method->ssl3_enc \ -> generate_master_secret(s, s->session->master_key, p, n); - memset(p, 0, n); /* clean up */ + memset(p, 0, n); /* clean up */ if (ecdh_clnt_cert) { @@ -1999,7 +1999,7 @@ static int ssl3_send_client_key_exchange(SSL *s) encodedPoint, encoded_pt_len, bn_ctx); *p = n; /* length of encoded point */ - /* Encoded point will be copied here */ + /* Encoded point will be copied here */ p += 1; /* copy the point */ memcpy((unsigned char *)p, encodedPoint, n); @@ -2012,7 +2012,7 @@ static int ssl3_send_client_key_exchange(SSL *s) if (encodedPoint != NULL) OPENSSL_free(encodedPoint); if (clnt_ecdh != NULL) { - /* group is shared */ + /* group is shared */ clnt_ecdh->group = NULL; EC_KEY_free(clnt_ecdh); } @@ -2049,7 +2049,7 @@ err: clnt_ecdh->group = NULL; EC_KEY_free(clnt_ecdh); } - EVP_PKEY_free(srvr_pub_pkey); + EVP_PKEY_free(srvr_pub_pkey); #endif return(-1); } From fe14ee96db3ccef6a7a090bd0264d476a79e3f43 Mon Sep 17 00:00:00 2001 From: =?UTF-8?q?Bodo=20M=C3=B6ller?= Date: Fri, 28 Feb 2003 15:17:45 +0000 Subject: [PATCH 125/393] memset problem has been handled PR: 343 --- STATUS | 14 ++------------ 1 file changed, 2 insertions(+), 12 deletions(-) diff --git a/STATUS b/STATUS index 1a6be62fb4..fe860ae309 100644 --- a/STATUS +++ b/STATUS @@ -1,6 +1,6 @@ OpenSSL STATUS Last modified at - ______________ $Date: 2003/02/19 14:02:37 $ + ______________ $Date: 2003/02/28 15:17:45 $ DEVELOPMENT STATE @@ -29,17 +29,7 @@ RELEASE SHOWSTOPPERS - o [2002-11-21] - PR 343 mentions that scrubbing memory with 'memset(ptr, 0, n)' may - be optimized away in modern compilers. This is definitely not good - and needs to be fixed immediately. The formula to use is presented - in: - - http://online.securityfocus.com/archive/82/297918/2002-10-27/2002-11-02/0 - - The problem report that mentions this is: - - https://www.aet.TU-Cottbus.DE/rt2/Ticket/Display.html?id=343 + o AVAILABLE PATCHES From 176f31ddec84a51d35871dc021a013df9f3cbccd Mon Sep 17 00:00:00 2001 From: =?UTF-8?q?Bodo=20M=C3=B6ller?= Date: Fri, 28 Feb 2003 15:37:10 +0000 Subject: [PATCH 126/393] - new ECDH_compute_key interface (KDF is no longer a fixed built-in) - bugfix: in ECDH_compute_key, pad x coordinate with leading zeros if necessary --- CHANGES | 2 -- apps/speed.c | 26 +++++++++++++++----- crypto/ecdh/ecdh.h | 10 ++++---- crypto/ecdh/ecdhtest.c | 25 +++++++++++++++---- crypto/ecdh/ech_err.c | 2 +- crypto/ecdh/ech_key.c | 7 +++--- crypto/ecdh/ech_lib.c | 8 +------ crypto/ecdh/ech_ossl.c | 54 ++++++++++++++++++++++++++++++++---------- ssl/s3_clnt.c | 17 +++++++++++-- ssl/s3_srvr.c | 17 +++++++++++-- 10 files changed, 122 insertions(+), 46 deletions(-) diff --git a/CHANGES b/CHANGES index 749bc19f7e..4408928e8c 100644 --- a/CHANGES +++ b/CHANGES @@ -208,8 +208,6 @@ [Nils Gura and Douglas Stebila (Sun Microsystems Laboratories)] *) Add ECDH in new directory crypto/ecdh/. -TODO: more general interface (return x coordinate, not its hash) -TODO: bug: pad x with leading zeros if necessary [Douglas Stebila (Sun Microsystems Laboratories)] *) Let BN_rand_range() abort with an error after 100 iterations diff --git a/apps/speed.c b/apps/speed.c index 8a2abf73d3..c4add36d2b 100644 --- a/apps/speed.c +++ b/apps/speed.c @@ -396,6 +396,20 @@ static double Time_F(int s) #endif } + +static const int KDF1_SHA1_len = 20; +static void *KDF1_SHA1(void *in, size_t inlen, void *out, size_t outlen) + { +#ifndef OPENSSL_NO_SHA + if (outlen != SHA_DIGEST_LENGTH) + return NULL; + return SHA1(in, inlen, out); +#else + return NULL; +#endif + } + + int MAIN(int, char **); int MAIN(int argc, char **argv) @@ -2065,12 +2079,12 @@ int MAIN(int argc, char **argv) } else { - secret_size_a = ECDH_compute_key(secret_a, + secret_size_a = ECDH_compute_key(secret_a, KDF1_SHA1_len, ecdh_b[j]->pub_key, - ecdh_a[j]); - secret_size_b = ECDH_compute_key(secret_b, + ecdh_a[j], KDF1_SHA1); + secret_size_b = ECDH_compute_key(secret_b, KDF1_SHA1_len, ecdh_a[j]->pub_key, - ecdh_b[j]); + ecdh_b[j], KDF1_SHA1); if (secret_size_a != secret_size_b) ecdh_checks = 0; else @@ -2099,9 +2113,9 @@ int MAIN(int argc, char **argv) Time_F(START); for (count=0,run=1; COND(ecdh_c[j][0]); count++) { - ECDH_compute_key(secret_a, + ECDH_compute_key(secret_a, KDF1_SHA1_len, ecdh_b[j]->pub_key, - ecdh_a[j]); + ecdh_a[j], KDF1_SHA1); } d=Time_F(STOP); BIO_printf(bio_err, mr ? "+R7:%ld:%d:%.2f\n" :"%ld %d-bit ECDH ops in %.2fs\n", diff --git a/crypto/ecdh/ecdh.h b/crypto/ecdh/ecdh.h index 1ab131cde9..cc6d858d61 100644 --- a/crypto/ecdh/ecdh.h +++ b/crypto/ecdh/ecdh.h @@ -84,7 +84,8 @@ extern "C" { typedef struct ecdh_method { const char *name; - int (*compute_key)(unsigned char *key,const EC_POINT *pub_key, EC_KEY *ecdh); + int (*compute_key)(void *key, size_t outlen, const EC_POINT *pub_key, EC_KEY *ecdh, + void *(*KDF)(void *in, size_t inlen, void *out, size_t outlen)); #if 0 int (*init)(EC_KEY *eckey); int (*finish)(EC_KEY *eckey); @@ -118,9 +119,8 @@ void ECDH_set_default_method(const ECDH_METHOD *); const ECDH_METHOD *ECDH_get_default_method(void); int ECDH_set_method(EC_KEY *, const ECDH_METHOD *); -int ECDH_size(const EC_KEY *); -int ECDH_compute_key(unsigned char *key,const EC_POINT *pub_key, EC_KEY *ecdh); - +int ECDH_compute_key(void *out, size_t outlen, const EC_POINT *pub_key, EC_KEY *ecdh, + void *(*KDF)(void *in, size_t inlen, void *out, size_t outlen)); int ECDH_get_ex_new_index(long argl, void *argp, CRYPTO_EX_new *new_func, CRYPTO_EX_dup *dup_func, CRYPTO_EX_free *free_func); @@ -141,9 +141,9 @@ void ERR_load_ECDH_strings(void); #define ECDH_F_ECDH_DATA_NEW 101 /* Reason codes. */ +#define ECDH_R_KDF_FAILED 102 #define ECDH_R_NO_PRIVATE_VALUE 100 #define ECDH_R_POINT_ARITHMETIC_FAILURE 101 -#define ECDH_R_SHA1_DIGEST_FAILED 102 #ifdef __cplusplus } diff --git a/crypto/ecdh/ecdhtest.c b/crypto/ecdh/ecdhtest.c index 6e0c14dc13..f9162b7e8b 100644 --- a/crypto/ecdh/ecdhtest.c +++ b/crypto/ecdh/ecdhtest.c @@ -14,7 +14,7 @@ * */ /* ==================================================================== - * Copyright (c) 1998-2002 The OpenSSL Project. All rights reserved. + * Copyright (c) 1998-2003 The OpenSSL Project. All rights reserved. * * Redistribution and use in source and binary forms, with or without * modification, are permitted provided that the following conditions @@ -79,6 +79,7 @@ #include #include #include +#include #include #ifdef OPENSSL_NO_ECDH @@ -102,6 +103,20 @@ static void MS_CALLBACK cb(int p, int n, void *arg); static const char rnd_seed[] = "string to make the random number generator think it has entropy"; + +static const int KDF1_SHA1_len = 20; +static void *KDF1_SHA1(void *in, size_t inlen, void *out, size_t outlen) + { +#ifndef OPENSSL_NO_SHA + if (outlen != SHA_DIGEST_LENGTH) + return NULL; + return SHA1(in, inlen, out); +#else + return NULL; +#endif + } + + int test_ecdh_curve(int , char *, BN_CTX *, BIO *); int test_ecdh_curve(int nid, char *text, BN_CTX *ctx, BIO *out) @@ -180,9 +195,9 @@ int test_ecdh_curve(int nid, char *text, BN_CTX *ctx, BIO *out) BIO_flush(out); #endif - alen=ECDH_size(a); + alen=KDF1_SHA1_len; abuf=(unsigned char *)OPENSSL_malloc(alen); - aout=ECDH_compute_key(abuf,b->pub_key,a); + aout=ECDH_compute_key(abuf,alen,b->pub_key,a,KDF1_SHA1); #ifdef NOISY BIO_puts(out," key1 ="); @@ -197,9 +212,9 @@ int test_ecdh_curve(int nid, char *text, BN_CTX *ctx, BIO *out) BIO_flush(out); #endif - blen=ECDH_size(b); + blen=KDF1_SHA1_len; bbuf=(unsigned char *)OPENSSL_malloc(blen); - bout=ECDH_compute_key(bbuf,a->pub_key,b); + bout=ECDH_compute_key(bbuf,blen,a->pub_key,b,KDF1_SHA1); #ifdef NOISY BIO_puts(out," key2 ="); diff --git a/crypto/ecdh/ech_err.c b/crypto/ecdh/ech_err.c index 819b8abf4d..76fbe38387 100644 --- a/crypto/ecdh/ech_err.c +++ b/crypto/ecdh/ech_err.c @@ -73,9 +73,9 @@ static ERR_STRING_DATA ECDH_str_functs[]= static ERR_STRING_DATA ECDH_str_reasons[]= { +{ECDH_R_KDF_FAILED ,"KDF failed"}, {ECDH_R_NO_PRIVATE_VALUE ,"no private value"}, {ECDH_R_POINT_ARITHMETIC_FAILURE ,"point arithmetic failure"}, -{ECDH_R_SHA1_DIGEST_FAILED ,"sha1 digest failed"}, {0,NULL} }; diff --git a/crypto/ecdh/ech_key.c b/crypto/ecdh/ech_key.c index f000b8c8ad..923a7e9dd9 100644 --- a/crypto/ecdh/ech_key.c +++ b/crypto/ecdh/ech_key.c @@ -14,7 +14,7 @@ * */ /* ==================================================================== - * Copyright (c) 1998-2002 The OpenSSL Project. All rights reserved. + * Copyright (c) 1998-2003 The OpenSSL Project. All rights reserved. * * Redistribution and use in source and binary forms, with or without * modification, are permitted provided that the following conditions @@ -70,10 +70,11 @@ #include "ecdh.h" #include -int ECDH_compute_key(unsigned char *key, const EC_POINT *pub_key, EC_KEY *eckey) +int ECDH_compute_key(void *out, size_t outlen, const EC_POINT *pub_key, EC_KEY *eckey, + void *(*KDF)(void *in, size_t inlen, void *out, size_t outlen)) { ECDH_DATA *ecdh = ecdh_check(eckey); if (ecdh == NULL) return 0; - return ecdh->meth->compute_key(key, pub_key, eckey); + return ecdh->meth->compute_key(out, outlen, pub_key, eckey, KDF); } diff --git a/crypto/ecdh/ech_lib.c b/crypto/ecdh/ech_lib.c index 59526f33bd..8b3e5f1ddc 100644 --- a/crypto/ecdh/ech_lib.c +++ b/crypto/ecdh/ech_lib.c @@ -14,7 +14,7 @@ * */ /* ==================================================================== - * Copyright (c) 1998-2002 The OpenSSL Project. All rights reserved. + * Copyright (c) 1998-2003 The OpenSSL Project. All rights reserved. * * Redistribution and use in source and binary forms, with or without * modification, are permitted provided that the following conditions @@ -203,12 +203,6 @@ static void ecdh_finish(EC_KEY *key) } -int ECDH_size(const EC_KEY *ecdh) - { - return 20; - } - - int ECDH_get_ex_new_index(long argl, void *argp, CRYPTO_EX_new *new_func, CRYPTO_EX_dup *dup_func, CRYPTO_EX_free *free_func) { diff --git a/crypto/ecdh/ech_ossl.c b/crypto/ecdh/ech_ossl.c index 182e825b74..b00c6c431a 100644 --- a/crypto/ecdh/ech_ossl.c +++ b/crypto/ecdh/ech_ossl.c @@ -14,7 +14,7 @@ * */ /* ==================================================================== - * Copyright (c) 1998-2002 The OpenSSL Project. All rights reserved. + * Copyright (c) 1998-2003 The OpenSSL Project. All rights reserved. * * Redistribution and use in source and binary forms, with or without * modification, are permitted provided that the following conditions @@ -68,12 +68,15 @@ */ -#include "ecdh.h" +#include + +#include #include #include #include -static int ecdh_compute_key(unsigned char *key, const EC_POINT *pub_key, EC_KEY *ecdh); +static int ecdh_compute_key(void *out, size_t len, const EC_POINT *pub_key, EC_KEY *ecdh, + void *(*KDF)(void *in, size_t inlen, void *out, size_t outlen)); static ECDH_METHOD openssl_ecdh_meth = { "OpenSSL ECDH method", @@ -95,16 +98,23 @@ const ECDH_METHOD *ECDH_OpenSSL(void) /* This implementation is based on the following primitives in the IEEE 1363 standard: * - ECKAS-DH1 * - ECSVDP-DH - * - KDF1 with SHA-1 + * Finally an optional KDF is applied. */ -static int ecdh_compute_key(unsigned char *key, const EC_POINT *pub_key, EC_KEY *ecdh) +static int ecdh_compute_key(void *out, size_t outlen, const EC_POINT *pub_key, EC_KEY *ecdh, + void *(*KDF)(void *in, size_t inlen, void *out, size_t outlen)) { BN_CTX *ctx; EC_POINT *tmp=NULL; BIGNUM *x=NULL, *y=NULL; - int ret= -1, len; + int ret= -1, buflen, len; unsigned char *buf=NULL; + if (outlen > INT_MAX) + { + ECDHerr(ECDH_F_ECDH_COMPUTE_KEY,ERR_R_MALLOC_FAILURE); /* sort of, anyway */ + return -1; + } + if ((ctx = BN_CTX_new()) == NULL) goto err; BN_CTX_start(ctx); x = BN_CTX_get(ctx); @@ -145,26 +155,44 @@ static int ecdh_compute_key(unsigned char *key, const EC_POINT *pub_key, EC_KEY } } - if ((buf = (unsigned char *)OPENSSL_malloc(sizeof(unsigned char) * BN_num_bytes(x))) == NULL) + buflen = (EC_GROUP_get_degree(ecdh->group) + 7)/8; + len = BN_num_bytes(x); + if (len > buflen) + { + ECDHerr(ECDH_F_ECDH_COMPUTE_KEY,ERR_R_INTERNAL_ERROR); + goto err; + } + if ((buf = OPENSSL_malloc(buflen)) == NULL) { ECDHerr(ECDH_F_ECDH_COMPUTE_KEY,ERR_R_MALLOC_FAILURE); goto err; } - if ((len = BN_bn2bin(x,buf)) <= 0) + memset(buf, 0, buflen - len); + if (len != BN_bn2bin(x, buf + buflen - len)) { ECDHerr(ECDH_F_ECDH_COMPUTE_KEY,ERR_R_BN_LIB); goto err; } - if ((SHA1(buf, len, key) == NULL)) + if (KDF != 0) { - ECDHerr(ECDH_F_ECDH_COMPUTE_KEY,ECDH_R_SHA1_DIGEST_FAILED); - goto err; + if (KDF(buf, buflen, out, outlen) == NULL) + { + ECDHerr(ECDH_F_ECDH_COMPUTE_KEY,ECDH_R_KDF_FAILED); + goto err; + } + ret = outlen; + } + else + { + /* no KDF, just copy as much as we can */ + if (outlen > buflen) + outlen = buflen; + memcpy(out, buf, outlen); + ret = outlen; } - ret = 20; - err: if (tmp) EC_POINT_free(tmp); if (ctx) BN_CTX_end(ctx); diff --git a/ssl/s3_clnt.c b/ssl/s3_clnt.c index 2f12695377..211dd03b11 100644 --- a/ssl/s3_clnt.c +++ b/ssl/s3_clnt.c @@ -56,7 +56,7 @@ * [including the GNU Public Licence.] */ /* ==================================================================== - * Copyright (c) 1998-2002 The OpenSSL Project. All rights reserved. + * Copyright (c) 1998-2003 The OpenSSL Project. All rights reserved. * * Redistribution and use in source and binary forms, with or without * modification, are permitted provided that the following conditions @@ -1574,6 +1574,19 @@ static int ssl3_get_server_done(SSL *s) return(ret); } + +static const int KDF1_SHA1_len = 20; +static void *KDF1_SHA1(void *in, size_t inlen, void *out, size_t outlen) + { +#ifndef OPENSSL_NO_SHA + if (outlen != SHA_DIGEST_LENGTH) + return NULL; + return SHA1(in, inlen, out); +#else + return NULL; +#endif + } + static int ssl3_send_client_key_exchange(SSL *s) { unsigned char *p,*d; @@ -1949,7 +1962,7 @@ static int ssl3_send_client_key_exchange(SSL *s) * make sure to clear it out afterwards */ - n=ECDH_compute_key(p, srvr_ecpoint, clnt_ecdh); + n=ECDH_compute_key(p, KDF1_SHA1_len, srvr_ecpoint, clnt_ecdh, KDF1_SHA1); if (n <= 0) { SSLerr(SSL_F_SSL3_SEND_CLIENT_KEY_EXCHANGE, diff --git a/ssl/s3_srvr.c b/ssl/s3_srvr.c index 3db3e78d5e..a2f5b843db 100644 --- a/ssl/s3_srvr.c +++ b/ssl/s3_srvr.c @@ -56,7 +56,7 @@ * [including the GNU Public Licence.] */ /* ==================================================================== - * Copyright (c) 1998-2002 The OpenSSL Project. All rights reserved. + * Copyright (c) 1998-2003 The OpenSSL Project. All rights reserved. * * Redistribution and use in source and binary forms, with or without * modification, are permitted provided that the following conditions @@ -1577,6 +1577,19 @@ err: return(-1); } + +static const int KDF1_SHA1_len = 20; +static void *KDF1_SHA1(void *in, size_t inlen, void *out, size_t outlen) + { +#ifndef OPENSSL_NO_SHA + if (outlen != SHA_DIGEST_LENGTH) + return NULL; + return SHA1(in, inlen, out); +#else + return NULL; +#endif + } + static int ssl3_get_client_key_exchange(SSL *s) { int i,al,ok; @@ -2047,7 +2060,7 @@ static int ssl3_get_client_key_exchange(SSL *s) } /* Compute the shared pre-master secret */ - i = ECDH_compute_key(p, clnt_ecpoint, srvr_ecdh); + i = ECDH_compute_key(p, KDF1_SHA1_len, clnt_ecpoint, srvr_ecdh, KDF1_SHA1); if (i <= 0) { SSLerr(SSL_F_SSL3_GET_CLIENT_KEY_EXCHANGE, From 879650b866996f343e494ebe04503fedd534e5a2 Mon Sep 17 00:00:00 2001 From: Geoff Thorpe Date: Tue, 11 Mar 2003 01:49:21 +0000 Subject: [PATCH 127/393] The default implementation of DSA_METHOD has an interdependence on the dsa_mod_exp() and bn_mod_exp() handlers from dsa_do_verify() and dsa_sign_setup(). When another DSA_METHOD implementation does not define these lower-level handlers, it becomes impossible to do a fallback to software on errors using a simple DSA_OpenSSL()->fn(key). This change allows the default DSA_METHOD to function in such circumstances by only using dsa_mod_exp() and bn_mod_exp() handlers if they exist, otherwise using BIGNUM implementations directly (which is what those handlers did before this change). There should be no noticable difference for the software case, or indeed any custom case that didn't already segfault, except perhaps that there is now one less level of indirection in all cases. PR: 507 --- CHANGES | 7 ++++ crypto/dsa/dsa_ossl.c | 85 +++++++++++++++++++++---------------------- 2 files changed, 48 insertions(+), 44 deletions(-) diff --git a/CHANGES b/CHANGES index 4408928e8c..6d5704a6d1 100644 --- a/CHANGES +++ b/CHANGES @@ -4,6 +4,13 @@ Changes between 0.9.7a and 0.9.8 [xx XXX xxxx] + *) Make sure the default DSA_METHOD implementation only uses its + dsa_mod_exp() and/or bn_mod_exp() handlers if they are non-NULL, + and change its own handlers to be NULL so as to remove unnecessary + indirection. This lets alternative implementations fallback to the + default implementation more easily. + [Geoff Thorpe] + *) Support for directoryName in GeneralName related extensions in config files. [Steve Henson] diff --git a/crypto/dsa/dsa_ossl.c b/crypto/dsa/dsa_ossl.c index 3a8d2bbc35..b6e08584a6 100644 --- a/crypto/dsa/dsa_ossl.c +++ b/crypto/dsa/dsa_ossl.c @@ -74,20 +74,14 @@ static int dsa_do_verify(const unsigned char *dgst, int dgst_len, DSA_SIG *sig, DSA *dsa); static int dsa_init(DSA *dsa); static int dsa_finish(DSA *dsa); -static int dsa_mod_exp(DSA *dsa, BIGNUM *rr, BIGNUM *a1, BIGNUM *p1, - BIGNUM *a2, BIGNUM *p2, BIGNUM *m, BN_CTX *ctx, - BN_MONT_CTX *in_mont); -static int dsa_bn_mod_exp(DSA *dsa, BIGNUM *r, BIGNUM *a, const BIGNUM *p, - const BIGNUM *m, BN_CTX *ctx, - BN_MONT_CTX *m_ctx); static DSA_METHOD openssl_dsa_meth = { "OpenSSL DSA method", dsa_do_sign, dsa_sign_setup, dsa_do_verify, -dsa_mod_exp, -dsa_bn_mod_exp, +NULL, /* dsa_mod_exp, */ +NULL, /* dsa_bn_mod_exp, */ dsa_init, dsa_finish, 0, @@ -96,6 +90,41 @@ NULL, NULL }; +/* These macro wrappers replace attempts to use the dsa_mod_exp() and + * bn_mod_exp() handlers in the DSA_METHOD structure. We avoid the problem of + * having a the macro work as an expression by bundling an "err_instr". So; + * + * if (!dsa->meth->bn_mod_exp(dsa, r,dsa->g,&k,dsa->p,ctx, + * dsa->method_mont_p)) goto err; + * + * can be replaced by; + * + * DSA_BN_MOD_EXP(goto err, dsa, r, dsa->g, &k, dsa->p, ctx, + * dsa->method_mont_p); + */ + +#define DSA_MOD_EXP(err_instr,dsa,rr,a1,p1,a2,p2,m,ctx,in_mont) \ + do { \ + int _tmp_res53; \ + if((dsa)->meth->dsa_mod_exp) \ + _tmp_res53 = (dsa)->meth->dsa_mod_exp((dsa), (rr), (a1), (p1), \ + (a2), (p2), (m), (ctx), (in_mont)); \ + else \ + _tmp_res53 = BN_mod_exp2_mont((rr), (a1), (p1), (a2), (p2), \ + (m), (ctx), (in_mont)); \ + if(!_tmp_res53) err_instr; \ + } while(0) +#define DSA_BN_MOD_EXP(err_instr,dsa,r,a,p,m,ctx,m_ctx) \ + do { \ + int _tmp_res53; \ + if((dsa)->meth->bn_mod_exp) \ + _tmp_res53 = (dsa)->meth->bn_mod_exp((dsa), (r), (a), (p), \ + (m), (ctx), (m_ctx)); \ + else \ + _tmp_res53 = BN_mod_exp_mont((r), (a), (p), (m), (ctx), (m_ctx)); \ + if(!_tmp_res53) err_instr; \ + } while(0) + const DSA_METHOD *DSA_OpenSSL(void) { return &openssl_dsa_meth; @@ -210,8 +239,8 @@ static int dsa_sign_setup(DSA *dsa, BN_CTX *ctx_in, BIGNUM **kinvp, BIGNUM **rp) } /* Compute r = (g^k mod p) mod q */ - if (!dsa->meth->bn_mod_exp(dsa, r,dsa->g,&k,dsa->p,ctx, - (BN_MONT_CTX *)dsa->method_mont_p)) goto err; + DSA_BN_MOD_EXP(goto err, dsa, r, dsa->g, &k, dsa->p, ctx, + (BN_MONT_CTX *)dsa->method_mont_p); if (!BN_mod(r,r,dsa->q,ctx)) goto err; /* Compute part of 's = inv(k) (m + xr) mod q' */ @@ -289,31 +318,12 @@ static int dsa_do_verify(const unsigned char *dgst, int dgst_len, DSA_SIG *sig, } mont=(BN_MONT_CTX *)dsa->method_mont_p; -#if 0 - { - BIGNUM t2; - BN_init(&t2); - /* v = ( g^u1 * y^u2 mod p ) mod q */ - /* let t1 = g ^ u1 mod p */ - if (!BN_mod_exp_mont(&t1,dsa->g,&u1,dsa->p,ctx,mont)) goto err; - /* let t2 = y ^ u2 mod p */ - if (!BN_mod_exp_mont(&t2,dsa->pub_key,&u2,dsa->p,ctx,mont)) goto err; - /* let u1 = t1 * t2 mod p */ - if (!BN_mod_mul(&u1,&t1,&t2,dsa->p,ctx)) goto err_bn; - BN_free(&t2); - } - /* let u1 = u1 mod q */ - if (!BN_mod(&u1,&u1,dsa->q,ctx)) goto err; -#else - { - if (!dsa->meth->dsa_mod_exp(dsa, &t1,dsa->g,&u1,dsa->pub_key,&u2, - dsa->p,ctx,mont)) goto err; + DSA_MOD_EXP(goto err, dsa, &t1, dsa->g, &u1, dsa->pub_key, &u2, dsa->p, ctx, mont); /* BN_copy(&u1,&t1); */ /* let u1 = u1 mod q */ if (!BN_mod(&u1,&t1,dsa->q,ctx)) goto err; - } -#endif + /* V is now in u1. If the signature is correct, it will be * equal to R. */ ret=(BN_ucmp(&u1, sig->r) == 0); @@ -340,16 +350,3 @@ static int dsa_finish(DSA *dsa) return(1); } -static int dsa_mod_exp(DSA *dsa, BIGNUM *rr, BIGNUM *a1, BIGNUM *p1, - BIGNUM *a2, BIGNUM *p2, BIGNUM *m, BN_CTX *ctx, - BN_MONT_CTX *in_mont) -{ - return BN_mod_exp2_mont(rr, a1, p1, a2, p2, m, ctx, in_mont); -} - -static int dsa_bn_mod_exp(DSA *dsa, BIGNUM *r, BIGNUM *a, const BIGNUM *p, - const BIGNUM *m, BN_CTX *ctx, - BN_MONT_CTX *m_ctx) -{ - return BN_mod_exp_mont(r, a, p, m, ctx, m_ctx); -} From 90e8a3102b62fb4d30cb2d105b93f55cbee75136 Mon Sep 17 00:00:00 2001 From: "Dr. Stephen Henson" Date: Wed, 12 Mar 2003 02:31:40 +0000 Subject: [PATCH 128/393] Fixes for EVP_DigestInit_ex() and OPENSSL_NO_ENGINE. --- crypto/evp/digest.c | 2 +- 1 file changed, 1 insertion(+), 1 deletion(-) diff --git a/crypto/evp/digest.c b/crypto/evp/digest.c index 5b2104ac12..b22eed4421 100644 --- a/crypto/evp/digest.c +++ b/crypto/evp/digest.c @@ -187,12 +187,12 @@ int EVP_DigestInit_ex(EVP_MD_CTX *ctx, const EVP_MD *type, ENGINE *impl) ctx->engine = NULL; } else -#endif if(!ctx->digest) { EVPerr(EVP_F_EVP_DIGESTINIT, EVP_R_NO_DIGEST_SET); return 0; } +#endif if (ctx->digest != type) { if (ctx->digest && ctx->digest->ctx_size) From 767712fa62eeff0ac6cb9ea6fdc186040f17279d Mon Sep 17 00:00:00 2001 From: "Dr. Stephen Henson" Date: Wed, 12 Mar 2003 02:38:57 +0000 Subject: [PATCH 129/393] Avoid warnings for no-engine and PEDANTIC --- apps/engine.c | 8 ++++++++ 1 file changed, 8 insertions(+) diff --git a/apps/engine.c b/apps/engine.c index 3b3464a849..953b4d97a2 100644 --- a/apps/engine.c +++ b/apps/engine.c @@ -520,6 +520,14 @@ skip_digests: ret=0; end: +#else + +# if PEDANTIC + +void *dummy=&dummy; + +# endif + ERR_print_errors(bio_err); sk_pop_free(engines, identity); sk_pop_free(pre_cmds, identity); From 52c4c51f02c1bec0440f520aa98765072d1f0286 Mon Sep 17 00:00:00 2001 From: "Dr. Stephen Henson" Date: Thu, 13 Mar 2003 14:13:53 +0000 Subject: [PATCH 130/393] Return an error if gmtime returns NULL. --- crypto/o_time.c | 6 ++++-- 1 file changed, 4 insertions(+), 2 deletions(-) diff --git a/crypto/o_time.c b/crypto/o_time.c index ca5f3ea48e..723eb1b5af 100644 --- a/crypto/o_time.c +++ b/crypto/o_time.c @@ -80,8 +80,10 @@ struct tm *OPENSSL_gmtime(const time_t *timer, struct tm *result) ts = result; #elif !defined(OPENSSL_SYS_VMS) ts = gmtime(timer); - if (ts != NULL) - memcpy(result, ts, sizeof(struct tm)); + if (ts == NULL) + return NULL; + + memcpy(result, ts, sizeof(struct tm)); ts = result; #endif #ifdef OPENSSL_SYS_VMS From bba2cb3ada31318b4483b404a910f3787b627770 Mon Sep 17 00:00:00 2001 From: Geoff Thorpe Date: Thu, 13 Mar 2003 20:28:42 +0000 Subject: [PATCH 131/393] Fix a bone-head bug. This warrants a CHANGES entry because it could affect applications if they were passing a bogus 'flags' parameter yet having things work as they wanted anyway. --- CHANGES | 6 ++++++ crypto/engine/eng_fat.c | 12 ++++++------ 2 files changed, 12 insertions(+), 6 deletions(-) diff --git a/CHANGES b/CHANGES index 6d5704a6d1..bf9d55c4a5 100644 --- a/CHANGES +++ b/CHANGES @@ -4,6 +4,12 @@ Changes between 0.9.7a and 0.9.8 [xx XXX xxxx] + *) Fixed a typo bug that would cause ENGINE_set_default() to set an + ENGINE as defaults for all supported algorithms irrespective of + the 'flags' parameter. 'flags' is now honoured, so applications + should make sure they are passing it correctly. + [Geoff Thorpe] + *) Make sure the default DSA_METHOD implementation only uses its dsa_mod_exp() and/or bn_mod_exp() handlers if they are non-NULL, and change its own handlers to be NULL so as to remove unnecessary diff --git a/crypto/engine/eng_fat.c b/crypto/engine/eng_fat.c index c0d03ccbfe..a5ffbec94c 100644 --- a/crypto/engine/eng_fat.c +++ b/crypto/engine/eng_fat.c @@ -71,26 +71,26 @@ int ENGINE_set_default(ENGINE *e, unsigned int flags) if((flags & ENGINE_METHOD_DIGESTS) && !ENGINE_set_default_digests(e)) return 0; #ifndef OPENSSL_NO_RSA - if((flags & ENGINE_METHOD_RSA) & !ENGINE_set_default_RSA(e)) + if((flags & ENGINE_METHOD_RSA) && !ENGINE_set_default_RSA(e)) return 0; #endif #ifndef OPENSSL_NO_DSA - if((flags & ENGINE_METHOD_DSA) & !ENGINE_set_default_DSA(e)) + if((flags & ENGINE_METHOD_DSA) && !ENGINE_set_default_DSA(e)) return 0; #endif #ifndef OPENSSL_NO_DH - if((flags & ENGINE_METHOD_DH) & !ENGINE_set_default_DH(e)) + if((flags & ENGINE_METHOD_DH) && !ENGINE_set_default_DH(e)) return 0; #endif #ifndef OPENSSL_NO_ECDH - if((flags & ENGINE_METHOD_ECDH) & !ENGINE_set_default_ECDH(e)) + if((flags & ENGINE_METHOD_ECDH) && !ENGINE_set_default_ECDH(e)) return 0; #endif #ifndef OPENSSL_NO_ECDSA - if((flags & ENGINE_METHOD_ECDSA) & !ENGINE_set_default_ECDSA(e)) + if((flags & ENGINE_METHOD_ECDSA) && !ENGINE_set_default_ECDSA(e)) return 0; #endif - if((flags & ENGINE_METHOD_RAND) & !ENGINE_set_default_RAND(e)) + if((flags & ENGINE_METHOD_RAND) && !ENGINE_set_default_RAND(e)) return 0; return 1; } From 12d4e7b8c8750dda0db0e943cdec42e70a995be8 Mon Sep 17 00:00:00 2001 From: "Dr. Stephen Henson" Date: Thu, 13 Mar 2003 21:28:03 +0000 Subject: [PATCH 132/393] Fix PEDANTIC stuff... --- apps/engine.c | 13 ++++++------- 1 file changed, 6 insertions(+), 7 deletions(-) diff --git a/apps/engine.c b/apps/engine.c index 953b4d97a2..feee965325 100644 --- a/apps/engine.c +++ b/apps/engine.c @@ -520,13 +520,6 @@ skip_digests: ret=0; end: -#else - -# if PEDANTIC - -void *dummy=&dummy; - -# endif ERR_print_errors(bio_err); sk_pop_free(engines, identity); @@ -536,4 +529,10 @@ void *dummy=&dummy; apps_shutdown(); OPENSSL_EXIT(ret); } +#else + +# if PEDANTIC +static void *dummy=&dummy; +# endif + #endif From ba5df66a8b20236f7f0f1a4761ec69e812e529a0 Mon Sep 17 00:00:00 2001 From: "Dr. Stephen Henson" Date: Thu, 13 Mar 2003 23:37:55 +0000 Subject: [PATCH 133/393] Add some OIDs. --- crypto/objects/obj_dat.h | 21 ++++++++++++++++----- crypto/objects/obj_mac.h | 10 ++++++++++ crypto/objects/obj_mac.num | 2 ++ crypto/objects/objects.txt | 4 ++++ 4 files changed, 32 insertions(+), 5 deletions(-) diff --git a/crypto/objects/obj_dat.h b/crypto/objects/obj_dat.h index 56e6d87422..03803827aa 100644 --- a/crypto/objects/obj_dat.h +++ b/crypto/objects/obj_dat.h @@ -62,12 +62,12 @@ * [including the GNU Public Licence.] */ -#define NUM_NID 718 -#define NUM_SN 713 -#define NUM_LN 713 -#define NUM_OBJ 687 +#define NUM_NID 720 +#define NUM_SN 715 +#define NUM_LN 715 +#define NUM_OBJ 689 -static unsigned char lvalues[4869]={ +static unsigned char lvalues[4876]={ 0x00, /* [ 0] OBJ_undef */ 0x2A,0x86,0x48,0x86,0xF7,0x0D, /* [ 1] OBJ_rsadsi */ 0x2A,0x86,0x48,0x86,0xF7,0x0D,0x01, /* [ 7] OBJ_pkcs */ @@ -755,6 +755,8 @@ static unsigned char lvalues[4869]={ 0x67,0x2B,0x0D,0x04,0x0C, /* [4843] OBJ_wap_wsg_idm_ecid_wtls12 */ 0x2B,0x06,0x01,0x04,0x01,0x82,0x37,0x14,0x02,0x02,/* [4848] OBJ_ms_smartcard_login */ 0x2B,0x06,0x01,0x04,0x01,0x82,0x37,0x14,0x02,0x03,/* [4858] OBJ_ms_upn */ +0x55,0x1D,0x20,0x00, /* [4868] OBJ_any_policy */ +0x55,0x1D,0x21, /* [4872] OBJ_policy_mapping */ }; static ASN1_OBJECT nid_objs[NUM_NID]={ @@ -1879,6 +1881,9 @@ static ASN1_OBJECT nid_objs[NUM_NID]={ 10,&(lvalues[4848]),0}, {"msUPN","Microsoft Universal Principal Name",NID_ms_upn,10, &(lvalues[4858]),0}, +{"anyPolicy","X509v3 Any Policy",NID_any_policy,4,&(lvalues[4868]),0}, +{"policyMapping","X509v3 Policy Mapping",NID_policy_mapping,3, + &(lvalues[4872]),0}, }; static ASN1_OBJECT *sn_objs[NUM_SN]={ @@ -2019,6 +2024,7 @@ static ASN1_OBJECT *sn_objs[NUM_SN]={ &(nid_objs[363]),/* "ad_timestamping" */ &(nid_objs[376]),/* "algorithm" */ &(nid_objs[405]),/* "ansi-X9-62" */ +&(nid_objs[718]),/* "anyPolicy" */ &(nid_objs[370]),/* "archiveCutoff" */ &(nid_objs[484]),/* "associatedDomain" */ &(nid_objs[485]),/* "associatedName" */ @@ -2361,6 +2367,7 @@ static ASN1_OBJECT *sn_objs[NUM_SN]={ &(nid_objs[151]),/* "pkcs8ShroudedKeyBag" */ &(nid_objs[47]),/* "pkcs9" */ &(nid_objs[401]),/* "policyConstraints" */ +&(nid_objs[719]),/* "policyMapping" */ &(nid_objs[506]),/* "ppBasis" */ &(nid_objs[406]),/* "prime-field" */ &(nid_objs[409]),/* "prime192v1" */ @@ -2679,6 +2686,7 @@ static ASN1_OBJECT *ln_objs[NUM_LN]={ &(nid_objs[375]),/* "Trust Root" */ &(nid_objs[12]),/* "X509" */ &(nid_objs[402]),/* "X509v3 AC Targeting" */ +&(nid_objs[718]),/* "X509v3 Any Policy" */ &(nid_objs[90]),/* "X509v3 Authority Key Identifier" */ &(nid_objs[87]),/* "X509v3 Basic Constraints" */ &(nid_objs[103]),/* "X509v3 CRL Distribution Points" */ @@ -2691,6 +2699,7 @@ static ASN1_OBJECT *ln_objs[NUM_LN]={ &(nid_objs[83]),/* "X509v3 Key Usage" */ &(nid_objs[403]),/* "X509v3 No Revocation Available" */ &(nid_objs[401]),/* "X509v3 Policy Constraints" */ +&(nid_objs[719]),/* "X509v3 Policy Mapping" */ &(nid_objs[84]),/* "X509v3 Private Key Usage Period" */ &(nid_objs[85]),/* "X509v3 Subject Alternative Name" */ &(nid_objs[82]),/* "X509v3 Subject Key Identifier" */ @@ -3365,6 +3374,7 @@ static ASN1_OBJECT *obj_objs[NUM_OBJ]={ &(nid_objs[140]),/* OBJ_delta_crl 2 5 29 27 */ &(nid_objs[103]),/* OBJ_crl_distribution_points 2 5 29 31 */ &(nid_objs[89]),/* OBJ_certificate_policies 2 5 29 32 */ +&(nid_objs[719]),/* OBJ_policy_mapping 2 5 29 33 */ &(nid_objs[90]),/* OBJ_authority_key_identifier 2 5 29 35 */ &(nid_objs[401]),/* OBJ_policy_constraints 2 5 29 36 */ &(nid_objs[126]),/* OBJ_ext_key_usage 2 5 29 37 */ @@ -3389,6 +3399,7 @@ static ASN1_OBJECT *obj_objs[NUM_OBJ]={ &(nid_objs[19]),/* OBJ_rsa 2 5 8 1 1 */ &(nid_objs[96]),/* OBJ_mdc2WithRSA 2 5 8 3 100 */ &(nid_objs[95]),/* OBJ_mdc2 2 5 8 3 101 */ +&(nid_objs[718]),/* OBJ_any_policy 2 5 29 32 0 */ &(nid_objs[583]),/* OBJ_setct_PANData 2 23 42 0 0 */ &(nid_objs[584]),/* OBJ_setct_PANToken 2 23 42 0 1 */ &(nid_objs[585]),/* OBJ_setct_PANOnly 2 23 42 0 2 */ diff --git a/crypto/objects/obj_mac.h b/crypto/objects/obj_mac.h index 990e18113a..ecbe9c23a4 100644 --- a/crypto/objects/obj_mac.h +++ b/crypto/objects/obj_mac.h @@ -2041,6 +2041,16 @@ #define NID_certificate_policies 89 #define OBJ_certificate_policies OBJ_id_ce,32L +#define SN_any_policy "anyPolicy" +#define LN_any_policy "X509v3 Any Policy" +#define NID_any_policy 718 +#define OBJ_any_policy OBJ_certificate_policies,0L + +#define SN_policy_mapping "policyMapping" +#define LN_policy_mapping "X509v3 Policy Mapping" +#define NID_policy_mapping 719 +#define OBJ_policy_mapping OBJ_id_ce,33L + #define SN_authority_key_identifier "authorityKeyIdentifier" #define LN_authority_key_identifier "X509v3 Authority Key Identifier" #define NID_authority_key_identifier 90 diff --git a/crypto/objects/obj_mac.num b/crypto/objects/obj_mac.num index 81936507e8..eec29229a1 100644 --- a/crypto/objects/obj_mac.num +++ b/crypto/objects/obj_mac.num @@ -715,3 +715,5 @@ wap_wsg_idm_ecid_wtls11 714 wap_wsg_idm_ecid_wtls12 715 ms_smartcard_login 716 ms_upn 717 +any_policy 718 +policy_mapping 719 diff --git a/crypto/objects/objects.txt b/crypto/objects/objects.txt index 8ec0484c76..2d01c4d3a0 100644 --- a/crypto/objects/objects.txt +++ b/crypto/objects/objects.txt @@ -662,6 +662,10 @@ id-ce 27 : deltaCRL : X509v3 Delta CRL Indicator id-ce 31 : crlDistributionPoints : X509v3 CRL Distribution Points !Cname certificate-policies id-ce 32 : certificatePolicies : X509v3 Certificate Policies +!Cname any-policy +certificate-policies 0 : anyPolicy : X509v3 Any Policy +!Cname policy-mapping +id-ce 33 : policyMapping : X509v3 Policy Mapping !Cname authority-key-identifier id-ce 35 : authorityKeyIdentifier : X509v3 Authority Key Identifier !Cname policy-constraints From e6539fe22db44154799c976558cda6d6cd71863b Mon Sep 17 00:00:00 2001 From: "Dr. Stephen Henson" Date: Fri, 14 Mar 2003 01:44:42 +0000 Subject: [PATCH 134/393] Add entry for domainComponent so it is treated correctly. Add table order test to end of a_strnid.c --- crypto/asn1/a_strnid.c | 35 +++++++++++++++++++++++++++++++++++ 1 file changed, 35 insertions(+) diff --git a/crypto/asn1/a_strnid.c b/crypto/asn1/a_strnid.c index 04789d1c63..aa49e9d7d0 100644 --- a/crypto/asn1/a_strnid.c +++ b/crypto/asn1/a_strnid.c @@ -173,6 +173,7 @@ static ASN1_STRING_TABLE tbl_standard[] = { {NID_friendlyName, -1, -1, B_ASN1_BMPSTRING, STABLE_NO_MASK}, {NID_name, 1, ub_name, DIRSTRING_TYPE, 0}, {NID_dnQualifier, -1, -1, B_ASN1_PRINTABLESTRING, STABLE_NO_MASK}, +{NID_domainComponent, 1, -1, B_ASN1_IA5STRING, STABLE_NO_MASK}, {NID_ms_csp_name, -1, -1, B_ASN1_BMPSTRING, STABLE_NO_MASK} }; @@ -249,4 +250,38 @@ static void st_free(ASN1_STRING_TABLE *tbl) if(tbl->flags & STABLE_FLAGS_MALLOC) OPENSSL_free(tbl); } + IMPLEMENT_STACK_OF(ASN1_STRING_TABLE) + +#ifdef STRING_TABLE_TEST + +main() +{ + ASN1_STRING_TABLE *tmp; + int i, last_nid = -1; + + for (tmp = tbl_standard, i = 0; + i < sizeof(tbl_standard)/sizeof(ASN1_STRING_TABLE); i++, tmp++) + { + if (tmp->nid < last_nid) + { + last_nid = 0; + break; + } + last_nid = tmp->nid; + } + + if (last_nid != 0) + { + printf("Table order OK\n"); + exit(0); + } + + for (tmp = tbl_standard, i = 0; + i < sizeof(tbl_standard)/sizeof(ASN1_STRING_TABLE); i++, tmp++) + printf("Index %d, NID %d, Name=%s\n", i, tmp->nid, + OBJ_nid2ln(tmp->nid)); + +} + +#endif From bc441b739bbb0f473abff2568fb5e1abf62bb104 Mon Sep 17 00:00:00 2001 From: "Dr. Stephen Henson" Date: Fri, 14 Mar 2003 23:38:34 +0000 Subject: [PATCH 135/393] Don't give an error if response reason absent in OCSP HTTP. --- crypto/ocsp/ocsp_ht.c | 14 ++++++++++---- 1 file changed, 10 insertions(+), 4 deletions(-) diff --git a/crypto/ocsp/ocsp_ht.c b/crypto/ocsp/ocsp_ht.c index 357709a843..9213e58ae4 100644 --- a/crypto/ocsp/ocsp_ht.c +++ b/crypto/ocsp/ocsp_ht.c @@ -110,7 +110,7 @@ Content-Length: %d\r\n\r\n"; } /* Parse the HTTP response. This will look like this: * "HTTP/1.0 200 OK". We need to obtain the numeric code and - * informational message. + * (optional) informational message. */ /* Skip to first white space (passed protocol info) */ @@ -138,13 +138,19 @@ Content-Length: %d\r\n\r\n"; if(*r) goto err; /* Skip over any leading white space in message */ while(*q && isspace((unsigned char)*q)) q++; - if(!*q) goto err; + if(*q) { /* Finally zap any trailing white space in message (include CRLF) */ /* We know q has a non white space character so this is OK */ - for(r = q + strlen(q) - 1; isspace((unsigned char)*r); r--) *r = 0; + for(r = q + strlen(q) - 1; isspace((unsigned char)*r); r--) *r = 0; + } if(retcode != 200) { OCSPerr(OCSP_F_OCSP_SENDREQ_BIO,OCSP_R_SERVER_RESPONSE_ERROR); - ERR_add_error_data(4, "Code=", p, ",Reason=", q); + if(!*q) { + ERR_add_error_data(2, "Code=", p); + } + else { + ERR_add_error_data(4, "Code=", p, ",Reason=", q); + } goto err; } /* Find blank line marking beginning of content */ From e8e0e3716a1a808a2b68eaac766082e567236483 Mon Sep 17 00:00:00 2001 From: "Dr. Stephen Henson" Date: Sat, 15 Mar 2003 01:28:55 +0000 Subject: [PATCH 136/393] Fix for no-ec on Windows. --- util/mk1mf.pl | 1 + 1 file changed, 1 insertion(+) diff --git a/util/mk1mf.pl b/util/mk1mf.pl index 4e768fa568..d85a20a605 100755 --- a/util/mk1mf.pl +++ b/util/mk1mf.pl @@ -680,6 +680,7 @@ sub var_add return("") if $no_rsa && $dir =~ /^rsaref/; return("") if $no_dsa && $dir =~ /\/dsa/; return("") if $no_dh && $dir =~ /\/dh/; + return("") if $no_ec && $dir =~ /\/ec/; if ($no_des && $dir =~ /\/des/) { if ($val =~ /read_pwd/) From 500df82a96fa9a1105a0da6367a9fc0e9c909715 Mon Sep 17 00:00:00 2001 From: =?UTF-8?q?Bodo=20M=C3=B6ller?= Date: Tue, 18 Mar 2003 12:52:02 +0000 Subject: [PATCH 137/393] fix formatting --- FAQ | 1 + 1 file changed, 1 insertion(+) diff --git a/FAQ b/FAQ index 389d786dab..1b129bc5ac 100644 --- a/FAQ +++ b/FAQ @@ -732,6 +732,7 @@ The general answer is to check the config.log file generated when running the OpenSSH configure script. It should contain the detailed information on why the OpenSSL library was not detected or considered incompatible. + * Can I use OpenSSL's SSL library with non-blocking I/O? Yes; make sure to read the SSL_get_error(3) manual page! From 9ed1fa481312c1f2d18d3cf7cf44d3538213bab8 Mon Sep 17 00:00:00 2001 From: "Dr. Stephen Henson" Date: Wed, 19 Mar 2003 13:55:48 +0000 Subject: [PATCH 138/393] Fix Certificate and CRL adding in X509_load_cert_crl_file: an X509_INFO structure can contain more than one object, for example a certififcate and a CRL. --- crypto/x509/by_file.c | 3 ++- 1 file changed, 2 insertions(+), 1 deletion(-) diff --git a/crypto/x509/by_file.c b/crypto/x509/by_file.c index 22be90cdcd..b4b04183d0 100644 --- a/crypto/x509/by_file.c +++ b/crypto/x509/by_file.c @@ -285,7 +285,8 @@ int X509_load_cert_crl_file(X509_LOOKUP *ctx, const char *file, int type) if(itmp->x509) { X509_STORE_add_cert(ctx->store_ctx, itmp->x509); count++; - } else if(itmp->crl) { + } + if(itmp->crl) { X509_STORE_add_crl(ctx->store_ctx, itmp->crl); count++; } From 02da5bcd83083c323eab2382336fec0d7388247e Mon Sep 17 00:00:00 2001 From: =?UTF-8?q?Bodo=20M=C3=B6ller?= Date: Wed, 19 Mar 2003 19:19:53 +0000 Subject: [PATCH 139/393] countermeasure against new Klima-Pokorny-Rosa atack --- CHANGES | 10 ++++++++++ ssl/s3_srvr.c | 25 ++++++++++++------------- 2 files changed, 22 insertions(+), 13 deletions(-) diff --git a/CHANGES b/CHANGES index bf9d55c4a5..ea29f5abfd 100644 --- a/CHANGES +++ b/CHANGES @@ -460,6 +460,16 @@ Changes between 0.9.7a and 0.9.7b [xx XXX 2003] + *) Countermeasure against the Klima-Pokorny-Rosa extension of + Bleichbacher's attack on PKCS #1 v1.5 padding: treat + a protocol version number mismatch like a decryption error + in ssl3_get_client_key_exchange (ssl/s3_srvr.c). + [Bodo Moeller] + +yet to be integrated into this CVS branch: +- RSA blinding changes +- Geoff's ENGINE_set_default() fix + *) Target "mingw" now allows native Windows code to be generated in the Cygwin environment as well as with the MinGW compiler. [Ulf Moeller] diff --git a/ssl/s3_srvr.c b/ssl/s3_srvr.c index a2f5b843db..084b9cfd8d 100644 --- a/ssl/s3_srvr.c +++ b/ssl/s3_srvr.c @@ -1684,7 +1684,7 @@ static int ssl3_get_client_key_exchange(SSL *s) if (i != SSL_MAX_MASTER_KEY_LENGTH) { al=SSL_AD_DECODE_ERROR; - SSLerr(SSL_F_SSL3_GET_CLIENT_KEY_EXCHANGE,SSL_R_BAD_RSA_DECRYPT); + /* SSLerr(SSL_F_SSL3_GET_CLIENT_KEY_EXCHANGE,SSL_R_BAD_RSA_DECRYPT); */ } if ((al == -1) && !((p[0] == (s->client_version>>8)) && (p[1] == (s->client_version & 0xff)))) @@ -1700,30 +1700,29 @@ static int ssl3_get_client_key_exchange(SSL *s) (p[0] == (s->version>>8)) && (p[1] == (s->version & 0xff)))) { al=SSL_AD_DECODE_ERROR; - SSLerr(SSL_F_SSL3_GET_CLIENT_KEY_EXCHANGE,SSL_R_BAD_PROTOCOL_VERSION_NUMBER); - goto f_err; + /* SSLerr(SSL_F_SSL3_GET_CLIENT_KEY_EXCHANGE,SSL_R_BAD_PROTOCOL_VERSION_NUMBER); */ + + /* The Klima-Pokorny-Rosa extension of Bleichenbacher's attack + * (http://eprint.iacr.org/2003/052/) exploits the version + * number check as a "bad version oracle" -- an alert would + * reveal that the plaintext corresponding to some ciphertext + * made up by the adversary is properly formatted except + * that the version number is wrong. To avoid such attacks, + * we should treat this just like any other decryption error. */ + p[0] = (char)(int) "CAN-2003-0131 patch 2003-03-20"; } } if (al != -1) { -#if 0 - goto f_err; -#else /* Some decryption failure -- use random value instead as countermeasure * against Bleichenbacher's attack on PKCS #1 v1.5 RSA padding - * (see RFC 2246, section 7.4.7.1). - * But note that due to length and protocol version checking, the - * attack is impractical anyway (see section 5 in D. Bleichenbacher: - * "Chosen Ciphertext Attacks Against Protocols Based on the RSA - * Encryption Standard PKCS #1", CRYPTO '98, LNCS 1462, pp. 1-12). - */ + * (see RFC 2246, section 7.4.7.1). */ ERR_clear_error(); i = SSL_MAX_MASTER_KEY_LENGTH; p[0] = s->client_version >> 8; p[1] = s->client_version & 0xff; RAND_pseudo_bytes(p+2, i-2); /* should be RAND_bytes, but we cannot work around a failure */ -#endif } s->session->master_key_length= From 3285eb336ceae667d95fe356a8366dfa24c9ae3b Mon Sep 17 00:00:00 2001 From: Richard Levitte Date: Thu, 20 Mar 2003 10:50:36 +0000 Subject: [PATCH 140/393] Add the target linux-ia64-ecc, suggested by Keith Thompson . PR: 516 --- Configure | 1 + 1 file changed, 1 insertion(+) diff --git a/Configure b/Configure index 0f64c4cb0a..616a9c170e 100755 --- a/Configure +++ b/Configure @@ -390,6 +390,7 @@ my %table=( "linux-s390", "gcc:-DB_ENDIAN -DTERMIO -DNO_ASM -O3 -fomit-frame-pointer -Wall::-D_REENTRANT::-ldl:BN_LLONG::::::::::dlfcn:linux-shared:-fPIC::.so.\$(SHLIB_MAJOR).\$(SHLIB_MINOR)", "linux-s390x", "gcc:-DB_ENDIAN -DTERMIO -DNO_ASM -O3 -fomit-frame-pointer -Wall::-D_REENTRANT::-ldl:SIXTY_FOUR_BIT_LONG::::::::::dlfcn:linux-shared:-fPIC::.so.\$(SHLIB_MAJOR).\$(SHLIB_MINOR)", "linux-ia64", "gcc:-DL_ENDIAN -DTERMIO -O3 -fomit-frame-pointer -Wall::-D_REENTRANT::-ldl:SIXTY_FOUR_BIT_LONG RC4_CHUNK RC4_CHAR:asm/ia64.o:::::::::dlfcn:linux-shared:-fPIC::.so.\$(SHLIB_MAJOR).\$(SHLIB_MINOR)", +"linux-ia64-ecc", "ecc:-DL_ENDIAN -DTERMIO -O2 -Wall::-D_REENTRANT::-ldl:SIXTY_FOUR_BIT_LONG RC4_CHUNK RC4_CHAR:asm/ia64.o:::::::::dlfcn:linux-shared:-fPIC::.so.\$(SHLIB_MAJOR).\$(SHLIB_MINOR)", "linux-x86_64", "gcc:-m64 -DL_ENDIAN -DTERMIO -O3 -Wall -DMD32_REG_T=int::-D_REENTRANT::-ldl:SIXTY_FOUR_BIT_LONG RC4_CHUNK RC4_CHAR BF_PTR2 DES_INT DES_UNROLL:asm/x86_64-gcc.o:::::::::dlfcn:linux-shared:-fPIC:-m64:.so.\$(SHLIB_MAJOR).\$(SHLIB_MINOR)", "NetBSD-sparc", "gcc:-DTERMIOS -O3 -fomit-frame-pointer -mv8 -Wall -DB_ENDIAN::(unknown):::BN_LLONG MD2_CHAR RC4_INDEX DES_UNROLL::::::::::dlfcn:bsd-gcc-shared:-fPIC::.so.\$(SHLIB_MAJOR).\$(SHLIB_MINOR)", "NetBSD-m68", "gcc:-DTERMIOS -O3 -fomit-frame-pointer -Wall -DB_ENDIAN::(unknown):::BN_LLONG MD2_CHAR RC4_INDEX DES_UNROLL::::::::::dlfcn:bsd-gcc-shared:-fPIC::.so.\$(SHLIB_MAJOR).\$(SHLIB_MINOR)", From 42a559163dad698265cc0b23b41dc8ded58ff76d Mon Sep 17 00:00:00 2001 From: Richard Levitte Date: Thu, 20 Mar 2003 10:57:09 +0000 Subject: [PATCH 141/393] Shut up an ANSI compiler about uninitialised variables. PR: 517 --- crypto/pkcs12/p12_npas.c | 2 +- 1 file changed, 1 insertion(+), 1 deletion(-) diff --git a/crypto/pkcs12/p12_npas.c b/crypto/pkcs12/p12_npas.c index a549433eeb..af708a2743 100644 --- a/crypto/pkcs12/p12_npas.c +++ b/crypto/pkcs12/p12_npas.c @@ -107,7 +107,7 @@ static int newpass_p12(PKCS12 *p12, char *oldpass, char *newpass) { STACK_OF(PKCS7) *asafes, *newsafes; STACK_OF(PKCS12_SAFEBAG) *bags; - int i, bagnid, pbe_nid, pbe_iter, pbe_saltlen; + int i, bagnid, pbe_nid = 0, pbe_iter = 0, pbe_saltlen = 0; PKCS7 *p7, *p7new; ASN1_OCTET_STRING *p12_data_tmp = NULL, *macnew = NULL; unsigned char mac[EVP_MAX_MD_SIZE]; From aa9d896b0d007424d21787c43a8070c5efd8b0ad Mon Sep 17 00:00:00 2001 From: Richard Levitte Date: Thu, 20 Mar 2003 11:15:12 +0000 Subject: [PATCH 142/393] hinv may generate more than one line (1 line per CPU). PR: 520 --- config | 6 +++--- 1 file changed, 3 insertions(+), 3 deletions(-) diff --git a/config b/config index 7bbd1c2489..2f3878f107 100755 --- a/config +++ b/config @@ -473,7 +473,7 @@ echo Operating system: $GUESSOS # more time that I want to waste at the moment case "$GUESSOS" in mips2-sgi-irix) - CPU=`(hinv -t cpu) 2>/dev/null | sed 's/^CPU:[^R]*R\([0-9]*\).*/\1/'` + CPU=`(hinv -t cpu) 2>/dev/null | head -1 | sed 's/^CPU:[^R]*R\([0-9]*\).*/\1/'` CPU=${CPU:-0} if [ $CPU -ge 4000 ]; then options="$options -mips2" @@ -481,7 +481,7 @@ case "$GUESSOS" in OUT="irix-$CC" ;; mips3-sgi-irix) - CPU=`(hinv -t cpu) 2>/dev/null | sed 's/^CPU:[^R]*R\([0-9]*\).*/\1/'` + CPU=`(hinv -t cpu) 2>/dev/null | head -1 | sed 's/^CPU:[^R]*R\([0-9]*\).*/\1/'` CPU=${CPU:-0} if [ $CPU -ge 5000 ]; then options="$options -mips4" @@ -497,7 +497,7 @@ case "$GUESSOS" in echo " You have about 5 seconds to press Ctrl-C to abort." (stty -icanon min 0 time 50; read waste) < /dev/tty fi - CPU=`(hinv -t cpu) 2>/dev/null | sed 's/^CPU:[^R]*R\([0-9]*\).*/\1/'` + CPU=`(hinv -t cpu) 2>/dev/null | head -1 | sed 's/^CPU:[^R]*R\([0-9]*\).*/\1/'` CPU=${CPU:-0} if [ $CPU -ge 5000 ]; then options="$options -mips4" From 48f1fa7482efbbc9d6b8e33c619fa5e2921d1e17 Mon Sep 17 00:00:00 2001 From: Richard Levitte Date: Thu, 20 Mar 2003 11:37:47 +0000 Subject: [PATCH 143/393] Make sure that all the library paths are modified in prepend mode, not replace mode. PR: 528 --- Makefile.org | 16 +++++++++++----- apps/Makefile.ssl | 5 ++++- test/Makefile.ssl | 6 +++++- 3 files changed, 20 insertions(+), 7 deletions(-) diff --git a/Makefile.org b/Makefile.org index 3956dfccea..06766807b2 100644 --- a/Makefile.org +++ b/Makefile.org @@ -377,7 +377,10 @@ rehash: rehash.time rehash.time: certs @(OPENSSL="`pwd`/apps/openssl"; OPENSSL_DEBUG_MEMORY=on; \ export OPENSSL OPENSSL_DEBUG_MEMORY; \ - LD_LIBRARY_PATH="`pwd`"; DYLD_LIBRARY_PATH="`pwd`"; SHLIB_PATH="`pwd`"; LIBPATH="`pwd`"; \ + LD_LIBRARY_PATH="`pwd`:$$LD_LIBRARY_PATH"; \ + DYLD_LIBRARY_PATH="`pwd`:$$DYLD_LIBRARY_PATH"; \ + SHLIB_PATH="`pwd`:$$SHLIB_PATH"; \ + LIBPATH="`pwd`:$$LIBPATH"; \ if [ "$(PLATFORM)" = "Cygwin" ]; then PATH="`pwd`:$$PATH"; fi; \ export LD_LIBRARY_PATH DYLD_LIBRARY_PATH SHLIB_PATH LIBPATH PATH; \ $(PERL) tools/c_rehash certs) @@ -388,10 +391,13 @@ test: tests tests: rehash @(cd test && echo "testing..." && \ $(MAKE) CC='${CC}' PLATFORM='${PLATFORM}' CFLAG='${CFLAG}' SDIRS='$(SDIRS)' INSTALLTOP='${INSTALLTOP}' PEX_LIBS='${PEX_LIBS}' EX_LIBS='${EX_LIBS}' BN_ASM='${BN_ASM}' DES_ENC='${DES_ENC}' BF_ENC='${BF_ENC}' CAST_ENC='${CAST_ENC}' RC4_ENC='${RC4_ENC}' RC5_ENC='${RC5_ENC}' SHA1_ASM_OBJ='${SHA1_ASM_OBJ}' MD5_ASM_OBJ='${MD5_ASM_OBJ}' RMD160_ASM_OBJ='${RMD160_ASM_OBJ}' AR='${AR}' PROCESSOR='${PROCESSOR}' PERL='${PERL}' RANLIB='${RANLIB}' TESTS='${TESTS}' KRB5_INCLUDES='${KRB5_INCLUDES}' LIBKRB5='${LIBKRB5}' EXE_EXT='${EXE_EXT}' SHARED_LIBS='${SHARED_LIBS}' SHLIB_EXT='${SHLIB_EXT}' SHLIB_TARGET='${SHLIB_TARGET}' TESTS='${TESTS}' OPENSSL_DEBUG_MEMORY=on tests ); - @LD_LIBRARY_PATH="`pwd`"; DYLD_LIBRARY_PATH="`pwd`"; SHLIB_PATH="`pwd`"; LIBPATH="`pwd`"; \ - if [ "$(PLATFORM)" = "Cygwin" ]; then PATH="`pwd`:$$PATH"; fi; \ - export LD_LIBRARY_PATH DYLD_LIBRARY_PATH SHLIB_PATH LIBPATH PATH; \ - apps/openssl version -a + @LD_LIBRARY_PATH="`pwd`:LD_LIBRARY_PATH"; \ + DYLD_LIBRARY_PATH="`pwd`:DYLD_LIBRARY_PATH"; \ + SHLIB_PATH="`pwd`:SHLIB_PATH"; \ + LIBPATH="`pwd`:LIBPATH"; \ + if [ "$(PLATFORM)" = "Cygwin" ]; then PATH="`pwd`:$$PATH"; fi; \ + export LD_LIBRARY_PATH DYLD_LIBRARY_PATH SHLIB_PATH LIBPATH PATH; \ + apps/openssl version -a report: @$(PERL) util/selftest.pl diff --git a/apps/Makefile.ssl b/apps/Makefile.ssl index 593c9a5ac9..168fb06233 100644 --- a/apps/Makefile.ssl +++ b/apps/Makefile.ssl @@ -168,7 +168,10 @@ $(PROGRAM): progs.h $(E_OBJ) $(PROGRAM).o $(DLIBCRYPTO) $(DLIBSSL) LIBRPATH=$(INSTALLTOP)/lib \ link_app.$${shlib_target} -(cd ..; OPENSSL="`pwd`/apps/openssl"; export OPENSSL; \ - LIBPATH="`pwd`"; LD_LIBRARY_PATH="`pwd`"; DYLD_LIBRARY_PATH="`pwd`"; SHLIB_PATH="`pwd`"; \ + LD_LIBRARY_PATH="`pwd`:$$LD_LIBRARY_PATH"; \ + DYLD_LIBRARY_PATH="`pwd`:$$DYLD_LIBRARY_PATH"; \ + SHLIB_PATH="`pwd`:$$SHLIB_PATH"; \ + LIBPATH="`pwd`:$$LIBPATH"; \ if [ "$(PLATFORM)" = "Cygwin" ]; then PATH="`pwd`:$$PATH"; fi; \ export LD_LIBRARY_PATH DYLD_LIBRARY_PATH SHLIB_PATH LIBPATH PATH; \ $(PERL) tools/c_rehash certs) diff --git a/test/Makefile.ssl b/test/Makefile.ssl index 26ae0dcb6f..543789434a 100644 --- a/test/Makefile.ssl +++ b/test/Makefile.ssl @@ -127,7 +127,11 @@ tests: exe apps $(TESTS) apps: @(cd ..; $(MAKE) DIRS=apps all) -SET_SO_PATHS=LIBPATH="`cd ..; pwd`"; LD_LIBRARY_PATH="$$LIBPATH"; DYLD_LIBRARY_PATH="$$LIBPATH"; SHLIB_PATH="$$LIBPATH"; \ +SET_SO_PATHS=OSSL_LIBPATH="`cd ..; pwd`"; \ + LD_LIBRARY_PATH="$$OSSL_LIBPATH:$$LD_LIBRARY_PATH"; \ + DYLD_LIBRARY_PATH="$$OSSL_LIBPATH:$$DYLD_LIBRARY_PATH"; \ + SHLIB_PATH="$$OSSL_LIBPATH:$$SHLIB_PATH"; \ + LIBPATH="$$OSSL_LIBPATH:$$LIBPATH"; \ if [ "$(PLATFORM)" = "Cygwin" ]; then PATH="$${LIBPATH}:$$PATH"; fi; \ export LD_LIBRARY_PATH DYLD_LIBRARY_PATH SHLIB_PATH LIBPATH PATH From d177e6180d2b353b2fa024a5b98bcb017168edbd Mon Sep 17 00:00:00 2001 From: Richard Levitte Date: Thu, 20 Mar 2003 11:41:59 +0000 Subject: [PATCH 144/393] Spelling errors. PR: 538 --- doc/ssl/SSL_CTX_set_options.pod | 2 +- 1 file changed, 1 insertion(+), 1 deletion(-) diff --git a/doc/ssl/SSL_CTX_set_options.pod b/doc/ssl/SSL_CTX_set_options.pod index f5e2ec3555..766f0c9200 100644 --- a/doc/ssl/SSL_CTX_set_options.pod +++ b/doc/ssl/SSL_CTX_set_options.pod @@ -176,7 +176,7 @@ will send his list of preferences to the client and the client chooses. =item SSL_OP_NETSCAPE_CA_DN_BUG If we accept a netscape connection, demand a client cert, have a -non-self-sighed CA which does not have it's CA in netscape, and the +non-self-signed CA which does not have its CA in netscape, and the browser has a cert, it will crash/hang. Works for 3.x and 4.xbeta =item SSL_OP_NETSCAPE_DEMO_CIPHER_CHANGE_BUG From 439909a0689c586097ffcd62e44ec2b5bb50f04f Mon Sep 17 00:00:00 2001 From: Richard Levitte Date: Thu, 20 Mar 2003 11:44:28 +0000 Subject: [PATCH 145/393] Some shells (ksh in this case) don't say 'command not found'. PR: 540 --- config | 2 +- 1 file changed, 1 insertion(+), 1 deletion(-) diff --git a/config b/config index 2f3878f107..79ce83aac3 100755 --- a/config +++ b/config @@ -458,7 +458,7 @@ if [ "${SYSTEM}-${MACHINE}" = "Linux-alpha" ]; then fi if [ "${SYSTEM}" = "AIX" ]; then # favor vendor cc over gcc - (cc) 2>&1 | grep -iv "command not found" > /dev/null && CC=cc + (cc) 2>&1 | grep -iv "not found" > /dev/null && CC=cc fi CCVER=${CCVER:-0} From ce06265a37c1129ad0c9607314184a7dfb96d13e Mon Sep 17 00:00:00 2001 From: "Dr. Stephen Henson" Date: Thu, 20 Mar 2003 14:21:36 +0000 Subject: [PATCH 146/393] make update --- TABLE | 79 ++++++++++++++++++++++++++-------------- crypto/ecdh/Makefile.ssl | 7 ++-- test/Makefile.ssl | 3 +- util/libeay.num | 3 +- util/ssleay.num | 1 + 5 files changed, 61 insertions(+), 32 deletions(-) diff --git a/TABLE b/TABLE index 0dbd4736ff..9660871578 100644 --- a/TABLE +++ b/TABLE @@ -300,31 +300,6 @@ $shared_extension = $ranlib = $arflags = -*** Mingw32 -$cc = gcc -$cflags = -DL_ENDIAN -fomit-frame-pointer -O3 -m486 -Wall -$unistd = -$thread_cflag = -$sys_id = -$lflags = -$bn_ops = BN_LLONG DES_PTR DES_RISC1 DES_UNROLL RC4_INDEX MD2_INT -$bn_obj = -$des_obj = -$bf_obj = -$md5_obj = -$sha1_obj = -$cast_obj = -$rc4_obj = -$rmd160_obj = -$rc5_obj = -$dso_scheme = win32 -$shared_target= -$shared_cflag = -$shared_ldflag = -$shared_extension = -$ranlib = -$arflags = - *** NetBSD-m68 $cc = gcc $cflags = -DTERMIOS -O3 -fomit-frame-pointer -Wall -DB_ENDIAN @@ -2018,7 +1993,7 @@ $rc4_obj = asm/rx86-elf.o $rmd160_obj = asm/rm86-elf.o $rc5_obj = asm/r586-elf.o $dso_scheme = dlfcn -$shared_target= +$shared_target= linux-shared $shared_cflag = $shared_ldflag = $shared_extension = @@ -2035,7 +2010,7 @@ $lflags = -rdynamic -ldl $bn_ops = SIXTY_FOUR_BIT $bn_obj = $des_obj = dlfcn -$bf_obj = +$bf_obj = linux-shared $md5_obj = $sha1_obj = $cast_obj = @@ -3075,6 +3050,31 @@ $shared_extension = .so.$(SHLIB_MAJOR).$(SHLIB_MINOR) $ranlib = $arflags = +*** linux-ia64-ecc +$cc = ecc +$cflags = -DL_ENDIAN -DTERMIO -O2 -Wall +$unistd = +$thread_cflag = -D_REENTRANT +$sys_id = +$lflags = -ldl +$bn_ops = SIXTY_FOUR_BIT_LONG RC4_CHUNK RC4_CHAR +$bn_obj = asm/ia64.o +$des_obj = +$bf_obj = +$md5_obj = +$sha1_obj = +$cast_obj = +$rc4_obj = +$rmd160_obj = +$rc5_obj = +$dso_scheme = dlfcn +$shared_target= linux-shared +$shared_cflag = -fPIC +$shared_ldflag = +$shared_extension = .so.$(SHLIB_MAJOR).$(SHLIB_MINOR) +$ranlib = +$arflags = + *** linux-k6 $cc = gcc $cflags = -DL_ENDIAN -DTERMIO -O3 -fomit-frame-pointer -mcpu=k6 -Wall @@ -3450,6 +3450,31 @@ $shared_extension = .so.$(SHLIB_MAJOR).$(SHLIB_MINOR) $ranlib = $arflags = +*** mingw +$cc = gcc +$cflags = -DL_ENDIAN -fomit-frame-pointer -O3 -march=i486 -mno-cygwin -Wall +$unistd = +$thread_cflag = +$sys_id = MINGW32 +$lflags = -mno-cygwin -lwsock32 -lgdi32 +$bn_ops = BN_LLONG DES_PTR DES_RISC1 DES_UNROLL RC4_INDEX MD2_INT +$bn_obj = asm/bn86-out.o asm/co86-out.o +$des_obj = asm/dx86-out.o asm/yx86-out.o +$bf_obj = asm/bx86-out.o +$md5_obj = asm/mx86-out.o +$sha1_obj = asm/sx86-out.o +$cast_obj = asm/cx86-out.o +$rc4_obj = asm/rx86-out.o +$rmd160_obj = asm/rm86-out.o +$rc5_obj = asm/r586-out.o +$dso_scheme = win32 +$shared_target= +$shared_cflag = +$shared_ldflag = +$shared_extension = .dll +$ranlib = +$arflags = + *** ncr-scde $cc = cc $cflags = -O6 -Xa -Hoff=BEHAVED -686 -Hwide -Hiw diff --git a/crypto/ecdh/Makefile.ssl b/crypto/ecdh/Makefile.ssl index eb2e7605e8..7ab015070e 100644 --- a/crypto/ecdh/Makefile.ssl +++ b/crypto/ecdh/Makefile.ssl @@ -115,9 +115,10 @@ ech_lib.o: ech_lib.c ech_ossl.o: ../../include/openssl/asn1.h ../../include/openssl/bio.h ech_ossl.o: ../../include/openssl/bn.h ../../include/openssl/crypto.h ech_ossl.o: ../../include/openssl/e_os2.h ../../include/openssl/ec.h -ech_ossl.o: ../../include/openssl/err.h ../../include/openssl/lhash.h -ech_ossl.o: ../../include/openssl/obj_mac.h ../../include/openssl/opensslconf.h +ech_ossl.o: ../../include/openssl/ecdh.h ../../include/openssl/err.h +ech_ossl.o: ../../include/openssl/lhash.h ../../include/openssl/obj_mac.h +ech_ossl.o: ../../include/openssl/opensslconf.h ech_ossl.o: ../../include/openssl/opensslv.h ../../include/openssl/ossl_typ.h ech_ossl.o: ../../include/openssl/safestack.h ../../include/openssl/sha.h ech_ossl.o: ../../include/openssl/stack.h ../../include/openssl/symhacks.h -ech_ossl.o: ecdh.h ech_ossl.c +ech_ossl.o: ech_ossl.c diff --git a/test/Makefile.ssl b/test/Makefile.ssl index 543789434a..2b61e6f007 100644 --- a/test/Makefile.ssl +++ b/test/Makefile.ssl @@ -830,7 +830,8 @@ ecdhtest.o: ../include/openssl/lhash.h ../include/openssl/obj_mac.h ecdhtest.o: ../include/openssl/objects.h ../include/openssl/opensslconf.h ecdhtest.o: ../include/openssl/opensslv.h ../include/openssl/ossl_typ.h ecdhtest.o: ../include/openssl/rand.h ../include/openssl/safestack.h -ecdhtest.o: ../include/openssl/stack.h ../include/openssl/symhacks.h ecdhtest.c +ecdhtest.o: ../include/openssl/sha.h ../include/openssl/stack.h +ecdhtest.o: ../include/openssl/symhacks.h ecdhtest.c ecdsatest.o: ../include/openssl/asn1.h ../include/openssl/bio.h ecdsatest.o: ../include/openssl/bn.h ../include/openssl/crypto.h ecdsatest.o: ../include/openssl/dh.h ../include/openssl/dsa.h diff --git a/util/libeay.num b/util/libeay.num index c03f58d64c..243d9f12d9 100755 --- a/util/libeay.num +++ b/util/libeay.num @@ -2905,7 +2905,7 @@ BN_nist_mod_224 3342 EXIST::FUNCTION: i2d_EC_PUBKEY_bio 3343 EXIST::FUNCTION:BIO,EC EC_GROUP_get_asn1_flag 3344 EXIST::FUNCTION:EC ECDH_get_ex_new_index 3345 EXIST::FUNCTION:ECDH -ECDH_size 3346 EXIST::FUNCTION:ECDH +ECDH_size 3346 NOEXIST::FUNCTION: BN_GF2m_mod_inv 3347 EXIST::FUNCTION: BN_GF2m_mod_exp 3348 EXIST::FUNCTION: EC_GROUP_get0_seed 3349 EXIST::FUNCTION:EC @@ -2999,3 +2999,4 @@ ENGINE_load_gmp 3433 EXIST::FUNCTION:ENGINE,STATIC_ENGIN a2i_IPADDRESS 3434 EXIST::FUNCTION: ENGINE_setup_bsd_cryptodev 3435 EXIST:__FreeBSD__:FUNCTION:ENGINE EC_GROUP_have_precompute_mult 3436 EXIST::FUNCTION:EC +X509V3_NAME_from_section 3437 EXIST::FUNCTION: diff --git a/util/ssleay.num b/util/ssleay.num index 7c15d0f05a..865005ac64 100755 --- a/util/ssleay.num +++ b/util/ssleay.num @@ -217,3 +217,4 @@ SSL_CTX_set_msg_callback 266 EXIST::FUNCTION: SSL_set_msg_callback 267 EXIST::FUNCTION: SSL_set_tmp_ecdh_callback 268 EXIST::FUNCTION:ECDH SSL_CTX_set_tmp_ecdh_callback 269 EXIST::FUNCTION:ECDH +SSL_SESSION_get_id 270 EXIST::FUNCTION: From e986704d24e486850794cc20c0245431884b2a58 Mon Sep 17 00:00:00 2001 From: Richard Levitte Date: Thu, 20 Mar 2003 16:34:27 +0000 Subject: [PATCH 147/393] Add documentation for -starttls (s_client) and -id_prefix (s_server). PR: 542 --- doc/apps/s_client.pod | 7 +++++++ doc/apps/s_server.pod | 8 ++++++++ 2 files changed, 15 insertions(+) diff --git a/doc/apps/s_client.pod b/doc/apps/s_client.pod index 7fca9cbdbd..47dc93cb3f 100644 --- a/doc/apps/s_client.pod +++ b/doc/apps/s_client.pod @@ -33,6 +33,7 @@ B B [B<-no_tls1>] [B<-bugs>] [B<-cipher cipherlist>] +[B<-starttls protocol>] [B<-engine id>] [B<-rand file(s)>] @@ -163,6 +164,12 @@ the server determines which cipher suite is used it should take the first supported cipher in the list sent by the client. See the B command for more information. +=item B<-starttls protocol> + +send the protocol-specific message(s) to switch to TLS for communication. +B is a keyword for the intended protocol. Currently, the only +supported keyword is "smtp". + =item B<-engine id> specifying an engine (by it's unique B string) will cause B diff --git a/doc/apps/s_server.pod b/doc/apps/s_server.pod index 4b1e4260ef..1d21921e47 100644 --- a/doc/apps/s_server.pod +++ b/doc/apps/s_server.pod @@ -42,6 +42,7 @@ B B [B<-WWW>] [B<-HTTP>] [B<-engine id>] +[B<-id_prefix arg>] [B<-rand file(s)>] =head1 DESCRIPTION @@ -209,6 +210,13 @@ to attempt to obtain a functional reference to the specified engine, thus initialising it if needed. The engine will then be set as the default for all available algorithms. +=item B<-id_prefix arg> + +generate SSL/TLS session IDs prefixed by B. This is mostly useful +for testing any SSL/TLS code (eg. proxies) that wish to deal with multiple +servers, when each of which might be generating a unique range of session +IDs (eg. with a certain prefix). + =item B<-rand file(s)> a file or files containing random data used to seed the random number From 10a66ad38993c9f2b9e7d9d97ccc3e15c4eff495 Mon Sep 17 00:00:00 2001 From: "Dr. Stephen Henson" Date: Thu, 20 Mar 2003 17:09:46 +0000 Subject: [PATCH 148/393] Avoid warning. --- crypto/ecdh/ech_ossl.c | 2 ++ 1 file changed, 2 insertions(+) diff --git a/crypto/ecdh/ech_ossl.c b/crypto/ecdh/ech_ossl.c index b00c6c431a..076eb2ea1f 100644 --- a/crypto/ecdh/ech_ossl.c +++ b/crypto/ecdh/ech_ossl.c @@ -70,6 +70,8 @@ #include +#include "cryptlib.h" + #include #include #include From 6f528cac5a56f33a00694dbebf1abee3a91dbdda Mon Sep 17 00:00:00 2001 From: "Dr. Stephen Henson" Date: Thu, 20 Mar 2003 17:14:27 +0000 Subject: [PATCH 149/393] Typo: OID should be policyMappings --- crypto/objects/obj_dat.h | 10 +++++----- crypto/objects/obj_mac.h | 8 ++++---- crypto/objects/obj_mac.num | 2 +- crypto/objects/objects.txt | 4 ++-- 4 files changed, 12 insertions(+), 12 deletions(-) diff --git a/crypto/objects/obj_dat.h b/crypto/objects/obj_dat.h index 03803827aa..24d8855013 100644 --- a/crypto/objects/obj_dat.h +++ b/crypto/objects/obj_dat.h @@ -756,7 +756,7 @@ static unsigned char lvalues[4876]={ 0x2B,0x06,0x01,0x04,0x01,0x82,0x37,0x14,0x02,0x02,/* [4848] OBJ_ms_smartcard_login */ 0x2B,0x06,0x01,0x04,0x01,0x82,0x37,0x14,0x02,0x03,/* [4858] OBJ_ms_upn */ 0x55,0x1D,0x20,0x00, /* [4868] OBJ_any_policy */ -0x55,0x1D,0x21, /* [4872] OBJ_policy_mapping */ +0x55,0x1D,0x21, /* [4872] OBJ_policy_mappings */ }; static ASN1_OBJECT nid_objs[NUM_NID]={ @@ -1882,7 +1882,7 @@ static ASN1_OBJECT nid_objs[NUM_NID]={ {"msUPN","Microsoft Universal Principal Name",NID_ms_upn,10, &(lvalues[4858]),0}, {"anyPolicy","X509v3 Any Policy",NID_any_policy,4,&(lvalues[4868]),0}, -{"policyMapping","X509v3 Policy Mapping",NID_policy_mapping,3, +{"policyMappings","X509v3 Policy Mappings",NID_policy_mappings,3, &(lvalues[4872]),0}, }; @@ -2367,7 +2367,7 @@ static ASN1_OBJECT *sn_objs[NUM_SN]={ &(nid_objs[151]),/* "pkcs8ShroudedKeyBag" */ &(nid_objs[47]),/* "pkcs9" */ &(nid_objs[401]),/* "policyConstraints" */ -&(nid_objs[719]),/* "policyMapping" */ +&(nid_objs[719]),/* "policyMappings" */ &(nid_objs[506]),/* "ppBasis" */ &(nid_objs[406]),/* "prime-field" */ &(nid_objs[409]),/* "prime192v1" */ @@ -2699,7 +2699,7 @@ static ASN1_OBJECT *ln_objs[NUM_LN]={ &(nid_objs[83]),/* "X509v3 Key Usage" */ &(nid_objs[403]),/* "X509v3 No Revocation Available" */ &(nid_objs[401]),/* "X509v3 Policy Constraints" */ -&(nid_objs[719]),/* "X509v3 Policy Mapping" */ +&(nid_objs[719]),/* "X509v3 Policy Mappings" */ &(nid_objs[84]),/* "X509v3 Private Key Usage Period" */ &(nid_objs[85]),/* "X509v3 Subject Alternative Name" */ &(nid_objs[82]),/* "X509v3 Subject Key Identifier" */ @@ -3374,7 +3374,7 @@ static ASN1_OBJECT *obj_objs[NUM_OBJ]={ &(nid_objs[140]),/* OBJ_delta_crl 2 5 29 27 */ &(nid_objs[103]),/* OBJ_crl_distribution_points 2 5 29 31 */ &(nid_objs[89]),/* OBJ_certificate_policies 2 5 29 32 */ -&(nid_objs[719]),/* OBJ_policy_mapping 2 5 29 33 */ +&(nid_objs[719]),/* OBJ_policy_mappings 2 5 29 33 */ &(nid_objs[90]),/* OBJ_authority_key_identifier 2 5 29 35 */ &(nid_objs[401]),/* OBJ_policy_constraints 2 5 29 36 */ &(nid_objs[126]),/* OBJ_ext_key_usage 2 5 29 37 */ diff --git a/crypto/objects/obj_mac.h b/crypto/objects/obj_mac.h index ecbe9c23a4..eefdd169f2 100644 --- a/crypto/objects/obj_mac.h +++ b/crypto/objects/obj_mac.h @@ -2046,10 +2046,10 @@ #define NID_any_policy 718 #define OBJ_any_policy OBJ_certificate_policies,0L -#define SN_policy_mapping "policyMapping" -#define LN_policy_mapping "X509v3 Policy Mapping" -#define NID_policy_mapping 719 -#define OBJ_policy_mapping OBJ_id_ce,33L +#define SN_policy_mappings "policyMappings" +#define LN_policy_mappings "X509v3 Policy Mappings" +#define NID_policy_mappings 719 +#define OBJ_policy_mappings OBJ_id_ce,33L #define SN_authority_key_identifier "authorityKeyIdentifier" #define LN_authority_key_identifier "X509v3 Authority Key Identifier" diff --git a/crypto/objects/obj_mac.num b/crypto/objects/obj_mac.num index eec29229a1..0a85cb6a4a 100644 --- a/crypto/objects/obj_mac.num +++ b/crypto/objects/obj_mac.num @@ -716,4 +716,4 @@ wap_wsg_idm_ecid_wtls12 715 ms_smartcard_login 716 ms_upn 717 any_policy 718 -policy_mapping 719 +policy_mappings 719 diff --git a/crypto/objects/objects.txt b/crypto/objects/objects.txt index 2d01c4d3a0..bea8db109d 100644 --- a/crypto/objects/objects.txt +++ b/crypto/objects/objects.txt @@ -664,8 +664,8 @@ id-ce 31 : crlDistributionPoints : X509v3 CRL Distribution Points id-ce 32 : certificatePolicies : X509v3 Certificate Policies !Cname any-policy certificate-policies 0 : anyPolicy : X509v3 Any Policy -!Cname policy-mapping -id-ce 33 : policyMapping : X509v3 Policy Mapping +!Cname policy-mappings +id-ce 33 : policyMappings : X509v3 Policy Mappings !Cname authority-key-identifier id-ce 35 : authorityKeyIdentifier : X509v3 Authority Key Identifier !Cname policy-constraints From a1d12daed2087944f3530f6ec4b5ec23f36ce41a Mon Sep 17 00:00:00 2001 From: "Dr. Stephen Henson" Date: Thu, 20 Mar 2003 17:26:44 +0000 Subject: [PATCH 150/393] Support for policyMappings --- CHANGES | 3 + crypto/stack/safestack.h | 20 +++++ crypto/x509v3/Makefile.ssl | 4 +- crypto/x509v3/ext_dat.h | 4 +- crypto/x509v3/v3_pmaps.c | 153 +++++++++++++++++++++++++++++++++++++ crypto/x509v3/v3err.c | 1 + crypto/x509v3/x509v3.h | 13 ++++ 7 files changed, 195 insertions(+), 3 deletions(-) create mode 100644 crypto/x509v3/v3_pmaps.c diff --git a/CHANGES b/CHANGES index ea29f5abfd..0a5913ce15 100644 --- a/CHANGES +++ b/CHANGES @@ -4,6 +4,9 @@ Changes between 0.9.7a and 0.9.8 [xx XXX xxxx] + *) Support for policyMappings certificate extension. + [Steve Henson] + *) Fixed a typo bug that would cause ENGINE_set_default() to set an ENGINE as defaults for all supported algorithms irrespective of the 'flags' parameter. 'flags' is now honoured, so applications diff --git a/crypto/stack/safestack.h b/crypto/stack/safestack.h index ed9ed2c23a..6ffb132be6 100644 --- a/crypto/stack/safestack.h +++ b/crypto/stack/safestack.h @@ -944,6 +944,26 @@ STACK_OF(type) \ #define sk_POLICYQUALINFO_pop(st) SKM_sk_pop(POLICYQUALINFO, (st)) #define sk_POLICYQUALINFO_sort(st) SKM_sk_sort(POLICYQUALINFO, (st)) +#define sk_POLICY_MAPPING_new(st) SKM_sk_new(POLICY_MAPPING, (st)) +#define sk_POLICY_MAPPING_new_null() SKM_sk_new_null(POLICY_MAPPING) +#define sk_POLICY_MAPPING_free(st) SKM_sk_free(POLICY_MAPPING, (st)) +#define sk_POLICY_MAPPING_num(st) SKM_sk_num(POLICY_MAPPING, (st)) +#define sk_POLICY_MAPPING_value(st, i) SKM_sk_value(POLICY_MAPPING, (st), (i)) +#define sk_POLICY_MAPPING_set(st, i, val) SKM_sk_set(POLICY_MAPPING, (st), (i), (val)) +#define sk_POLICY_MAPPING_zero(st) SKM_sk_zero(POLICY_MAPPING, (st)) +#define sk_POLICY_MAPPING_push(st, val) SKM_sk_push(POLICY_MAPPING, (st), (val)) +#define sk_POLICY_MAPPING_unshift(st, val) SKM_sk_unshift(POLICY_MAPPING, (st), (val)) +#define sk_POLICY_MAPPING_find(st, val) SKM_sk_find(POLICY_MAPPING, (st), (val)) +#define sk_POLICY_MAPPING_delete(st, i) SKM_sk_delete(POLICY_MAPPING, (st), (i)) +#define sk_POLICY_MAPPING_delete_ptr(st, ptr) SKM_sk_delete_ptr(POLICY_MAPPING, (st), (ptr)) +#define sk_POLICY_MAPPING_insert(st, val, i) SKM_sk_insert(POLICY_MAPPING, (st), (val), (i)) +#define sk_POLICY_MAPPING_set_cmp_func(st, cmp) SKM_sk_set_cmp_func(POLICY_MAPPING, (st), (cmp)) +#define sk_POLICY_MAPPING_dup(st) SKM_sk_dup(POLICY_MAPPING, st) +#define sk_POLICY_MAPPING_pop_free(st, free_func) SKM_sk_pop_free(POLICY_MAPPING, (st), (free_func)) +#define sk_POLICY_MAPPING_shift(st) SKM_sk_shift(POLICY_MAPPING, (st)) +#define sk_POLICY_MAPPING_pop(st) SKM_sk_pop(POLICY_MAPPING, (st)) +#define sk_POLICY_MAPPING_sort(st) SKM_sk_sort(POLICY_MAPPING, (st)) + #define sk_SSL_CIPHER_new(st) SKM_sk_new(SSL_CIPHER, (st)) #define sk_SSL_CIPHER_new_null() SKM_sk_new_null(SSL_CIPHER) #define sk_SSL_CIPHER_free(st) SKM_sk_free(SSL_CIPHER, (st)) diff --git a/crypto/x509v3/Makefile.ssl b/crypto/x509v3/Makefile.ssl index 60af357a07..df60026566 100644 --- a/crypto/x509v3/Makefile.ssl +++ b/crypto/x509v3/Makefile.ssl @@ -26,11 +26,11 @@ LIB=$(TOP)/libcrypto.a LIBSRC= v3_bcons.c v3_bitst.c v3_conf.c v3_extku.c v3_ia5.c v3_lib.c \ v3_prn.c v3_utl.c v3err.c v3_genn.c v3_alt.c v3_skey.c v3_akey.c v3_pku.c \ v3_int.c v3_enum.c v3_sxnet.c v3_cpols.c v3_crld.c v3_purp.c v3_info.c \ -v3_ocsp.c v3_akeya.c +v3_ocsp.c v3_akeya.c v3_pmaps.c LIBOBJ= v3_bcons.o v3_bitst.o v3_conf.o v3_extku.o v3_ia5.o v3_lib.o \ v3_prn.o v3_utl.o v3err.o v3_genn.o v3_alt.o v3_skey.o v3_akey.o v3_pku.o \ v3_int.o v3_enum.o v3_sxnet.o v3_cpols.o v3_crld.o v3_purp.o v3_info.o \ -v3_ocsp.o v3_akeya.o +v3_ocsp.o v3_akeya.o v3_pmaps.o SRC= $(LIBSRC) diff --git a/crypto/x509v3/ext_dat.h b/crypto/x509v3/ext_dat.h index 5442480595..4c801c2c1d 100644 --- a/crypto/x509v3/ext_dat.h +++ b/crypto/x509v3/ext_dat.h @@ -64,6 +64,7 @@ extern X509V3_EXT_METHOD v3_crl_num, v3_crl_reason, v3_crl_invdate, v3_cpols, v3 extern X509V3_EXT_METHOD v3_ocsp_nonce, v3_ocsp_accresp, v3_ocsp_acutoff; extern X509V3_EXT_METHOD v3_ocsp_crlid, v3_ocsp_nocheck, v3_ocsp_serviceloc; extern X509V3_EXT_METHOD v3_crl_hold; +extern X509V3_EXT_METHOD v3_policy_mappings; /* This table will be searched using OBJ_bsearch so it *must* kept in * order of the ext_nid values. @@ -105,8 +106,9 @@ static X509V3_EXT_METHOD *standard_exts[] = { #endif &v3_sinfo, #ifndef OPENSSL_NO_OCSP -&v3_crl_hold +&v3_crl_hold, #endif +&v3_policy_mappings }; /* Number of standard extensions */ diff --git a/crypto/x509v3/v3_pmaps.c b/crypto/x509v3/v3_pmaps.c new file mode 100644 index 0000000000..897640fc12 --- /dev/null +++ b/crypto/x509v3/v3_pmaps.c @@ -0,0 +1,153 @@ +/* v3_pmaps.c */ +/* Written by Dr Stephen N Henson (shenson@bigfoot.com) for the OpenSSL + * project. + */ +/* ==================================================================== + * Copyright (c) 2003 The OpenSSL Project. All rights reserved. + * + * Redistribution and use in source and binary forms, with or without + * modification, are permitted provided that the following conditions + * are met: + * + * 1. Redistributions of source code must retain the above copyright + * notice, this list of conditions and the following disclaimer. + * + * 2. Redistributions in binary form must reproduce the above copyright + * notice, this list of conditions and the following disclaimer in + * the documentation and/or other materials provided with the + * distribution. + * + * 3. All advertising materials mentioning features or use of this + * software must display the following acknowledgment: + * "This product includes software developed by the OpenSSL Project + * for use in the OpenSSL Toolkit. (http://www.OpenSSL.org/)" + * + * 4. The names "OpenSSL Toolkit" and "OpenSSL Project" must not be used to + * endorse or promote products derived from this software without + * prior written permission. For written permission, please contact + * licensing@OpenSSL.org. + * + * 5. Products derived from this software may not be called "OpenSSL" + * nor may "OpenSSL" appear in their names without prior written + * permission of the OpenSSL Project. + * + * 6. Redistributions of any form whatsoever must retain the following + * acknowledgment: + * "This product includes software developed by the OpenSSL Project + * for use in the OpenSSL Toolkit (http://www.OpenSSL.org/)" + * + * THIS SOFTWARE IS PROVIDED BY THE OpenSSL PROJECT ``AS IS'' AND ANY + * EXPRESSED OR IMPLIED WARRANTIES, INCLUDING, BUT NOT LIMITED TO, THE + * IMPLIED WARRANTIES OF MERCHANTABILITY AND FITNESS FOR A PARTICULAR + * PURPOSE ARE DISCLAIMED. IN NO EVENT SHALL THE OpenSSL PROJECT OR + * ITS CONTRIBUTORS BE LIABLE FOR ANY DIRECT, INDIRECT, INCIDENTAL, + * SPECIAL, EXEMPLARY, OR CONSEQUENTIAL DAMAGES (INCLUDING, BUT + * NOT LIMITED TO, PROCUREMENT OF SUBSTITUTE GOODS OR SERVICES; + * LOSS OF USE, DATA, OR PROFITS; OR BUSINESS INTERRUPTION) + * HOWEVER CAUSED AND ON ANY THEORY OF LIABILITY, WHETHER IN CONTRACT, + * STRICT LIABILITY, OR TORT (INCLUDING NEGLIGENCE OR OTHERWISE) + * ARISING IN ANY WAY OUT OF THE USE OF THIS SOFTWARE, EVEN IF ADVISED + * OF THE POSSIBILITY OF SUCH DAMAGE. + * ==================================================================== + * + * This product includes cryptographic software written by Eric Young + * (eay@cryptsoft.com). This product includes software written by Tim + * Hudson (tjh@cryptsoft.com). + * + */ + + +#include +#include "cryptlib.h" +#include +#include +#include + +static void *v2i_POLICY_MAPPINGS(X509V3_EXT_METHOD *method, + X509V3_CTX *ctx, STACK_OF(CONF_VALUE) *nval); +static STACK_OF(CONF_VALUE) *i2v_POLICY_MAPPINGS(X509V3_EXT_METHOD *method, + void *pmps, STACK_OF(CONF_VALUE) *extlist); + +X509V3_EXT_METHOD v3_policy_mappings = { + NID_policy_mappings, 0, + ASN1_ITEM_ref(POLICY_MAPPINGS), + 0,0,0,0, + 0,0, + i2v_POLICY_MAPPINGS, + v2i_POLICY_MAPPINGS, + 0,0, + NULL +}; + +ASN1_SEQUENCE(POLICY_MAPPING) = { + ASN1_SIMPLE(POLICY_MAPPING, issuerDomainPolicy, ASN1_OBJECT), + ASN1_SIMPLE(POLICY_MAPPING, subjectDomainPolicy, ASN1_OBJECT) +} ASN1_SEQUENCE_END(POLICY_MAPPING) + +ASN1_ITEM_TEMPLATE(POLICY_MAPPINGS) = + ASN1_EX_TEMPLATE_TYPE(ASN1_TFLG_SEQUENCE_OF, 0, POLICY_MAPPINGS, + POLICY_MAPPING) +ASN1_ITEM_TEMPLATE_END(POLICY_MAPPINGS) + +IMPLEMENT_ASN1_FUNCTIONS(POLICY_MAPPING) + + +static STACK_OF(CONF_VALUE) *i2v_POLICY_MAPPINGS(X509V3_EXT_METHOD *method, + void *a, STACK_OF(CONF_VALUE) *ext_list) +{ + POLICY_MAPPINGS *pmaps = a; + POLICY_MAPPING *pmap; + int i; + char obj_tmp1[80]; + char obj_tmp2[80]; + for(i = 0; i < sk_POLICY_MAPPING_num(pmaps); i++) { + pmap = sk_POLICY_MAPPING_value(pmaps, i); + i2t_ASN1_OBJECT(obj_tmp1, 80, pmap->issuerDomainPolicy); + i2t_ASN1_OBJECT(obj_tmp2, 80, pmap->subjectDomainPolicy); + X509V3_add_value(obj_tmp1, obj_tmp2, &ext_list); + } + return ext_list; +} + +static void *v2i_POLICY_MAPPINGS(X509V3_EXT_METHOD *method, + X509V3_CTX *ctx, STACK_OF(CONF_VALUE) *nval) +{ + POLICY_MAPPINGS *pmaps; + POLICY_MAPPING *pmap; + ASN1_OBJECT *obj1, *obj2; + CONF_VALUE *val; + int i; + + if(!(pmaps = sk_POLICY_MAPPING_new_null())) { + X509V3err(X509V3_F_V2I_POLICY_MAPPINGS,ERR_R_MALLOC_FAILURE); + return NULL; + } + + for(i = 0; i < sk_CONF_VALUE_num(nval); i++) { + val = sk_CONF_VALUE_value(nval, i); + if(!val->value || !val->name) { + sk_POLICY_MAPPING_pop_free(pmaps, POLICY_MAPPING_free); + X509V3err(X509V3_F_V2I_POLICY_MAPPINGS,X509V3_R_INVALID_OBJECT_IDENTIFIER); + X509V3_conf_err(val); + return NULL; + } + obj1 = OBJ_txt2obj(val->name, 0); + obj2 = OBJ_txt2obj(val->value, 0); + if(!obj1 || !obj2) { + sk_POLICY_MAPPING_pop_free(pmaps, POLICY_MAPPING_free); + X509V3err(X509V3_F_V2I_POLICY_MAPPINGS,X509V3_R_INVALID_OBJECT_IDENTIFIER); + X509V3_conf_err(val); + return NULL; + } + pmap = POLICY_MAPPING_new(); + if (!pmap) { + sk_POLICY_MAPPING_pop_free(pmaps, POLICY_MAPPING_free); + X509V3err(X509V3_F_V2I_POLICY_MAPPINGS,ERR_R_MALLOC_FAILURE); + return NULL; + } + pmap->issuerDomainPolicy = obj1; + pmap->subjectDomainPolicy = obj2; + sk_POLICY_MAPPING_push(pmaps, pmap); + } + return pmaps; +} diff --git a/crypto/x509v3/v3err.c b/crypto/x509v3/v3err.c index 28f44e00c6..80b821dda1 100644 --- a/crypto/x509v3/v3err.c +++ b/crypto/x509v3/v3err.c @@ -98,6 +98,7 @@ static ERR_STRING_DATA X509V3_str_functs[]= {ERR_PACK(0,X509V3_F_V2I_EXT_KU,0), "V2I_EXT_KU"}, {ERR_PACK(0,X509V3_F_V2I_GENERAL_NAME,0), "v2i_GENERAL_NAME"}, {ERR_PACK(0,X509V3_F_V2I_GENERAL_NAMES,0), "v2i_GENERAL_NAMES"}, +{ERR_PACK(0,X509V3_F_V2I_POLICY_MAPPINGS,0), "V2I_POLICY_MAPPINGS"}, {ERR_PACK(0,X509V3_F_V3_GENERIC_EXTENSION,0), "V3_GENERIC_EXTENSION"}, {ERR_PACK(0,X509V3_F_X509V3_ADD_I2D,0), "X509V3_ADD_I2D"}, {ERR_PACK(0,X509V3_F_X509V3_ADD_VALUE,0), "X509V3_add_value"}, diff --git a/crypto/x509v3/x509v3.h b/crypto/x509v3/x509v3.h index d2edc9f650..fda50c95a0 100644 --- a/crypto/x509v3/x509v3.h +++ b/crypto/x509v3/x509v3.h @@ -286,6 +286,15 @@ typedef STACK_OF(POLICYINFO) CERTIFICATEPOLICIES; DECLARE_STACK_OF(POLICYINFO) DECLARE_ASN1_SET_OF(POLICYINFO) +typedef struct POLICY_MAPPING_st { + ASN1_OBJECT *issuerDomainPolicy; + ASN1_OBJECT *subjectDomainPolicy; +} POLICY_MAPPING; + +DECLARE_STACK_OF(POLICY_MAPPING) + +typedef STACK_OF(POLICY_MAPPING) POLICY_MAPPINGS; + #define X509V3_conf_err(val) ERR_add_error_data(6, "section:", val->section, \ ",name:", val->name, ",value:", val->value); @@ -455,6 +464,9 @@ DECLARE_ASN1_FUNCTIONS(DIST_POINT_NAME) DECLARE_ASN1_FUNCTIONS(ACCESS_DESCRIPTION) DECLARE_ASN1_FUNCTIONS(AUTHORITY_INFO_ACCESS) +DECLARE_ASN1_ITEM(POLICY_MAPPING) +DECLARE_ASN1_ITEM(POLICY_MAPPINGS) + #ifdef HEADER_CONF_H GENERAL_NAME *v2i_GENERAL_NAME(X509V3_EXT_METHOD *method, X509V3_CTX *ctx, CONF_VALUE *cnf); void X509V3_conf_free(CONF_VALUE *val); @@ -592,6 +604,7 @@ void ERR_load_X509V3_strings(void); #define X509V3_F_V2I_EXT_KU 103 #define X509V3_F_V2I_GENERAL_NAME 117 #define X509V3_F_V2I_GENERAL_NAMES 118 +#define X509V3_F_V2I_POLICY_MAPPINGS 145 #define X509V3_F_V3_GENERIC_EXTENSION 116 #define X509V3_F_X509V3_ADD_I2D 140 #define X509V3_F_X509V3_ADD_VALUE 105 From c554155b58f5c0dda132048bb0a68a2d1a463d98 Mon Sep 17 00:00:00 2001 From: =?UTF-8?q?Bodo=20M=C3=B6ller?= Date: Thu, 20 Mar 2003 17:31:30 +0000 Subject: [PATCH 151/393] make sure RSA blinding works when the PRNG is not properly seeded; enable it automatically for the built-in engine --- CHANGES | 13 ++++++++++++- crypto/rsa/rsa.h | 7 +++++++ crypto/rsa/rsa_eay.c | 35 +++++++++++++++++++++++++++-------- crypto/rsa/rsa_lib.c | 21 +++++++++++++++++---- 4 files changed, 63 insertions(+), 13 deletions(-) diff --git a/CHANGES b/CHANGES index 0a5913ce15..a03875767c 100644 --- a/CHANGES +++ b/CHANGES @@ -469,8 +469,19 @@ in ssl3_get_client_key_exchange (ssl/s3_srvr.c). [Bodo Moeller] + *) Turn on RSA blinding by default in the default implementation + to avoid a timing attack. Applications that don't want it can call + RSA_blinding_off() or use the new flag RSA_FLAG_NO_BLINDING. + They would be ill-advised to do so in most cases. + [Ben Laurie, Steve Henson, Geoff Thorpe] + + *) Change RSA blinding code so that it works when the PRNG is not + seeded (in this case, the secret RSA exponent is abused as + an unpredictable seed -- if it is not unpredictable, there + is no point in blinding anyway). + [Bodo Moeller] + yet to be integrated into this CVS branch: -- RSA blinding changes - Geoff's ENGINE_set_default() fix *) Target "mingw" now allows native Windows code to be generated in diff --git a/crypto/rsa/rsa.h b/crypto/rsa/rsa.h index b005b4b0b3..604fc26442 100644 --- a/crypto/rsa/rsa.h +++ b/crypto/rsa/rsa.h @@ -162,6 +162,11 @@ struct rsa_st #define RSA_FLAG_CACHE_PUBLIC 0x02 #define RSA_FLAG_CACHE_PRIVATE 0x04 #define RSA_FLAG_BLINDING 0x08 +#define RSA_FLAG_NO_BLINDING 0x80 /* new with 0.9.6j and 0.9.7b; the built-in + * RSA implementation now uses blinding by + * default (ignoring RSA_FLAG_BLINDING), + * but other engines might not need it + */ #define RSA_FLAG_THREAD_SAFE 0x10 /* This flag means the private key operations will be handled by rsa_mod_exp * and that they do not depend on the private key components being present: @@ -174,6 +179,8 @@ struct rsa_st */ #define RSA_FLAG_SIGN_VER 0x40 +#define RSA_FLAG_NO_BLINDING 0x80 + #define RSA_PKCS1_PADDING 1 #define RSA_SSLV23_PADDING 2 #define RSA_NO_PADDING 3 diff --git a/crypto/rsa/rsa_eay.c b/crypto/rsa/rsa_eay.c index 24c77699fe..6bc6ef3913 100644 --- a/crypto/rsa/rsa_eay.c +++ b/crypto/rsa/rsa_eay.c @@ -211,6 +211,25 @@ err: return(r); } +static int rsa_eay_blinding(RSA *rsa, BN_CTX *ctx) + { + int ret = 1; + CRYPTO_w_lock(CRYPTO_LOCK_RSA); + /* Check again inside the lock - the macro's check is racey */ + if(rsa->blinding == NULL) + ret = RSA_blinding_on(rsa, ctx); + CRYPTO_w_unlock(CRYPTO_LOCK_RSA); + return ret; + } + +#define BLINDING_HELPER(rsa, ctx, err_instr) \ + do { \ + if((!((rsa)->flags & RSA_FLAG_NO_BLINDING)) && \ + ((rsa)->blinding == NULL) && \ + !rsa_eay_blinding(rsa, ctx)) \ + err_instr \ + } while(0) + /* signing */ static int RSA_eay_private_encrypt(int flen, const unsigned char *from, unsigned char *to, RSA *rsa, int padding) @@ -255,9 +274,9 @@ static int RSA_eay_private_encrypt(int flen, const unsigned char *from, goto err; } - if ((rsa->flags & RSA_FLAG_BLINDING) && (rsa->blinding == NULL)) - RSA_blinding_on(rsa,ctx); - if (rsa->flags & RSA_FLAG_BLINDING) + BLINDING_HELPER(rsa, ctx, goto err;); + + if (!(rsa->flags & RSA_FLAG_NO_BLINDING)) if (!BN_BLINDING_convert(&f,rsa->blinding,ctx)) goto err; if ( (rsa->flags & RSA_FLAG_EXT_PKEY) || @@ -274,7 +293,7 @@ static int RSA_eay_private_encrypt(int flen, const unsigned char *from, rsa->_method_mod_n)) goto err; } - if (rsa->flags & RSA_FLAG_BLINDING) + if (!(rsa->flags & RSA_FLAG_NO_BLINDING)) if (!BN_BLINDING_invert(&ret,rsa->blinding,ctx)) goto err; /* put in leading 0 bytes if the number is less than the @@ -336,9 +355,9 @@ static int RSA_eay_private_decrypt(int flen, const unsigned char *from, goto err; } - if ((rsa->flags & RSA_FLAG_BLINDING) && (rsa->blinding == NULL)) - RSA_blinding_on(rsa,ctx); - if (rsa->flags & RSA_FLAG_BLINDING) + BLINDING_HELPER(rsa, ctx, goto err;); + + if (!(rsa->flags & RSA_FLAG_NO_BLINDING)) if (!BN_BLINDING_convert(&f,rsa->blinding,ctx)) goto err; /* do the decrypt */ @@ -357,7 +376,7 @@ static int RSA_eay_private_decrypt(int flen, const unsigned char *from, goto err; } - if (rsa->flags & RSA_FLAG_BLINDING) + if (!(rsa->flags & RSA_FLAG_NO_BLINDING)) if (!BN_BLINDING_invert(&ret,rsa->blinding,ctx)) goto err; p=buf; diff --git a/crypto/rsa/rsa_lib.c b/crypto/rsa/rsa_lib.c index 889c36d3a6..33ca8330c9 100644 --- a/crypto/rsa/rsa_lib.c +++ b/crypto/rsa/rsa_lib.c @@ -72,7 +72,9 @@ static const RSA_METHOD *default_RSA_meth=NULL; RSA *RSA_new(void) { - return(RSA_new_method(NULL)); + RSA *r=RSA_new_method(NULL); + + return r; } void RSA_set_default_method(const RSA_METHOD *meth) @@ -307,7 +309,8 @@ void RSA_blinding_off(RSA *rsa) BN_BLINDING_free(rsa->blinding); rsa->blinding=NULL; } - rsa->flags&= ~RSA_FLAG_BLINDING; + rsa->flags &= ~RSA_FLAG_BLINDING; + rsa->flags |= RSA_FLAG_NO_BLINDING; } int RSA_blinding_on(RSA *rsa, BN_CTX *p_ctx) @@ -328,13 +331,23 @@ int RSA_blinding_on(RSA *rsa, BN_CTX *p_ctx) BN_CTX_start(ctx); A = BN_CTX_get(ctx); - if (!BN_rand_range(A,rsa->n)) goto err; + if ((RAND_status() == 0) && rsa->d != NULL && rsa->d->d != NULL) + { + /* if PRNG is not properly seeded, resort to secret exponent as unpredictable seed */ + RAND_add(rsa->d->d, rsa->d->dmax * sizeof rsa->d->d[0], 0); + if (!BN_pseudo_rand_range(A,rsa->n)) goto err; + } + else + { + if (!BN_rand_range(A,rsa->n)) goto err; + } if ((Ai=BN_mod_inverse(NULL,A,rsa->n,ctx)) == NULL) goto err; if (!rsa->meth->bn_mod_exp(A,A,rsa->e,rsa->n,ctx,rsa->_method_mod_n)) goto err; rsa->blinding=BN_BLINDING_new(A,Ai,rsa->n); - rsa->flags|=RSA_FLAG_BLINDING; + rsa->flags |= RSA_FLAG_BLINDING; + rsa->flags &= ~RSA_FLAG_NO_BLINDING; BN_free(Ai); ret=1; err: From ea3675b5b60789f87a998bad8aab0ca53b3af4ed Mon Sep 17 00:00:00 2001 From: "Dr. Stephen Henson" Date: Thu, 20 Mar 2003 17:58:33 +0000 Subject: [PATCH 152/393] New ASN1 macros to just implement and declare the new and free functions and changes to mkdef.pl so it recognises them. Use these in policyMappings extension. --- crypto/asn1/asn1.h | 12 ++++++++---- crypto/asn1/asn1t.h | 3 +++ crypto/x509v3/v3_pmaps.c | 2 +- crypto/x509v3/x509v3.h | 1 + util/libeay.num | 6 ++++++ util/mkdef.pl | 4 ++++ 6 files changed, 23 insertions(+), 5 deletions(-) diff --git a/crypto/asn1/asn1.h b/crypto/asn1/asn1.h index 0eb97fa62e..19414444a5 100644 --- a/crypto/asn1/asn1.h +++ b/crypto/asn1/asn1.h @@ -264,14 +264,15 @@ typedef struct ASN1_VALUE_st ASN1_VALUE; #define DECLARE_ASN1_FUNCTIONS(type) DECLARE_ASN1_FUNCTIONS_name(type, type) +#define DECLARE_ASN1_ALLOC_FUNCTIONS(type) \ + DECLARE_ASN1_ALLOC_FUNCTIONS_name(type, type) + #define DECLARE_ASN1_FUNCTIONS_name(type, name) \ - type *name##_new(void); \ - void name##_free(type *a); \ + DECLARE_ASN1_ALLOC_FUNCTIONS_name(type, name) \ DECLARE_ASN1_ENCODE_FUNCTIONS(type, name, name) #define DECLARE_ASN1_FUNCTIONS_fname(type, itname, name) \ - type *name##_new(void); \ - void name##_free(type *a); \ + DECLARE_ASN1_ALLOC_FUNCTIONS_name(type, name) \ DECLARE_ASN1_ENCODE_FUNCTIONS(type, itname, name) #define DECLARE_ASN1_ENCODE_FUNCTIONS(type, itname, name) \ @@ -291,6 +292,9 @@ typedef struct ASN1_VALUE_st ASN1_VALUE; name *name##_new(void); \ void name##_free(name *a); +#define DECLARE_ASN1_ALLOC_FUNCTIONS_name(type, name) \ + type *name##_new(void); \ + void name##_free(type *a); /* The following macros and typedefs allow an ASN1_ITEM * to be embedded in a structure and referenced. Since diff --git a/crypto/asn1/asn1t.h b/crypto/asn1/asn1t.h index 479225bea0..c1a4bea8f1 100644 --- a/crypto/asn1/asn1t.h +++ b/crypto/asn1/asn1t.h @@ -775,6 +775,9 @@ typedef struct ASN1_AUX_st { #define IMPLEMENT_ASN1_FUNCTIONS_ENCODE_name(stname, itname) \ IMPLEMENT_ASN1_FUNCTIONS_ENCODE_fname(stname, itname, itname) +#define IMPLEMENT_ASN1_ALLOC_FUNCTIONS(stname) \ + IMPLEMENT_ASN1_ALLOC_FUNCTIONS_fname(stname, stname, stname) + #define IMPLEMENT_ASN1_ALLOC_FUNCTIONS_fname(stname, itname, fname) \ stname *fname##_new(void) \ { \ diff --git a/crypto/x509v3/v3_pmaps.c b/crypto/x509v3/v3_pmaps.c index 897640fc12..137be58ad9 100644 --- a/crypto/x509v3/v3_pmaps.c +++ b/crypto/x509v3/v3_pmaps.c @@ -89,7 +89,7 @@ ASN1_ITEM_TEMPLATE(POLICY_MAPPINGS) = POLICY_MAPPING) ASN1_ITEM_TEMPLATE_END(POLICY_MAPPINGS) -IMPLEMENT_ASN1_FUNCTIONS(POLICY_MAPPING) +IMPLEMENT_ASN1_ALLOC_FUNCTIONS(POLICY_MAPPING) static STACK_OF(CONF_VALUE) *i2v_POLICY_MAPPINGS(X509V3_EXT_METHOD *method, diff --git a/crypto/x509v3/x509v3.h b/crypto/x509v3/x509v3.h index fda50c95a0..2cbe1b9632 100644 --- a/crypto/x509v3/x509v3.h +++ b/crypto/x509v3/x509v3.h @@ -465,6 +465,7 @@ DECLARE_ASN1_FUNCTIONS(ACCESS_DESCRIPTION) DECLARE_ASN1_FUNCTIONS(AUTHORITY_INFO_ACCESS) DECLARE_ASN1_ITEM(POLICY_MAPPING) +DECLARE_ASN1_ALLOC_FUNCTIONS(POLICY_MAPPING) DECLARE_ASN1_ITEM(POLICY_MAPPINGS) #ifdef HEADER_CONF_H diff --git a/util/libeay.num b/util/libeay.num index 243d9f12d9..b97228ce3b 100755 --- a/util/libeay.num +++ b/util/libeay.num @@ -3000,3 +3000,9 @@ a2i_IPADDRESS 3434 EXIST::FUNCTION: ENGINE_setup_bsd_cryptodev 3435 EXIST:__FreeBSD__:FUNCTION:ENGINE EC_GROUP_have_precompute_mult 3436 EXIST::FUNCTION:EC X509V3_NAME_from_section 3437 EXIST::FUNCTION: +POLICY_MAPPING_it 3438 EXIST:!EXPORT_VAR_AS_FUNCTION:VARIABLE: +POLICY_MAPPING_it 3438 EXIST:EXPORT_VAR_AS_FUNCTION:FUNCTION: +POLICY_MAPPINGS_it 3439 EXIST:!EXPORT_VAR_AS_FUNCTION:VARIABLE: +POLICY_MAPPINGS_it 3439 EXIST:EXPORT_VAR_AS_FUNCTION:FUNCTION: +POLICY_MAPPING_new 3440 EXIST::FUNCTION: +POLICY_MAPPING_free 3441 EXIST::FUNCTION: diff --git a/util/mkdef.pl b/util/mkdef.pl index f7f0e6ebf2..3091e2035b 100755 --- a/util/mkdef.pl +++ b/util/mkdef.pl @@ -673,6 +673,10 @@ sub do_defs "EXPORT_VAR_AS_FUNCTION", "FUNCTION"); next; + } elsif (/^\s*DECLARE_ASN1_ALLOC_FUNCTIONS\s*\(\s*(\w*)\s*\)/) { + $def .= "int $1_free(void);"; + $def .= "int $1_new(void);"; + next; } elsif (/^\s*DECLARE_ASN1_FUNCTIONS_name\s*\(\s*(\w*)\s*,\s*(\w*)\s*\)/) { $def .= "int d2i_$2(void);"; $def .= "int i2d_$2(void);"; From b24668626e348bc31224aa6d6cfb4bb913a53ddb Mon Sep 17 00:00:00 2001 From: "Dr. Stephen Henson" Date: Thu, 20 Mar 2003 17:59:39 +0000 Subject: [PATCH 153/393] make update --- crypto/ecdh/Makefile.ssl | 7 ++++--- crypto/x509v3/Makefile.ssl | 16 ++++++++++++++++ 2 files changed, 20 insertions(+), 3 deletions(-) diff --git a/crypto/ecdh/Makefile.ssl b/crypto/ecdh/Makefile.ssl index 7ab015070e..8a0e43852a 100644 --- a/crypto/ecdh/Makefile.ssl +++ b/crypto/ecdh/Makefile.ssl @@ -112,8 +112,9 @@ ech_lib.o: ../../include/openssl/rand.h ../../include/openssl/rsa.h ech_lib.o: ../../include/openssl/safestack.h ../../include/openssl/stack.h ech_lib.o: ../../include/openssl/symhacks.h ../../include/openssl/ui.h ecdh.h ech_lib.o: ech_lib.c -ech_ossl.o: ../../include/openssl/asn1.h ../../include/openssl/bio.h -ech_ossl.o: ../../include/openssl/bn.h ../../include/openssl/crypto.h +ech_ossl.o: ../../e_os.h ../../include/openssl/asn1.h +ech_ossl.o: ../../include/openssl/bio.h ../../include/openssl/bn.h +ech_ossl.o: ../../include/openssl/buffer.h ../../include/openssl/crypto.h ech_ossl.o: ../../include/openssl/e_os2.h ../../include/openssl/ec.h ech_ossl.o: ../../include/openssl/ecdh.h ../../include/openssl/err.h ech_ossl.o: ../../include/openssl/lhash.h ../../include/openssl/obj_mac.h @@ -121,4 +122,4 @@ ech_ossl.o: ../../include/openssl/opensslconf.h ech_ossl.o: ../../include/openssl/opensslv.h ../../include/openssl/ossl_typ.h ech_ossl.o: ../../include/openssl/safestack.h ../../include/openssl/sha.h ech_ossl.o: ../../include/openssl/stack.h ../../include/openssl/symhacks.h -ech_ossl.o: ech_ossl.c +ech_ossl.o: ../cryptlib.h ech_ossl.c diff --git a/crypto/x509v3/Makefile.ssl b/crypto/x509v3/Makefile.ssl index df60026566..a353fec25b 100644 --- a/crypto/x509v3/Makefile.ssl +++ b/crypto/x509v3/Makefile.ssl @@ -353,6 +353,22 @@ v3_pku.o: ../../include/openssl/safestack.h ../../include/openssl/sha.h v3_pku.o: ../../include/openssl/stack.h ../../include/openssl/symhacks.h v3_pku.o: ../../include/openssl/x509.h ../../include/openssl/x509_vfy.h v3_pku.o: ../../include/openssl/x509v3.h ../cryptlib.h v3_pku.c +v3_pmaps.o: ../../e_os.h ../../include/openssl/asn1.h +v3_pmaps.o: ../../include/openssl/asn1t.h ../../include/openssl/bio.h +v3_pmaps.o: ../../include/openssl/bn.h ../../include/openssl/buffer.h +v3_pmaps.o: ../../include/openssl/conf.h ../../include/openssl/crypto.h +v3_pmaps.o: ../../include/openssl/dh.h ../../include/openssl/dsa.h +v3_pmaps.o: ../../include/openssl/e_os2.h ../../include/openssl/ec.h +v3_pmaps.o: ../../include/openssl/ecdh.h ../../include/openssl/ecdsa.h +v3_pmaps.o: ../../include/openssl/err.h ../../include/openssl/evp.h +v3_pmaps.o: ../../include/openssl/lhash.h ../../include/openssl/obj_mac.h +v3_pmaps.o: ../../include/openssl/objects.h ../../include/openssl/opensslconf.h +v3_pmaps.o: ../../include/openssl/opensslv.h ../../include/openssl/ossl_typ.h +v3_pmaps.o: ../../include/openssl/pkcs7.h ../../include/openssl/rsa.h +v3_pmaps.o: ../../include/openssl/safestack.h ../../include/openssl/sha.h +v3_pmaps.o: ../../include/openssl/stack.h ../../include/openssl/symhacks.h +v3_pmaps.o: ../../include/openssl/x509.h ../../include/openssl/x509_vfy.h +v3_pmaps.o: ../../include/openssl/x509v3.h ../cryptlib.h v3_pmaps.c v3_prn.o: ../../e_os.h ../../include/openssl/asn1.h ../../include/openssl/bio.h v3_prn.o: ../../include/openssl/bn.h ../../include/openssl/buffer.h v3_prn.o: ../../include/openssl/conf.h ../../include/openssl/crypto.h From d4a47a5778fa227abc634b4ededb6e011e6e7065 Mon Sep 17 00:00:00 2001 From: Richard Levitte Date: Thu, 20 Mar 2003 23:14:49 +0000 Subject: [PATCH 154/393] Because it may be needed in public header files, move the definition of OPENSSL_NO_FP_API on existence of OPENSSL_SYS_MSDOS to e_os2.h. --- e_os.h | 2 +- e_os2.h | 1 + 2 files changed, 2 insertions(+), 1 deletion(-) diff --git a/e_os.h b/e_os.h index f7d09c5295..f70958df87 100644 --- a/e_os.h +++ b/e_os.h @@ -184,7 +184,6 @@ extern "C" { #endif #ifdef WIN16 -# define OPENSSL_NO_FP_API # define MS_CALLBACK _far _loadds # define MS_FAR _far #else @@ -193,6 +192,7 @@ extern "C" { #endif #ifdef OPENSSL_NO_STDIO +# undef OPENSSL_NO_FP_API # define OPENSSL_NO_FP_API #endif diff --git a/e_os2.h b/e_os2.h index 81be3025f6..80ec03ee8c 100644 --- a/e_os2.h +++ b/e_os2.h @@ -201,6 +201,7 @@ extern "C" { /* Specials for I/O an exit */ #ifdef OPENSSL_SYS_MSDOS +# define OPENSSL_NO_FP_API # define OPENSSL_UNISTD_IO # define OPENSSL_DECLARE_EXIT extern void exit(int); #else From 940767b03f3a9f5ca35a9f001f83c13eef1f5cd7 Mon Sep 17 00:00:00 2001 From: Richard Levitte Date: Thu, 20 Mar 2003 23:15:51 +0000 Subject: [PATCH 155/393] Make sure we get the definition of OPENSSL_NO_AES. --- crypto/aes/aes.h | 2 ++ 1 file changed, 2 insertions(+) diff --git a/crypto/aes/aes.h b/crypto/aes/aes.h index 8294a41a3a..7f4b0e8066 100644 --- a/crypto/aes/aes.h +++ b/crypto/aes/aes.h @@ -52,6 +52,8 @@ #ifndef HEADER_AES_H #define HEADER_AES_H +#include + #ifdef OPENSSL_NO_AES #error AES is disabled. #endif From 536b73e78e5f0d5d81644742591d7e58ed5ddc07 Mon Sep 17 00:00:00 2001 From: Richard Levitte Date: Thu, 20 Mar 2003 23:16:45 +0000 Subject: [PATCH 156/393] Make sure we get the definition of OPENSSL_NO_BIO and OPENSSL_NO_RSA. --- crypto/asn1/asn1.h | 2 +- crypto/asn1/n_pkey.c | 2 +- 2 files changed, 2 insertions(+), 2 deletions(-) diff --git a/crypto/asn1/asn1.h b/crypto/asn1/asn1.h index 19414444a5..790e7b967b 100644 --- a/crypto/asn1/asn1.h +++ b/crypto/asn1/asn1.h @@ -60,10 +60,10 @@ #define HEADER_ASN1_H #include +#include #ifndef OPENSSL_NO_BIO #include #endif -#include #include #include #include diff --git a/crypto/asn1/n_pkey.c b/crypto/asn1/n_pkey.c index 766b51c538..a5a02e843c 100644 --- a/crypto/asn1/n_pkey.c +++ b/crypto/asn1/n_pkey.c @@ -56,9 +56,9 @@ * [including the GNU Public Licence.] */ -#ifndef OPENSSL_NO_RSA #include #include "cryptlib.h" +#ifndef OPENSSL_NO_RSA #include #include #include From 44deca977d7bca6e959bedf2c02b69f7f0c036d9 Mon Sep 17 00:00:00 2001 From: Richard Levitte Date: Thu, 20 Mar 2003 23:17:04 +0000 Subject: [PATCH 157/393] Make sure we get the definition of OPENSSL_NO_BF. --- crypto/bf/bftest.c | 1 + 1 file changed, 1 insertion(+) diff --git a/crypto/bf/bftest.c b/crypto/bf/bftest.c index 24d526b14b..14bc4d7c8b 100644 --- a/crypto/bf/bftest.c +++ b/crypto/bf/bftest.c @@ -62,6 +62,7 @@ #include #include #include +#include /* To see if OPENSSL_NO_BF is defined */ #include "../e_os.h" From 7b5a6c7a6278eb255ab0f28a72a702bef456f526 Mon Sep 17 00:00:00 2001 From: Richard Levitte Date: Thu, 20 Mar 2003 23:17:23 +0000 Subject: [PATCH 158/393] Make sure we get the definition of OPENSSL_NO_FP_API. --- crypto/bio/bio.h | 3 ++- crypto/crypto.h | 2 ++ 2 files changed, 4 insertions(+), 1 deletion(-) diff --git a/crypto/bio/bio.h b/crypto/bio/bio.h index fbbc16d00c..ce8b19ce2e 100644 --- a/crypto/bio/bio.h +++ b/crypto/bio/bio.h @@ -59,13 +59,14 @@ #ifndef HEADER_BIO_H #define HEADER_BIO_H +#include + #ifndef OPENSSL_NO_FP_API # include #endif #include #include -#include #ifdef __cplusplus extern "C" { diff --git a/crypto/crypto.h b/crypto/crypto.h index fa799a7623..0f15a56544 100644 --- a/crypto/crypto.h +++ b/crypto/crypto.h @@ -119,6 +119,8 @@ #include +#include + #ifndef OPENSSL_NO_FP_API #include #endif From 9ba4cc007b3af0b5e893716f8fe44943a5e3b234 Mon Sep 17 00:00:00 2001 From: Richard Levitte Date: Thu, 20 Mar 2003 23:18:32 +0000 Subject: [PATCH 159/393] Make sure we get the definition of OPENSSL_NO_SOCK. --- crypto/bio/b_sock.c | 4 ++-- crypto/bio/bss_acpt.c | 4 ++-- crypto/bio/bss_conn.c | 4 ++-- crypto/bio/bss_sock.c | 5 +---- 4 files changed, 7 insertions(+), 10 deletions(-) diff --git a/crypto/bio/b_sock.c b/crypto/bio/b_sock.c index 601a14f37c..c501008028 100644 --- a/crypto/bio/b_sock.c +++ b/crypto/bio/b_sock.c @@ -56,8 +56,6 @@ * [including the GNU Public Licence.] */ -#ifndef OPENSSL_NO_SOCK - #include #include #include @@ -65,6 +63,8 @@ #include "cryptlib.h" #include +#ifndef OPENSSL_NO_SOCK + #ifdef OPENSSL_SYS_WIN16 #define SOCKET_PROTOCOL 0 /* more microsoft stupidity */ #else diff --git a/crypto/bio/bss_acpt.c b/crypto/bio/bss_acpt.c index 8ea1db158b..d090b7272f 100644 --- a/crypto/bio/bss_acpt.c +++ b/crypto/bio/bss_acpt.c @@ -56,14 +56,14 @@ * [including the GNU Public Licence.] */ -#ifndef OPENSSL_NO_SOCK - #include #include #define USE_SOCKETS #include "cryptlib.h" #include +#ifndef OPENSSL_NO_SOCK + #ifdef OPENSSL_SYS_WIN16 #define SOCKET_PROTOCOL 0 /* more microsoft stupidity */ #else diff --git a/crypto/bio/bss_conn.c b/crypto/bio/bss_conn.c index 743db6ff94..33702eb99b 100644 --- a/crypto/bio/bss_conn.c +++ b/crypto/bio/bss_conn.c @@ -56,14 +56,14 @@ * [including the GNU Public Licence.] */ -#ifndef OPENSSL_NO_SOCK - #include #include #define USE_SOCKETS #include "cryptlib.h" #include +#ifndef OPENSSL_NO_SOCK + #ifdef OPENSSL_SYS_WIN16 #define SOCKET_PROTOCOL 0 /* more microsoft stupidity */ #else diff --git a/crypto/bio/bss_sock.c b/crypto/bio/bss_sock.c index 2c1c405ec7..7207a1fb87 100644 --- a/crypto/bio/bss_sock.c +++ b/crypto/bio/bss_sock.c @@ -56,8 +56,6 @@ * [including the GNU Public Licence.] */ -#ifndef OPENSSL_NO_SOCK - #include #include #define USE_SOCKETS @@ -279,7 +277,7 @@ int BIO_sock_non_fatal_error(int err) #endif #ifdef EAGAIN -#if EWOULDBLOCK != EAGAIN +# if EWOULDBLOCK != EAGAIN case EAGAIN: # endif #endif @@ -302,4 +300,3 @@ int BIO_sock_non_fatal_error(int err) } return(0); } -#endif From 78951e771128452077388acf79c79c72f379dce1 Mon Sep 17 00:00:00 2001 From: Richard Levitte Date: Thu, 20 Mar 2003 23:19:41 +0000 Subject: [PATCH 160/393] Make sure we get the definition of OPENSSL_NO_ERR. --- crypto/bio/bio_err.c | 1 + crypto/bn/bn_err.c | 1 + crypto/buffer/buf_err.c | 1 + crypto/comp/comp_err.c | 1 + crypto/conf/conf_err.c | 1 + crypto/dh/dh_err.c | 1 + crypto/dsa/dsa_err.c | 1 + crypto/dso/dso_err.c | 1 + crypto/ecdsa/ecs_err.c | 1 + 9 files changed, 9 insertions(+) diff --git a/crypto/bio/bio_err.c b/crypto/bio/bio_err.c index 68a119d895..5df17ff892 100644 --- a/crypto/bio/bio_err.c +++ b/crypto/bio/bio_err.c @@ -61,6 +61,7 @@ #include #include #include +#include /* To see if OPENSSL_NO_ERR is defined */ /* BEGIN ERROR CODES */ #ifndef OPENSSL_NO_ERR diff --git a/crypto/bn/bn_err.c b/crypto/bn/bn_err.c index bcc7ff97af..747591f9cb 100644 --- a/crypto/bn/bn_err.c +++ b/crypto/bn/bn_err.c @@ -61,6 +61,7 @@ #include #include #include +#include /* To see if OPENSSL_NO_ERR is defined */ /* BEGIN ERROR CODES */ #ifndef OPENSSL_NO_ERR diff --git a/crypto/buffer/buf_err.c b/crypto/buffer/buf_err.c index 5eee653e14..6559060784 100644 --- a/crypto/buffer/buf_err.c +++ b/crypto/buffer/buf_err.c @@ -61,6 +61,7 @@ #include #include #include +#include /* To see if OPENSSL_NO_ERR is defined */ /* BEGIN ERROR CODES */ #ifndef OPENSSL_NO_ERR diff --git a/crypto/comp/comp_err.c b/crypto/comp/comp_err.c index 1652b8c2c4..54edbb0e9a 100644 --- a/crypto/comp/comp_err.c +++ b/crypto/comp/comp_err.c @@ -61,6 +61,7 @@ #include #include #include +#include /* To see if OPENSSL_NO_ERR is defined */ /* BEGIN ERROR CODES */ #ifndef OPENSSL_NO_ERR diff --git a/crypto/conf/conf_err.c b/crypto/conf/conf_err.c index ee07bfe9d9..bc16eeaa57 100644 --- a/crypto/conf/conf_err.c +++ b/crypto/conf/conf_err.c @@ -61,6 +61,7 @@ #include #include #include +#include /* To see if OPENSSL_NO_ERR is defined */ /* BEGIN ERROR CODES */ #ifndef OPENSSL_NO_ERR diff --git a/crypto/dh/dh_err.c b/crypto/dh/dh_err.c index d837950aec..443a741da6 100644 --- a/crypto/dh/dh_err.c +++ b/crypto/dh/dh_err.c @@ -61,6 +61,7 @@ #include #include #include +#include /* To see if OPENSSL_NO_ERR is defined */ /* BEGIN ERROR CODES */ #ifndef OPENSSL_NO_ERR diff --git a/crypto/dsa/dsa_err.c b/crypto/dsa/dsa_err.c index 79aa4ff526..b1064f07eb 100644 --- a/crypto/dsa/dsa_err.c +++ b/crypto/dsa/dsa_err.c @@ -61,6 +61,7 @@ #include #include #include +#include /* To see if OPENSSL_NO_ERR is defined */ /* BEGIN ERROR CODES */ #ifndef OPENSSL_NO_ERR diff --git a/crypto/dso/dso_err.c b/crypto/dso/dso_err.c index ac783e2796..8ec7ba9f9e 100644 --- a/crypto/dso/dso_err.c +++ b/crypto/dso/dso_err.c @@ -61,6 +61,7 @@ #include #include #include +#include /* To see if OPENSSL_NO_ERR is defined */ /* BEGIN ERROR CODES */ #ifndef OPENSSL_NO_ERR diff --git a/crypto/ecdsa/ecs_err.c b/crypto/ecdsa/ecs_err.c index 75c789448c..c9bed9dd8e 100644 --- a/crypto/ecdsa/ecs_err.c +++ b/crypto/ecdsa/ecs_err.c @@ -61,6 +61,7 @@ #include #include #include +#include /* To see if OPENSSL_NO_ERR is defined */ /* BEGIN ERROR CODES */ #ifndef OPENSSL_NO_ERR From 0c7d61ee0e742adf90e8c815c52eee181cd89dea Mon Sep 17 00:00:00 2001 From: Richard Levitte Date: Thu, 20 Mar 2003 23:20:15 +0000 Subject: [PATCH 161/393] Make sure we get the definition of OPENSSL_NO_CAST. --- crypto/cast/cast.h | 2 ++ crypto/cast/casttest.c | 1 + 2 files changed, 3 insertions(+) diff --git a/crypto/cast/cast.h b/crypto/cast/cast.h index b28e4e4f3b..90b45b950a 100644 --- a/crypto/cast/cast.h +++ b/crypto/cast/cast.h @@ -63,6 +63,8 @@ extern "C" { #endif +#include + #ifdef OPENSSL_NO_CAST #error CAST is disabled. #endif diff --git a/crypto/cast/casttest.c b/crypto/cast/casttest.c index 83e5a16c73..0d020d6975 100644 --- a/crypto/cast/casttest.c +++ b/crypto/cast/casttest.c @@ -59,6 +59,7 @@ #include #include #include +#include /* To see if OPENSSL_NO_CAST is defined */ #include "../e_os.h" From 0f3879455bab6f06457685fc80748bcbb545439b Mon Sep 17 00:00:00 2001 From: Richard Levitte Date: Thu, 20 Mar 2003 23:21:10 +0000 Subject: [PATCH 162/393] Make sure we get the definition of OPENSSL_EXTERN, OPENSSL_NO_DES, DES_LONG and OPENSSL_NO_DESCBCM. --- crypto/des/des.h | 6 +++--- crypto/des/des_old.h | 4 ++-- crypto/des/ede_cbcm_enc.c | 2 ++ 3 files changed, 7 insertions(+), 5 deletions(-) diff --git a/crypto/des/des.h b/crypto/des/des.h index daaf239dbe..4475143db5 100644 --- a/crypto/des/des.h +++ b/crypto/des/des.h @@ -59,13 +59,13 @@ #ifndef HEADER_NEW_DES_H #define HEADER_NEW_DES_H +#include /* OPENSSL_EXTERN, OPENSSL_NO_DES, + DES_LONG (via openssl/opensslconf.h */ + #ifdef OPENSSL_NO_DES #error DES is disabled. #endif -#include /* DES_LONG */ -#include /* OPENSSL_EXTERN */ - #ifdef OPENSSL_BUILD_SHLIBCRYPTO # undef OPENSSL_EXTERN # define OPENSSL_EXTERN OPENSSL_EXPORT diff --git a/crypto/des/des_old.h b/crypto/des/des_old.h index 1d840b474a..8a238d1ce1 100644 --- a/crypto/des/des_old.h +++ b/crypto/des/des_old.h @@ -91,6 +91,8 @@ #ifndef HEADER_DES_H #define HEADER_DES_H +#include /* OPENSSL_EXTERN, OPENSSL_NO_DES, DES_LONG */ + #ifdef OPENSSL_NO_DES #error DES is disabled. #endif @@ -103,8 +105,6 @@ #error replaces . #endif -#include /* DES_LONG */ -#include /* OPENSSL_EXTERN */ #include #ifdef OPENSSL_BUILD_SHLIBCRYPTO diff --git a/crypto/des/ede_cbcm_enc.c b/crypto/des/ede_cbcm_enc.c index fa45aa272b..adfcb75cf3 100644 --- a/crypto/des/ede_cbcm_enc.c +++ b/crypto/des/ede_cbcm_enc.c @@ -68,6 +68,8 @@ http://www.cs.technion.ac.il/users/wwwb/cgi-bin/tr-get.cgi/1998/CS/CS0928.ps.gz */ +#include /* To see if OPENSSL_NO_DESCBCM is defined */ + #ifndef OPENSSL_NO_DESCBCM #include "des_locl.h" From d3ae5b1c8a01436d6cd51ee603ab79cf41c2a5ce Mon Sep 17 00:00:00 2001 From: Richard Levitte Date: Thu, 20 Mar 2003 23:21:27 +0000 Subject: [PATCH 163/393] Make sure we get the definition of OPENSSL_NO_DH. --- crypto/dh/dh.h | 2 ++ 1 file changed, 2 insertions(+) diff --git a/crypto/dh/dh.h b/crypto/dh/dh.h index 62dba4055c..db4e11090d 100644 --- a/crypto/dh/dh.h +++ b/crypto/dh/dh.h @@ -59,6 +59,8 @@ #ifndef HEADER_DH_H #define HEADER_DH_H +#include + #ifdef OPENSSL_NO_DH #error DH is disabled. #endif From 751ff1d376feae3beaee90ca66dd7fe92e2316d2 Mon Sep 17 00:00:00 2001 From: Richard Levitte Date: Thu, 20 Mar 2003 23:21:51 +0000 Subject: [PATCH 164/393] Make sure we get the definition of OPENSSL_NO_DSA and OPENSSL_NO_SHA. --- crypto/dsa/dsa.h | 2 ++ crypto/dsa/dsa_gen.c | 2 ++ crypto/dsa/dsa_key.c | 2 +- crypto/dsa/dsatest.c | 1 + 4 files changed, 6 insertions(+), 1 deletion(-) diff --git a/crypto/dsa/dsa.h b/crypto/dsa/dsa.h index 6ba79b01df..651add43ae 100644 --- a/crypto/dsa/dsa.h +++ b/crypto/dsa/dsa.h @@ -65,6 +65,8 @@ #ifndef HEADER_DSA_H #define HEADER_DSA_H +#include + #ifdef OPENSSL_NO_DSA #error DSA is disabled. #endif diff --git a/crypto/dsa/dsa_gen.c b/crypto/dsa/dsa_gen.c index 4b9aff3689..dffd588ff1 100644 --- a/crypto/dsa/dsa_gen.c +++ b/crypto/dsa/dsa_gen.c @@ -69,6 +69,8 @@ #define HASH EVP_sha1() #endif +#include /* To see if OPENSSL_NO_SHA is defined */ + #ifndef OPENSSL_NO_SHA #include diff --git a/crypto/dsa/dsa_key.c b/crypto/dsa/dsa_key.c index 48ff1f423c..8427b77970 100644 --- a/crypto/dsa/dsa_key.c +++ b/crypto/dsa/dsa_key.c @@ -56,10 +56,10 @@ * [including the GNU Public Licence.] */ -#ifndef OPENSSL_NO_SHA #include #include #include "cryptlib.h" +#ifndef OPENSSL_NO_SHA #include #include #include diff --git a/crypto/dsa/dsatest.c b/crypto/dsa/dsatest.c index 940d97d0e6..71ff566edb 100644 --- a/crypto/dsa/dsatest.c +++ b/crypto/dsa/dsatest.c @@ -76,6 +76,7 @@ #include #ifndef OPENSSL_NO_ENGINE #include +#include #endif #ifdef OPENSSL_NO_DSA From 87c9c659ded39508fe0ff3ede830306c261ef5cc Mon Sep 17 00:00:00 2001 From: Richard Levitte Date: Thu, 20 Mar 2003 23:22:06 +0000 Subject: [PATCH 165/393] Make sure we get the definition of OPENSSL_NO_EC. --- crypto/ec/ec.h | 2 ++ 1 file changed, 2 insertions(+) diff --git a/crypto/ec/ec.h b/crypto/ec/ec.h index 1013bd8fa4..431a28b38f 100644 --- a/crypto/ec/ec.h +++ b/crypto/ec/ec.h @@ -72,6 +72,8 @@ #ifndef HEADER_EC_H #define HEADER_EC_H +#include + #ifdef OPENSSL_NO_EC #error EC is disabled. #endif From 03829b2b4774d20e40fc61fb4d8b5e8b39bcae6f Mon Sep 17 00:00:00 2001 From: Richard Levitte Date: Thu, 20 Mar 2003 23:22:17 +0000 Subject: [PATCH 166/393] Make sure we get the definition of OPENSSL_NO_ECDH. --- crypto/ecdh/ecdh.h | 2 ++ 1 file changed, 2 insertions(+) diff --git a/crypto/ecdh/ecdh.h b/crypto/ecdh/ecdh.h index cc6d858d61..db6fd48701 100644 --- a/crypto/ecdh/ecdh.h +++ b/crypto/ecdh/ecdh.h @@ -69,6 +69,8 @@ #ifndef HEADER_ECDH_H #define HEADER_ECDH_H +#include + #ifdef OPENSSL_NO_ECDH #error ECDH is disabled. #endif From 3b6aa36c77307dbb22b767b484a62e8e5e4bcc4e Mon Sep 17 00:00:00 2001 From: Richard Levitte Date: Thu, 20 Mar 2003 23:22:31 +0000 Subject: [PATCH 167/393] Make sure we get the definition of OPENSSL_NO_ECDSA. --- crypto/ecdsa/ecdsa.h | 2 ++ crypto/ecdsa/ecdsatest.c | 2 ++ 2 files changed, 4 insertions(+) diff --git a/crypto/ecdsa/ecdsa.h b/crypto/ecdsa/ecdsa.h index d72d0b1363..e82762d35d 100644 --- a/crypto/ecdsa/ecdsa.h +++ b/crypto/ecdsa/ecdsa.h @@ -55,6 +55,8 @@ #ifndef HEADER_ECDSA_H #define HEADER_ECDSA_H +#include + #ifdef OPENSSL_NO_ECDSA #error ECDSA is disabled. #endif diff --git a/crypto/ecdsa/ecdsatest.c b/crypto/ecdsa/ecdsatest.c index 402e988f46..7beae6f739 100644 --- a/crypto/ecdsa/ecdsatest.c +++ b/crypto/ecdsa/ecdsatest.c @@ -79,6 +79,8 @@ #include #include +#include /* To see if OPENSSL_NO_ECDSA is defined */ + #ifdef OPENSSL_NO_ECDSA int main(int argc, char * argv[]) { From e8cc7de4f4be4574dd3b0d87ed9cb66d8dc3b109 Mon Sep 17 00:00:00 2001 From: Richard Levitte Date: Thu, 20 Mar 2003 23:23:43 +0000 Subject: [PATCH 168/393] Make sure we get the definition of OPENSSL_NO_HMAC. --- crypto/hmac/hmac.h | 2 ++ 1 file changed, 2 insertions(+) diff --git a/crypto/hmac/hmac.h b/crypto/hmac/hmac.h index 0364a1fcbd..72077ad19e 100644 --- a/crypto/hmac/hmac.h +++ b/crypto/hmac/hmac.h @@ -58,6 +58,8 @@ #ifndef HEADER_HMAC_H #define HEADER_HMAC_H +#include + #ifdef OPENSSL_NO_HMAC #error HMAC is disabled. #endif From 83054771574f69e31a2d084de7fcbb221fbd057b Mon Sep 17 00:00:00 2001 From: Richard Levitte Date: Thu, 20 Mar 2003 23:24:32 +0000 Subject: [PATCH 169/393] Make sure we get the definition of OPENSSL_NO_IDEA and IDEA_INT. --- crypto/idea/idea.h | 3 ++- 1 file changed, 2 insertions(+), 1 deletion(-) diff --git a/crypto/idea/idea.h b/crypto/idea/idea.h index 67132414ee..5782e54b0f 100644 --- a/crypto/idea/idea.h +++ b/crypto/idea/idea.h @@ -59,6 +59,8 @@ #ifndef HEADER_IDEA_H #define HEADER_IDEA_H +#include /* IDEA_INT, OPENSSL_NO_IDEA */ + #ifdef OPENSSL_NO_IDEA #error IDEA is disabled. #endif @@ -66,7 +68,6 @@ #define IDEA_ENCRYPT 1 #define IDEA_DECRYPT 0 -#include /* IDEA_INT */ #define IDEA_BLOCK 8 #define IDEA_KEY_LENGTH 16 From 08a54f6e6a2bf705eb26489e2023b53e1e99607d Mon Sep 17 00:00:00 2001 From: Richard Levitte Date: Thu, 20 Mar 2003 23:24:47 +0000 Subject: [PATCH 170/393] Make sure we get the definition of OPENSSL_NO_FP_API. --- crypto/err/err.h | 2 ++ crypto/lhash/lhash.h | 1 + 2 files changed, 3 insertions(+) diff --git a/crypto/err/err.h b/crypto/err/err.h index ec895c4d12..95658addf9 100644 --- a/crypto/err/err.h +++ b/crypto/err/err.h @@ -59,6 +59,8 @@ #ifndef HEADER_ERR_H #define HEADER_ERR_H +#include + #ifndef OPENSSL_NO_FP_API #include #include diff --git a/crypto/lhash/lhash.h b/crypto/lhash/lhash.h index dee8207333..7c1d486425 100644 --- a/crypto/lhash/lhash.h +++ b/crypto/lhash/lhash.h @@ -63,6 +63,7 @@ #ifndef HEADER_LHASH_H #define HEADER_LHASH_H +#include #ifndef OPENSSL_NO_FP_API #include #endif From c11b9af75e1b42ca2a9373dde3ae3fac63c297c0 Mon Sep 17 00:00:00 2001 From: Richard Levitte Date: Thu, 20 Mar 2003 23:24:59 +0000 Subject: [PATCH 171/393] Make sure we get the definition of OPENSSL_NO_MD2. --- crypto/md2/md2.h | 2 +- 1 file changed, 1 insertion(+), 1 deletion(-) diff --git a/crypto/md2/md2.h b/crypto/md2/md2.h index ad9241455c..6fcb9b1bdc 100644 --- a/crypto/md2/md2.h +++ b/crypto/md2/md2.h @@ -59,13 +59,13 @@ #ifndef HEADER_MD2_H #define HEADER_MD2_H +#include /* OPENSSL_NO_MD2, MD2_INT */ #ifdef OPENSSL_NO_MD2 #error MD2 is disabled. #endif #define MD2_DIGEST_LENGTH 16 #define MD2_BLOCK 16 -#include /* MD2_INT */ #ifdef __cplusplus extern "C" { From 59ade20500db906b11a9e7420ee811d210fe0aa2 Mon Sep 17 00:00:00 2001 From: Richard Levitte Date: Thu, 20 Mar 2003 23:26:32 +0000 Subject: [PATCH 172/393] Include e_os.h correctly. --- crypto/threads/th-lock.c | 2 +- 1 file changed, 1 insertion(+), 1 deletion(-) diff --git a/crypto/threads/th-lock.c b/crypto/threads/th-lock.c index a6a79b9f45..14aae5f912 100644 --- a/crypto/threads/th-lock.c +++ b/crypto/threads/th-lock.c @@ -80,7 +80,7 @@ #include #include #include -#include +#include "../../e_os.h" #include #include #include From 741dae576fdfaaa4030e386791edc32852388286 Mon Sep 17 00:00:00 2001 From: Richard Levitte Date: Thu, 20 Mar 2003 23:26:46 +0000 Subject: [PATCH 173/393] Make sure we get the definition of OPENSSL_NO_BIO. --- crypto/pem/pem.h | 2 +- crypto/txt_db/txt_db.h | 1 + 2 files changed, 2 insertions(+), 1 deletion(-) diff --git a/crypto/pem/pem.h b/crypto/pem/pem.h index 02dd9f2b67..57a2cfe92c 100644 --- a/crypto/pem/pem.h +++ b/crypto/pem/pem.h @@ -59,6 +59,7 @@ #ifndef HEADER_PEM_H #define HEADER_PEM_H +#include #ifndef OPENSSL_NO_BIO #include #endif @@ -68,7 +69,6 @@ #include #include #include -#include #ifdef __cplusplus extern "C" { diff --git a/crypto/txt_db/txt_db.h b/crypto/txt_db/txt_db.h index 563392aeff..c98e287703 100644 --- a/crypto/txt_db/txt_db.h +++ b/crypto/txt_db/txt_db.h @@ -59,6 +59,7 @@ #ifndef HEADER_TXT_DB_H #define HEADER_TXT_DB_H +#include #ifndef OPENSSL_NO_BIO #include #endif From d5ef1442227796e65d6bf149ac464bc670c5aa98 Mon Sep 17 00:00:00 2001 From: Richard Levitte Date: Thu, 20 Mar 2003 23:27:17 +0000 Subject: [PATCH 174/393] Make sure we get the definition of a number of OPENSSL_NO_* macros. --- crypto/x509/x509.h | 2 +- crypto/x509/x509_vfy.h | 1 + 2 files changed, 2 insertions(+), 1 deletion(-) diff --git a/crypto/x509/x509.h b/crypto/x509/x509.h index f1ccc0f041..53a8f6c758 100644 --- a/crypto/x509/x509.h +++ b/crypto/x509/x509.h @@ -64,6 +64,7 @@ #ifndef HEADER_X509_H #define HEADER_X509_H +#include #include #ifndef OPENSSL_NO_BUFFER #include @@ -104,7 +105,6 @@ #ifndef OPENSSL_NO_SHA #include #endif -#include #include #ifdef __cplusplus diff --git a/crypto/x509/x509_vfy.h b/crypto/x509/x509_vfy.h index f0be21f452..3a0ccbe48d 100644 --- a/crypto/x509/x509_vfy.h +++ b/crypto/x509/x509_vfy.h @@ -65,6 +65,7 @@ #ifndef HEADER_X509_VFY_H #define HEADER_X509_VFY_H +#include #ifndef OPENSSL_NO_LHASH #include #endif From 8c84b677e29487b168a700a917dcf58d377a2fba Mon Sep 17 00:00:00 2001 From: Richard Levitte Date: Thu, 20 Mar 2003 23:28:03 +0000 Subject: [PATCH 175/393] Make sure we get the definition of OPENSSL_NO_AES. --- crypto/evp/e_aes.c | 1 + 1 file changed, 1 insertion(+) diff --git a/crypto/evp/e_aes.c b/crypto/evp/e_aes.c index c323fa2892..bf7c45fa2c 100644 --- a/crypto/evp/e_aes.c +++ b/crypto/evp/e_aes.c @@ -48,6 +48,7 @@ * */ +#include #ifndef OPENSSL_NO_AES #include #include From abf21308d28dc1de4b533bdecae6a7bd4143ab6c Mon Sep 17 00:00:00 2001 From: Richard Levitte Date: Thu, 20 Mar 2003 23:28:16 +0000 Subject: [PATCH 176/393] Make sure we get the definition of OPENSSL_NO_BF. --- crypto/evp/e_bf.c | 2 +- 1 file changed, 1 insertion(+), 1 deletion(-) diff --git a/crypto/evp/e_bf.c b/crypto/evp/e_bf.c index e74337567b..cc224e5363 100644 --- a/crypto/evp/e_bf.c +++ b/crypto/evp/e_bf.c @@ -56,9 +56,9 @@ * [including the GNU Public Licence.] */ -#ifndef OPENSSL_NO_BF #include #include "cryptlib.h" +#ifndef OPENSSL_NO_BF #include #include "evp_locl.h" #include From fb10590910a801dd0a1012e9df53a069a2dbd73c Mon Sep 17 00:00:00 2001 From: Richard Levitte Date: Thu, 20 Mar 2003 23:28:27 +0000 Subject: [PATCH 177/393] Make sure we get the definition of OPENSSL_NO_CAST. --- crypto/evp/e_cast.c | 4 ++-- 1 file changed, 2 insertions(+), 2 deletions(-) diff --git a/crypto/evp/e_cast.c b/crypto/evp/e_cast.c index 3400fef187..d77bcd9298 100644 --- a/crypto/evp/e_cast.c +++ b/crypto/evp/e_cast.c @@ -56,10 +56,10 @@ * [including the GNU Public Licence.] */ -#ifndef OPENSSL_NO_CAST - #include #include "cryptlib.h" + +#ifndef OPENSSL_NO_CAST #include #include #include "evp_locl.h" From 786b0075d5c07a1211d35c2db214632901b90b5b Mon Sep 17 00:00:00 2001 From: Richard Levitte Date: Thu, 20 Mar 2003 23:28:55 +0000 Subject: [PATCH 178/393] Make sure we get the definition of OPENSSL_NO_IDEA. --- crypto/evp/e_idea.c | 4 ++-- 1 file changed, 2 insertions(+), 2 deletions(-) diff --git a/crypto/evp/e_idea.c b/crypto/evp/e_idea.c index b9efa75ae7..48c33a774a 100644 --- a/crypto/evp/e_idea.c +++ b/crypto/evp/e_idea.c @@ -56,10 +56,10 @@ * [including the GNU Public Licence.] */ -#ifndef OPENSSL_NO_IDEA - #include #include "cryptlib.h" + +#ifndef OPENSSL_NO_IDEA #include #include #include "evp_locl.h" From c7e7fc3ee42c03313b4957ea23db3b6f40d3affb Mon Sep 17 00:00:00 2001 From: Richard Levitte Date: Thu, 20 Mar 2003 23:29:06 +0000 Subject: [PATCH 179/393] Make sure we get the definition of OPENSSL_NO_RC2. --- crypto/evp/e_rc2.c | 5 +++-- crypto/rc2/rc2.h | 2 +- 2 files changed, 4 insertions(+), 3 deletions(-) diff --git a/crypto/evp/e_rc2.c b/crypto/evp/e_rc2.c index d42cbfd17e..3932f60e59 100644 --- a/crypto/evp/e_rc2.c +++ b/crypto/evp/e_rc2.c @@ -56,10 +56,11 @@ * [including the GNU Public Licence.] */ -#ifndef OPENSSL_NO_RC2 - #include #include "cryptlib.h" + +#ifndef OPENSSL_NO_RC2 + #include #include #include "evp_locl.h" diff --git a/crypto/rc2/rc2.h b/crypto/rc2/rc2.h index 7816b454dc..34c8362317 100644 --- a/crypto/rc2/rc2.h +++ b/crypto/rc2/rc2.h @@ -59,6 +59,7 @@ #ifndef HEADER_RC2_H #define HEADER_RC2_H +#include /* OPENSSL_NO_RC2, RC2_INT */ #ifdef OPENSSL_NO_RC2 #error RC2 is disabled. #endif @@ -66,7 +67,6 @@ #define RC2_ENCRYPT 1 #define RC2_DECRYPT 0 -#include /* RC2_INT */ #define RC2_BLOCK 8 #define RC2_KEY_LENGTH 16 From 39c4b7092c2acb0051c57fb0f6c05490cf7274c4 Mon Sep 17 00:00:00 2001 From: Richard Levitte Date: Thu, 20 Mar 2003 23:29:17 +0000 Subject: [PATCH 180/393] Make sure we get the definition of OPENSSL_NO_RC4. --- crypto/evp/e_rc4.c | 5 +++-- crypto/rc4/rc4.h | 3 +-- 2 files changed, 4 insertions(+), 4 deletions(-) diff --git a/crypto/evp/e_rc4.c b/crypto/evp/e_rc4.c index d58f507837..eadd8d4274 100644 --- a/crypto/evp/e_rc4.c +++ b/crypto/evp/e_rc4.c @@ -56,10 +56,11 @@ * [including the GNU Public Licence.] */ -#ifndef OPENSSL_NO_RC4 - #include #include "cryptlib.h" + +#ifndef OPENSSL_NO_RC4 + #include #include #include diff --git a/crypto/rc4/rc4.h b/crypto/rc4/rc4.h index 8722091f2e..7aec04fe93 100644 --- a/crypto/rc4/rc4.h +++ b/crypto/rc4/rc4.h @@ -59,12 +59,11 @@ #ifndef HEADER_RC4_H #define HEADER_RC4_H +#include /* OPENSSL_NO_RC4, RC4_INT */ #ifdef OPENSSL_NO_RC4 #error RC4 is disabled. #endif -#include /* RC4_INT */ - #ifdef __cplusplus extern "C" { #endif From f118514501c5fdd2c5b83130eba94df47c57c474 Mon Sep 17 00:00:00 2001 From: Richard Levitte Date: Thu, 20 Mar 2003 23:29:26 +0000 Subject: [PATCH 181/393] Make sure we get the definition of OPENSSL_NO_RC5. --- crypto/evp/e_rc5.c | 5 +++-- crypto/rc5/rc5.h | 2 ++ 2 files changed, 5 insertions(+), 2 deletions(-) diff --git a/crypto/evp/e_rc5.c b/crypto/evp/e_rc5.c index 3c7713b181..19a10c6402 100644 --- a/crypto/evp/e_rc5.c +++ b/crypto/evp/e_rc5.c @@ -56,10 +56,11 @@ * [including the GNU Public Licence.] */ -#ifndef OPENSSL_NO_RC5 - #include #include "cryptlib.h" + +#ifndef OPENSSL_NO_RC5 + #include #include #include "evp_locl.h" diff --git a/crypto/rc5/rc5.h b/crypto/rc5/rc5.h index 4adfd2db5a..4b3c153b50 100644 --- a/crypto/rc5/rc5.h +++ b/crypto/rc5/rc5.h @@ -59,6 +59,8 @@ #ifndef HEADER_RC5_H #define HEADER_RC5_H +#include /* OPENSSL_NO_RC5 */ + #ifdef __cplusplus extern "C" { #endif From 9e9e8cb6a8c26210f65823e2b28f7e4eb47817f5 Mon Sep 17 00:00:00 2001 From: Richard Levitte Date: Thu, 20 Mar 2003 23:29:38 +0000 Subject: [PATCH 182/393] Make sure we get the definition of OPENSSL_NO_DES. --- crypto/evp/e_des.c | 2 +- crypto/evp/e_des3.c | 2 +- crypto/evp/e_xcbc_d.c | 4 +++- 3 files changed, 5 insertions(+), 3 deletions(-) diff --git a/crypto/evp/e_des.c b/crypto/evp/e_des.c index 105266a4b3..92f6ebc343 100644 --- a/crypto/evp/e_des.c +++ b/crypto/evp/e_des.c @@ -56,9 +56,9 @@ * [including the GNU Public Licence.] */ -#ifndef OPENSSL_NO_DES #include #include "cryptlib.h" +#ifndef OPENSSL_NO_DES #include #include #include "evp_locl.h" diff --git a/crypto/evp/e_des3.c b/crypto/evp/e_des3.c index 077860e7b6..e036d07ba9 100644 --- a/crypto/evp/e_des3.c +++ b/crypto/evp/e_des3.c @@ -56,9 +56,9 @@ * [including the GNU Public Licence.] */ -#ifndef OPENSSL_NO_DES #include #include "cryptlib.h" +#ifndef OPENSSL_NO_DES #include #include #include "evp_locl.h" diff --git a/crypto/evp/e_xcbc_d.c b/crypto/evp/e_xcbc_d.c index a6f849e93d..cb82815a82 100644 --- a/crypto/evp/e_xcbc_d.c +++ b/crypto/evp/e_xcbc_d.c @@ -56,9 +56,11 @@ * [including the GNU Public Licence.] */ -#ifndef OPENSSL_NO_DES #include #include "cryptlib.h" + +#ifndef OPENSSL_NO_DES + #include #include #include From 641e6ef2cbc6f58bb02504a7c6bdb07a41715482 Mon Sep 17 00:00:00 2001 From: Richard Levitte Date: Thu, 20 Mar 2003 23:30:04 +0000 Subject: [PATCH 183/393] Make sure we get the definition of OPENSSL_NO_MD2. --- crypto/evp/m_md2.c | 4 +++- 1 file changed, 3 insertions(+), 1 deletion(-) diff --git a/crypto/evp/m_md2.c b/crypto/evp/m_md2.c index 50914c83b3..38ce7f8cd7 100644 --- a/crypto/evp/m_md2.c +++ b/crypto/evp/m_md2.c @@ -56,9 +56,11 @@ * [including the GNU Public Licence.] */ -#ifndef OPENSSL_NO_MD2 #include #include "cryptlib.h" + +#ifndef OPENSSL_NO_MD2 + #include #include #include From bff8e1dddbfaf4eb1f4f8a4e7c56c7cb0c645231 Mon Sep 17 00:00:00 2001 From: Richard Levitte Date: Thu, 20 Mar 2003 23:31:24 +0000 Subject: [PATCH 184/393] Make sure we get the definition of OPENSSL_NO_MD4. --- crypto/evp/m_md4.c | 4 +++- 1 file changed, 3 insertions(+), 1 deletion(-) diff --git a/crypto/evp/m_md4.c b/crypto/evp/m_md4.c index e19b663754..a3f6be4f3b 100644 --- a/crypto/evp/m_md4.c +++ b/crypto/evp/m_md4.c @@ -56,9 +56,11 @@ * [including the GNU Public Licence.] */ -#ifndef OPENSSL_NO_MD4 #include #include "cryptlib.h" + +#ifndef OPENSSL_NO_MD4 + #include #include #include From c988c9b839bb0109b996eb47b0bb75347ea74d45 Mon Sep 17 00:00:00 2001 From: Richard Levitte Date: Thu, 20 Mar 2003 23:31:34 +0000 Subject: [PATCH 185/393] Make sure we get the definition of OPENSSL_NO_MD5. --- crypto/evp/m_md5.c | 4 +++- 1 file changed, 3 insertions(+), 1 deletion(-) diff --git a/crypto/evp/m_md5.c b/crypto/evp/m_md5.c index b00a03e048..cc4216a538 100644 --- a/crypto/evp/m_md5.c +++ b/crypto/evp/m_md5.c @@ -56,9 +56,11 @@ * [including the GNU Public Licence.] */ -#ifndef OPENSSL_NO_MD5 #include #include "cryptlib.h" + +#ifndef OPENSSL_NO_MD5 + #include #include #include From cd6ab56da0213d2a241e07fa67b07f257322d2e0 Mon Sep 17 00:00:00 2001 From: Richard Levitte Date: Thu, 20 Mar 2003 23:31:44 +0000 Subject: [PATCH 186/393] Make sure we get the definition of OPENSSL_NO_MDC2. --- crypto/evp/m_mdc2.c | 4 +++- 1 file changed, 3 insertions(+), 1 deletion(-) diff --git a/crypto/evp/m_mdc2.c b/crypto/evp/m_mdc2.c index 9f6467c931..58df547e0c 100644 --- a/crypto/evp/m_mdc2.c +++ b/crypto/evp/m_mdc2.c @@ -56,9 +56,11 @@ * [including the GNU Public Licence.] */ -#ifndef OPENSSL_NO_MDC2 #include #include "cryptlib.h" + +#ifndef OPENSSL_NO_MDC2 + #include #include #include From dfefdb41f76d842df68ee0a3e8e7d71cc79eed3f Mon Sep 17 00:00:00 2001 From: Richard Levitte Date: Thu, 20 Mar 2003 23:31:56 +0000 Subject: [PATCH 187/393] Make sure we get the definition of OPENSSL_NO_RIPEMD. --- crypto/evp/m_ripemd.c | 4 +++- 1 file changed, 3 insertions(+), 1 deletion(-) diff --git a/crypto/evp/m_ripemd.c b/crypto/evp/m_ripemd.c index 64725528dc..ca8ed75851 100644 --- a/crypto/evp/m_ripemd.c +++ b/crypto/evp/m_ripemd.c @@ -56,9 +56,11 @@ * [including the GNU Public Licence.] */ -#ifndef OPENSSL_NO_RIPEMD #include #include "cryptlib.h" + +#ifndef OPENSSL_NO_RIPEMD + #include #include #include From 69104cdf34462d4973e6bdddaf0ffb9cba041fb8 Mon Sep 17 00:00:00 2001 From: Richard Levitte Date: Thu, 20 Mar 2003 23:32:16 +0000 Subject: [PATCH 188/393] Make sure we get the definition of OPENSSL_NO_SHA. --- crypto/evp/m_dss1.c | 4 +++- crypto/evp/m_sha.c | 4 +++- crypto/evp/m_sha1.c | 4 +++- 3 files changed, 9 insertions(+), 3 deletions(-) diff --git a/crypto/evp/m_dss1.c b/crypto/evp/m_dss1.c index f5668ebda0..9a0ebe0a50 100644 --- a/crypto/evp/m_dss1.c +++ b/crypto/evp/m_dss1.c @@ -56,9 +56,11 @@ * [including the GNU Public Licence.] */ -#ifndef OPENSSL_NO_SHA #include #include "cryptlib.h" + +#ifndef OPENSSL_NO_SHA + #include #include #include diff --git a/crypto/evp/m_sha.c b/crypto/evp/m_sha.c index 10697c7ed3..a3343bb2eb 100644 --- a/crypto/evp/m_sha.c +++ b/crypto/evp/m_sha.c @@ -56,9 +56,11 @@ * [including the GNU Public Licence.] */ -#ifndef OPENSSL_NO_SHA #include #include "cryptlib.h" + +#ifndef OPENSSL_NO_SHA + #include #include #include diff --git a/crypto/evp/m_sha1.c b/crypto/evp/m_sha1.c index d6be3502f0..838225bf84 100644 --- a/crypto/evp/m_sha1.c +++ b/crypto/evp/m_sha1.c @@ -56,9 +56,11 @@ * [including the GNU Public Licence.] */ -#ifndef OPENSSL_NO_SHA #include #include "cryptlib.h" + +#ifndef OPENSSL_NO_SHA + #include #include #include From 9c35452842cc2e3a4ed1a6a67ca312740d13c4e3 Mon Sep 17 00:00:00 2001 From: Richard Levitte Date: Thu, 20 Mar 2003 23:34:08 +0000 Subject: [PATCH 189/393] Make sure we get the definition of OPENSSL_NO_HMAC and OPENSSL_NO_SHA. --- crypto/evp/p5_crpt2.c | 2 +- 1 file changed, 1 insertion(+), 1 deletion(-) diff --git a/crypto/evp/p5_crpt2.c b/crypto/evp/p5_crpt2.c index 1f94e1ef88..b161d7664a 100644 --- a/crypto/evp/p5_crpt2.c +++ b/crypto/evp/p5_crpt2.c @@ -55,10 +55,10 @@ * Hudson (tjh@cryptsoft.com). * */ -#if !defined(OPENSSL_NO_HMAC) && !defined(OPENSSL_NO_SHA) #include #include #include "cryptlib.h" +#if !defined(OPENSSL_NO_HMAC) && !defined(OPENSSL_NO_SHA) #include #include #include From be9bec9bc77fdfe81cab9b6312ccdc4817e37938 Mon Sep 17 00:00:00 2001 From: Richard Levitte Date: Thu, 20 Mar 2003 23:34:28 +0000 Subject: [PATCH 190/393] Make sure we get the definition of OPENSSL_NO_RSA. --- crypto/evp/p_open.c | 4 +++- 1 file changed, 3 insertions(+), 1 deletion(-) diff --git a/crypto/evp/p_open.c b/crypto/evp/p_open.c index 5a933d1cda..bc3940847d 100644 --- a/crypto/evp/p_open.c +++ b/crypto/evp/p_open.c @@ -56,9 +56,11 @@ * [including the GNU Public Licence.] */ -#ifndef OPENSSL_NO_RSA #include #include "cryptlib.h" + +#ifndef OPENSSL_NO_RSA + #include #include #include From 37892848074f79f91d71a16eed4d8dcef76a274e Mon Sep 17 00:00:00 2001 From: Richard Levitte Date: Thu, 20 Mar 2003 23:51:35 +0000 Subject: [PATCH 191/393] Sometimes, we have partial comments on the same line as other stuff we parse. Make sure to read in the whole comment, so it can be entirely removed. --- util/mkdef.pl | 4 ++++ util/pl/VC-16.pl | 2 +- util/pl/VC-CE.pl | 4 ++-- 3 files changed, 7 insertions(+), 3 deletions(-) diff --git a/util/mkdef.pl b/util/mkdef.pl index 3091e2035b..dc5b12b904 100755 --- a/util/mkdef.pl +++ b/util/mkdef.pl @@ -448,6 +448,10 @@ sub do_defs } s/\/\*.*?\*\///gs; # ignore comments + if (/\/\*/) { # if we have part + $line = $_; # of a comment, + next; # continue reading + } s/{[^{}]*}//gs; # ignore {} blocks print STDERR "DEBUG: \$def=\"$def\"\n" if $debug && $def ne ""; print STDERR "DEBUG: \$_=\"$_\"\n" if $debug; diff --git a/util/pl/VC-16.pl b/util/pl/VC-16.pl index 7cda5e67a9..ab97c4c9b8 100644 --- a/util/pl/VC-16.pl +++ b/util/pl/VC-16.pl @@ -44,7 +44,7 @@ if ($win16) else { $no_sock=1; - $cflags.=" -DMSDOS"; + $cflags.=" -DOPENSSL_SYSNAME_MSDOS"; $lflags.=" /EXEPACK"; $ex_libs.="oldnames.lib llibce.lib"; } diff --git a/util/pl/VC-CE.pl b/util/pl/VC-CE.pl index 1805ef9d97..3267cd4893 100644 --- a/util/pl/VC-CE.pl +++ b/util/pl/VC-CE.pl @@ -12,7 +12,7 @@ $rm='del'; # C compiler stuff $cc='$(CC)'; -$cflags=' /W3 /WX /Ox /O2 /Ob2 /Gs0 /GF /Gy /nologo $(WCETARGETDEFS) -DUNICODE -D_UNICODE -DWIN32 -DWIN32_LEAN_AND_MEAN -DL_ENDIAN -DDSO_WIN32 -DNO_CHMOD -I$(WCECOMPAT)/include'; +$cflags=' /W3 /WX /Ox /O2 /Ob2 /Gs0 /GF /Gy /nologo $(WCETARGETDEFS) -DUNICODE -D_UNICODE -DOPENSSL_SYSNAME_WINCE -DWIN32_LEAN_AND_MEAN -DL_ENDIAN -DDSO_WIN32 -DNO_CHMOD -I$(WCECOMPAT)/include'; $lflags='/nologo /subsystem:windowsce,$(WCELDVERSION) /machine:$(WCELDMACHINE) /opt:ref'; $mlflags=''; @@ -22,7 +22,7 @@ $inc_def="inc32"; if ($debug) { - $cflags=" /MDd /W3 /WX /Zi /Yd /Od /nologo -DWIN32 -D_DEBUG -DL_ENDIAN -DWIN32_LEAN_AND_MEAN -DDEBUG -DDSO_WIN32"; + $cflags=" /MDd /W3 /WX /Zi /Yd /Od /nologo -DOPENSSL_SYSNAME_WINCE -D_DEBUG -DL_ENDIAN -DWIN32_LEAN_AND_MEAN -DDEBUG -DDSO_WIN32"; $lflags.=" /debug"; $mlflags.=' /debug'; } From 543105ac17fb62a1921cca1d7a90808bc8e70a13 Mon Sep 17 00:00:00 2001 From: Richard Levitte Date: Thu, 20 Mar 2003 23:52:41 +0000 Subject: [PATCH 192/393] Don't put configuration macro definitions on the command line, we're just fooling ourselves and then screwing up for other applications. --- Configure | 40 ++++++++++++++++++++-------------------- 1 file changed, 20 insertions(+), 20 deletions(-) diff --git a/Configure b/Configure index 616a9c170e..54536235f7 100755 --- a/Configure +++ b/Configure @@ -688,7 +688,7 @@ PROCESS_ARGS: elsif (/^no-asm$/) { $no_asm=1; - $flags .= "-DOPENSSL_NO_ASM "; + #$flags .= "-DOPENSSL_NO_ASM "; $openssl_other_defines .= "#define OPENSSL_NO_ASM\n"; } elsif (/^no-err$/) @@ -700,12 +700,12 @@ PROCESS_ARGS: { my $hw=$1; $hw =~ tr/[a-z]/[A-Z]/; - $flags .= "-DOPENSSL_NO_HW_$hw "; + #$flags .= "-DOPENSSL_NO_HW_$hw "; $openssl_other_defines .= "#define OPENSSL_NO_HW_$hw\n"; } elsif (/^no-hw$/) { - $flags .= "-DOPENSSL_NO_HW "; + #$flags .= "-DOPENSSL_NO_HW "; $openssl_other_defines .= "#define OPENSSL_NO_HW\n"; } elsif (/^no-dso$/) @@ -741,22 +741,22 @@ PROCESS_ARGS: my $algo=$1; push @skip,$algo; $algo =~ tr/[a-z]/[A-Z]/; - $flags .= "-DOPENSSL_NO_$algo "; - $depflags .= "-DOPENSSL_NO_$algo "; + #$flags .= "-DOPENSSL_NO_$algo "; + #$depflags .= "-DOPENSSL_NO_$algo "; $openssl_algorithm_defines .= "#define OPENSSL_NO_$algo\n"; if ($algo eq "RIJNDAEL") { push @skip, "aes"; - $flags .= "-DOPENSSL_NO_AES "; - $depflags .= "-DOPENSSL_NO_AES "; + #$flags .= "-DOPENSSL_NO_AES "; + #$depflags .= "-DOPENSSL_NO_AES "; $openssl_algorithm_defines .= "#define OPENSSL_NO_AES\n"; } if ($algo eq "DES") { push @skip, "mdc2"; $options .= " no-mdc2"; - $flags .= "-DOPENSSL_NO_MDC2 "; - $depflags .= "-DOPENSSL_NO_MDC2 "; + #$flags .= "-DOPENSSL_NO_MDC2 "; + #$depflags .= "-DOPENSSL_NO_MDC2 "; $openssl_algorithm_defines .= "#define OPENSSL_NO_MDC2\n"; } if ($algo eq "EC") @@ -892,24 +892,24 @@ $no_tls1=1 if ($no_dh); if ($no_ssl2) { push @skip,"SSL2"; - $flags .= "-DOPENSSL_NO_SSL2 "; - $depflags .= "-DOPENSSL_NO_SSL2 "; + #$flags .= "-DOPENSSL_NO_SSL2 "; + #$depflags .= "-DOPENSSL_NO_SSL2 "; $openssl_algorithm_defines .= "#define OPENSSL_NO_SSL2\n"; } if ($no_ssl3) { push @skip,"SSL3"; - $flags .= "-DOPENSSL_NO_SSL3 "; - $depflags .= "-DOPENSSL_NO_SSL3 "; + #$flags .= "-DOPENSSL_NO_SSL3 "; + #$depflags .= "-DOPENSSL_NO_SSL3 "; $openssl_algorithm_defines .= "#define OPENSSL_NO_SSL3\n"; } if ($no_tls1) { push @skip,"TLS1"; - $flags .= "-DOPENSSL_NO_TLS1 "; - $depflags .= "-DOPENSSL_NO_TLS1 "; + #$flags .= "-DOPENSSL_NO_TLS1 "; + #$depflags .= "-DOPENSSL_NO_TLS1 "; $openssl_algorithm_defines .= "#define OPENSSL_NO_TLS1\n"; } @@ -987,7 +987,7 @@ if ($no_krb5 || !defined($withargs{"krb5-flavor"}) || $withargs{"krb5-flavor"} eq "") { - $cflags="-DOPENSSL_NO_KRB5 $cflags"; + #$cflags="-DOPENSSL_NO_KRB5 $cflags"; $options.=" no-krb5" unless $no_krb5; $openssl_algorithm_defines .= "#define OPENSSL_NO_KRB5\n"; } @@ -1113,7 +1113,7 @@ if (!$no_shared) if ($threads) { - $cflags=$thread_cflags; + #$cflags=$thread_cflags; $openssl_thread_defines .= $thread_defines; } @@ -1141,18 +1141,18 @@ if (!$no_shared) if ($no_shared) { - $cflags="-DOPENSSL_NO_DYNAMIC_ENGINE $cflags"; + #$cflags="-DOPENSSL_NO_DYNAMIC_ENGINE $cflags"; $openssl_other_defines.="#define OPENSSL_NO_DYNAMIC_ENGINE\n"; } else { - $cflags="-DOPENSSL_NO_STATIC_ENGINE $cflags"; + #$cflags="-DOPENSSL_NO_STATIC_ENGINE $cflags"; $openssl_other_defines.="#define OPENSSL_NO_STATIC_ENGINE\n"; } if ($sys_id ne "") { - $cflags="-DOPENSSL_SYSNAME_$sys_id $cflags"; + #$cflags="-DOPENSSL_SYSNAME_$sys_id $cflags"; $openssl_sys_defines="#define OPENSSL_SYSNAME_$sys_id\n"; } From ea17e1f00f655a80cbb72a0b842387cd95b55c7e Mon Sep 17 00:00:00 2001 From: Richard Levitte Date: Thu, 20 Mar 2003 23:54:33 +0000 Subject: [PATCH 193/393] make update --- crypto/rc5/Makefile.ssl | 16 ++++++++++------ test/Makefile.ssl | 14 ++++---------- 2 files changed, 14 insertions(+), 16 deletions(-) diff --git a/crypto/rc5/Makefile.ssl b/crypto/rc5/Makefile.ssl index 3ad6655946..fcdeb1e81e 100644 --- a/crypto/rc5/Makefile.ssl +++ b/crypto/rc5/Makefile.ssl @@ -99,9 +99,13 @@ clean: # DO NOT DELETE THIS LINE -- make depend depends on it. -rc5_ecb.o: ../../include/openssl/opensslv.h ../../include/openssl/rc5.h -rc5_ecb.o: rc5_ecb.c rc5_locl.h -rc5_enc.o: ../../include/openssl/rc5.h rc5_enc.c rc5_locl.h -rc5_skey.o: ../../include/openssl/rc5.h rc5_locl.h rc5_skey.c -rc5cfb64.o: ../../include/openssl/rc5.h rc5_locl.h rc5cfb64.c -rc5ofb64.o: ../../include/openssl/rc5.h rc5_locl.h rc5ofb64.c +rc5_ecb.o: ../../include/openssl/opensslconf.h ../../include/openssl/opensslv.h +rc5_ecb.o: ../../include/openssl/rc5.h rc5_ecb.c rc5_locl.h +rc5_enc.o: ../../include/openssl/opensslconf.h ../../include/openssl/rc5.h +rc5_enc.o: rc5_enc.c rc5_locl.h +rc5_skey.o: ../../include/openssl/opensslconf.h ../../include/openssl/rc5.h +rc5_skey.o: rc5_locl.h rc5_skey.c +rc5cfb64.o: ../../include/openssl/opensslconf.h ../../include/openssl/rc5.h +rc5cfb64.o: rc5_locl.h rc5cfb64.c +rc5ofb64.o: ../../include/openssl/opensslconf.h ../../include/openssl/rc5.h +rc5ofb64.o: rc5_locl.h rc5ofb64.c diff --git a/test/Makefile.ssl b/test/Makefile.ssl index 2b61e6f007..61cb2af7a8 100644 --- a/test/Makefile.ssl +++ b/test/Makefile.ssl @@ -822,16 +822,10 @@ dsatest.o: ../include/openssl/opensslv.h ../include/openssl/ossl_typ.h dsatest.o: ../include/openssl/rand.h ../include/openssl/rsa.h dsatest.o: ../include/openssl/safestack.h ../include/openssl/stack.h dsatest.o: ../include/openssl/symhacks.h ../include/openssl/ui.h dsatest.c -ecdhtest.o: ../e_os.h ../include/openssl/asn1.h ../include/openssl/bio.h -ecdhtest.o: ../include/openssl/bn.h ../include/openssl/crypto.h -ecdhtest.o: ../include/openssl/e_os2.h ../include/openssl/ec.h -ecdhtest.o: ../include/openssl/ecdh.h ../include/openssl/err.h -ecdhtest.o: ../include/openssl/lhash.h ../include/openssl/obj_mac.h -ecdhtest.o: ../include/openssl/objects.h ../include/openssl/opensslconf.h -ecdhtest.o: ../include/openssl/opensslv.h ../include/openssl/ossl_typ.h -ecdhtest.o: ../include/openssl/rand.h ../include/openssl/safestack.h -ecdhtest.o: ../include/openssl/sha.h ../include/openssl/stack.h -ecdhtest.o: ../include/openssl/symhacks.h ecdhtest.c +ecdhtest.o: ../include/openssl/buffer.h ../include/openssl/crypto.h +ecdhtest.o: ../include/openssl/e_os2.h ../include/openssl/opensslconf.h +ecdhtest.o: ../include/openssl/opensslv.h ../include/openssl/safestack.h +ecdhtest.o: ../include/openssl/stack.h ../include/openssl/symhacks.h ecdhtest.c ecdsatest.o: ../include/openssl/asn1.h ../include/openssl/bio.h ecdsatest.o: ../include/openssl/bn.h ../include/openssl/crypto.h ecdsatest.o: ../include/openssl/dh.h ../include/openssl/dsa.h From 8b5bcef7981ed9c561619fed3a6000b5c6ee6b95 Mon Sep 17 00:00:00 2001 From: Richard Levitte Date: Fri, 21 Mar 2003 00:04:14 +0000 Subject: [PATCH 194/393] Make sure to declare mem*() properly. --- crypto/ecdh/ech_ossl.c | 1 + 1 file changed, 1 insertion(+) diff --git a/crypto/ecdh/ech_ossl.c b/crypto/ecdh/ech_ossl.c index 076eb2ea1f..b3cff5ad90 100644 --- a/crypto/ecdh/ech_ossl.c +++ b/crypto/ecdh/ech_ossl.c @@ -68,6 +68,7 @@ */ +#include #include #include "cryptlib.h" From 9b94f215b11e5d6048c62c505e1ce9e0f222283b Mon Sep 17 00:00:00 2001 From: Richard Levitte Date: Fri, 21 Mar 2003 00:05:14 +0000 Subject: [PATCH 195/393] Define COMP method function prototypes properly. --- crypto/comp/comp.h | 23 +++++++++++++++-------- 1 file changed, 15 insertions(+), 8 deletions(-) diff --git a/crypto/comp/comp.h b/crypto/comp/comp.h index ab48b78ae9..5d59354a57 100644 --- a/crypto/comp/comp.h +++ b/crypto/comp/comp.h @@ -8,19 +8,26 @@ extern "C" { #endif +typedef struct comp_ctx_st COMP_CTX; + typedef struct comp_method_st { int type; /* NID for compression library */ const char *name; /* A text string to identify the library */ - int (*init)(); - void (*finish)(); - int (*compress)(); - int (*expand)(); - long (*ctrl)(); - long (*callback_ctrl)(); + int (*init)(COMP_CTX *ctx); + void (*finish)(COMP_CTX *ctx); + int (*compress)(COMP_CTX *ctx, + unsigned char *out, unsigned int olen, + unsigned char *in, unsigned int ilen); + int (*expand)(COMP_CTX *ctx, + unsigned char *out, unsigned int olen, + unsigned char *in, unsigned int ilen); + /* The following two do NOTHING, but are kept for backward compatibility */ + long (*ctrl)(void); + long (*callback_ctrl)(void); } COMP_METHOD; -typedef struct comp_ctx_st +struct comp_ctx_st { COMP_METHOD *meth; unsigned long compress_in; @@ -29,7 +36,7 @@ typedef struct comp_ctx_st unsigned long expand_out; CRYPTO_EX_DATA ex_data; - } COMP_CTX; + }; COMP_CTX *COMP_CTX_new(COMP_METHOD *meth); From 33b34a9d8fd187fdcf36a2d3d7a3f56fee92ef27 Mon Sep 17 00:00:00 2001 From: =?UTF-8?q?Bodo=20M=C3=B6ller?= Date: Fri, 21 Mar 2003 13:11:14 +0000 Subject: [PATCH 196/393] remove patch ID (which is supposed to appear in patched variants of old OpenSSL releases, but not in new releases) --- ssl/s3_srvr.c | 1 - 1 file changed, 1 deletion(-) diff --git a/ssl/s3_srvr.c b/ssl/s3_srvr.c index 084b9cfd8d..e941068416 100644 --- a/ssl/s3_srvr.c +++ b/ssl/s3_srvr.c @@ -1709,7 +1709,6 @@ static int ssl3_get_client_key_exchange(SSL *s) * made up by the adversary is properly formatted except * that the version number is wrong. To avoid such attacks, * we should treat this just like any other decryption error. */ - p[0] = (char)(int) "CAN-2003-0131 patch 2003-03-20"; } } From f80153e20b9db5f0e18db6a259f8bdb88ff79273 Mon Sep 17 00:00:00 2001 From: "Dr. Stephen Henson" Date: Fri, 21 Mar 2003 16:26:20 +0000 Subject: [PATCH 197/393] Support for policy constraints. --- CHANGES | 3 + crypto/x509v3/Makefile.ssl | 4 +- crypto/x509v3/ext_dat.h | 3 +- crypto/x509v3/v3_conf.c | 2 +- crypto/x509v3/v3_pcons.c | 136 +++++++++++++++++++++++++++++++++++++ crypto/x509v3/v3err.c | 2 + crypto/x509v3/x509v3.h | 10 +++ 7 files changed, 156 insertions(+), 4 deletions(-) create mode 100644 crypto/x509v3/v3_pcons.c diff --git a/CHANGES b/CHANGES index a03875767c..1cea4962c9 100644 --- a/CHANGES +++ b/CHANGES @@ -4,6 +4,9 @@ Changes between 0.9.7a and 0.9.8 [xx XXX xxxx] + *) Support for policyConstraints certificate extension. + [Steve Henson] + *) Support for policyMappings certificate extension. [Steve Henson] diff --git a/crypto/x509v3/Makefile.ssl b/crypto/x509v3/Makefile.ssl index a353fec25b..3167b8ba3e 100644 --- a/crypto/x509v3/Makefile.ssl +++ b/crypto/x509v3/Makefile.ssl @@ -26,11 +26,11 @@ LIB=$(TOP)/libcrypto.a LIBSRC= v3_bcons.c v3_bitst.c v3_conf.c v3_extku.c v3_ia5.c v3_lib.c \ v3_prn.c v3_utl.c v3err.c v3_genn.c v3_alt.c v3_skey.c v3_akey.c v3_pku.c \ v3_int.c v3_enum.c v3_sxnet.c v3_cpols.c v3_crld.c v3_purp.c v3_info.c \ -v3_ocsp.c v3_akeya.c v3_pmaps.c +v3_ocsp.c v3_akeya.c v3_pmaps.c v3_pcons.c LIBOBJ= v3_bcons.o v3_bitst.o v3_conf.o v3_extku.o v3_ia5.o v3_lib.o \ v3_prn.o v3_utl.o v3err.o v3_genn.o v3_alt.o v3_skey.o v3_akey.o v3_pku.o \ v3_int.o v3_enum.o v3_sxnet.o v3_cpols.o v3_crld.o v3_purp.o v3_info.o \ -v3_ocsp.o v3_akeya.o v3_pmaps.o +v3_ocsp.o v3_akeya.o v3_pmaps.o v3_pcons.o SRC= $(LIBSRC) diff --git a/crypto/x509v3/ext_dat.h b/crypto/x509v3/ext_dat.h index 4c801c2c1d..1e005c229c 100644 --- a/crypto/x509v3/ext_dat.h +++ b/crypto/x509v3/ext_dat.h @@ -64,7 +64,7 @@ extern X509V3_EXT_METHOD v3_crl_num, v3_crl_reason, v3_crl_invdate, v3_cpols, v3 extern X509V3_EXT_METHOD v3_ocsp_nonce, v3_ocsp_accresp, v3_ocsp_acutoff; extern X509V3_EXT_METHOD v3_ocsp_crlid, v3_ocsp_nocheck, v3_ocsp_serviceloc; extern X509V3_EXT_METHOD v3_crl_hold; -extern X509V3_EXT_METHOD v3_policy_mappings; +extern X509V3_EXT_METHOD v3_policy_mappings, v3_policy_constraints; /* This table will be searched using OBJ_bsearch so it *must* kept in * order of the ext_nid values. @@ -105,6 +105,7 @@ static X509V3_EXT_METHOD *standard_exts[] = { &v3_ocsp_serviceloc, #endif &v3_sinfo, +&v3_policy_constraints, #ifndef OPENSSL_NO_OCSP &v3_crl_hold, #endif diff --git a/crypto/x509v3/v3_conf.c b/crypto/x509v3/v3_conf.c index eeb365b081..7e813db0d7 100644 --- a/crypto/x509v3/v3_conf.c +++ b/crypto/x509v3/v3_conf.c @@ -134,7 +134,7 @@ static X509_EXTENSION *do_ext_nconf(CONF *conf, X509V3_CTX *ctx, int ext_nid, { if(*value == '@') nval = NCONF_get_section(conf, value + 1); else nval = X509V3_parse_list(value); - if(!nval) + if(sk_CONF_VALUE_num(nval) <= 0) { X509V3err(X509V3_F_X509V3_EXT_CONF,X509V3_R_INVALID_EXTENSION_STRING); ERR_add_error_data(4, "name=", OBJ_nid2sn(ext_nid), ",section=", value); diff --git a/crypto/x509v3/v3_pcons.c b/crypto/x509v3/v3_pcons.c new file mode 100644 index 0000000000..10d2120c33 --- /dev/null +++ b/crypto/x509v3/v3_pcons.c @@ -0,0 +1,136 @@ +/* v3_pcons.c */ +/* Written by Dr Stephen N Henson (shenson@bigfoot.com) for the OpenSSL + * project. + */ +/* ==================================================================== + * Copyright (c) 2003 The OpenSSL Project. All rights reserved. + * + * Redistribution and use in source and binary forms, with or without + * modification, are permitted provided that the following conditions + * are met: + * + * 1. Redistributions of source code must retain the above copyright + * notice, this list of conditions and the following disclaimer. + * + * 2. Redistributions in binary form must reproduce the above copyright + * notice, this list of conditions and the following disclaimer in + * the documentation and/or other materials provided with the + * distribution. + * + * 3. All advertising materials mentioning features or use of this + * software must display the following acknowledgment: + * "This product includes software developed by the OpenSSL Project + * for use in the OpenSSL Toolkit. (http://www.OpenSSL.org/)" + * + * 4. The names "OpenSSL Toolkit" and "OpenSSL Project" must not be used to + * endorse or promote products derived from this software without + * prior written permission. For written permission, please contact + * licensing@OpenSSL.org. + * + * 5. Products derived from this software may not be called "OpenSSL" + * nor may "OpenSSL" appear in their names without prior written + * permission of the OpenSSL Project. + * + * 6. Redistributions of any form whatsoever must retain the following + * acknowledgment: + * "This product includes software developed by the OpenSSL Project + * for use in the OpenSSL Toolkit (http://www.OpenSSL.org/)" + * + * THIS SOFTWARE IS PROVIDED BY THE OpenSSL PROJECT ``AS IS'' AND ANY + * EXPRESSED OR IMPLIED WARRANTIES, INCLUDING, BUT NOT LIMITED TO, THE + * IMPLIED WARRANTIES OF MERCHANTABILITY AND FITNESS FOR A PARTICULAR + * PURPOSE ARE DISCLAIMED. IN NO EVENT SHALL THE OpenSSL PROJECT OR + * ITS CONTRIBUTORS BE LIABLE FOR ANY DIRECT, INDIRECT, INCIDENTAL, + * SPECIAL, EXEMPLARY, OR CONSEQUENTIAL DAMAGES (INCLUDING, BUT + * NOT LIMITED TO, PROCUREMENT OF SUBSTITUTE GOODS OR SERVICES; + * LOSS OF USE, DATA, OR PROFITS; OR BUSINESS INTERRUPTION) + * HOWEVER CAUSED AND ON ANY THEORY OF LIABILITY, WHETHER IN CONTRACT, + * STRICT LIABILITY, OR TORT (INCLUDING NEGLIGENCE OR OTHERWISE) + * ARISING IN ANY WAY OUT OF THE USE OF THIS SOFTWARE, EVEN IF ADVISED + * OF THE POSSIBILITY OF SUCH DAMAGE. + * ==================================================================== + * + * This product includes cryptographic software written by Eric Young + * (eay@cryptsoft.com). This product includes software written by Tim + * Hudson (tjh@cryptsoft.com). + * + */ + + +#include +#include "cryptlib.h" +#include +#include +#include +#include + +static STACK_OF(CONF_VALUE) *i2v_POLICY_CONSTRAINTS(X509V3_EXT_METHOD *method, + void *bcons, STACK_OF(CONF_VALUE) *extlist); +static void *v2i_POLICY_CONSTRAINTS(X509V3_EXT_METHOD *method, + X509V3_CTX *ctx, STACK_OF(CONF_VALUE) *values); + +X509V3_EXT_METHOD v3_policy_constraints = { +NID_policy_constraints, 0, +ASN1_ITEM_ref(POLICY_CONSTRAINTS), +0,0,0,0, +0,0, +i2v_POLICY_CONSTRAINTS, +v2i_POLICY_CONSTRAINTS, +NULL,NULL, +NULL +}; + +ASN1_SEQUENCE(POLICY_CONSTRAINTS) = { + ASN1_OPT(POLICY_CONSTRAINTS, requireExplicitPolicy, ASN1_INTEGER), + ASN1_OPT(POLICY_CONSTRAINTS, inhibitPolicyMapping, ASN1_INTEGER) +} ASN1_SEQUENCE_END(POLICY_CONSTRAINTS) + +IMPLEMENT_ASN1_ALLOC_FUNCTIONS(POLICY_CONSTRAINTS) + + +static STACK_OF(CONF_VALUE) *i2v_POLICY_CONSTRAINTS(X509V3_EXT_METHOD *method, + void *a, STACK_OF(CONF_VALUE) *extlist) +{ + POLICY_CONSTRAINTS *pcons = a; + X509V3_add_value_int("Require Explicit Policy", + pcons->requireExplicitPolicy, &extlist); + X509V3_add_value_int("Inhibit Policy Mapping", + pcons->inhibitPolicyMapping, &extlist); + return extlist; +} + +static void *v2i_POLICY_CONSTRAINTS(X509V3_EXT_METHOD *method, + X509V3_CTX *ctx, STACK_OF(CONF_VALUE) *values) +{ + POLICY_CONSTRAINTS *pcons=NULL; + CONF_VALUE *val; + int i; + if(!(pcons = POLICY_CONSTRAINTS_new())) { + X509V3err(X509V3_F_V2I_POLICY_CONSTRAINTS, ERR_R_MALLOC_FAILURE); + return NULL; + } + for(i = 0; i < sk_CONF_VALUE_num(values); i++) { + val = sk_CONF_VALUE_value(values, i); + if(!strcmp(val->name, "requireExplicitPolicy")) { + if(!X509V3_get_value_int(val, + &pcons->requireExplicitPolicy)) goto err; + } else if(!strcmp(val->name, "inhibitPolicyMapping")) { + if(!X509V3_get_value_int(val, + &pcons->inhibitPolicyMapping)) goto err; + } else { + X509V3err(X509V3_F_V2I_POLICY_CONSTRAINTS, X509V3_R_INVALID_NAME); + X509V3_conf_err(val); + goto err; + } + } + if (!pcons->inhibitPolicyMapping && !pcons->requireExplicitPolicy) { + X509V3err(X509V3_F_V2I_POLICY_CONSTRAINTS, X509V3_R_ILLEGAL_EMPTY_EXTENSION); + goto err; + } + + return pcons; + err: + POLICY_CONSTRAINTS_free(pcons); + return NULL; +} + diff --git a/crypto/x509v3/v3err.c b/crypto/x509v3/v3err.c index 80b821dda1..a4c8e59ef1 100644 --- a/crypto/x509v3/v3err.c +++ b/crypto/x509v3/v3err.c @@ -98,6 +98,7 @@ static ERR_STRING_DATA X509V3_str_functs[]= {ERR_PACK(0,X509V3_F_V2I_EXT_KU,0), "V2I_EXT_KU"}, {ERR_PACK(0,X509V3_F_V2I_GENERAL_NAME,0), "v2i_GENERAL_NAME"}, {ERR_PACK(0,X509V3_F_V2I_GENERAL_NAMES,0), "v2i_GENERAL_NAMES"}, +{ERR_PACK(0,X509V3_F_V2I_POLICY_CONSTRAINTS,0), "V2I_POLICY_CONSTRAINTS"}, {ERR_PACK(0,X509V3_F_V2I_POLICY_MAPPINGS,0), "V2I_POLICY_MAPPINGS"}, {ERR_PACK(0,X509V3_F_V3_GENERIC_EXTENSION,0), "V3_GENERIC_EXTENSION"}, {ERR_PACK(0,X509V3_F_X509V3_ADD_I2D,0), "X509V3_ADD_I2D"}, @@ -132,6 +133,7 @@ static ERR_STRING_DATA X509V3_str_reasons[]= {X509V3_R_EXTENSION_NOT_FOUND ,"extension not found"}, {X509V3_R_EXTENSION_SETTING_NOT_SUPPORTED,"extension setting not supported"}, {X509V3_R_EXTENSION_VALUE_ERROR ,"extension value error"}, +{X509V3_R_ILLEGAL_EMPTY_EXTENSION ,"illegal empty extension"}, {X509V3_R_ILLEGAL_HEX_DIGIT ,"illegal hex digit"}, {X509V3_R_INVALID_BOOLEAN_STRING ,"invalid boolean string"}, {X509V3_R_INVALID_EXTENSION_STRING ,"invalid extension string"}, diff --git a/crypto/x509v3/x509v3.h b/crypto/x509v3/x509v3.h index 2cbe1b9632..65c74cbff7 100644 --- a/crypto/x509v3/x509v3.h +++ b/crypto/x509v3/x509v3.h @@ -295,6 +295,11 @@ DECLARE_STACK_OF(POLICY_MAPPING) typedef STACK_OF(POLICY_MAPPING) POLICY_MAPPINGS; +typedef struct POLICY_CONSTRAINTS_st { + ASN1_INTEGER *requireExplicitPolicy; + ASN1_INTEGER *inhibitPolicyMapping; +} POLICY_CONSTRAINTS; + #define X509V3_conf_err(val) ERR_add_error_data(6, "section:", val->section, \ ",name:", val->name, ",value:", val->value); @@ -468,6 +473,9 @@ DECLARE_ASN1_ITEM(POLICY_MAPPING) DECLARE_ASN1_ALLOC_FUNCTIONS(POLICY_MAPPING) DECLARE_ASN1_ITEM(POLICY_MAPPINGS) +DECLARE_ASN1_ALLOC_FUNCTIONS(POLICY_CONSTRAINTS) +DECLARE_ASN1_ITEM(POLICY_CONSTRAINTS) + #ifdef HEADER_CONF_H GENERAL_NAME *v2i_GENERAL_NAME(X509V3_EXT_METHOD *method, X509V3_CTX *ctx, CONF_VALUE *cnf); void X509V3_conf_free(CONF_VALUE *val); @@ -605,6 +613,7 @@ void ERR_load_X509V3_strings(void); #define X509V3_F_V2I_EXT_KU 103 #define X509V3_F_V2I_GENERAL_NAME 117 #define X509V3_F_V2I_GENERAL_NAMES 118 +#define X509V3_F_V2I_POLICY_CONSTRAINTS 146 #define X509V3_F_V2I_POLICY_MAPPINGS 145 #define X509V3_F_V3_GENERIC_EXTENSION 116 #define X509V3_F_X509V3_ADD_I2D 140 @@ -636,6 +645,7 @@ void ERR_load_X509V3_strings(void); #define X509V3_R_EXTENSION_NOT_FOUND 102 #define X509V3_R_EXTENSION_SETTING_NOT_SUPPORTED 103 #define X509V3_R_EXTENSION_VALUE_ERROR 116 +#define X509V3_R_ILLEGAL_EMPTY_EXTENSION 151 #define X509V3_R_ILLEGAL_HEX_DIGIT 113 #define X509V3_R_INVALID_BOOLEAN_STRING 104 #define X509V3_R_INVALID_EXTENSION_STRING 105 From 5cc5ec1bbaf2ae01475ef841ea6e0ed10fff997b Mon Sep 17 00:00:00 2001 From: "Dr. Stephen Henson" Date: Fri, 21 Mar 2003 16:28:29 +0000 Subject: [PATCH 198/393] make update --- crypto/x509v3/Makefile.ssl | 16 ++++++++++++++++ test/Makefile.ssl | 14 ++++++++++---- util/libeay.num | 4 ++++ 3 files changed, 30 insertions(+), 4 deletions(-) diff --git a/crypto/x509v3/Makefile.ssl b/crypto/x509v3/Makefile.ssl index 3167b8ba3e..f719973feb 100644 --- a/crypto/x509v3/Makefile.ssl +++ b/crypto/x509v3/Makefile.ssl @@ -337,6 +337,22 @@ v3_ocsp.o: ../../include/openssl/safestack.h ../../include/openssl/sha.h v3_ocsp.o: ../../include/openssl/stack.h ../../include/openssl/symhacks.h v3_ocsp.o: ../../include/openssl/x509.h ../../include/openssl/x509_vfy.h v3_ocsp.o: ../../include/openssl/x509v3.h ../cryptlib.h v3_ocsp.c +v3_pcons.o: ../../e_os.h ../../include/openssl/asn1.h +v3_pcons.o: ../../include/openssl/asn1t.h ../../include/openssl/bio.h +v3_pcons.o: ../../include/openssl/bn.h ../../include/openssl/buffer.h +v3_pcons.o: ../../include/openssl/conf.h ../../include/openssl/crypto.h +v3_pcons.o: ../../include/openssl/dh.h ../../include/openssl/dsa.h +v3_pcons.o: ../../include/openssl/e_os2.h ../../include/openssl/ec.h +v3_pcons.o: ../../include/openssl/ecdh.h ../../include/openssl/ecdsa.h +v3_pcons.o: ../../include/openssl/err.h ../../include/openssl/evp.h +v3_pcons.o: ../../include/openssl/lhash.h ../../include/openssl/obj_mac.h +v3_pcons.o: ../../include/openssl/objects.h ../../include/openssl/opensslconf.h +v3_pcons.o: ../../include/openssl/opensslv.h ../../include/openssl/ossl_typ.h +v3_pcons.o: ../../include/openssl/pkcs7.h ../../include/openssl/rsa.h +v3_pcons.o: ../../include/openssl/safestack.h ../../include/openssl/sha.h +v3_pcons.o: ../../include/openssl/stack.h ../../include/openssl/symhacks.h +v3_pcons.o: ../../include/openssl/x509.h ../../include/openssl/x509_vfy.h +v3_pcons.o: ../../include/openssl/x509v3.h ../cryptlib.h v3_pcons.c v3_pku.o: ../../e_os.h ../../include/openssl/asn1.h v3_pku.o: ../../include/openssl/asn1t.h ../../include/openssl/bio.h v3_pku.o: ../../include/openssl/bn.h ../../include/openssl/buffer.h diff --git a/test/Makefile.ssl b/test/Makefile.ssl index 61cb2af7a8..2b61e6f007 100644 --- a/test/Makefile.ssl +++ b/test/Makefile.ssl @@ -822,10 +822,16 @@ dsatest.o: ../include/openssl/opensslv.h ../include/openssl/ossl_typ.h dsatest.o: ../include/openssl/rand.h ../include/openssl/rsa.h dsatest.o: ../include/openssl/safestack.h ../include/openssl/stack.h dsatest.o: ../include/openssl/symhacks.h ../include/openssl/ui.h dsatest.c -ecdhtest.o: ../include/openssl/buffer.h ../include/openssl/crypto.h -ecdhtest.o: ../include/openssl/e_os2.h ../include/openssl/opensslconf.h -ecdhtest.o: ../include/openssl/opensslv.h ../include/openssl/safestack.h -ecdhtest.o: ../include/openssl/stack.h ../include/openssl/symhacks.h ecdhtest.c +ecdhtest.o: ../e_os.h ../include/openssl/asn1.h ../include/openssl/bio.h +ecdhtest.o: ../include/openssl/bn.h ../include/openssl/crypto.h +ecdhtest.o: ../include/openssl/e_os2.h ../include/openssl/ec.h +ecdhtest.o: ../include/openssl/ecdh.h ../include/openssl/err.h +ecdhtest.o: ../include/openssl/lhash.h ../include/openssl/obj_mac.h +ecdhtest.o: ../include/openssl/objects.h ../include/openssl/opensslconf.h +ecdhtest.o: ../include/openssl/opensslv.h ../include/openssl/ossl_typ.h +ecdhtest.o: ../include/openssl/rand.h ../include/openssl/safestack.h +ecdhtest.o: ../include/openssl/sha.h ../include/openssl/stack.h +ecdhtest.o: ../include/openssl/symhacks.h ecdhtest.c ecdsatest.o: ../include/openssl/asn1.h ../include/openssl/bio.h ecdsatest.o: ../include/openssl/bn.h ../include/openssl/crypto.h ecdsatest.o: ../include/openssl/dh.h ../include/openssl/dsa.h diff --git a/util/libeay.num b/util/libeay.num index b97228ce3b..6b1293277c 100755 --- a/util/libeay.num +++ b/util/libeay.num @@ -3006,3 +3006,7 @@ POLICY_MAPPINGS_it 3439 EXIST:!EXPORT_VAR_AS_FUNCTION:VARIA POLICY_MAPPINGS_it 3439 EXIST:EXPORT_VAR_AS_FUNCTION:FUNCTION: POLICY_MAPPING_new 3440 EXIST::FUNCTION: POLICY_MAPPING_free 3441 EXIST::FUNCTION: +POLICY_CONSTRAINTS_new 3442 EXIST::FUNCTION: +POLICY_CONSTRAINTS_it 3443 EXIST:!EXPORT_VAR_AS_FUNCTION:VARIABLE: +POLICY_CONSTRAINTS_it 3443 EXIST:EXPORT_VAR_AS_FUNCTION:FUNCTION: +POLICY_CONSTRAINTS_free 3444 EXIST::FUNCTION: From abfc6a3a9bcc3391181940213ce840130a35f1cd Mon Sep 17 00:00:00 2001 From: Richard Levitte Date: Sat, 22 Mar 2003 22:33:52 +0000 Subject: [PATCH 199/393] To define OPENSSL_NO_FP_API for all MSDOS type targets was unfair against DJGPP, and much more restricted than previous definitions. --- e_os2.h | 4 +++- 1 file changed, 3 insertions(+), 1 deletion(-) diff --git a/e_os2.h b/e_os2.h index 80ec03ee8c..4fd6c62ace 100644 --- a/e_os2.h +++ b/e_os2.h @@ -200,8 +200,10 @@ extern "C" { /* Specials for I/O an exit */ -#ifdef OPENSSL_SYS_MSDOS +#ifdef OPENSSL_SYS_WIN16 # define OPENSSL_NO_FP_API +#endif +#ifdef OPENSSL_SYS_MSDOS # define OPENSSL_UNISTD_IO # define OPENSSL_DECLARE_EXIT extern void exit(int); #else From 32e75dd3f02a6d93fcf74dadaccf2d0402c782df Mon Sep 17 00:00:00 2001 From: =?UTF-8?q?Lutz=20J=C3=A4nicke?= Date: Sun, 23 Mar 2003 10:18:05 +0000 Subject: [PATCH 200/393] Add SCO5 shared library scripts. Upate SVR5 scripts for the upcoming 0.9.7b. Submitted by: Boyd Lynn Gerber --- shlib/sco5-shared-gcc.sh | 48 +++++++++++++++++++++++++++++++++++++ shlib/sco5-shared-installed | 28 ++++++++++++++++++++++ shlib/sco5-shared.sh | 48 +++++++++++++++++++++++++++++++++++++ shlib/svr5-shared-gcc.sh | 2 +- shlib/svr5-shared-installed | 3 +-- shlib/svr5-shared.sh | 2 +- 6 files changed, 127 insertions(+), 4 deletions(-) create mode 100755 shlib/sco5-shared-gcc.sh create mode 100755 shlib/sco5-shared-installed create mode 100755 shlib/sco5-shared.sh diff --git a/shlib/sco5-shared-gcc.sh b/shlib/sco5-shared-gcc.sh new file mode 100755 index 0000000000..fe4a457b52 --- /dev/null +++ b/shlib/sco5-shared-gcc.sh @@ -0,0 +1,48 @@ +#!/bin/sh + +major="0" +minor="9.7b" + +slib=libssl +sh_slib=$slib.so.$major.$minor + +clib=libcrypto +sh_clib=$clib.so.$major.$minor + +FLAGS="-O3 -fomit-frame-pointer" +SHFLAGS="-DPIC -fPIC" + +touch $sh_clib +touch $sh_slib + +echo collecting all object files for $clib.so +OBJS= +find . -name \*.o -print > allobjs +for obj in `ar t libcrypto.a` +do + OBJS="$OBJS `grep $obj allobjs`" +done + +echo linking $clib.so +gcc -G -o $sh_clib -h $sh_clib $OBJS -lnsl -lsocket + +rm -f $clib.so +ln -s $sh_clib $clib.so + +echo collecting all object files for $slib.so +OBJS= +for obj in `ar t libssl.a` +do + OBJS="$OBJS `grep $obj allobjs`" +done + +echo linking $slib.so +gcc -G -o $sh_slib -h $sh_slib $OBJS -L. -lcrypto + +rm -f $slib.so +ln -s $sh_slib $slib.so + +mv libRSAglue.a libRSAglue.a.orig +mv libcrypto.a libcrypto.a.orig +mv libssl.a libssl.a.orig + diff --git a/shlib/sco5-shared-installed b/shlib/sco5-shared-installed new file mode 100755 index 0000000000..509902833f --- /dev/null +++ b/shlib/sco5-shared-installed @@ -0,0 +1,28 @@ +#!/bin/sh + +major="0" +minor="9.7b" + +slib=libssl +sh_slib=$slib.so.$major.$minor + +clib=libcrypto +sh_clib=$clib.so.$major.$minor + +# If you want them in /usr/local/lib then change INSTALLTOP to point there. +#INSTALLTOP=/usr/local/ssl/lib +INSTALLTOP=/usr/local/lib + +cp -p $sh_clib $INSTALLTOP +cp -p $sh_slib $INSTALLTOP + +PWD=`pwd` +cd $INSTALLTOP +rm -f $INSTALLTOP/$clib.so +ln -s $INSTALLTOP/$sh_clib $clib.so + +rm -f $INSTALLTOP/$slib.so +ln -s $INSTALLTOP/$sh_slib $slib.so + +cd $PWD + diff --git a/shlib/sco5-shared.sh b/shlib/sco5-shared.sh new file mode 100755 index 0000000000..b3365d9f51 --- /dev/null +++ b/shlib/sco5-shared.sh @@ -0,0 +1,48 @@ +#!/bin/sh + +major="0" +minor="9.7b" + +slib=libssl +sh_slib=$slib.so.$major.$minor + +clib=libcrypto +sh_clib=$clib.so.$major.$minor + +FLAGS="-O -DFILIO_H -Kalloca" +SHFLAGS="-Kpic -DPIC" + +touch $sh_clib +touch $sh_slib + +echo collecting all object files for $clib.so +OBJS= +find . -name \*.o -print > allobjs +for obj in `ar t libcrypto.a` +do + OBJS="$OBJS `grep $obj allobjs`" +done + +echo linking $clib.so +cc -G -o $sh_clib -h $sh_clib $OBJS -lnsl -lsocket + +rm -f $clib.so +ln -s $sh_clib $clib.so + +echo collecting all object files for $slib.so +OBJS= +for obj in `ar t libssl.a` +do + OBJS="$OBJS `grep $obj allobjs`" +done + +echo linking $slib.so +cc -G -o $sh_slib -h $sh_slib $OBJS -L. -lcrypto + +rm -f $slib.so +ln -s $sh_slib $slib.so + +mv libRSAglue.a libRSAglue.a.orig +mv libcrypto.a libcrypto.a.orig +mv libssl.a libssl.a.orig + diff --git a/shlib/svr5-shared-gcc.sh b/shlib/svr5-shared-gcc.sh index 76957df947..c5d0cc56ac 100755 --- a/shlib/svr5-shared-gcc.sh +++ b/shlib/svr5-shared-gcc.sh @@ -1,7 +1,7 @@ #!/usr/bin/sh major="0" -minor="9.7" +minor="9.7b" slib=libssl sh_slib=$slib.so.$major.$minor diff --git a/shlib/svr5-shared-installed b/shlib/svr5-shared-installed index 544f5a9417..b1def35d5c 100755 --- a/shlib/svr5-shared-installed +++ b/shlib/svr5-shared-installed @@ -1,7 +1,7 @@ #!/usr/bin/sh major="0" -minor="9.7" +minor="9.7b" slib=libssl sh_slib=$slib.so.$major.$minor @@ -25,4 +25,3 @@ rm -f $INSTALLTOP/$slib.so ln -s $INSTALLTOP/$sh_slib $slib.so cd $PWD - diff --git a/shlib/svr5-shared.sh b/shlib/svr5-shared.sh index a70bb65baa..9edf26e9a7 100755 --- a/shlib/svr5-shared.sh +++ b/shlib/svr5-shared.sh @@ -1,7 +1,7 @@ #!/usr/bin/sh major="0" -minor="9.7" +minor="9.7b" slib=libssl sh_slib=$slib.so.$major.$minor From 1c2d14123887c54b1a0111b3f2bcb75ec72f82ca Mon Sep 17 00:00:00 2001 From: "Dr. Stephen Henson" Date: Mon, 24 Mar 2003 00:56:09 +0000 Subject: [PATCH 201/393] Name Constraints OID. --- crypto/objects/obj_dat.h | 18 ++++++++++++------ crypto/objects/obj_mac.h | 5 +++++ crypto/objects/obj_mac.num | 1 + crypto/objects/objects.txt | 2 ++ 4 files changed, 20 insertions(+), 6 deletions(-) diff --git a/crypto/objects/obj_dat.h b/crypto/objects/obj_dat.h index 24d8855013..c16ff85819 100644 --- a/crypto/objects/obj_dat.h +++ b/crypto/objects/obj_dat.h @@ -62,12 +62,12 @@ * [including the GNU Public Licence.] */ -#define NUM_NID 720 -#define NUM_SN 715 -#define NUM_LN 715 -#define NUM_OBJ 689 +#define NUM_NID 721 +#define NUM_SN 716 +#define NUM_LN 716 +#define NUM_OBJ 690 -static unsigned char lvalues[4876]={ +static unsigned char lvalues[4879]={ 0x00, /* [ 0] OBJ_undef */ 0x2A,0x86,0x48,0x86,0xF7,0x0D, /* [ 1] OBJ_rsadsi */ 0x2A,0x86,0x48,0x86,0xF7,0x0D,0x01, /* [ 7] OBJ_pkcs */ @@ -757,6 +757,7 @@ static unsigned char lvalues[4876]={ 0x2B,0x06,0x01,0x04,0x01,0x82,0x37,0x14,0x02,0x03,/* [4858] OBJ_ms_upn */ 0x55,0x1D,0x20,0x00, /* [4868] OBJ_any_policy */ 0x55,0x1D,0x21, /* [4872] OBJ_policy_mappings */ +0x55,0x1D,0x1E, /* [4875] OBJ_name_constraints */ }; static ASN1_OBJECT nid_objs[NUM_NID]={ @@ -1884,6 +1885,8 @@ static ASN1_OBJECT nid_objs[NUM_NID]={ {"anyPolicy","X509v3 Any Policy",NID_any_policy,4,&(lvalues[4868]),0}, {"policyMappings","X509v3 Policy Mappings",NID_policy_mappings,3, &(lvalues[4872]),0}, +{"nameConstraints","X509v3 Name Constraints",NID_name_constraints,3, + &(lvalues[4875]),0}, }; static ASN1_OBJECT *sn_objs[NUM_SN]={ @@ -2320,6 +2323,7 @@ static ASN1_OBJECT *sn_objs[NUM_SN]={ &(nid_objs[717]),/* "msUPN" */ &(nid_objs[481]),/* "nSRecord" */ &(nid_objs[173]),/* "name" */ +&(nid_objs[720]),/* "nameConstraints" */ &(nid_objs[369]),/* "noCheck" */ &(nid_objs[403]),/* "noRevAvail" */ &(nid_objs[72]),/* "nsBaseUrl" */ @@ -2697,6 +2701,7 @@ static ASN1_OBJECT *ln_objs[NUM_LN]={ &(nid_objs[126]),/* "X509v3 Extended Key Usage" */ &(nid_objs[86]),/* "X509v3 Issuer Alternative Name" */ &(nid_objs[83]),/* "X509v3 Key Usage" */ +&(nid_objs[720]),/* "X509v3 Name Constraints" */ &(nid_objs[403]),/* "X509v3 No Revocation Available" */ &(nid_objs[401]),/* "X509v3 Policy Constraints" */ &(nid_objs[719]),/* "X509v3 Policy Mappings" */ @@ -3328,8 +3333,8 @@ static ASN1_OBJECT *obj_objs[NUM_OBJ]={ &(nid_objs[434]),/* OBJ_data 0 9 */ &(nid_objs[181]),/* OBJ_iso 1 */ &(nid_objs[182]),/* OBJ_member_body 1 2 */ -&(nid_objs[379]),/* OBJ_org 1 3 */ &(nid_objs[527]),/* OBJ_identified_organization 1 3 */ +&(nid_objs[379]),/* OBJ_org 1 3 */ &(nid_objs[393]),/* OBJ_joint_iso_ccitt 2 */ &(nid_objs[11]),/* OBJ_X500 2 5 */ &(nid_objs[380]),/* OBJ_dod 1 3 6 */ @@ -3372,6 +3377,7 @@ static ASN1_OBJECT *obj_objs[NUM_OBJ]={ &(nid_objs[430]),/* OBJ_hold_instruction_code 2 5 29 23 */ &(nid_objs[142]),/* OBJ_invalidity_date 2 5 29 24 */ &(nid_objs[140]),/* OBJ_delta_crl 2 5 29 27 */ +&(nid_objs[720]),/* OBJ_name_constraints 2 5 29 30 */ &(nid_objs[103]),/* OBJ_crl_distribution_points 2 5 29 31 */ &(nid_objs[89]),/* OBJ_certificate_policies 2 5 29 32 */ &(nid_objs[719]),/* OBJ_policy_mappings 2 5 29 33 */ diff --git a/crypto/objects/obj_mac.h b/crypto/objects/obj_mac.h index eefdd169f2..9417e8c7c9 100644 --- a/crypto/objects/obj_mac.h +++ b/crypto/objects/obj_mac.h @@ -2031,6 +2031,11 @@ #define NID_delta_crl 140 #define OBJ_delta_crl OBJ_id_ce,27L +#define SN_name_constraints "nameConstraints" +#define LN_name_constraints "X509v3 Name Constraints" +#define NID_name_constraints 720 +#define OBJ_name_constraints OBJ_id_ce,30L + #define SN_crl_distribution_points "crlDistributionPoints" #define LN_crl_distribution_points "X509v3 CRL Distribution Points" #define NID_crl_distribution_points 103 diff --git a/crypto/objects/obj_mac.num b/crypto/objects/obj_mac.num index 0a85cb6a4a..e84922d458 100644 --- a/crypto/objects/obj_mac.num +++ b/crypto/objects/obj_mac.num @@ -717,3 +717,4 @@ ms_smartcard_login 716 ms_upn 717 any_policy 718 policy_mappings 719 +name_constraints 720 diff --git a/crypto/objects/objects.txt b/crypto/objects/objects.txt index bea8db109d..feeed99b57 100644 --- a/crypto/objects/objects.txt +++ b/crypto/objects/objects.txt @@ -658,6 +658,8 @@ id-ce 21 : CRLReason : X509v3 CRL Reason Code id-ce 24 : invalidityDate : Invalidity Date !Cname delta-crl id-ce 27 : deltaCRL : X509v3 Delta CRL Indicator +!Cname name-constraints +id-ce 30 : nameConstraints : X509v3 Name Constraints !Cname crl-distribution-points id-ce 31 : crlDistributionPoints : X509v3 CRL Distribution Points !Cname certificate-policies From 520b76ffd95cb27839471055fa4950ff9bf50be2 Mon Sep 17 00:00:00 2001 From: "Dr. Stephen Henson" Date: Mon, 24 Mar 2003 17:04:44 +0000 Subject: [PATCH 202/393] Support for name constraints. --- CHANGES | 3 + crypto/stack/safestack.h | 20 ++++ crypto/x509v3/Makefile.ssl | 4 +- crypto/x509v3/ext_dat.h | 4 +- crypto/x509v3/v3_alt.c | 195 +++++++++++++++++++------------- crypto/x509v3/v3_info.c | 3 +- crypto/x509v3/v3_ncons.c | 220 +++++++++++++++++++++++++++++++++++++ crypto/x509v3/v3_utl.c | 80 ++++++++++++-- crypto/x509v3/v3err.c | 2 + crypto/x509v3/x509v3.h | 27 ++++- 10 files changed, 461 insertions(+), 97 deletions(-) create mode 100644 crypto/x509v3/v3_ncons.c diff --git a/CHANGES b/CHANGES index 1cea4962c9..719a7ff22b 100644 --- a/CHANGES +++ b/CHANGES @@ -4,6 +4,9 @@ Changes between 0.9.7a and 0.9.8 [xx XXX xxxx] + *) Support for nameConstraints certificate extension. + [Steve Henson] + *) Support for policyConstraints certificate extension. [Steve Henson] diff --git a/crypto/stack/safestack.h b/crypto/stack/safestack.h index 6ffb132be6..ecb2b8ffed 100644 --- a/crypto/stack/safestack.h +++ b/crypto/stack/safestack.h @@ -544,6 +544,26 @@ STACK_OF(type) \ #define sk_GENERAL_NAME_pop(st) SKM_sk_pop(GENERAL_NAME, (st)) #define sk_GENERAL_NAME_sort(st) SKM_sk_sort(GENERAL_NAME, (st)) +#define sk_GENERAL_SUBTREE_new(st) SKM_sk_new(GENERAL_SUBTREE, (st)) +#define sk_GENERAL_SUBTREE_new_null() SKM_sk_new_null(GENERAL_SUBTREE) +#define sk_GENERAL_SUBTREE_free(st) SKM_sk_free(GENERAL_SUBTREE, (st)) +#define sk_GENERAL_SUBTREE_num(st) SKM_sk_num(GENERAL_SUBTREE, (st)) +#define sk_GENERAL_SUBTREE_value(st, i) SKM_sk_value(GENERAL_SUBTREE, (st), (i)) +#define sk_GENERAL_SUBTREE_set(st, i, val) SKM_sk_set(GENERAL_SUBTREE, (st), (i), (val)) +#define sk_GENERAL_SUBTREE_zero(st) SKM_sk_zero(GENERAL_SUBTREE, (st)) +#define sk_GENERAL_SUBTREE_push(st, val) SKM_sk_push(GENERAL_SUBTREE, (st), (val)) +#define sk_GENERAL_SUBTREE_unshift(st, val) SKM_sk_unshift(GENERAL_SUBTREE, (st), (val)) +#define sk_GENERAL_SUBTREE_find(st, val) SKM_sk_find(GENERAL_SUBTREE, (st), (val)) +#define sk_GENERAL_SUBTREE_delete(st, i) SKM_sk_delete(GENERAL_SUBTREE, (st), (i)) +#define sk_GENERAL_SUBTREE_delete_ptr(st, ptr) SKM_sk_delete_ptr(GENERAL_SUBTREE, (st), (ptr)) +#define sk_GENERAL_SUBTREE_insert(st, val, i) SKM_sk_insert(GENERAL_SUBTREE, (st), (val), (i)) +#define sk_GENERAL_SUBTREE_set_cmp_func(st, cmp) SKM_sk_set_cmp_func(GENERAL_SUBTREE, (st), (cmp)) +#define sk_GENERAL_SUBTREE_dup(st) SKM_sk_dup(GENERAL_SUBTREE, st) +#define sk_GENERAL_SUBTREE_pop_free(st, free_func) SKM_sk_pop_free(GENERAL_SUBTREE, (st), (free_func)) +#define sk_GENERAL_SUBTREE_shift(st) SKM_sk_shift(GENERAL_SUBTREE, (st)) +#define sk_GENERAL_SUBTREE_pop(st) SKM_sk_pop(GENERAL_SUBTREE, (st)) +#define sk_GENERAL_SUBTREE_sort(st) SKM_sk_sort(GENERAL_SUBTREE, (st)) + #define sk_KRB5_APREQBODY_new(st) SKM_sk_new(KRB5_APREQBODY, (st)) #define sk_KRB5_APREQBODY_new_null() SKM_sk_new_null(KRB5_APREQBODY) #define sk_KRB5_APREQBODY_free(st) SKM_sk_free(KRB5_APREQBODY, (st)) diff --git a/crypto/x509v3/Makefile.ssl b/crypto/x509v3/Makefile.ssl index f719973feb..b7f1123fee 100644 --- a/crypto/x509v3/Makefile.ssl +++ b/crypto/x509v3/Makefile.ssl @@ -26,11 +26,11 @@ LIB=$(TOP)/libcrypto.a LIBSRC= v3_bcons.c v3_bitst.c v3_conf.c v3_extku.c v3_ia5.c v3_lib.c \ v3_prn.c v3_utl.c v3err.c v3_genn.c v3_alt.c v3_skey.c v3_akey.c v3_pku.c \ v3_int.c v3_enum.c v3_sxnet.c v3_cpols.c v3_crld.c v3_purp.c v3_info.c \ -v3_ocsp.c v3_akeya.c v3_pmaps.c v3_pcons.c +v3_ocsp.c v3_akeya.c v3_pmaps.c v3_pcons.c v3_ncons.c LIBOBJ= v3_bcons.o v3_bitst.o v3_conf.o v3_extku.o v3_ia5.o v3_lib.o \ v3_prn.o v3_utl.o v3err.o v3_genn.o v3_alt.o v3_skey.o v3_akey.o v3_pku.o \ v3_int.o v3_enum.o v3_sxnet.o v3_cpols.o v3_crld.o v3_purp.o v3_info.o \ -v3_ocsp.o v3_akeya.o v3_pmaps.o v3_pcons.o +v3_ocsp.o v3_akeya.o v3_pmaps.o v3_pcons.o v3_ncons.o SRC= $(LIBSRC) diff --git a/crypto/x509v3/ext_dat.h b/crypto/x509v3/ext_dat.h index 1e005c229c..0879ae5ddc 100644 --- a/crypto/x509v3/ext_dat.h +++ b/crypto/x509v3/ext_dat.h @@ -65,6 +65,7 @@ extern X509V3_EXT_METHOD v3_ocsp_nonce, v3_ocsp_accresp, v3_ocsp_acutoff; extern X509V3_EXT_METHOD v3_ocsp_crlid, v3_ocsp_nocheck, v3_ocsp_serviceloc; extern X509V3_EXT_METHOD v3_crl_hold; extern X509V3_EXT_METHOD v3_policy_mappings, v3_policy_constraints; +extern X509V3_EXT_METHOD v3_name_constraints; /* This table will be searched using OBJ_bsearch so it *must* kept in * order of the ext_nid values. @@ -109,7 +110,8 @@ static X509V3_EXT_METHOD *standard_exts[] = { #ifndef OPENSSL_NO_OCSP &v3_crl_hold, #endif -&v3_policy_mappings +&v3_policy_mappings, +&v3_name_constraints }; /* Number of standard extensions */ diff --git a/crypto/x509v3/v3_alt.c b/crypto/x509v3/v3_alt.c index 8642dd5104..ad6cb08e20 100644 --- a/crypto/x509v3/v3_alt.c +++ b/crypto/x509v3/v3_alt.c @@ -407,89 +407,126 @@ GENERAL_NAMES *v2i_GENERAL_NAMES(X509V3_EXT_METHOD *method, GENERAL_NAME *v2i_GENERAL_NAME(X509V3_EXT_METHOD *method, X509V3_CTX *ctx, CONF_VALUE *cnf) -{ -char is_string = 0; -int type; -GENERAL_NAME *gen = NULL; - -char *name, *value; - -name = cnf->name; -value = cnf->value; - -if(!value) { - X509V3err(X509V3_F_V2I_GENERAL_NAME,X509V3_R_MISSING_VALUE); - return NULL; -} - -if(!(gen = GENERAL_NAME_new())) { - X509V3err(X509V3_F_V2I_GENERAL_NAME,ERR_R_MALLOC_FAILURE); - return NULL; -} - -if(!name_cmp(name, "email")) { - is_string = 1; - type = GEN_EMAIL; -} else if(!name_cmp(name, "URI")) { - is_string = 1; - type = GEN_URI; -} else if(!name_cmp(name, "DNS")) { - is_string = 1; - type = GEN_DNS; -} else if(!name_cmp(name, "RID")) { - ASN1_OBJECT *obj; - if(!(obj = OBJ_txt2obj(value,0))) { - X509V3err(X509V3_F_V2I_GENERAL_NAME,X509V3_R_BAD_OBJECT); - ERR_add_error_data(2, "value=", value); - goto err; + { + return v2i_GENERAL_NAME_ex(NULL, method, ctx, cnf, 0); } - gen->d.rid = obj; - type = GEN_RID; -} else if(!name_cmp(name, "IP")) { - if(!(gen->d.ip = a2i_IPADDRESS(value))) - { - X509V3err(X509V3_F_V2I_GENERAL_NAME,X509V3_R_BAD_IP_ADDRESS); - ERR_add_error_data(2, "value=", value); - goto err; - } - type = GEN_IPADD; -} else if(!name_cmp(name, "dirName")) { - type = GEN_DIRNAME; - if (!do_dirname(gen, value, ctx)) - { - X509V3err(X509V3_F_V2I_GENERAL_NAME,X509V3_R_DIRNAME_ERROR); - goto err; - } -} else if(!name_cmp(name, "otherName")) { - if (!do_othername(gen, value, ctx)) - { - X509V3err(X509V3_F_V2I_GENERAL_NAME,X509V3_R_OTHERNAME_ERROR); - goto err; - } - type = GEN_OTHERNAME; -} else { - X509V3err(X509V3_F_V2I_GENERAL_NAME,X509V3_R_UNSUPPORTED_OPTION); - ERR_add_error_data(2, "name=", name); - goto err; -} -if(is_string) { - if(!(gen->d.ia5 = M_ASN1_IA5STRING_new()) || - !ASN1_STRING_set(gen->d.ia5, (unsigned char*)value, - strlen(value))) { - X509V3err(X509V3_F_V2I_GENERAL_NAME,ERR_R_MALLOC_FAILURE); +GENERAL_NAME *v2i_GENERAL_NAME_ex(GENERAL_NAME *out, + X509V3_EXT_METHOD *method, X509V3_CTX *ctx, + CONF_VALUE *cnf, int is_nc) + { + char is_string = 0; + int type; + GENERAL_NAME *gen = NULL; + + char *name, *value; + + name = cnf->name; + value = cnf->value; + + if(!value) + { + X509V3err(X509V3_F_V2I_GENERAL_NAME,X509V3_R_MISSING_VALUE); + return NULL; + } + + if (out) + gen = out; + else + { + gen = GENERAL_NAME_new(); + if(gen == NULL) + { + X509V3err(X509V3_F_V2I_GENERAL_NAME,ERR_R_MALLOC_FAILURE); + return NULL; + } + } + + if(!name_cmp(name, "email")) + { + is_string = 1; + type = GEN_EMAIL; + } + else if(!name_cmp(name, "URI")) + { + is_string = 1; + type = GEN_URI; + } + else if(!name_cmp(name, "DNS")) + { + is_string = 1; + type = GEN_DNS; + } + else if(!name_cmp(name, "RID")) + { + ASN1_OBJECT *obj; + if(!(obj = OBJ_txt2obj(value,0))) + { + X509V3err(X509V3_F_V2I_GENERAL_NAME,X509V3_R_BAD_OBJECT); + ERR_add_error_data(2, "value=", value); + goto err; + } + gen->d.rid = obj; + type = GEN_RID; + } + else if(!name_cmp(name, "IP")) + { + if (is_nc) + gen->d.ip = a2i_IPADDRESS_NC(value); + else + gen->d.ip = a2i_IPADDRESS(value); + if(gen->d.ip == NULL) + { + X509V3err(X509V3_F_V2I_GENERAL_NAME,X509V3_R_BAD_IP_ADDRESS); + ERR_add_error_data(2, "value=", value); + goto err; + } + type = GEN_IPADD; + } + else if(!name_cmp(name, "dirName")) + { + type = GEN_DIRNAME; + if (!do_dirname(gen, value, ctx)) + { + X509V3err(X509V3_F_V2I_GENERAL_NAME,X509V3_R_DIRNAME_ERROR); + goto err; + } + } + else if(!name_cmp(name, "otherName")) + { + if (!do_othername(gen, value, ctx)) + { + X509V3err(X509V3_F_V2I_GENERAL_NAME,X509V3_R_OTHERNAME_ERROR); + goto err; + } + type = GEN_OTHERNAME; + } + else + { + X509V3err(X509V3_F_V2I_GENERAL_NAME,X509V3_R_UNSUPPORTED_OPTION); + ERR_add_error_data(2, "name=", name); goto err; + } + + if(is_string) + { + if(!(gen->d.ia5 = M_ASN1_IA5STRING_new()) || + !ASN1_STRING_set(gen->d.ia5, (unsigned char*)value, + strlen(value))) + { + X509V3err(X509V3_F_V2I_GENERAL_NAME,ERR_R_MALLOC_FAILURE); + goto err; + } + } + + gen->type = type; + + return gen; + + err: + GENERAL_NAME_free(gen); + return NULL; } -} - -gen->type = type; - -return gen; - -err: -GENERAL_NAME_free(gen); -return NULL; -} static int do_othername(GENERAL_NAME *gen, char *value, X509V3_CTX *ctx) { diff --git a/crypto/x509v3/v3_info.c b/crypto/x509v3/v3_info.c index e269df1373..4e1a1f3a4d 100644 --- a/crypto/x509v3/v3_info.c +++ b/crypto/x509v3/v3_info.c @@ -158,8 +158,7 @@ static AUTHORITY_INFO_ACCESS *v2i_AUTHORITY_INFO_ACCESS(X509V3_EXT_METHOD *metho objlen = ptmp - cnf->name; ctmp.name = ptmp + 1; ctmp.value = cnf->value; - GENERAL_NAME_free(acc->location); - if(!(acc->location = v2i_GENERAL_NAME(method, ctx, &ctmp))) + if(!v2i_GENERAL_NAME_ex(acc->location, method, ctx, &ctmp, 0)) goto err; if(!(objtmp = OPENSSL_malloc(objlen + 1))) { X509V3err(X509V3_F_V2I_ACCESS_DESCRIPTION,ERR_R_MALLOC_FAILURE); diff --git a/crypto/x509v3/v3_ncons.c b/crypto/x509v3/v3_ncons.c new file mode 100644 index 0000000000..5fded6910e --- /dev/null +++ b/crypto/x509v3/v3_ncons.c @@ -0,0 +1,220 @@ +/* v3_ncons.c */ +/* Written by Dr Stephen N Henson (shenson@bigfoot.com) for the OpenSSL + * project. + */ +/* ==================================================================== + * Copyright (c) 2003 The OpenSSL Project. All rights reserved. + * + * Redistribution and use in source and binary forms, with or without + * modification, are permitted provided that the following conditions + * are met: + * + * 1. Redistributions of source code must retain the above copyright + * notice, this list of conditions and the following disclaimer. + * + * 2. Redistributions in binary form must reproduce the above copyright + * notice, this list of conditions and the following disclaimer in + * the documentation and/or other materials provided with the + * distribution. + * + * 3. All advertising materials mentioning features or use of this + * software must display the following acknowledgment: + * "This product includes software developed by the OpenSSL Project + * for use in the OpenSSL Toolkit. (http://www.OpenSSL.org/)" + * + * 4. The names "OpenSSL Toolkit" and "OpenSSL Project" must not be used to + * endorse or promote products derived from this software without + * prior written permission. For written permission, please contact + * licensing@OpenSSL.org. + * + * 5. Products derived from this software may not be called "OpenSSL" + * nor may "OpenSSL" appear in their names without prior written + * permission of the OpenSSL Project. + * + * 6. Redistributions of any form whatsoever must retain the following + * acknowledgment: + * "This product includes software developed by the OpenSSL Project + * for use in the OpenSSL Toolkit (http://www.OpenSSL.org/)" + * + * THIS SOFTWARE IS PROVIDED BY THE OpenSSL PROJECT ``AS IS'' AND ANY + * EXPRESSED OR IMPLIED WARRANTIES, INCLUDING, BUT NOT LIMITED TO, THE + * IMPLIED WARRANTIES OF MERCHANTABILITY AND FITNESS FOR A PARTICULAR + * PURPOSE ARE DISCLAIMED. IN NO EVENT SHALL THE OpenSSL PROJECT OR + * ITS CONTRIBUTORS BE LIABLE FOR ANY DIRECT, INDIRECT, INCIDENTAL, + * SPECIAL, EXEMPLARY, OR CONSEQUENTIAL DAMAGES (INCLUDING, BUT + * NOT LIMITED TO, PROCUREMENT OF SUBSTITUTE GOODS OR SERVICES; + * LOSS OF USE, DATA, OR PROFITS; OR BUSINESS INTERRUPTION) + * HOWEVER CAUSED AND ON ANY THEORY OF LIABILITY, WHETHER IN CONTRACT, + * STRICT LIABILITY, OR TORT (INCLUDING NEGLIGENCE OR OTHERWISE) + * ARISING IN ANY WAY OUT OF THE USE OF THIS SOFTWARE, EVEN IF ADVISED + * OF THE POSSIBILITY OF SUCH DAMAGE. + * ==================================================================== + * + * This product includes cryptographic software written by Eric Young + * (eay@cryptsoft.com). This product includes software written by Tim + * Hudson (tjh@cryptsoft.com). + * + */ + + +#include +#include "cryptlib.h" +#include +#include +#include + +static void *v2i_NAME_CONSTRAINTS(X509V3_EXT_METHOD *method, + X509V3_CTX *ctx, STACK_OF(CONF_VALUE) *nval); +static int i2r_NAME_CONSTRAINTS(X509V3_EXT_METHOD *method, + void *a, BIO *bp, int ind); +static int do_i2r_name_constraints(X509V3_EXT_METHOD *method, + STACK_OF(GENERAL_SUBTREE) *trees, + BIO *bp, int ind, char *name); +static int print_nc_ipadd(BIO *bp, ASN1_OCTET_STRING *ip); + +X509V3_EXT_METHOD v3_name_constraints = { + NID_name_constraints, 0, + ASN1_ITEM_ref(NAME_CONSTRAINTS), + 0,0,0,0, + 0,0, + 0, v2i_NAME_CONSTRAINTS, + i2r_NAME_CONSTRAINTS,0, + NULL +}; + +ASN1_SEQUENCE(GENERAL_SUBTREE) = { + ASN1_SIMPLE(GENERAL_SUBTREE, base, GENERAL_NAME), + ASN1_IMP_OPT(GENERAL_SUBTREE, minimum, ASN1_INTEGER, 0), + ASN1_IMP_OPT(GENERAL_SUBTREE, maximum, ASN1_INTEGER, 1) +} ASN1_SEQUENCE_END(GENERAL_SUBTREE) + +ASN1_SEQUENCE(NAME_CONSTRAINTS) = { + ASN1_IMP_SEQUENCE_OF_OPT(NAME_CONSTRAINTS, permittedSubtrees, + GENERAL_SUBTREE, 0), + ASN1_IMP_SEQUENCE_OF_OPT(NAME_CONSTRAINTS, excludedSubtrees, + GENERAL_SUBTREE, 1), +} ASN1_SEQUENCE_END(NAME_CONSTRAINTS) + + +IMPLEMENT_ASN1_ALLOC_FUNCTIONS(GENERAL_SUBTREE) +IMPLEMENT_ASN1_ALLOC_FUNCTIONS(NAME_CONSTRAINTS) + +static void *v2i_NAME_CONSTRAINTS(X509V3_EXT_METHOD *method, + X509V3_CTX *ctx, STACK_OF(CONF_VALUE) *nval) + { + int i; + CONF_VALUE tval, *val; + STACK_OF(GENERAL_SUBTREE) **ptree = NULL; + NAME_CONSTRAINTS *ncons = NULL; + GENERAL_SUBTREE *sub = NULL; + ncons = NAME_CONSTRAINTS_new(); + if (!ncons) + goto memerr; + for(i = 0; i < sk_CONF_VALUE_num(nval); i++) + { + val = sk_CONF_VALUE_value(nval, i); + if (!strncmp(val->name, "permitted", 9) && val->name[9]) + { + ptree = &ncons->permittedSubtrees; + tval.name = val->name + 10; + } + else if (!strncmp(val->name, "excluded", 8) && val->name[8]) + { + ptree = &ncons->excludedSubtrees; + tval.name = val->name + 9; + } + else + { + X509V3err(X509V3_F_V2I_NAME_CONSTRAINTS, X509V3_R_INVALID_SYNTAX); + goto err; + } + tval.value = val->value; + sub = GENERAL_SUBTREE_new(); + if (!v2i_GENERAL_NAME_ex(sub->base, method, ctx, &tval, 1)) + goto err; + if (!*ptree) + *ptree = sk_GENERAL_SUBTREE_new_null(); + if (!*ptree || !sk_GENERAL_SUBTREE_push(*ptree, sub)) + goto memerr; + sub = NULL; + } + + return ncons; + + memerr: + X509V3err(X509V3_F_V2I_NAME_CONSTRAINTS, ERR_R_MALLOC_FAILURE); + err: + if (ncons) + NAME_CONSTRAINTS_free(ncons); + if (sub) + GENERAL_SUBTREE_free(sub); + + return NULL; + } + + + + +static int i2r_NAME_CONSTRAINTS(X509V3_EXT_METHOD *method, + void *a, BIO *bp, int ind) + { + NAME_CONSTRAINTS *ncons = a; + do_i2r_name_constraints(method, ncons->permittedSubtrees, + bp, ind, "Permitted"); + do_i2r_name_constraints(method, ncons->excludedSubtrees, + bp, ind, "Excluded"); + return 1; + } + +static int do_i2r_name_constraints(X509V3_EXT_METHOD *method, + STACK_OF(GENERAL_SUBTREE) *trees, + BIO *bp, int ind, char *name) + { + GENERAL_SUBTREE *tree; + int i; + if (sk_GENERAL_SUBTREE_num(trees) > 0) + BIO_printf(bp, "%*s%s:\n", ind, "", name); + for(i = 0; i < sk_GENERAL_SUBTREE_num(trees); i++) + { + tree = sk_GENERAL_SUBTREE_value(trees, i); + BIO_printf(bp, "%*s", ind + 2, ""); + if (tree->base->type == GEN_IPADD) + print_nc_ipadd(bp, tree->base->d.ip); + else + GENERAL_NAME_print(bp, tree->base); + tree = sk_GENERAL_SUBTREE_value(trees, i); + BIO_puts(bp, "\n"); + } + return 1; + } + +static int print_nc_ipadd(BIO *bp, ASN1_OCTET_STRING *ip) + { + int i, len; + unsigned char *p; + p = ip->data; + len = ip->length; + BIO_puts(bp, "IP:"); + if(len == 8) + { + BIO_printf(bp, "%d.%d.%d.%d/%d.%d.%d.%d", + p[0], p[1], p[2], p[3], + p[4], p[5], p[6], p[7]); + } + else if(len == 32) + { + for (i = 0; i < 16; i++) + { + BIO_printf(bp, "%X", p[0] << 8 | p[1]); + p += 2; + if (i == 7) + BIO_puts(bp, "/"); + else if (i != 15) + BIO_puts(bp, ":"); + } + } + else + BIO_printf(bp, "IP Address:"); + return 1; + } + diff --git a/crypto/x509v3/v3_utl.c b/crypto/x509v3/v3_utl.c index 2af05e555b..9770b51677 100644 --- a/crypto/x509v3/v3_utl.c +++ b/crypto/x509v3/v3_utl.c @@ -70,6 +70,7 @@ static STACK *get_email(X509_NAME *name, GENERAL_NAMES *gens); static void str_free(void *str); static int append_ia5(STACK **sk, ASN1_IA5STRING *email); +static int a2i_ipadd(unsigned char *ipout, const char *ipasc); static int ipv4_from_asc(unsigned char *v4, const char *in); static int ipv6_from_asc(unsigned char *v6, const char *in); static int ipv6_cb(const char *elem, int len, void *usr); @@ -552,18 +553,10 @@ ASN1_OCTET_STRING *a2i_IPADDRESS(const char *ipasc) /* If string contains a ':' assume IPv6 */ - if (strchr(ipasc, ':')) - { - if (!ipv6_from_asc(ipout, ipasc)) - return NULL; - iplen = 16; - } - else - { - if (!ipv4_from_asc(ipout, ipasc)) - return NULL; - iplen = 4; - } + iplen = a2i_ipadd(ipout, ipasc); + + if (!iplen) + return NULL; ret = ASN1_OCTET_STRING_new(); if (!ret) @@ -576,6 +569,69 @@ ASN1_OCTET_STRING *a2i_IPADDRESS(const char *ipasc) return ret; } +ASN1_OCTET_STRING *a2i_IPADDRESS_NC(const char *ipasc) + { + ASN1_OCTET_STRING *ret = NULL; + unsigned char ipout[32]; + char *iptmp = NULL, *p; + int iplen1, iplen2; + p = strchr(ipasc,'/'); + if (!p) + return NULL; + iptmp = BUF_strdup(ipasc); + if (!iptmp) + return NULL; + p = iptmp + (p - ipasc); + *p++ = 0; + + iplen1 = a2i_ipadd(ipout, iptmp); + + if (!iplen1) + goto err; + + iplen2 = a2i_ipadd(ipout + iplen1, p); + + OPENSSL_free(iptmp); + iptmp = NULL; + + if (!iplen2 || (iplen1 != iplen2)) + goto err; + + ret = ASN1_OCTET_STRING_new(); + if (!ret) + goto err; + if (!ASN1_OCTET_STRING_set(ret, ipout, iplen1 + iplen2)) + goto err; + + return ret; + + err: + if (iptmp) + OPENSSL_free(iptmp); + if (ret) + ASN1_OCTET_STRING_free(ret); + return NULL; + } + + +static int a2i_ipadd(unsigned char *ipout, const char *ipasc) + { + /* If string contains a ':' assume IPv6 */ + + if (strchr(ipasc, ':')) + { + if (!ipv6_from_asc(ipout, ipasc)) + return 0; + return 16; + } + else + { + if (!ipv4_from_asc(ipout, ipasc)) + return 0; + return 4; + } + } + static int ipv4_from_asc(unsigned char *v4, const char *in) { int a0, a1, a2, a3; diff --git a/crypto/x509v3/v3err.c b/crypto/x509v3/v3err.c index a4c8e59ef1..648ed3562c 100644 --- a/crypto/x509v3/v3err.c +++ b/crypto/x509v3/v3err.c @@ -71,6 +71,7 @@ static ERR_STRING_DATA X509V3_str_functs[]= {ERR_PACK(0,X509V3_F_DO_DIRNAME,0), "DO_DIRNAME"}, {ERR_PACK(0,X509V3_F_DO_EXT_CONF,0), "DO_EXT_CONF"}, {ERR_PACK(0,X509V3_F_DO_EXT_I2D,0), "DO_EXT_I2D"}, +{ERR_PACK(0,X509V3_F_DO_I2V_NAME_CONSTRAINTS,0), "DO_I2V_NAME_CONSTRAINTS"}, {ERR_PACK(0,X509V3_F_HEX_TO_STRING,0), "hex_to_string"}, {ERR_PACK(0,X509V3_F_I2S_ASN1_ENUMERATED,0), "i2s_ASN1_ENUMERATED"}, {ERR_PACK(0,X509V3_F_I2S_ASN1_INTEGER,0), "i2s_ASN1_INTEGER"}, @@ -98,6 +99,7 @@ static ERR_STRING_DATA X509V3_str_functs[]= {ERR_PACK(0,X509V3_F_V2I_EXT_KU,0), "V2I_EXT_KU"}, {ERR_PACK(0,X509V3_F_V2I_GENERAL_NAME,0), "v2i_GENERAL_NAME"}, {ERR_PACK(0,X509V3_F_V2I_GENERAL_NAMES,0), "v2i_GENERAL_NAMES"}, +{ERR_PACK(0,X509V3_F_V2I_NAME_CONSTRAINTS,0), "V2I_NAME_CONSTRAINTS"}, {ERR_PACK(0,X509V3_F_V2I_POLICY_CONSTRAINTS,0), "V2I_POLICY_CONSTRAINTS"}, {ERR_PACK(0,X509V3_F_V2I_POLICY_MAPPINGS,0), "V2I_POLICY_MAPPINGS"}, {ERR_PACK(0,X509V3_F_V3_GENERIC_EXTENSION,0), "V3_GENERIC_EXTENSION"}, diff --git a/crypto/x509v3/x509v3.h b/crypto/x509v3/x509v3.h index 65c74cbff7..25b049bfbb 100644 --- a/crypto/x509v3/x509v3.h +++ b/crypto/x509v3/x509v3.h @@ -295,6 +295,19 @@ DECLARE_STACK_OF(POLICY_MAPPING) typedef STACK_OF(POLICY_MAPPING) POLICY_MAPPINGS; +typedef struct GENERAL_SUBTREE_st { + GENERAL_NAME *base; + ASN1_INTEGER *minimum; + ASN1_INTEGER *maximum; +} GENERAL_SUBTREE; + +DECLARE_STACK_OF(GENERAL_SUBTREE) + +typedef struct NAME_CONSTRAINTS_st { + STACK_OF(GENERAL_SUBTREE) *permittedSubtrees; + STACK_OF(GENERAL_SUBTREE) *excludedSubtrees; +} NAME_CONSTRAINTS; + typedef struct POLICY_CONSTRAINTS_st { ASN1_INTEGER *requireExplicitPolicy; ASN1_INTEGER *inhibitPolicyMapping; @@ -473,11 +486,20 @@ DECLARE_ASN1_ITEM(POLICY_MAPPING) DECLARE_ASN1_ALLOC_FUNCTIONS(POLICY_MAPPING) DECLARE_ASN1_ITEM(POLICY_MAPPINGS) +DECLARE_ASN1_ITEM(GENERAL_SUBTREE) +DECLARE_ASN1_ALLOC_FUNCTIONS(GENERAL_SUBTREE) + +DECLARE_ASN1_ITEM(NAME_CONSTRAINTS) +DECLARE_ASN1_ALLOC_FUNCTIONS(NAME_CONSTRAINTS) + DECLARE_ASN1_ALLOC_FUNCTIONS(POLICY_CONSTRAINTS) DECLARE_ASN1_ITEM(POLICY_CONSTRAINTS) #ifdef HEADER_CONF_H -GENERAL_NAME *v2i_GENERAL_NAME(X509V3_EXT_METHOD *method, X509V3_CTX *ctx, CONF_VALUE *cnf); +GENERAL_NAME *v2i_GENERAL_NAME(X509V3_EXT_METHOD *method, X509V3_CTX *ctx, + CONF_VALUE *cnf); +GENERAL_NAME *v2i_GENERAL_NAME_ex(GENERAL_NAME *out, X509V3_EXT_METHOD *method, + X509V3_CTX *ctx, CONF_VALUE *cnf, int is_nc); void X509V3_conf_free(CONF_VALUE *val); X509_EXTENSION *X509V3_EXT_nconf_nid(CONF *conf, X509V3_CTX *ctx, int ext_nid, char *value); @@ -569,6 +591,7 @@ STACK *X509_REQ_get1_email(X509_REQ *x); void X509_email_free(STACK *sk); ASN1_OCTET_STRING *a2i_IPADDRESS(const char *ipasc); +ASN1_OCTET_STRING *a2i_IPADDRESS_NC(const char *ipasc); int X509V3_NAME_from_section(X509_NAME *nm, STACK_OF(CONF_VALUE)*dn_sk, unsigned long chtype); @@ -586,6 +609,7 @@ void ERR_load_X509V3_strings(void); #define X509V3_F_DO_DIRNAME 144 #define X509V3_F_DO_EXT_CONF 124 #define X509V3_F_DO_EXT_I2D 135 +#define X509V3_F_DO_I2V_NAME_CONSTRAINTS 148 #define X509V3_F_HEX_TO_STRING 111 #define X509V3_F_I2S_ASN1_ENUMERATED 121 #define X509V3_F_I2S_ASN1_INTEGER 120 @@ -613,6 +637,7 @@ void ERR_load_X509V3_strings(void); #define X509V3_F_V2I_EXT_KU 103 #define X509V3_F_V2I_GENERAL_NAME 117 #define X509V3_F_V2I_GENERAL_NAMES 118 +#define X509V3_F_V2I_NAME_CONSTRAINTS 147 #define X509V3_F_V2I_POLICY_CONSTRAINTS 146 #define X509V3_F_V2I_POLICY_MAPPINGS 145 #define X509V3_F_V3_GENERIC_EXTENSION 116 From 81bd0446a96594201ee3bb761592b5c03521fa57 Mon Sep 17 00:00:00 2001 From: "Dr. Stephen Henson" Date: Mon, 24 Mar 2003 17:06:25 +0000 Subject: [PATCH 203/393] make update --- crypto/x509v3/Makefile.ssl | 16 ++++++++++++++++ util/libeay.num | 10 ++++++++++ 2 files changed, 26 insertions(+) diff --git a/crypto/x509v3/Makefile.ssl b/crypto/x509v3/Makefile.ssl index b7f1123fee..be8a6ca72f 100644 --- a/crypto/x509v3/Makefile.ssl +++ b/crypto/x509v3/Makefile.ssl @@ -321,6 +321,22 @@ v3_lib.o: ../../include/openssl/safestack.h ../../include/openssl/sha.h v3_lib.o: ../../include/openssl/stack.h ../../include/openssl/symhacks.h v3_lib.o: ../../include/openssl/x509.h ../../include/openssl/x509_vfy.h v3_lib.o: ../../include/openssl/x509v3.h ../cryptlib.h ext_dat.h v3_lib.c +v3_ncons.o: ../../e_os.h ../../include/openssl/asn1.h +v3_ncons.o: ../../include/openssl/asn1t.h ../../include/openssl/bio.h +v3_ncons.o: ../../include/openssl/bn.h ../../include/openssl/buffer.h +v3_ncons.o: ../../include/openssl/conf.h ../../include/openssl/crypto.h +v3_ncons.o: ../../include/openssl/dh.h ../../include/openssl/dsa.h +v3_ncons.o: ../../include/openssl/e_os2.h ../../include/openssl/ec.h +v3_ncons.o: ../../include/openssl/ecdh.h ../../include/openssl/ecdsa.h +v3_ncons.o: ../../include/openssl/err.h ../../include/openssl/evp.h +v3_ncons.o: ../../include/openssl/lhash.h ../../include/openssl/obj_mac.h +v3_ncons.o: ../../include/openssl/objects.h ../../include/openssl/opensslconf.h +v3_ncons.o: ../../include/openssl/opensslv.h ../../include/openssl/ossl_typ.h +v3_ncons.o: ../../include/openssl/pkcs7.h ../../include/openssl/rsa.h +v3_ncons.o: ../../include/openssl/safestack.h ../../include/openssl/sha.h +v3_ncons.o: ../../include/openssl/stack.h ../../include/openssl/symhacks.h +v3_ncons.o: ../../include/openssl/x509.h ../../include/openssl/x509_vfy.h +v3_ncons.o: ../../include/openssl/x509v3.h ../cryptlib.h v3_ncons.c v3_ocsp.o: ../../e_os.h ../../include/openssl/asn1.h v3_ocsp.o: ../../include/openssl/bio.h ../../include/openssl/bn.h v3_ocsp.o: ../../include/openssl/buffer.h ../../include/openssl/conf.h diff --git a/util/libeay.num b/util/libeay.num index 6b1293277c..c83c89ad6d 100755 --- a/util/libeay.num +++ b/util/libeay.num @@ -3010,3 +3010,13 @@ POLICY_CONSTRAINTS_new 3442 EXIST::FUNCTION: POLICY_CONSTRAINTS_it 3443 EXIST:!EXPORT_VAR_AS_FUNCTION:VARIABLE: POLICY_CONSTRAINTS_it 3443 EXIST:EXPORT_VAR_AS_FUNCTION:FUNCTION: POLICY_CONSTRAINTS_free 3444 EXIST::FUNCTION: +v2i_GENERAL_NAME_ex 3445 EXIST::FUNCTION: +NAME_CONSTRAINTS_free 3446 EXIST::FUNCTION: +a2i_IPADDRESS_NC 3447 EXIST::FUNCTION: +NAME_CONSTRAINTS_it 3448 EXIST:!EXPORT_VAR_AS_FUNCTION:VARIABLE: +NAME_CONSTRAINTS_it 3448 EXIST:EXPORT_VAR_AS_FUNCTION:FUNCTION: +NAME_CONSTRAINTS_new 3449 EXIST::FUNCTION: +GENERAL_SUBTREE_it 3450 EXIST:!EXPORT_VAR_AS_FUNCTION:VARIABLE: +GENERAL_SUBTREE_it 3450 EXIST:EXPORT_VAR_AS_FUNCTION:FUNCTION: +GENERAL_SUBTREE_free 3451 EXIST::FUNCTION: +GENERAL_SUBTREE_new 3452 EXIST::FUNCTION: From d6cab100fa30eb65c48f01066f75c4d8f0d1b775 Mon Sep 17 00:00:00 2001 From: Richard Levitte Date: Tue, 25 Mar 2003 20:56:06 +0000 Subject: [PATCH 204/393] Missed a few dollars. PR: 528 --- Makefile.org | 8 ++++---- 1 file changed, 4 insertions(+), 4 deletions(-) diff --git a/Makefile.org b/Makefile.org index 06766807b2..58c0807fbf 100644 --- a/Makefile.org +++ b/Makefile.org @@ -391,10 +391,10 @@ test: tests tests: rehash @(cd test && echo "testing..." && \ $(MAKE) CC='${CC}' PLATFORM='${PLATFORM}' CFLAG='${CFLAG}' SDIRS='$(SDIRS)' INSTALLTOP='${INSTALLTOP}' PEX_LIBS='${PEX_LIBS}' EX_LIBS='${EX_LIBS}' BN_ASM='${BN_ASM}' DES_ENC='${DES_ENC}' BF_ENC='${BF_ENC}' CAST_ENC='${CAST_ENC}' RC4_ENC='${RC4_ENC}' RC5_ENC='${RC5_ENC}' SHA1_ASM_OBJ='${SHA1_ASM_OBJ}' MD5_ASM_OBJ='${MD5_ASM_OBJ}' RMD160_ASM_OBJ='${RMD160_ASM_OBJ}' AR='${AR}' PROCESSOR='${PROCESSOR}' PERL='${PERL}' RANLIB='${RANLIB}' TESTS='${TESTS}' KRB5_INCLUDES='${KRB5_INCLUDES}' LIBKRB5='${LIBKRB5}' EXE_EXT='${EXE_EXT}' SHARED_LIBS='${SHARED_LIBS}' SHLIB_EXT='${SHLIB_EXT}' SHLIB_TARGET='${SHLIB_TARGET}' TESTS='${TESTS}' OPENSSL_DEBUG_MEMORY=on tests ); - @LD_LIBRARY_PATH="`pwd`:LD_LIBRARY_PATH"; \ - DYLD_LIBRARY_PATH="`pwd`:DYLD_LIBRARY_PATH"; \ - SHLIB_PATH="`pwd`:SHLIB_PATH"; \ - LIBPATH="`pwd`:LIBPATH"; \ + @LD_LIBRARY_PATH="`pwd`:$$LD_LIBRARY_PATH"; \ + DYLD_LIBRARY_PATH="`pwd`:$$DYLD_LIBRARY_PATH"; \ + SHLIB_PATH="`pwd`:$$SHLIB_PATH"; \ + LIBPATH="`pwd`:$$LIBPATH"; \ if [ "$(PLATFORM)" = "Cygwin" ]; then PATH="`pwd`:$$PATH"; fi; \ export LD_LIBRARY_PATH DYLD_LIBRARY_PATH SHLIB_PATH LIBPATH PATH; \ apps/openssl version -a From c4d00669a058eb8a26b496746c25beaef6cdad1b Mon Sep 17 00:00:00 2001 From: Richard Levitte Date: Tue, 25 Mar 2003 21:17:28 +0000 Subject: [PATCH 205/393] Let's limit the extent of the definition of _XOPEN_SOURCE. --- ssl/kssl.c | 1 + 1 file changed, 1 insertion(+) diff --git a/ssl/kssl.c b/ssl/kssl.c index 327b92f33b..a80f5b2f74 100644 --- a/ssl/kssl.c +++ b/ssl/kssl.c @@ -70,6 +70,7 @@ #define _XOPEN_SOURCE /* glibc2 needs this to declare strptime() */ #include +#undef _XOPEN_SOURCE /* To avoid clashes with anything else... */ #include #include From e5b0508a145178dc86bfbca44139d9a3c65254ae Mon Sep 17 00:00:00 2001 From: "Dr. Stephen Henson" Date: Wed, 26 Mar 2003 00:46:47 +0000 Subject: [PATCH 206/393] Update ocsp usage message and docs. --- apps/ocsp.c | 6 +++--- doc/apps/ocsp.pod | 37 +++++++++++++++++++++++++++---------- 2 files changed, 30 insertions(+), 13 deletions(-) diff --git a/apps/ocsp.c b/apps/ocsp.c index f05ec0e655..17e84366d9 100644 --- a/apps/ocsp.c +++ b/apps/ocsp.c @@ -524,7 +524,7 @@ int MAIN(int argc, char **argv) BIO_printf (bio_err, "-serial n serial number to check\n"); BIO_printf (bio_err, "-signer file certificate to sign OCSP request with\n"); BIO_printf (bio_err, "-signkey file private key to sign OCSP request with\n"); - BIO_printf (bio_err, "-sign_certs file additional certificates to include in signed request\n"); + BIO_printf (bio_err, "-sign_other file additional certificates to include in signed request\n"); BIO_printf (bio_err, "-no_certs don't include any certificates in signed request\n"); BIO_printf (bio_err, "-req_text print text form of request\n"); BIO_printf (bio_err, "-resp_text print text form of response\n"); @@ -544,10 +544,10 @@ int MAIN(int argc, char **argv) BIO_printf (bio_err, "-validity_period n maximum validity discrepancy in seconds\n"); BIO_printf (bio_err, "-status_age n maximum status age in seconds\n"); BIO_printf (bio_err, "-noverify don't verify response at all\n"); - BIO_printf (bio_err, "-verify_certs file additional certificates to search for signer\n"); + BIO_printf (bio_err, "-verify_other file additional certificates to search for signer\n"); BIO_printf (bio_err, "-trust_other don't verify additional certificates\n"); BIO_printf (bio_err, "-no_intern don't search certificates contained in response for signer\n"); - BIO_printf (bio_err, "-no_sig_verify don't check signature on response\n"); + BIO_printf (bio_err, "-no_signature_verify don't check signature on response\n"); BIO_printf (bio_err, "-no_cert_verify don't check signing certificate\n"); BIO_printf (bio_err, "-no_chain don't chain verify response\n"); BIO_printf (bio_err, "-no_cert_checks don't do additional checks on signing certificate\n"); diff --git a/doc/apps/ocsp.pod b/doc/apps/ocsp.pod index da201b95e6..4f266058e5 100644 --- a/doc/apps/ocsp.pod +++ b/doc/apps/ocsp.pod @@ -11,6 +11,10 @@ B B [B<-issuer file>] [B<-cert file>] [B<-serial n>] +[B<-signer file>] +[B<-signkey file>] +[B<-sign_other file>] +[B<-no_certs>] [B<-req_text>] [B<-resp_text>] [B<-text>] @@ -20,27 +24,36 @@ B B [B<-respin file>] [B<-nonce>] [B<-no_nonce>] -[B<-url responder_url>] +[B<-url URL>] [B<-host host:n>] [B<-path>] -[B<-CApath file>] +[B<-CApath dir>] [B<-CAfile file>] [B<-VAfile file>] -[B<-verify_certs file>] +[B<-validity_period n>] +[B<-status_age n>] [B<-noverify>] +[B<-verify_other file>] [B<-trust_other>] [B<-no_intern>] -[B<-no_sig_verify>] +[B<-no_signature_verify>] [B<-no_cert_verify>] [B<-no_chain>] [B<-no_cert_checks>] -[B<-validity_period nsec>] -[B<-status_age nsec>] +[B<-port num>] +[B<-index file>] +[B<-CA file>] +[B<-rsigner file>] +[B<-rkey file>] +[B<-rother file>] +[B<-resp_no_certs>] +[B<-nmin n>] +[B<-ndays n>] +[B<-resp_key_id>] +[B<-nrequest n>] =head1 DESCRIPTION -B - The Online Certificate Status Protocol (OCSP) enables applications to determine the (revocation) state of an identified certificate (RFC 2560). @@ -83,6 +96,10 @@ the B option is not present then the private key is read from the same file as the certificate. If neither option is specified then the OCSP request is not signed. +=item B<-sign_other filename> + +Additional certificates to include in the signed request. + =item B<-nonce>, B<-no_nonce> Add an OCSP nonce extension to a request or disable OCSP nonce addition. @@ -120,7 +137,7 @@ or "/" by default. file or pathname containing trusted CA certificates. These are used to verify the signature on the OCSP response. -=item B<-verify_certs file> +=item B<-verify_other file> file containing additional certificates to search when attempting to locate the OCSP response signing certificate. Some responders omit the actual signer's @@ -151,7 +168,7 @@ ignore certificates contained in the OCSP response when searching for the signers certificate. With this option the signers certificate must be specified with either the B<-verify_certs> or B<-VAfile> options. -=item B<-no_sig_verify> +=item B<-no_signature_verify> don't check the signature on the OCSP response. Since this option tolerates invalid signatures on OCSP responses it will normally only be used for testing purposes. From a47789e849da9edbe9d0e4a7626f0b55af9e6681 Mon Sep 17 00:00:00 2001 From: Richard Levitte Date: Wed, 26 Mar 2003 14:34:38 +0000 Subject: [PATCH 207/393] Update VMS building system --- crypto/crypto-lib.com | 2 +- 1 file changed, 1 insertion(+), 1 deletion(-) diff --git a/crypto/crypto-lib.com b/crypto/crypto-lib.com index dce3291b84..c118da309a 100644 --- a/crypto/crypto-lib.com +++ b/crypto/crypto-lib.com @@ -250,7 +250,7 @@ $ LIB_X509 = "x509_def,x509_d2,x509_r2x,x509_cmp,"+ - $ LIB_X509V3 = "v3_bcons,v3_bitst,v3_conf,v3_extku,v3_ia5,v3_lib,"+ - "v3_prn,v3_utl,v3err,v3_genn,v3_alt,v3_skey,v3_akey,v3_pku,"+ - "v3_int,v3_enum,v3_sxnet,v3_cpols,v3_crld,v3_purp,v3_info,"+ - - "v3_ocsp,v3_akeya" + "v3_ocsp,v3_akeya,v3_pmaps,v3_pcons,v3_ncons" $ LIB_CONF = "conf_err,conf_lib,conf_api,conf_def,conf_mod,conf_mall,conf_sap" $ LIB_TXT_DB = "txt_db" $ LIB_PKCS7 = "pk7_asn1,pk7_lib,pkcs7err,pk7_doit,pk7_smime,pk7_attr,"+ - From 423b1a840c72423ae20b3dcbfe34f4b204a125bf Mon Sep 17 00:00:00 2001 From: =?UTF-8?q?Lutz=20J=C3=A4nicke?= Date: Thu, 27 Mar 2003 22:04:05 +0000 Subject: [PATCH 208/393] Add warning about unwanted side effect when calling SSL_CTX_free(): sessions in the external session cache might be removed. Submitted by: "Nadav Har'El" PR: 547 --- doc/ssl/SSL_CTX_free.pod | 12 +++++++++++- doc/ssl/SSL_CTX_sess_set_get_cb.pod | 12 +++++++----- 2 files changed, 18 insertions(+), 6 deletions(-) diff --git a/doc/ssl/SSL_CTX_free.pod b/doc/ssl/SSL_CTX_free.pod index 55e592f5f8..51d8676968 100644 --- a/doc/ssl/SSL_CTX_free.pod +++ b/doc/ssl/SSL_CTX_free.pod @@ -20,12 +20,22 @@ It also calls the free()ing procedures for indirectly affected items, if applicable: the session cache, the list of ciphers, the list of Client CAs, the certificates and keys. +=head1 WARNINGS + +If a session-remove callback is set (SSL_CTX_sess_set_remove_cb()), this +callback will be called for each session being freed from B's +session cache. This implies, that all corresponding sessions from an +external session cache are removed as well. If this is not desired, the user +should explicitly unset the callback by calling +SSL_CTX_sess_set_remove_cb(B, NULL) prior to calling SSL_CTX_free(). + =head1 RETURN VALUES SSL_CTX_free() does not provide diagnostic information. =head1 SEE ALSO -L, L +L, L, +L =cut diff --git a/doc/ssl/SSL_CTX_sess_set_get_cb.pod b/doc/ssl/SSL_CTX_sess_set_get_cb.pod index 7c0b2baf6c..b9d54a40a1 100644 --- a/doc/ssl/SSL_CTX_sess_set_get_cb.pod +++ b/doc/ssl/SSL_CTX_sess_set_get_cb.pod @@ -60,10 +60,11 @@ B. If the callback returns B<0>, the session will be immediately removed again. The remove_session_cb() is called, whenever the SSL engine removes a session -from the internal cache. This happens if the session is removed because -it is expired or when a connection was not shutdown cleanly. The -remove_session_cb() is passed the B and the ssl session B. -It does not provide any feedback. +from the internal cache. This happens when the session is removed because +it is expired or when a connection was not shutdown cleanly. It also happens +for all sessions in the internal session cache when +L is called. The remove_session_cb() is passed +the B and the ssl session B. It does not provide any feedback. The get_session_cb() is only called on SSL/TLS servers with the session id proposed by the client. The get_session_cb() is always called, also when @@ -80,6 +81,7 @@ L. L, L, L, L, -L +L, +L =cut From d0a4bd00b6fe6dc7f3de37ad1e8682656629e21c Mon Sep 17 00:00:00 2001 From: Richard Levitte Date: Fri, 28 Mar 2003 08:57:04 +0000 Subject: [PATCH 209/393] OpenUNIX 8 has some problems using -G with gcc. Maybe using gnu-shared works better (will be tested tonight). --- Configure | 2 +- 1 file changed, 1 insertion(+), 1 deletion(-) diff --git a/Configure b/Configure index 54536235f7..b156d9d5cf 100755 --- a/Configure +++ b/Configure @@ -433,7 +433,7 @@ my %table=( "unixware-7","cc:-O -DFILIO_H -Kalloca::-Kthread::-lsocket -lnsl:BN_LLONG MD2_CHAR RC4_INDEX ${x86_gcc_des}:${x86_elf_asm}:dlfcn:svr5-shared:-Kpic::.so.\$(SHLIB_MAJOR).\$(SHLIB_MINOR)", "unixware-7-gcc","gcc:-DL_ENDIAN -DFILIO_H -O3 -fomit-frame-pointer -m486 -Wall::-D_REENTRANT::-lsocket -lnsl:BN_LLONG ${x86_gcc_des} ${x86_gcc_opts}:${x86_elf_asm}:dlfcn:gnu-shared:-fPIC::.so.\$(SHLIB_MAJOR).\$(SHLIB_MINOR)", "OpenUNIX-8","cc:-O -DFILIO_H -Kalloca::-Kthread::-lsocket -lnsl:BN_LLONG MD2_CHAR RC4_INDEX ${x86_gcc_des}:${x86_elf_asm}:dlfcn:svr5-shared:-Kpic::.so.\$(SHLIB_MAJOR).\$(SHLIB_MINOR)", -"OpenUNIX-8-gcc","gcc:-O -DFILIO_H -fomit-frame-pointer::-pthread::-lsocket -lnsl:BN_LLONG MD2_CHAR RC4_INDEX ${x86_gcc_des}:${x86_elf_asm}:dlfcn:svr5-shared:-fPIC::.so.\$(SHLIB_MAJOR).\$(SHLIB_MINOR)", +"OpenUNIX-8-gcc","gcc:-O -DFILIO_H -fomit-frame-pointer::-pthread::-lsocket -lnsl:BN_LLONG MD2_CHAR RC4_INDEX ${x86_gcc_des}:${x86_elf_asm}:dlfcn:gnu-shared:-fPIC::.so.\$(SHLIB_MAJOR).\$(SHLIB_MINOR)", "sco3-gcc", "gcc:-O3 -fomit-frame-pointer -Dssize_t=int -DNO_SYS_UN_H::(unknown)::-lsocket:BN_LLONG ${x86_gcc_des} ${x86_gcc_opts}:::", # the SCO assembler doesn't seem to like our assembler files ... # SCO 5 - Ben Laurie says the -O breaks the SCO cc. "sco5-cc", "cc:-belf::(unknown)::-lsocket -lnsl:${x86_gcc_des} ${x86_gcc_opts}:${x86_elf_asm}:dlfcn:svr3-shared:-Kpic::.so.\$(SHLIB_MAJOR).\$(SHLIB_MINOR)", From 1a15c89988f1be6e3f46b184cc1b27e6cf43e869 Mon Sep 17 00:00:00 2001 From: "Dr. Stephen Henson" Date: Sun, 30 Mar 2003 01:51:16 +0000 Subject: [PATCH 210/393] Multi valued AVA support. --- CHANGES | 4 ++++ apps/req.c | 31 +++++++++++++++++++++++++------ crypto/x509v3/v3_utl.c | 15 +++++++++++++-- 3 files changed, 42 insertions(+), 8 deletions(-) diff --git a/CHANGES b/CHANGES index 719a7ff22b..e6a179fa52 100644 --- a/CHANGES +++ b/CHANGES @@ -4,6 +4,10 @@ Changes between 0.9.7a and 0.9.8 [xx XXX xxxx] + *) Generate muti valued AVAs using '+' notation in config files for + req and dirName. + [Steve Henson] + *) Support for nameConstraints certificate extension. [Steve Henson] diff --git a/apps/req.c b/apps/req.c index 8304df8aa2..c297599610 100644 --- a/apps/req.c +++ b/apps/req.c @@ -133,7 +133,7 @@ static int add_attribute_object(X509_REQ *req, char *text, char *def, char *value, int nid, int n_min, int n_max, unsigned long chtype); static int add_DN_object(X509_NAME *n, char *text, char *def, char *value, - int nid,int n_min,int n_max, unsigned long chtype); + int nid,int n_min,int n_max, unsigned long chtype, int mval); #ifndef OPENSSL_NO_RSA static void MS_CALLBACK req_cb(int p,int n,void *arg); #endif @@ -1259,7 +1259,7 @@ static int prompt_info(X509_REQ *req, int i; char *p,*q; char buf[100]; - int nid; + int nid, mval; long n_min,n_max; char *type,*def,*value; CONF_VALUE *v; @@ -1302,6 +1302,13 @@ start: for (;;) if(*p) type = p; break; } + if (*type == '+') + { + mval = -1; + type++; + } + else + mval = 0; /* If OBJ not recognised ignore it */ if ((nid=OBJ_txt2nid(type)) == NID_undef) goto start; @@ -1339,7 +1346,7 @@ start: for (;;) } if (!add_DN_object(subj,v->value,def,value,nid, - n_min,n_max, chtype)) + n_min,n_max, chtype, mval)) return 0; } if (X509_NAME_entry_count(subj) == 0) @@ -1429,6 +1436,7 @@ static int auto_info(X509_REQ *req, STACK_OF(CONF_VALUE) *dn_sk, for (i = 0; i < sk_CONF_VALUE_num(dn_sk); i++) { + int mval; v=sk_CONF_VALUE_value(dn_sk,i); p=q=NULL; type=v->name; @@ -1445,8 +1453,19 @@ static int auto_info(X509_REQ *req, STACK_OF(CONF_VALUE) *dn_sk, if(*p) type = p; break; } +#ifndef CHARSET_EBCDIC + if (*p == '+') +#else + if (*p == os_toascii['+']) +#endif + { + p++; + mval = -1; + } + else + mval = 0; if (!X509_NAME_add_entry_by_txt(subj,type, chtype, - (unsigned char *) v->value,-1,-1,0)) return 0; + (unsigned char *) v->value,-1,-1,mval)) return 0; } @@ -1469,7 +1488,7 @@ static int auto_info(X509_REQ *req, STACK_OF(CONF_VALUE) *dn_sk, static int add_DN_object(X509_NAME *n, char *text, char *def, char *value, - int nid, int n_min, int n_max, unsigned long chtype) + int nid, int n_min, int n_max, unsigned long chtype, int mval) { int i,ret=0; MS_STATIC char buf[1024]; @@ -1519,7 +1538,7 @@ start: #endif if(!req_check_len(i, n_min, n_max)) goto start; if (!X509_NAME_add_entry_by_NID(n,nid, chtype, - (unsigned char *) buf, -1,-1,0)) goto err; + (unsigned char *) buf, -1,-1,mval)) goto err; ret=1; err: return(ret); diff --git a/crypto/x509v3/v3_utl.c b/crypto/x509v3/v3_utl.c index 9770b51677..a2bb7b0043 100644 --- a/crypto/x509v3/v3_utl.c +++ b/crypto/x509v3/v3_utl.c @@ -801,7 +801,7 @@ int X509V3_NAME_from_section(X509_NAME *nm, STACK_OF(CONF_VALUE)*dn_sk, unsigned long chtype) { CONF_VALUE *v; - int i; + int i, mval; char *p, *type; if (!nm) return 0; @@ -824,8 +824,19 @@ int X509V3_NAME_from_section(X509_NAME *nm, STACK_OF(CONF_VALUE)*dn_sk, if(*p) type = p; break; } +#ifndef CHARSET_EBCDIC + if (*p == '+') +#else + if (*p == os_toascii['+']) +#endif + { + mval = -1; + p++; + } + else + mval = 0; if (!X509_NAME_add_entry_by_txt(nm,type, chtype, - (unsigned char *) v->value,-1,-1,0)) + (unsigned char *) v->value,-1,-1,mval)) return 0; } From 03eeb07152ce9413c017cdef83bd8b5b82bef31d Mon Sep 17 00:00:00 2001 From: Richard Levitte Date: Mon, 31 Mar 2003 13:06:24 +0000 Subject: [PATCH 211/393] Add usage string for -fingerprint. PR: 560 --- apps/crl.c | 1 + 1 file changed, 1 insertion(+) diff --git a/apps/crl.c b/apps/crl.c index c6089ace52..81d66587c1 100644 --- a/apps/crl.c +++ b/apps/crl.c @@ -81,6 +81,7 @@ static char *crl_usage[]={ " -in arg - input file - default stdin\n", " -out arg - output file - default stdout\n", " -hash - print hash value\n", +" -fingerprint - print the crl fingerprint\n", " -issuer - print issuer DN\n", " -lastupdate - lastUpdate field\n", " -nextupdate - nextUpdate field\n", From 6dd6da60054382a9d8e14ec8755d0ecf48bdf102 Mon Sep 17 00:00:00 2001 From: Richard Levitte Date: Mon, 31 Mar 2003 13:24:02 +0000 Subject: [PATCH 212/393] Don't feil when indent is 0. PR: 559 --- crypto/x509v3/v3_prn.c | 2 +- 1 file changed, 1 insertion(+), 1 deletion(-) diff --git a/crypto/x509v3/v3_prn.c b/crypto/x509v3/v3_prn.c index aeaf6170fe..754808b625 100644 --- a/crypto/x509v3/v3_prn.c +++ b/crypto/x509v3/v3_prn.c @@ -178,7 +178,7 @@ int X509V3_extensions_print(BIO *bp, char *title, STACK_OF(X509_EXTENSION) *exts ASN1_OBJECT *obj; X509_EXTENSION *ex; ex=sk_X509_EXTENSION_value(exts, i); - if (BIO_printf(bp,"%*s",indent, "") <= 0) return 0; + if (indent && BIO_printf(bp,"%*s",indent, "") <= 0) return 0; obj=X509_EXTENSION_get_object(ex); i2a_ASN1_OBJECT(bp,obj); j=X509_EXTENSION_get_critical(ex); From d678cc07eddbb9114fe672230a9797ebdb62104e Mon Sep 17 00:00:00 2001 From: Richard Levitte Date: Mon, 31 Mar 2003 13:56:52 +0000 Subject: [PATCH 213/393] No need to test -setalias twice. PR: 556 --- apps/x509.c | 6 ------ 1 file changed, 6 deletions(-) diff --git a/apps/x509.c b/apps/x509.c index cea33f58a0..9a6f981790 100644 --- a/apps/x509.c +++ b/apps/x509.c @@ -358,12 +358,6 @@ int MAIN(int argc, char **argv) if (--argc < 1) goto bad; if (!set_name_ex(&nmflag, *(++argv))) goto bad; } - else if (strcmp(*argv,"-setalias") == 0) - { - if (--argc < 1) goto bad; - alias= *(++argv); - trustout = 1; - } #ifndef OPENSSL_NO_ENGINE else if (strcmp(*argv,"-engine") == 0) { From 4390d66179bfbe44f91692c1ded52f2d4602859a Mon Sep 17 00:00:00 2001 From: "Dr. Stephen Henson" Date: Mon, 31 Mar 2003 22:29:25 +0000 Subject: [PATCH 214/393] Update from stable branch. --- doc/crypto/engine.pod | 12 ++++++------ 1 file changed, 6 insertions(+), 6 deletions(-) diff --git a/doc/crypto/engine.pod b/doc/crypto/engine.pod index 61e0264bb7..c77dad5562 100644 --- a/doc/crypto/engine.pod +++ b/doc/crypto/engine.pod @@ -187,7 +187,7 @@ tell which one you are dealing with at any given point in time (after all they are both simply (ENGINE *) pointers, the difference is in the way they are used). -=head3 Structural references +I This basic type of reference is typically used for creating new ENGINEs dynamically, iterating across OpenSSL's internal linked-list of loaded @@ -224,7 +224,7 @@ To clarify a particular function's handling of references, one should always consult that function's documentation "man" page, or failing that the openssl/engine.h header file includes some hints. -=head3 Functional references +I As mentioned, functional references exist when the cryptographic functionality of an ENGINE is required to be available. A functional @@ -386,7 +386,7 @@ things, so we will simply illustrate the consequences as they apply to a couple of simple cases and leave developers to consider these and the source code to openssl's builtin utilities as guides. -=head3 Using a specific ENGINE implementation +I Here we'll assume an application has been configured by its user or admin to want to use the "ACME" ENGINE if it is available in the version of @@ -418,7 +418,7 @@ illustrates how to approach this; /* Release the structural reference from ENGINE_by_id() */ ENGINE_free(e); -=head3 Automatically using builtin ENGINE implementations +I Here we'll assume we want to load and register all ENGINE implementations bundled with OpenSSL, such that for any cryptographic algorithm required by @@ -469,7 +469,7 @@ in same cases both. ENGINE implementations should provide indications of this in the descriptions attached to builtin control commands and/or in external product documentation. -=head3 Issuing control commands to an ENGINE +I Let's illustrate by example; a function for which the caller supplies the name of the ENGINE it wishes to use, a table of string-pairs for use before @@ -526,7 +526,7 @@ return success without doing anything. In this case we assume the user is only supplying commands specific to the given ENGINE so we set this to FALSE. -=head3 Discovering supported control commands +I It is possible to discover at run-time the names, numerical-ids, descriptions and input parameters of the control commands supported from a structural From 24692fc5d78f7f4ed272e8fbf01fd8d858250ba9 Mon Sep 17 00:00:00 2001 From: Richard Levitte Date: Tue, 1 Apr 2003 10:59:15 +0000 Subject: [PATCH 215/393] It seems like gcc-drivven shared library building on OpenUnix 8 requires -shared rather than -G. --- Configure | 2 +- Makefile.shared | 8 ++++++-- 2 files changed, 7 insertions(+), 3 deletions(-) diff --git a/Configure b/Configure index b156d9d5cf..54536235f7 100755 --- a/Configure +++ b/Configure @@ -433,7 +433,7 @@ my %table=( "unixware-7","cc:-O -DFILIO_H -Kalloca::-Kthread::-lsocket -lnsl:BN_LLONG MD2_CHAR RC4_INDEX ${x86_gcc_des}:${x86_elf_asm}:dlfcn:svr5-shared:-Kpic::.so.\$(SHLIB_MAJOR).\$(SHLIB_MINOR)", "unixware-7-gcc","gcc:-DL_ENDIAN -DFILIO_H -O3 -fomit-frame-pointer -m486 -Wall::-D_REENTRANT::-lsocket -lnsl:BN_LLONG ${x86_gcc_des} ${x86_gcc_opts}:${x86_elf_asm}:dlfcn:gnu-shared:-fPIC::.so.\$(SHLIB_MAJOR).\$(SHLIB_MINOR)", "OpenUNIX-8","cc:-O -DFILIO_H -Kalloca::-Kthread::-lsocket -lnsl:BN_LLONG MD2_CHAR RC4_INDEX ${x86_gcc_des}:${x86_elf_asm}:dlfcn:svr5-shared:-Kpic::.so.\$(SHLIB_MAJOR).\$(SHLIB_MINOR)", -"OpenUNIX-8-gcc","gcc:-O -DFILIO_H -fomit-frame-pointer::-pthread::-lsocket -lnsl:BN_LLONG MD2_CHAR RC4_INDEX ${x86_gcc_des}:${x86_elf_asm}:dlfcn:gnu-shared:-fPIC::.so.\$(SHLIB_MAJOR).\$(SHLIB_MINOR)", +"OpenUNIX-8-gcc","gcc:-O -DFILIO_H -fomit-frame-pointer::-pthread::-lsocket -lnsl:BN_LLONG MD2_CHAR RC4_INDEX ${x86_gcc_des}:${x86_elf_asm}:dlfcn:svr5-shared:-fPIC::.so.\$(SHLIB_MAJOR).\$(SHLIB_MINOR)", "sco3-gcc", "gcc:-O3 -fomit-frame-pointer -Dssize_t=int -DNO_SYS_UN_H::(unknown)::-lsocket:BN_LLONG ${x86_gcc_des} ${x86_gcc_opts}:::", # the SCO assembler doesn't seem to like our assembler files ... # SCO 5 - Ben Laurie says the -O breaks the SCO cc. "sco5-cc", "cc:-belf::(unknown)::-lsocket -lnsl:${x86_gcc_des} ${x86_gcc_opts}:${x86_elf_asm}:dlfcn:svr3-shared:-Kpic::.so.\$(SHLIB_MAJOR).\$(SHLIB_MINOR)", diff --git a/Makefile.shared b/Makefile.shared index e33c10b5ae..3584158b9c 100644 --- a/Makefile.shared +++ b/Makefile.shared @@ -456,12 +456,14 @@ link_o.svr3: $(DO_GNU_SO); \ else \ $(CALC_VERSIONS); \ + SHARE_FLAG='-G'; \ + (${CC} -v 2>&1 | grep gcc) > /dev/null && SHARE_FLAGS='-shared'; \ SHLIB=lib$(LIBNAME).so; \ SHLIB_SUFFIX=; \ LIBDEPS="$(LIBDEPS) -lc"; \ ALLSYMSFLAGS='-z allextract'; \ NOALLSYMSFLAGS=''; \ - SHAREDFLAGS="-G -h $$SHLIB$$SHLIB_SOVER$$SHLIB_SUFFIX"; \ + SHAREDFLAGS="$${SHARE_FLAG} -h $$SHLIB$$SHLIB_SOVER$$SHLIB_SUFFIX"; \ SHAREDCMD='$(CC)'; \ fi; \ $(LINK_SO_O) @@ -470,12 +472,14 @@ link_a.svr3: $(DO_GNU_SO); \ else \ $(CALC_VERSIONS); \ + SHARE_FLAG='-G'; \ + (${CC} -v 2>&1 | grep gcc) > /dev/null && SHARE_FLAGS='-shared'; \ SHLIB=lib$(LIBNAME).so; \ SHLIB_SUFFIX=; \ LIBDEPS="$(LIBDEPS) -lc"; \ ALLSYMSFLAGS='-z allextract'; \ NOALLSYMSFLAGS=''; \ - SHAREDFLAGS="-G -h $$SHLIB$$SHLIB_SOVER$$SHLIB_SUFFIX"; \ + SHAREDFLAGS="$${SHARE_FLAG} -h $$SHLIB$$SHLIB_SOVER$$SHLIB_SUFFIX"; \ SHAREDCMD='$(CC)'; \ fi; \ $(LINK_SO_A_UNPACKED) From 5679bcce070335745652c1b9689f6ba06c7b6596 Mon Sep 17 00:00:00 2001 From: =?UTF-8?q?Bodo=20M=C3=B6ller?= Date: Wed, 2 Apr 2003 09:50:22 +0000 Subject: [PATCH 216/393] make RSA blinding thread-safe --- CHANGES | 9 +++- crypto/bn/bn.h | 2 + crypto/rsa/rsa_eay.c | 114 ++++++++++++++++++++++++++++++++++++++++--- crypto/rsa/rsa_lib.c | 11 ++++- 4 files changed, 124 insertions(+), 12 deletions(-) diff --git a/CHANGES b/CHANGES index e6a179fa52..77da6273c4 100644 --- a/CHANGES +++ b/CHANGES @@ -483,12 +483,17 @@ to avoid a timing attack. Applications that don't want it can call RSA_blinding_off() or use the new flag RSA_FLAG_NO_BLINDING. They would be ill-advised to do so in most cases. - [Ben Laurie, Steve Henson, Geoff Thorpe] + [Ben Laurie, Steve Henson, Geoff Thorpe, Bodo Moeller] *) Change RSA blinding code so that it works when the PRNG is not seeded (in this case, the secret RSA exponent is abused as an unpredictable seed -- if it is not unpredictable, there - is no point in blinding anyway). + is no point in blinding anyway). Make RSA blinding thread-safe + by remembering the creator's thread ID in rsa->blinding and + having all other threads use local one-time blinding factors + (this requires more computation than sharing rsa->blinding, but + avoids excessive locking; and if an RSA object is not shared + between threads, blinding will still be very fast). [Bodo Moeller] yet to be integrated into this CVS branch: diff --git a/crypto/bn/bn.h b/crypto/bn/bn.h index 58263baf9a..d7a5fce6ea 100644 --- a/crypto/bn/bn.h +++ b/crypto/bn/bn.h @@ -261,6 +261,8 @@ typedef struct bn_blinding_st BIGNUM *A; BIGNUM *Ai; BIGNUM *mod; /* just a reference */ + unsigned long thread_id; /* added in OpenSSL 0.9.6j and 0.9.7b; + * used only by crypto/rsa/rsa_eay.c, rsa_lib.c */ } BN_BLINDING; /* Used for montgomery multiplication */ diff --git a/crypto/rsa/rsa_eay.c b/crypto/rsa/rsa_eay.c index 6bc6ef3913..ad6ccf634d 100644 --- a/crypto/rsa/rsa_eay.c +++ b/crypto/rsa/rsa_eay.c @@ -230,6 +230,40 @@ static int rsa_eay_blinding(RSA *rsa, BN_CTX *ctx) err_instr \ } while(0) +static BN_BLINDING *setup_blinding(RSA *rsa, BN_CTX *ctx) + { + BIGNUM *A, *Ai; + BN_BLINDING *ret = NULL; + + /* added in OpenSSL 0.9.6j and 0.9.7b */ + + /* NB: similar code appears in RSA_blinding_on (rsa_lib.c); + * this should be placed in a new function of its own, but for reasons + * of binary compatibility can't */ + + BN_CTX_start(ctx); + A = BN_CTX_get(ctx); + if ((RAND_status() == 0) && rsa->d != NULL && rsa->d->d != NULL) + { + /* if PRNG is not properly seeded, resort to secret exponent as unpredictable seed */ + RAND_add(rsa->d->d, rsa->d->dmax * sizeof rsa->d->d[0], 0); + if (!BN_pseudo_rand_range(A,rsa->n)) goto err; + } + else + { + if (!BN_rand_range(A,rsa->n)) goto err; + } + if ((Ai=BN_mod_inverse(NULL,A,rsa->n,ctx)) == NULL) goto err; + + if (!rsa->meth->bn_mod_exp(A,A,rsa->e,rsa->n,ctx,rsa->_method_mod_n)) + goto err; + ret = BN_BLINDING_new(A,Ai,rsa->n); + BN_free(Ai); +err: + BN_CTX_end(ctx); + return ret; + } + /* signing */ static int RSA_eay_private_encrypt(int flen, const unsigned char *from, unsigned char *to, RSA *rsa, int padding) @@ -238,6 +272,8 @@ static int RSA_eay_private_encrypt(int flen, const unsigned char *from, int i,j,k,num=0,r= -1; unsigned char *buf=NULL; BN_CTX *ctx=NULL; + int local_blinding = 0; + BN_BLINDING *blinding = NULL; BN_init(&f); BN_init(&ret); @@ -275,9 +311,38 @@ static int RSA_eay_private_encrypt(int flen, const unsigned char *from, } BLINDING_HELPER(rsa, ctx, goto err;); - + blinding = rsa->blinding; + + /* Now unless blinding is disabled, 'blinding' is non-NULL. + * But the BN_BLINDING object may be owned by some other thread + * (we don't want to keep it constant and we don't want to use + * lots of locking to avoid race conditions, so only a single + * thread can use it; other threads have to use local blinding + * factors) */ if (!(rsa->flags & RSA_FLAG_NO_BLINDING)) - if (!BN_BLINDING_convert(&f,rsa->blinding,ctx)) goto err; + { + if (blinding == NULL) + { + RSAerr(RSA_F_RSA_EAY_PRIVATE_ENCRYPT, ERR_R_INTERNAL_ERROR); + goto err; + } + } + + if (blinding != NULL) + { + if (blinding->thread_id != CRYPTO_thread_id()) + { + /* we need a local one-time blinding factor */ + + blinding = setup_blinding(rsa, ctx); + if (blinding == NULL) + goto err; + local_blinding = 1; + } + } + + if (blinding) + if (!BN_BLINDING_convert(&f, blinding, ctx)) goto err; if ( (rsa->flags & RSA_FLAG_EXT_PKEY) || ((rsa->p != NULL) && @@ -293,8 +358,8 @@ static int RSA_eay_private_encrypt(int flen, const unsigned char *from, rsa->_method_mod_n)) goto err; } - if (!(rsa->flags & RSA_FLAG_NO_BLINDING)) - if (!BN_BLINDING_invert(&ret,rsa->blinding,ctx)) goto err; + if (blinding) + if (!BN_BLINDING_invert(&ret, blinding, ctx)) goto err; /* put in leading 0 bytes if the number is less than the * length of the modulus */ @@ -308,6 +373,8 @@ err: if (ctx != NULL) BN_CTX_free(ctx); BN_clear_free(&ret); BN_clear_free(&f); + if (local_blinding) + BN_BLINDING_free(blinding); if (buf != NULL) { OPENSSL_cleanse(buf,num); @@ -324,6 +391,8 @@ static int RSA_eay_private_decrypt(int flen, const unsigned char *from, unsigned char *p; unsigned char *buf=NULL; BN_CTX *ctx=NULL; + int local_blinding = 0; + BN_BLINDING *blinding = NULL; BN_init(&f); BN_init(&ret); @@ -356,9 +425,38 @@ static int RSA_eay_private_decrypt(int flen, const unsigned char *from, } BLINDING_HELPER(rsa, ctx, goto err;); - + blinding = rsa->blinding; + + /* Now unless blinding is disabled, 'blinding' is non-NULL. + * But the BN_BLINDING object may be owned by some other thread + * (we don't want to keep it constant and we don't want to use + * lots of locking to avoid race conditions, so only a single + * thread can use it; other threads have to use local blinding + * factors) */ if (!(rsa->flags & RSA_FLAG_NO_BLINDING)) - if (!BN_BLINDING_convert(&f,rsa->blinding,ctx)) goto err; + { + if (blinding == NULL) + { + RSAerr(RSA_F_RSA_EAY_PRIVATE_DECRYPT, ERR_R_INTERNAL_ERROR); + goto err; + } + } + + if (blinding != NULL) + { + if (blinding->thread_id != CRYPTO_thread_id()) + { + /* we need a local one-time blinding factor */ + + blinding = setup_blinding(rsa, ctx); + if (blinding == NULL) + goto err; + local_blinding = 1; + } + } + + if (blinding) + if (!BN_BLINDING_convert(&f, blinding, ctx)) goto err; /* do the decrypt */ if ( (rsa->flags & RSA_FLAG_EXT_PKEY) || @@ -376,8 +474,8 @@ static int RSA_eay_private_decrypt(int flen, const unsigned char *from, goto err; } - if (!(rsa->flags & RSA_FLAG_NO_BLINDING)) - if (!BN_BLINDING_invert(&ret,rsa->blinding,ctx)) goto err; + if (blinding) + if (!BN_BLINDING_invert(&ret, blinding, ctx)) goto err; p=buf; j=BN_bn2bin(&ret,p); /* j is only used with no-padding mode */ diff --git a/crypto/rsa/rsa_lib.c b/crypto/rsa/rsa_lib.c index 33ca8330c9..3ebde4fd93 100644 --- a/crypto/rsa/rsa_lib.c +++ b/crypto/rsa/rsa_lib.c @@ -329,6 +329,10 @@ int RSA_blinding_on(RSA *rsa, BN_CTX *p_ctx) if (rsa->blinding != NULL) BN_BLINDING_free(rsa->blinding); + /* NB: similar code appears in setup_blinding (rsa_eay.c); + * this should be placed in a new function of its own, but for reasons + * of binary compatibility can't */ + BN_CTX_start(ctx); A = BN_CTX_get(ctx); if ((RAND_status() == 0) && rsa->d != NULL && rsa->d->d != NULL) @@ -344,8 +348,11 @@ int RSA_blinding_on(RSA *rsa, BN_CTX *p_ctx) if ((Ai=BN_mod_inverse(NULL,A,rsa->n,ctx)) == NULL) goto err; if (!rsa->meth->bn_mod_exp(A,A,rsa->e,rsa->n,ctx,rsa->_method_mod_n)) - goto err; - rsa->blinding=BN_BLINDING_new(A,Ai,rsa->n); + goto err; + if ((rsa->blinding=BN_BLINDING_new(A,Ai,rsa->n)) == NULL) goto err; + /* to make things thread-safe without excessive locking, + * rsa->blinding will be used just by the current thread: */ + rsa->blinding->thread_id = CRYPTO_thread_id(); rsa->flags |= RSA_FLAG_BLINDING; rsa->flags &= ~RSA_FLAG_NO_BLINDING; BN_free(Ai); From f85b68cd4982c28c02070c2e036da1c84cf0e7af Mon Sep 17 00:00:00 2001 From: Richard Levitte Date: Thu, 3 Apr 2003 16:33:03 +0000 Subject: [PATCH 217/393] Make it possible to have multiple active certificates with the same subject. --- CHANGES | 8 + apps/apps.c | 442 +++++++++++++++++++++++++++++++++++++++++++++++ apps/apps.h | 32 +++- apps/ca.c | 425 +++++++++------------------------------------ apps/ocsp.c | 46 ++--- apps/openssl.cnf | 2 + apps/x509.c | 78 +-------- 7 files changed, 585 insertions(+), 448 deletions(-) diff --git a/CHANGES b/CHANGES index 77da6273c4..505ef51880 100644 --- a/CHANGES +++ b/CHANGES @@ -4,6 +4,14 @@ Changes between 0.9.7a and 0.9.8 [xx XXX xxxx] + *) Make it possible to have multiple active certificates with the same + subject in the CA index file. This is done only if the keyword + 'unique_subject' is set to 'no' in the main CA section (default + if 'CA_default') of the configuration file. The value is saved + with the database itself in a separate index attribute file, + named like the index file with '.attr' appended to the name. + [Richard Levitte] + *) Generate muti valued AVAs using '+' notation in config files for req and dirName. [Steve Henson] diff --git a/apps/apps.c b/apps/apps.c index 007e3e06c3..475e47e570 100644 --- a/apps/apps.c +++ b/apps/apps.c @@ -1422,3 +1422,445 @@ char *make_config_name() return p; } + +static unsigned long index_serial_hash(const char **a) + { + const char *n; + + n=a[DB_serial]; + while (*n == '0') n++; + return(lh_strhash(n)); + } + +static int index_serial_cmp(const char **a, const char **b) + { + const char *aa,*bb; + + for (aa=a[DB_serial]; *aa == '0'; aa++); + for (bb=b[DB_serial]; *bb == '0'; bb++); + return(strcmp(aa,bb)); + } + +static int index_name_qual(char **a) + { return(a[0][0] == 'V'); } + +static unsigned long index_name_hash(const char **a) + { return(lh_strhash(a[DB_name])); } + +int index_name_cmp(const char **a, const char **b) + { return(strcmp(a[DB_name], + b[DB_name])); } + +static IMPLEMENT_LHASH_HASH_FN(index_serial_hash,const char **) +static IMPLEMENT_LHASH_COMP_FN(index_serial_cmp,const char **) +static IMPLEMENT_LHASH_HASH_FN(index_name_hash,const char **) +static IMPLEMENT_LHASH_COMP_FN(index_name_cmp,const char **) + +#undef BSIZE +#define BSIZE 256 + +BIGNUM *load_serial(char *serialfile, int create, ASN1_INTEGER **retai) + { + BIO *in=NULL; + BIGNUM *ret=NULL; + MS_STATIC char buf[1024]; + ASN1_INTEGER *ai=NULL; + + ai=ASN1_INTEGER_new(); + if (ai == NULL) goto err; + + if ((in=BIO_new(BIO_s_file())) == NULL) + { + ERR_print_errors(bio_err); + goto err; + } + + if (BIO_read_filename(in,serialfile) <= 0) + { + if (!create) + { + perror(serialfile); + goto err; + } + else + { + ASN1_INTEGER_set(ai,1); + ret=BN_new(); + if (ret == NULL) + BIO_printf(bio_err, "Out of memory\n"); + else + BN_one(ret); + } + } + else + { + if (!a2i_ASN1_INTEGER(in,ai,buf,1024)) + { + BIO_printf(bio_err,"unable to load number from %s\n", + serialfile); + goto err; + } + ret=ASN1_INTEGER_to_BN(ai,NULL); + if (ret == NULL) + { + BIO_printf(bio_err,"error converting number from bin to BIGNUM\n"); + goto err; + } + } + + if (ret && retai) + { + *retai = ai; + ai = NULL; + } + err: + if (in != NULL) BIO_free(in); + if (ai != NULL) ASN1_INTEGER_free(ai); + return(ret); + } + +int save_serial(char *serialfile, BIGNUM *serial, ASN1_INTEGER **retai) + { + BIO *out; + int ret=0; + ASN1_INTEGER *ai=NULL; + + out=BIO_new(BIO_s_file()); + if (out == NULL) + { + ERR_print_errors(bio_err); + goto err; + } + if (BIO_write_filename(out,serialfile) <= 0) + { + perror(serialfile); + goto err; + } + + if ((ai=BN_to_ASN1_INTEGER(serial,NULL)) == NULL) + { + BIO_printf(bio_err,"error converting serial to ASN.1 format\n"); + goto err; + } + i2a_ASN1_INTEGER(out,ai); + BIO_puts(out,"\n"); + ret=1; + if (retai) + { + *retai = ai; + ai = NULL; + } +err: + if (out != NULL) BIO_free_all(out); + if (ai != NULL) ASN1_INTEGER_free(ai); + return(ret); + } + +CA_DB *load_index(char *dbfile, DB_ATTR *db_attr) + { + CA_DB *retdb = NULL; + TXT_DB *tmpdb = NULL; + BIO *in = BIO_new(BIO_s_file()); + CONF *dbattr_conf = NULL; + char buf[1][BSIZE]; + long errorline= -1; + + if (in == NULL) + { + ERR_print_errors(bio_err); + goto err; + } + if (BIO_read_filename(in,dbfile) <= 0) + { + perror(dbfile); + BIO_printf(bio_err,"unable to open '%s'\n",dbfile); + goto err; + } + if ((tmpdb = TXT_DB_read(in,DB_NUMBER)) == NULL) + { + if (tmpdb != NULL) TXT_DB_free(tmpdb); + goto err; + } + +#ifndef OPENSSL_SYS_VMS + BIO_snprintf(buf[0], sizeof buf[0], "%s.attr", dbfile); +#else + BIO_snprintf(buf[0], sizeof buf[0], "%s-attr", dbfile); +#endif + dbattr_conf = NCONF_new(NULL); + if (NCONF_load(dbattr_conf,buf[0],&errorline) <= 0) + { + if (errorline > 0) + { + BIO_printf(bio_err, + "error on line %ld of db attribute file '%s'\n" + ,errorline,buf[0]); + goto err; + } + else + { + NCONF_free(dbattr_conf); + dbattr_conf = NULL; + } + } + + if ((retdb = OPENSSL_malloc(sizeof(CA_DB))) == NULL) + { + fprintf(stderr, "Out of memory\n"); + goto err; + } + + retdb->db = tmpdb; + tmpdb = NULL; + if (db_attr) + retdb->attributes = *db_attr; + else + { + retdb->attributes.unique_subject = 1; + } + + if (dbattr_conf) + { + char *p = NCONF_get_string(dbattr_conf,NULL,"unique_subject"); + if (p) + { + BIO_printf(bio_err, "DEBUG[load_index]: unique_subject = \"%s\"\n", p); + switch(*p) + { + case 'f': /* false */ + case 'F': /* FALSE */ + case 'n': /* no */ + case 'N': /* NO */ + retdb->attributes.unique_subject = 0; + break; + case 't': /* true */ + case 'T': /* TRUE */ + case 'y': /* yes */ + case 'Y': /* YES */ + default: + retdb->attributes.unique_subject = 1; + break; + } + } + } + + err: + if (dbattr_conf) NCONF_free(dbattr_conf); + if (tmpdb) TXT_DB_free(tmpdb); + if (in) BIO_free_all(in); + return retdb; + } + +int index_index(CA_DB *db) + { + if (!TXT_DB_create_index(db->db, DB_serial, NULL, + LHASH_HASH_FN(index_serial_hash), + LHASH_COMP_FN(index_serial_cmp))) + { + BIO_printf(bio_err, + "error creating serial number index:(%ld,%ld,%ld)\n", + db->db->error,db->db->arg1,db->db->arg2); + return 0; + } + + if (db->attributes.unique_subject + && !TXT_DB_create_index(db->db, DB_name, index_name_qual, + LHASH_HASH_FN(index_name_hash), + LHASH_COMP_FN(index_name_cmp))) + { + BIO_printf(bio_err,"error creating name index:(%ld,%ld,%ld)\n", + db->db->error,db->db->arg1,db->db->arg2); + return 0; + } + return 1; + } + +int save_index(char *dbfile, char *suffix, CA_DB *db) + { + char buf[3][BSIZE]; + BIO *out = BIO_new(BIO_s_file()); + int j; + + if (out == NULL) + { + ERR_print_errors(bio_err); + goto err; + } + + j = strlen(dbfile) + strlen(suffix); + if (j + 6 >= BSIZE) + { + BIO_printf(bio_err,"file name too long\n"); + goto err; + } + +#ifndef OPENSSL_SYS_VMS + j = BIO_snprintf(buf[2], sizeof buf[2], "%s.attr", dbfile); +#else + j = BIO_snprintf(buf[2], sizeof buf[2], "%s-attr", dbfile); +#endif +#ifndef OPENSSL_SYS_VMS + j = BIO_snprintf(buf[1], sizeof buf[1], "%s.attr.%s", dbfile, suffix); +#else + j = BIO_snprintf(buf[1], sizeof buf[1], "%s-attr-%s", dbfile, suffix); +#endif +#ifndef OPENSSL_SYS_VMS + j = BIO_snprintf(buf[0], sizeof buf[0], "%s.%s", dbfile, suffix); +#else + j = BIO_snprintf(buf[0], sizeof buf[0], "%s-%s", dbfile, suffix); +#endif + BIO_printf(bio_err, "DEBUG: writing \"%s\"\n", buf[0]); + if (BIO_write_filename(out,buf[0]) <= 0) + { + perror(dbfile); + BIO_printf(bio_err,"unable to open '%s'\n", dbfile); + goto err; + } + j=TXT_DB_write(out,db->db); + if (j <= 0) goto err; + + BIO_free(out); + + out = BIO_new(BIO_s_file()); + BIO_printf(bio_err, "DEBUG: writing \"%s\"\n", buf[1]); + if (BIO_write_filename(out,buf[1]) <= 0) + { + perror(buf[2]); + BIO_printf(bio_err,"unable to open '%s'\n", buf[2]); + goto err; + } + BIO_printf(out,"unique_subject = %s\n", + db->attributes.unique_subject ? "yes" : "no"); + BIO_free(out); + + return 1; + err: + return 0; + } + +int rotate_index(char *dbfile, char *new_suffix, char *old_suffix) + { + char buf[5][BSIZE]; + int i,j; + struct stat sb; + + i = strlen(dbfile) + strlen(old_suffix); + j = strlen(dbfile) + strlen(new_suffix); + if (i > j) j = i; + if (j + 6 >= BSIZE) + { + BIO_printf(bio_err,"file name too long\n"); + goto err; + } + +#ifndef OPENSSL_SYS_VMS + j = BIO_snprintf(buf[4], sizeof buf[4], "%s.attr", dbfile); +#else + j = BIO_snprintf(buf[4], sizeof buf[4], "%s-attr", dbfile); +#endif +#ifndef OPENSSL_SYS_VMS + j = BIO_snprintf(buf[2], sizeof buf[2], "%s.attr.%s", + dbfile, new_suffix); +#else + j = BIO_snprintf(buf[2], sizeof buf[2], "%s-attr-%s", + dbfile, new_suffix); +#endif +#ifndef OPENSSL_SYS_VMS + j = BIO_snprintf(buf[0], sizeof buf[0], "%s.%s", + dbfile, new_suffix); +#else + j = BIO_snprintf(buf[0], sizeof buf[0], "%s-%s", + dbfile, new_suffix); +#endif +#ifndef OPENSSL_SYS_VMS + j = BIO_snprintf(buf[1], sizeof buf[1], "%s.%s", + dbfile, old_suffix); +#else + j = BIO_snprintf(buf[1], sizeof buf[1], "%s-%s", + dbfile, old_suffix); +#endif +#ifndef OPENSSL_SYS_VMS + j = BIO_snprintf(buf[3], sizeof buf[3], "%s.attr.%s", + dbfile, old_suffix); +#else + j = BIO_snprintf(buf[3], sizeof buf[3], "%s-attr-%s", + dbfile, old_suffix); +#endif + if (stat(dbfile,&sb) < 0) + { + if (errno != ENOENT +#ifdef ENOTDIR + && errno != ENOTDIR) +#endif + goto err; + } + else + { + BIO_printf(bio_err, "DEBUG: renaming \"%s\" to \"%s\"\n", + dbfile, buf[1]); + if (rename(dbfile,buf[1]) < 0) + { + BIO_printf(bio_err, + "unable to rename %s to %s\n", + dbfile, buf[1]); + perror("reason"); + goto err; + } + } + BIO_printf(bio_err, "DEBUG: renaming \"%s\" to \"%s\"\n", + buf[0],dbfile); + if (rename(buf[0],dbfile) < 0) + { + BIO_printf(bio_err, + "unable to rename %s to %s\n", + buf[0],dbfile); + perror("reason"); + rename(buf[1],dbfile); + goto err; + } + if (stat(buf[4],&sb) < 0) + { + if (errno != ENOENT +#ifdef ENOTDIR + && errno != ENOTDIR) +#endif + goto err; + } + else + { + BIO_printf(bio_err, "DEBUG: renaming \"%s\" to \"%s\"\n", + buf[4],buf[3]); + if (rename(buf[4],buf[3]) < 0) + { + BIO_printf(bio_err, + "unable to rename %s to %s\n", + buf[4], buf[3]); + perror("reason"); + rename(dbfile,buf[0]); + rename(buf[1],dbfile); + goto err; + } + } + BIO_printf(bio_err, "DEBUG: renaming \"%s\" to \"%s\"\n", + buf[2],buf[4]); + if (rename(buf[2],buf[4]) < 0) + { + BIO_printf(bio_err, + "unable to rename %s to %s\n", + buf[2],buf[4]); + perror("reason"); + rename(buf[3],buf[4]); + rename(dbfile,buf[0]); + rename(buf[1],dbfile); + goto err; + } + return 1; + err: + return 0; + } + +void free_index(CA_DB *db) + { + TXT_DB_free(db->db); + OPENSSL_free(db); + } diff --git a/apps/apps.h b/apps/apps.h index c36b9d2566..974eb4f1c9 100644 --- a/apps/apps.h +++ b/apps/apps.h @@ -287,7 +287,37 @@ char *make_config_name(void); /* Functions defined in ca.c and also used in ocsp.c */ int unpack_revinfo(ASN1_TIME **prevtm, int *preason, ASN1_OBJECT **phold, ASN1_GENERALIZEDTIME **pinvtm, char *str); -int make_serial_index(TXT_DB *db); + +#define DB_type 0 +#define DB_exp_date 1 +#define DB_rev_date 2 +#define DB_serial 3 /* index - unique */ +#define DB_file 4 +#define DB_name 5 /* index - unique when active and not disabled */ +#define DB_NUMBER 6 + +#define DB_TYPE_REV 'R' +#define DB_TYPE_EXP 'E' +#define DB_TYPE_VAL 'V' + +typedef struct db_attr_st + { + int unique_subject; + } DB_ATTR; +typedef struct ca_db_st + { + DB_ATTR attributes; + TXT_DB *db; + } CA_DB; + +BIGNUM *load_serial(char *serialfile, int create, ASN1_INTEGER **retai); +int save_serial(char *serialfile, BIGNUM *serial, ASN1_INTEGER **retai); +CA_DB *load_index(char *dbfile, DB_ATTR *dbattr); +int index_index(CA_DB *db); +int save_index(char *dbfile, char *suffix, CA_DB *db); +int rotate_index(char *dbfile, char *new_suffix, char *old_suffix); +void free_index(CA_DB *db); +int index_name_cmp(const char **a, const char **b); X509_NAME *do_subject(char *str, long chtype); diff --git a/apps/ca.c b/apps/ca.c index 6722c5dbc9..574cdd7fdc 100644 --- a/apps/ca.c +++ b/apps/ca.c @@ -143,18 +143,6 @@ #define ENV_DATABASE "database" -#define DB_type 0 -#define DB_exp_date 1 -#define DB_rev_date 2 -#define DB_serial 3 /* index - unique */ -#define DB_file 4 -#define DB_name 5 /* index - unique for active */ -#define DB_NUMBER 6 - -#define DB_TYPE_REV 'R' -#define DB_TYPE_EXP 'E' -#define DB_TYPE_VAL 'V' - /* Additional revocation information types */ #define REV_NONE 0 /* No addditional information */ @@ -211,43 +199,36 @@ extern int EF_ALIGNMENT; #endif static void lookup_fail(char *name,char *tag); -static unsigned long index_serial_hash(const char **a); -static int index_serial_cmp(const char **a, const char **b); -static unsigned long index_name_hash(const char **a); -static int index_name_qual(char **a); -static int index_name_cmp(const char **a,const char **b); -static BIGNUM *load_serial(char *serialfile); -static int save_serial(char *serialfile, BIGNUM *serial); static int certify(X509 **xret, char *infile,EVP_PKEY *pkey,X509 *x509, - const EVP_MD *dgst,STACK_OF(CONF_VALUE) *policy,TXT_DB *db, + const EVP_MD *dgst,STACK_OF(CONF_VALUE) *policy,CA_DB *db, BIGNUM *serial, char *subj, int email_dn, char *startdate, char *enddate, long days, int batch, char *ext_sect, CONF *conf, int verbose, unsigned long certopt, unsigned long nameopt, int default_op, int ext_copy); static int certify_cert(X509 **xret, char *infile,EVP_PKEY *pkey,X509 *x509, const EVP_MD *dgst,STACK_OF(CONF_VALUE) *policy, - TXT_DB *db, BIGNUM *serial, char *subj, int email_dn, + CA_DB *db, BIGNUM *serial, char *subj, int email_dn, char *startdate, char *enddate, long days, int batch, char *ext_sect, CONF *conf,int verbose, unsigned long certopt, unsigned long nameopt, int default_op, int ext_copy, ENGINE *e); static int certify_spkac(X509 **xret, char *infile,EVP_PKEY *pkey,X509 *x509, const EVP_MD *dgst,STACK_OF(CONF_VALUE) *policy, - TXT_DB *db, BIGNUM *serial,char *subj, int email_dn, + CA_DB *db, BIGNUM *serial,char *subj, int email_dn, char *startdate, char *enddate, long days, char *ext_sect, CONF *conf, int verbose, unsigned long certopt, unsigned long nameopt, int default_op, int ext_copy); static int fix_data(int nid, int *type); static void write_new_certificate(BIO *bp, X509 *x, int output_der, int notext); static int do_body(X509 **xret, EVP_PKEY *pkey, X509 *x509, const EVP_MD *dgst, - STACK_OF(CONF_VALUE) *policy, TXT_DB *db, BIGNUM *serial,char *subj, + STACK_OF(CONF_VALUE) *policy, CA_DB *db, BIGNUM *serial,char *subj, int email_dn, char *startdate, char *enddate, long days, int batch, int verbose, X509_REQ *req, char *ext_sect, CONF *conf, unsigned long certopt, unsigned long nameopt, int default_op, int ext_copy); -static int do_revoke(X509 *x509, TXT_DB *db, int ext, char *extval); -static int get_certificate_status(const char *ser_status, TXT_DB *db); -static int do_updatedb(TXT_DB *db); +static int do_revoke(X509 *x509, CA_DB *db, int ext, char *extval); +static int get_certificate_status(const char *ser_status, CA_DB *db); +static int do_updatedb(CA_DB *db); static int check_time_format(char *str); char *make_revocation_str(int rev_type, char *rev_arg); int make_revoked(X509_REVOKED *rev, char *str); @@ -259,11 +240,6 @@ static char *section=NULL; static int preserve=0; static int msie_hack=0; -static IMPLEMENT_LHASH_HASH_FN(index_serial_hash,const char **) -static IMPLEMENT_LHASH_COMP_FN(index_serial_cmp,const char **) -static IMPLEMENT_LHASH_HASH_FN(index_name_hash,const char **) -static IMPLEMENT_LHASH_COMP_FN(index_name_cmp,const char **) - int MAIN(int, char **); @@ -320,14 +296,13 @@ int MAIN(int argc, char **argv) X509 *x=NULL; BIO *in=NULL,*out=NULL,*Sout=NULL,*Cout=NULL; char *dbfile=NULL; - TXT_DB *db=NULL; + CA_DB *db=NULL; X509_CRL *crl=NULL; X509_REVOKED *r=NULL; ASN1_TIME *tmptm; ASN1_INTEGER *tmpser; char **pp,*p,*f; int i,j; - long l; const EVP_MD *dgst=NULL; STACK_OF(CONF_VALUE) *attribs=NULL; STACK_OF(X509) *cert_sk=NULL; @@ -339,6 +314,7 @@ int MAIN(int argc, char **argv) char *engine = NULL; #endif char *tofree=NULL; + DB_ATTR db_attr; #ifdef EFENCE EF_PROTECT_FREE=1; @@ -659,6 +635,33 @@ bad: if (randfile == NULL) ERR_clear_error(); app_RAND_load_file(randfile, bio_err, 0); + + db_attr.unique_subject = 1; + p = NCONF_get_string(conf, section, "unique_subject"); + if (p) + { + BIO_printf(bio_err, "DEBUG: unique_subject = \"%s\"\n", p); + switch(*p) + { + case 'f': /* false */ + case 'F': /* FALSE */ + case 'n': /* no */ + case 'N': /* NO */ + db_attr.unique_subject = 0; + break; + case 't': /* true */ + case 'T': /* TRUE */ + case 'y': /* yes */ + case 'Y': /* YES */ + default: + db_attr.unique_subject = 1; + break; + } + } + else + BIO_printf(bio_err, "DEBUG: unique_subject undefined\n", p); + BIO_printf(bio_err, "DEBUG: configured unique_subject is %d\n", + db_attr.unique_subject); in=BIO_new(BIO_s_file()); out=BIO_new(BIO_s_file()); @@ -679,17 +682,10 @@ bad: lookup_fail(section,ENV_DATABASE); goto err; } - if (BIO_read_filename(in,dbfile) <= 0) - { - perror(dbfile); - BIO_printf(bio_err,"unable to open '%s'\n",dbfile); - goto err; - } - db=TXT_DB_read(in,DB_NUMBER); + db = load_index(dbfile,&db_attr); if (db == NULL) goto err; - if (!make_serial_index(db)) - goto err; + if (!index_index(db)) goto err; if (get_certificate_status(ser_status,db) != 1) BIO_printf(bio_err,"Error verifying serial %s!\n", @@ -849,19 +845,13 @@ bad: lookup_fail(section,ENV_DATABASE); goto err; } - if (BIO_read_filename(in,dbfile) <= 0) - { - perror(dbfile); - BIO_printf(bio_err,"unable to open '%s'\n",dbfile); - goto err; - } - db=TXT_DB_read(in,DB_NUMBER); + db = load_index(dbfile, &db_attr); if (db == NULL) goto err; /* Lets check some fields */ - for (i=0; idata); i++) + for (i=0; idb->data); i++) { - pp=(char **)sk_value(db->data,i); + pp=(char **)sk_value(db->db->data,i); if ((pp[DB_type][0] != DB_TYPE_REV) && (pp[DB_rev_date][0] != '\0')) { @@ -912,23 +902,13 @@ bad: out = BIO_push(tmpbio, out); } #endif - TXT_DB_write(out,db); + TXT_DB_write(out,db->db); BIO_printf(bio_err,"%d entries loaded from the database\n", - db->data->num); + db->db->data->num); BIO_printf(bio_err,"generating index\n"); } - if (!make_serial_index(db)) - goto err; - - if (!TXT_DB_create_index(db, DB_name, index_name_qual, - LHASH_HASH_FN(index_name_hash), - LHASH_COMP_FN(index_name_cmp))) - { - BIO_printf(bio_err,"error creating name index:(%ld,%ld,%ld)\n", - db->error,db->arg1,db->arg2); - goto err; - } + if (!index_index(db)) goto err; /*****************************************************************/ /* Update the db file for expired certificates */ @@ -951,62 +931,9 @@ bad: } else { - out = BIO_new(BIO_s_file()); - if (out == NULL) - { - ERR_print_errors(bio_err); - goto err; - } - -#ifndef OPENSSL_SYS_VMS - j = BIO_snprintf(buf[0], sizeof buf[0], "%s.new", dbfile); -#else - j = BIO_snprintf(buf[0], sizeof buf[0], "%s-new", dbfile); -#endif - if (j < 0 || j >= sizeof buf[0]) - { - BIO_printf(bio_err, "file name too long\n"); - goto err; - } - if (BIO_write_filename(out,buf[0]) <= 0) - { - perror(dbfile); - BIO_printf(bio_err,"unable to open '%s'\n", - dbfile); - goto err; - } - j=TXT_DB_write(out,db); - if (j <= 0) goto err; - - BIO_free(out); - out = NULL; -#ifndef OPENSSL_SYS_VMS - j = BIO_snprintf(buf[1], sizeof buf[1], "%s.old", dbfile); -#else - j = BIO_snprintf(buf[1], sizeof buf[1], "%s-old", dbfile); -#endif - if (j < 0 || j >= sizeof buf[1]) - { - BIO_printf(bio_err, "file name too long\n"); - goto err; - } - if (rename(dbfile,buf[1]) < 0) - { - BIO_printf(bio_err, - "unable to rename %s to %s\n", - dbfile, buf[1]); - perror("reason"); - goto err; - } - if (rename(buf[0],dbfile) < 0) - { - BIO_printf(bio_err, - "unable to rename %s to %s\n", - buf[0],dbfile); - perror("reason"); - rename(buf[1],dbfile); - goto err; - } + if (!save_index(dbfile,"new",db)) goto err; + + if (!rotate_index(dbfile,"new","old")) goto err; if (verbose) BIO_printf(bio_err, "Done. %d entries marked as expired\n",i); @@ -1167,7 +1094,7 @@ bad: goto err; } - if ((serial=load_serial(serialfile)) == NULL) + if ((serial=load_serial(serialfile, 0, NULL)) == NULL) { BIO_printf(bio_err,"error while loading serial number\n"); goto err; @@ -1315,24 +1242,9 @@ bad: strcat(buf[0],".new"); #endif - if (!save_serial(buf[0],serial)) goto err; + if (!save_serial(buf[0],serial,NULL)) goto err; - strcpy(buf[1],dbfile); - -#ifdef OPENSSL_SYS_VMS - strcat(buf[1],"-new"); -#else - strcat(buf[1],".new"); -#endif - - if (BIO_write_filename(out,buf[1]) <= 0) - { - perror(dbfile); - BIO_printf(bio_err,"unable to open '%s'\n",dbfile); - goto err; - } - l=TXT_DB_write(out,db); - if (l <= 0) goto err; + if (!save_index(dbfile, "new", db)) goto err; } if (verbose) @@ -1419,30 +1331,8 @@ bad: goto err; } - strncpy(buf[2],dbfile,BSIZE-4); - buf[2][BSIZE-4]='\0'; + if (!rotate_index(dbfile,"new","old")) goto err; -#ifdef OPENSSL_SYS_VMS - strcat(buf[2],"-old"); -#else - strcat(buf[2],".old"); -#endif - - if (rename(dbfile,buf[2]) < 0) - { - BIO_printf(bio_err,"unable to rename %s to %s\n", - dbfile,buf[2]); - perror("reason"); - goto err; - } - if (rename(buf[1],dbfile) < 0) - { - BIO_printf(bio_err,"unable to rename %s to %s\n", - buf[1],dbfile); - perror("reason"); - rename(buf[2],dbfile); - goto err; - } BIO_printf(bio_err,"Data Base Updated\n"); } } @@ -1501,9 +1391,9 @@ bad: ASN1_TIME_free(tmptm); - for (i=0; idata); i++) + for (i=0; idb->data); i++) { - pp=(char **)sk_value(db->data,i); + pp=(char **)sk_value(db->db->data,i); if (pp[DB_type][0] == DB_TYPE_REV) { if ((r=X509_REVOKED_new()) == NULL) goto err; @@ -1592,50 +1482,10 @@ bad: if (j <= 0) goto err; X509_free(revcert); - if(strlen(dbfile) > BSIZE-5) - { - BIO_printf(bio_err,"filename too long\n"); - goto err; - } + if (!save_index(dbfile, "new", db)) goto err; + + if (!rotate_index(dbfile, "new", "old")) goto err; - strcpy(buf[0],dbfile); -#ifndef OPENSSL_SYS_VMS - strcat(buf[0],".new"); -#else - strcat(buf[0],"-new"); -#endif - if (BIO_write_filename(out,buf[0]) <= 0) - { - perror(dbfile); - BIO_printf(bio_err,"unable to open '%s'\n",dbfile); - goto err; - } - j=TXT_DB_write(out,db); - if (j <= 0) goto err; - strncpy(buf[1],dbfile,BSIZE-4); - buf[1][BSIZE-4]='\0'; -#ifndef OPENSSL_SYS_VMS - strcat(buf[1],".old"); -#else - strcat(buf[1],"-old"); -#endif - BIO_free(in); - in = NULL; - BIO_free(out); - out = NULL; - if (rename(dbfile,buf[1]) < 0) - { - BIO_printf(bio_err,"unable to rename %s to %s\n", dbfile, buf[1]); - perror("reason"); - goto err; - } - if (rename(buf[0],dbfile) < 0) - { - BIO_printf(bio_err,"unable to rename %s to %s\n", buf[0],dbfile); - perror("reason"); - rename(buf[1],dbfile); - goto err; - } BIO_printf(bio_err,"Data Base Updated\n"); } } @@ -1657,7 +1507,7 @@ err: if (free_key && key) OPENSSL_free(key); BN_free(serial); - TXT_DB_free(db); + free_index(db); EVP_PKEY_free(pkey); X509_free(x509); X509_CRL_free(crl); @@ -1672,106 +1522,8 @@ static void lookup_fail(char *name, char *tag) BIO_printf(bio_err,"variable lookup failed for %s::%s\n",name,tag); } -static unsigned long index_serial_hash(const char **a) - { - const char *n; - - n=a[DB_serial]; - while (*n == '0') n++; - return(lh_strhash(n)); - } - -static int index_serial_cmp(const char **a, const char **b) - { - const char *aa,*bb; - - for (aa=a[DB_serial]; *aa == '0'; aa++); - for (bb=b[DB_serial]; *bb == '0'; bb++); - return(strcmp(aa,bb)); - } - -static unsigned long index_name_hash(const char **a) - { return(lh_strhash(a[DB_name])); } - -static int index_name_qual(char **a) - { return(a[0][0] == 'V'); } - -static int index_name_cmp(const char **a, const char **b) - { return(strcmp(a[DB_name], - b[DB_name])); } - -static BIGNUM *load_serial(char *serialfile) - { - BIO *in=NULL; - BIGNUM *ret=NULL; - MS_STATIC char buf[1024]; - ASN1_INTEGER *ai=NULL; - - if ((in=BIO_new(BIO_s_file())) == NULL) - { - ERR_print_errors(bio_err); - goto err; - } - - if (BIO_read_filename(in,serialfile) <= 0) - { - perror(serialfile); - goto err; - } - ai=ASN1_INTEGER_new(); - if (ai == NULL) goto err; - if (!a2i_ASN1_INTEGER(in,ai,buf,1024)) - { - BIO_printf(bio_err,"unable to load number from %s\n", - serialfile); - goto err; - } - ret=ASN1_INTEGER_to_BN(ai,NULL); - if (ret == NULL) - { - BIO_printf(bio_err,"error converting number from bin to BIGNUM\n"); - goto err; - } -err: - if (in != NULL) BIO_free(in); - if (ai != NULL) ASN1_INTEGER_free(ai); - return(ret); - } - -static int save_serial(char *serialfile, BIGNUM *serial) - { - BIO *out; - int ret=0; - ASN1_INTEGER *ai=NULL; - - out=BIO_new(BIO_s_file()); - if (out == NULL) - { - ERR_print_errors(bio_err); - goto err; - } - if (BIO_write_filename(out,serialfile) <= 0) - { - perror(serialfile); - goto err; - } - - if ((ai=BN_to_ASN1_INTEGER(serial,NULL)) == NULL) - { - BIO_printf(bio_err,"error converting serial to ASN.1 format\n"); - goto err; - } - i2a_ASN1_INTEGER(out,ai); - BIO_puts(out,"\n"); - ret=1; -err: - if (out != NULL) BIO_free_all(out); - if (ai != NULL) ASN1_INTEGER_free(ai); - return(ret); - } - static int certify(X509 **xret, char *infile, EVP_PKEY *pkey, X509 *x509, - const EVP_MD *dgst, STACK_OF(CONF_VALUE) *policy, TXT_DB *db, + const EVP_MD *dgst, STACK_OF(CONF_VALUE) *policy, CA_DB *db, BIGNUM *serial, char *subj, int email_dn, char *startdate, char *enddate, long days, int batch, char *ext_sect, CONF *lconf, int verbose, unsigned long certopt, unsigned long nameopt, int default_op, @@ -1833,7 +1585,7 @@ err: } static int certify_cert(X509 **xret, char *infile, EVP_PKEY *pkey, X509 *x509, - const EVP_MD *dgst, STACK_OF(CONF_VALUE) *policy, TXT_DB *db, + const EVP_MD *dgst, STACK_OF(CONF_VALUE) *policy, CA_DB *db, BIGNUM *serial, char *subj, int email_dn, char *startdate, char *enddate, long days, int batch, char *ext_sect, CONF *lconf, int verbose, unsigned long certopt, unsigned long nameopt, int default_op, @@ -1887,7 +1639,7 @@ err: } static int do_body(X509 **xret, EVP_PKEY *pkey, X509 *x509, const EVP_MD *dgst, - STACK_OF(CONF_VALUE) *policy, TXT_DB *db, BIGNUM *serial, char *subj, + STACK_OF(CONF_VALUE) *policy, CA_DB *db, BIGNUM *serial, char *subj, int email_dn, char *startdate, char *enddate, long days, int batch, int verbose, X509_REQ *req, char *ext_sect, CONF *lconf, unsigned long certopt, unsigned long nameopt, int default_op, @@ -1905,7 +1657,7 @@ static int do_body(X509 **xret, EVP_PKEY *pkey, X509 *x509, const EVP_MD *dgst, int ok= -1,i,j,last,nid; char *p; CONF_VALUE *cv; - char *row[DB_NUMBER],**rrow,**irow=NULL; + char *row[DB_NUMBER],**rrow=NULL,**irow=NULL; char buf[25]; tmptm=ASN1_UTCTIME_new(); @@ -2142,15 +1894,19 @@ again2: goto err; } - rrow=TXT_DB_get_by_index(db,DB_name,row); - if (rrow != NULL) + if (db->attributes.unique_subject) { - BIO_printf(bio_err,"ERROR:There is already a certificate for %s\n", - row[DB_name]); + rrow=TXT_DB_get_by_index(db->db,DB_name,row); + if (rrow != NULL) + { + BIO_printf(bio_err, + "ERROR:There is already a certificate for %s\n", + row[DB_name]); + } } - else + if (rrow == NULL) { - rrow=TXT_DB_get_by_index(db,DB_serial,row); + rrow=TXT_DB_get_by_index(db->db,DB_serial,row); if (rrow != NULL) { BIO_printf(bio_err,"ERROR:Serial number %s has already been issued,\n", @@ -2384,10 +2140,10 @@ again2: } irow[DB_NUMBER]=NULL; - if (!TXT_DB_insert(db,irow)) + if (!TXT_DB_insert(db->db,irow)) { BIO_printf(bio_err,"failed to update database\n"); - BIO_printf(bio_err,"TXT_DB error number %ld\n",db->error); + BIO_printf(bio_err,"TXT_DB error number %ld\n",db->db->error); goto err; } ok=1; @@ -2438,7 +2194,7 @@ static void write_new_certificate(BIO *bp, X509 *x, int output_der, int notext) } static int certify_spkac(X509 **xret, char *infile, EVP_PKEY *pkey, X509 *x509, - const EVP_MD *dgst, STACK_OF(CONF_VALUE) *policy, TXT_DB *db, + const EVP_MD *dgst, STACK_OF(CONF_VALUE) *policy, CA_DB *db, BIGNUM *serial, char *subj, int email_dn, char *startdate, char *enddate, long days, char *ext_sect, CONF *lconf, int verbose, unsigned long certopt, unsigned long nameopt, int default_op, int ext_copy) @@ -2617,7 +2373,7 @@ static int check_time_format(char *str) return(ASN1_UTCTIME_check(&tm)); } -static int do_revoke(X509 *x509, TXT_DB *db, int type, char *value) +static int do_revoke(X509 *x509, CA_DB *db, int type, char *value) { ASN1_UTCTIME *tm=NULL; char *row[DB_NUMBER],**rrow,**irow; @@ -2642,10 +2398,10 @@ static int do_revoke(X509 *x509, TXT_DB *db, int type, char *value) /* We have to lookup by serial number because name lookup * skips revoked certs */ - rrow=TXT_DB_get_by_index(db,DB_serial,row); + rrow=TXT_DB_get_by_index(db->db,DB_serial,row); if (rrow == NULL) { - BIO_printf(bio_err,"Adding Entry to DB for %s\n", row[DB_name]); + BIO_printf(bio_err,"Adding Entry with serial number %s to DB for %s\n", row[DB_serial], row[DB_name]); /* We now just add it to the database */ row[DB_type]=(char *)OPENSSL_malloc(2); @@ -2685,10 +2441,10 @@ static int do_revoke(X509 *x509, TXT_DB *db, int type, char *value) } irow[DB_NUMBER]=NULL; - if (!TXT_DB_insert(db,irow)) + if (!TXT_DB_insert(db->db,irow)) { BIO_printf(bio_err,"failed to update database\n"); - BIO_printf(bio_err,"TXT_DB error number %ld\n",db->error); + BIO_printf(bio_err,"TXT_DB error number %ld\n",db->db->error); goto err; } @@ -2733,7 +2489,7 @@ err: return(ok); } -static int get_certificate_status(const char *serial, TXT_DB *db) +static int get_certificate_status(const char *serial, CA_DB *db) { char *row[DB_NUMBER],**rrow; int ok=-1,i; @@ -2774,7 +2530,7 @@ static int get_certificate_status(const char *serial, TXT_DB *db) ok=1; /* Search for the certificate */ - rrow=TXT_DB_get_by_index(db,DB_serial,row); + rrow=TXT_DB_get_by_index(db->db,DB_serial,row); if (rrow == NULL) { BIO_printf(bio_err,"Serial %s not present in db.\n", @@ -2821,7 +2577,7 @@ err: return(ok); } -static int do_updatedb (TXT_DB *db) +static int do_updatedb (CA_DB *db) { ASN1_UTCTIME *a_tm = NULL; int i, cnt = 0; @@ -2847,9 +2603,9 @@ static int do_updatedb (TXT_DB *db) else a_y2k = 0; - for (i = 0; i < sk_num(db->data); i++) + for (i = 0; i < sk_num(db->db->data); i++) { - rrow = (char **) sk_value(db->data, i); + rrow = (char **) sk_value(db->db->data, i); if (rrow[DB_type][0] == 'V') { @@ -3337,16 +3093,3 @@ int unpack_revinfo(ASN1_TIME **prevtm, int *preason, ASN1_OBJECT **phold, ASN1_G return ret; } -int make_serial_index(TXT_DB *db) - { - if (!TXT_DB_create_index(db, DB_serial, NULL, - LHASH_HASH_FN(index_serial_hash), - LHASH_COMP_FN(index_serial_cmp))) - { - BIO_printf(bio_err, - "error creating serial number index:(%ld,%ld,%ld)\n", - db->error,db->arg1,db->arg2); - return 0; - } - return 1; - } diff --git a/apps/ocsp.c b/apps/ocsp.c index 17e84366d9..885e68e363 100644 --- a/apps/ocsp.c +++ b/apps/ocsp.c @@ -68,19 +68,6 @@ /* Maximum leeway in validity period: default 5 minutes */ #define MAX_VALIDITY_PERIOD (5 * 60) -/* CA index.txt definitions */ -#define DB_type 0 -#define DB_exp_date 1 -#define DB_rev_date 2 -#define DB_serial 3 /* index - unique */ -#define DB_file 4 -#define DB_name 5 /* index - unique for active */ -#define DB_NUMBER 6 - -#define DB_TYPE_REV 'R' -#define DB_TYPE_EXP 'E' -#define DB_TYPE_VAL 'V' - static int add_ocsp_cert(OCSP_REQUEST **req, X509 *cert, X509 *issuer, STACK_OF(OCSP_CERTID) *ids); static int add_ocsp_serial(OCSP_REQUEST **req, char *serial, X509 *issuer, @@ -89,12 +76,12 @@ static int print_ocsp_summary(BIO *out, OCSP_BASICRESP *bs, OCSP_REQUEST *req, STACK *names, STACK_OF(OCSP_CERTID) *ids, long nsec, long maxage); -static int make_ocsp_response(OCSP_RESPONSE **resp, OCSP_REQUEST *req, TXT_DB *db, +static int make_ocsp_response(OCSP_RESPONSE **resp, OCSP_REQUEST *req, CA_DB *db, X509 *ca, X509 *rcert, EVP_PKEY *rkey, STACK_OF(X509) *rother, unsigned long flags, int nmin, int ndays); -static char **lookup_serial(TXT_DB *db, ASN1_INTEGER *ser); +static char **lookup_serial(CA_DB *db, ASN1_INTEGER *ser); static BIO *init_responder(char *port); static int do_responder(OCSP_REQUEST **preq, BIO **pcbio, BIO *acbio, char *port); static int send_ocsp_response(BIO *cbio, OCSP_RESPONSE *resp); @@ -142,7 +129,7 @@ int MAIN(int argc, char **argv) X509 *rca_cert = NULL; char *ridx_filename = NULL; char *rca_filename = NULL; - TXT_DB *rdb = NULL; + CA_DB *rdb = NULL; int nmin = 0, ndays = -1; if (bio_err == NULL) bio_err = BIO_new_fp(stderr, BIO_NOCLOSE); @@ -697,22 +684,9 @@ int MAIN(int argc, char **argv) if (ridx_filename && !rdb) { - BIO *db_bio = NULL; - db_bio = BIO_new_file(ridx_filename, "r"); - if (!db_bio) - { - BIO_printf(bio_err, "Error opening index file %s\n", ridx_filename); - goto end; - } - rdb = TXT_DB_read(db_bio, DB_NUMBER); - BIO_free(db_bio); - if (!rdb) - { - BIO_printf(bio_err, "Error reading index file %s\n", ridx_filename); - goto end; - } - if (!make_serial_index(rdb)) - goto end; + rdb = load_index(ridx_filename, NULL); + if (!rdb) goto end; + if (!index_index(rdb)) goto end; } if (rdb) @@ -894,7 +868,7 @@ end: X509_free(cert); X509_free(rsigner); X509_free(rca_cert); - TXT_DB_free(rdb); + free_index(rdb); BIO_free_all(cbio); BIO_free_all(acbio); BIO_free(out); @@ -1036,7 +1010,7 @@ static int print_ocsp_summary(BIO *out, OCSP_BASICRESP *bs, OCSP_REQUEST *req, } -static int make_ocsp_response(OCSP_RESPONSE **resp, OCSP_REQUEST *req, TXT_DB *db, +static int make_ocsp_response(OCSP_RESPONSE **resp, OCSP_REQUEST *req, CA_DB *db, X509 *ca, X509 *rcert, EVP_PKEY *rkey, STACK_OF(X509) *rother, unsigned long flags, int nmin, int ndays) @@ -1128,7 +1102,7 @@ static int make_ocsp_response(OCSP_RESPONSE **resp, OCSP_REQUEST *req, TXT_DB *d } -static char **lookup_serial(TXT_DB *db, ASN1_INTEGER *ser) +static char **lookup_serial(CA_DB *db, ASN1_INTEGER *ser) { int i; BIGNUM *bn = NULL; @@ -1141,7 +1115,7 @@ static char **lookup_serial(TXT_DB *db, ASN1_INTEGER *ser) itmp = BN_bn2hex(bn); row[DB_serial] = itmp; BN_free(bn); - rrow=TXT_DB_get_by_index(db,DB_serial,row); + rrow=TXT_DB_get_by_index(db->db,DB_serial,row); OPENSSL_free(itmp); return rrow; } diff --git a/apps/openssl.cnf b/apps/openssl.cnf index eca51c3322..2696044cf1 100644 --- a/apps/openssl.cnf +++ b/apps/openssl.cnf @@ -38,6 +38,8 @@ dir = ./demoCA # Where everything is kept certs = $dir/certs # Where the issued certs are kept crl_dir = $dir/crl # Where the issued crl are kept database = $dir/index.txt # database index file. +#unique_subject = no # Set to 'no' to allow creation of + # several ctificates with same subject. new_certs_dir = $dir/newcerts # default place for new certs. certificate = $dir/cacert.pem # The CA certificate diff --git a/apps/x509.c b/apps/x509.c index 9a6f981790..64eb83dd6e 100644 --- a/apps/x509.c +++ b/apps/x509.c @@ -1034,12 +1034,11 @@ end: OPENSSL_EXIT(ret); } -static ASN1_INTEGER *load_serial(char *CAfile, char *serialfile, int create) +static ASN1_INTEGER *x509_load_serial(char *CAfile, char *serialfile, int create) { char *buf = NULL, *p; MS_STATIC char buf2[1024]; - ASN1_INTEGER *bs = NULL, *bs2 = NULL; - BIO *io = NULL; + ASN1_INTEGER *bs = NULL; BIGNUM *serial = NULL; buf=OPENSSL_malloc( ((serialfile == NULL) @@ -1059,80 +1058,19 @@ static ASN1_INTEGER *load_serial(char *CAfile, char *serialfile, int create) } else strcpy(buf,serialfile); - serial=BN_new(); - bs=ASN1_INTEGER_new(); - if ((serial == NULL) || (bs == NULL)) - { - ERR_print_errors(bio_err); - goto end; - } - io=BIO_new(BIO_s_file()); - if (io == NULL) - { - ERR_print_errors(bio_err); - goto end; - } - - if (BIO_read_filename(io,buf) <= 0) - { - if (!create) - { - perror(buf); - goto end; - } - else - { - ASN1_INTEGER_set(bs,1); - BN_one(serial); - } - } - else - { - if (!a2i_ASN1_INTEGER(io,bs,buf2,sizeof buf2)) - { - BIO_printf(bio_err,"unable to load serial number from %s\n",buf); - ERR_print_errors(bio_err); - goto end; - } - else - { - serial=BN_bin2bn(bs->data,bs->length,serial); - if (serial == NULL) - { - BIO_printf(bio_err,"error converting bin 2 bn"); - goto end; - } - } - } + serial = load_serial(buf, create, NULL); + if (serial == NULL) goto end; if (!BN_add_word(serial,1)) { BIO_printf(bio_err,"add_word failure\n"); goto end; } - if (!(bs2 = BN_to_ASN1_INTEGER(serial, NULL))) - { BIO_printf(bio_err,"error converting bn 2 asn1_integer\n"); goto end; } - if (BIO_write_filename(io,buf) <= 0) - { - BIO_printf(bio_err,"error attempting to write serial number file\n"); - perror(buf); - goto end; - } - i2a_ASN1_INTEGER(io,bs2); - BIO_puts(io,"\n"); - BIO_free(io); + if (!save_serial(buf, serial, &bs)) goto end; + + end: if (buf) OPENSSL_free(buf); - ASN1_INTEGER_free(bs2); BN_free(serial); - io=NULL; return bs; - - end: - if (buf) OPENSSL_free(buf); - BIO_free(io); - ASN1_INTEGER_free(bs); - BN_free(serial); - return NULL; - } static int x509_certify(X509_STORE *ctx, char *CAfile, const EVP_MD *digest, @@ -1154,7 +1092,7 @@ static int x509_certify(X509_STORE *ctx, char *CAfile, const EVP_MD *digest, goto end; } if (sno) bs = sno; - else if (!(bs = load_serial(CAfile, serialfile, create))) + else if (!(bs = x509_load_serial(CAfile, serialfile, create))) goto end; if (!X509_STORE_add_cert(ctx,x)) goto end; From 63b6fe2bf6d33222546b83755f65896d73cf940b Mon Sep 17 00:00:00 2001 From: Richard Levitte Date: Thu, 3 Apr 2003 18:07:39 +0000 Subject: [PATCH 218/393] Conditionalise all debug strings. --- apps/apps.c | 12 ++++++++++++ apps/ca.c | 6 ++++++ 2 files changed, 18 insertions(+) diff --git a/apps/apps.c b/apps/apps.c index 475e47e570..bdd14dd51b 100644 --- a/apps/apps.c +++ b/apps/apps.c @@ -1709,7 +1709,9 @@ int save_index(char *dbfile, char *suffix, CA_DB *db) #else j = BIO_snprintf(buf[0], sizeof buf[0], "%s-%s", dbfile, suffix); #endif +#ifdef RL_DEBUG BIO_printf(bio_err, "DEBUG: writing \"%s\"\n", buf[0]); +#endif if (BIO_write_filename(out,buf[0]) <= 0) { perror(dbfile); @@ -1722,7 +1724,9 @@ int save_index(char *dbfile, char *suffix, CA_DB *db) BIO_free(out); out = BIO_new(BIO_s_file()); +#ifdef RL_DEBUG BIO_printf(bio_err, "DEBUG: writing \"%s\"\n", buf[1]); +#endif if (BIO_write_filename(out,buf[1]) <= 0) { perror(buf[2]); @@ -1796,8 +1800,10 @@ int rotate_index(char *dbfile, char *new_suffix, char *old_suffix) } else { +#ifdef RL_DEBUG BIO_printf(bio_err, "DEBUG: renaming \"%s\" to \"%s\"\n", dbfile, buf[1]); +#endif if (rename(dbfile,buf[1]) < 0) { BIO_printf(bio_err, @@ -1807,8 +1813,10 @@ int rotate_index(char *dbfile, char *new_suffix, char *old_suffix) goto err; } } +#ifdef RL_DEBUG BIO_printf(bio_err, "DEBUG: renaming \"%s\" to \"%s\"\n", buf[0],dbfile); +#endif if (rename(buf[0],dbfile) < 0) { BIO_printf(bio_err, @@ -1828,8 +1836,10 @@ int rotate_index(char *dbfile, char *new_suffix, char *old_suffix) } else { +#ifdef RL_DEBUG BIO_printf(bio_err, "DEBUG: renaming \"%s\" to \"%s\"\n", buf[4],buf[3]); +#endif if (rename(buf[4],buf[3]) < 0) { BIO_printf(bio_err, @@ -1841,8 +1851,10 @@ int rotate_index(char *dbfile, char *new_suffix, char *old_suffix) goto err; } } +#ifdef RL_DEBUG BIO_printf(bio_err, "DEBUG: renaming \"%s\" to \"%s\"\n", buf[2],buf[4]); +#endif if (rename(buf[2],buf[4]) < 0) { BIO_printf(bio_err, diff --git a/apps/ca.c b/apps/ca.c index 574cdd7fdc..0f8abc85ee 100644 --- a/apps/ca.c +++ b/apps/ca.c @@ -640,7 +640,9 @@ bad: p = NCONF_get_string(conf, section, "unique_subject"); if (p) { +#ifdef RL_DEBUG BIO_printf(bio_err, "DEBUG: unique_subject = \"%s\"\n", p); +#endif switch(*p) { case 'f': /* false */ @@ -658,10 +660,14 @@ bad: break; } } +#ifdef RL_DEBUG else BIO_printf(bio_err, "DEBUG: unique_subject undefined\n", p); +#endif +#ifdef RL_DEBUG BIO_printf(bio_err, "DEBUG: configured unique_subject is %d\n", db_attr.unique_subject); +#endif in=BIO_new(BIO_s_file()); out=BIO_new(BIO_s_file()); From c4448f60d67f594ca2016a6a4f6277eda67b8f55 Mon Sep 17 00:00:00 2001 From: Richard Levitte Date: Thu, 3 Apr 2003 18:50:15 +0000 Subject: [PATCH 219/393] Reset the version number of the issuer certificate? I believe this hasn't been tested in a long while... --- apps/ca.c | 2 +- 1 file changed, 1 insertion(+), 1 deletion(-) diff --git a/apps/ca.c b/apps/ca.c index 0f8abc85ee..0f65506d75 100644 --- a/apps/ca.c +++ b/apps/ca.c @@ -1960,7 +1960,7 @@ again2: #ifdef X509_V3 /* Make it an X509 v3 certificate. */ - if (!X509_set_version(x509,2)) goto err; + if (!X509_set_version(ret,2)) goto err; #endif if (BN_to_ASN1_INTEGER(serial,ci->serialNumber) == NULL) From 0998cfaadde11b2c2c6ceaa4bedcd11bfb95bf6b Mon Sep 17 00:00:00 2001 From: Richard Levitte Date: Thu, 3 Apr 2003 19:07:27 +0000 Subject: [PATCH 220/393] Remove unused variable. --- apps/x509.c | 1 - 1 file changed, 1 deletion(-) diff --git a/apps/x509.c b/apps/x509.c index 64eb83dd6e..efb7b0d8b2 100644 --- a/apps/x509.c +++ b/apps/x509.c @@ -1037,7 +1037,6 @@ end: static ASN1_INTEGER *x509_load_serial(char *CAfile, char *serialfile, int create) { char *buf = NULL, *p; - MS_STATIC char buf2[1024]; ASN1_INTEGER *bs = NULL; BIGNUM *serial = NULL; From 8382ec5d372c273aef65a824338b3242c796051a Mon Sep 17 00:00:00 2001 From: Richard Levitte Date: Thu, 3 Apr 2003 19:10:32 +0000 Subject: [PATCH 221/393] Reindent for readability. --- crypto/x509v3/v3_akey.c | 190 ++++++++++++++++++++++------------------ 1 file changed, 104 insertions(+), 86 deletions(-) diff --git a/crypto/x509v3/v3_akey.c b/crypto/x509v3/v3_akey.c index 97e686f97a..c481b6f12d 100644 --- a/crypto/x509v3/v3_akey.c +++ b/crypto/x509v3/v3_akey.c @@ -68,15 +68,17 @@ static STACK_OF(CONF_VALUE) *i2v_AUTHORITY_KEYID(X509V3_EXT_METHOD *method, static AUTHORITY_KEYID *v2i_AUTHORITY_KEYID(X509V3_EXT_METHOD *method, X509V3_CTX *ctx, STACK_OF(CONF_VALUE) *values); -X509V3_EXT_METHOD v3_akey_id = { -NID_authority_key_identifier, X509V3_EXT_MULTILINE, ASN1_ITEM_ref(AUTHORITY_KEYID), -0,0,0,0, -0,0, -(X509V3_EXT_I2V)i2v_AUTHORITY_KEYID, -(X509V3_EXT_V2I)v2i_AUTHORITY_KEYID, -0,0, -NULL -}; +X509V3_EXT_METHOD v3_akey_id = + { + NID_authority_key_identifier, + X509V3_EXT_MULTILINE, ASN1_ITEM_ref(AUTHORITY_KEYID), + 0,0,0,0, + 0,0, + (X509V3_EXT_I2V)i2v_AUTHORITY_KEYID, + (X509V3_EXT_V2I)v2i_AUTHORITY_KEYID, + 0,0, + NULL + }; static STACK_OF(CONF_VALUE) *i2v_AUTHORITY_KEYID(X509V3_EXT_METHOD *method, AUTHORITY_KEYID *akeyid, STACK_OF(CONF_VALUE) *extlist) @@ -108,83 +110,99 @@ static STACK_OF(CONF_VALUE) *i2v_AUTHORITY_KEYID(X509V3_EXT_METHOD *method, static AUTHORITY_KEYID *v2i_AUTHORITY_KEYID(X509V3_EXT_METHOD *method, X509V3_CTX *ctx, STACK_OF(CONF_VALUE) *values) -{ -char keyid=0, issuer=0; -int i; -CONF_VALUE *cnf; -ASN1_OCTET_STRING *ikeyid = NULL; -X509_NAME *isname = NULL; -GENERAL_NAMES * gens = NULL; -GENERAL_NAME *gen = NULL; -ASN1_INTEGER *serial = NULL; -X509_EXTENSION *ext; -X509 *cert; -AUTHORITY_KEYID *akeyid; -for(i = 0; i < sk_CONF_VALUE_num(values); i++) { - cnf = sk_CONF_VALUE_value(values, i); - if(!strcmp(cnf->name, "keyid")) { - keyid = 1; - if(cnf->value && !strcmp(cnf->value, "always")) keyid = 2; - } else if(!strcmp(cnf->name, "issuer")) { - issuer = 1; - if(cnf->value && !strcmp(cnf->value, "always")) issuer = 2; - } else { - X509V3err(X509V3_F_V2I_AUTHORITY_KEYID,X509V3_R_UNKNOWN_OPTION); - ERR_add_error_data(2, "name=", cnf->name); - return NULL; - } -} + { + char keyid=0, issuer=0; + int i; + CONF_VALUE *cnf; + ASN1_OCTET_STRING *ikeyid = NULL; + X509_NAME *isname = NULL; + GENERAL_NAMES * gens = NULL; + GENERAL_NAME *gen = NULL; + ASN1_INTEGER *serial = NULL; + X509_EXTENSION *ext; + X509 *cert; + AUTHORITY_KEYID *akeyid; -if(!ctx || !ctx->issuer_cert) { - if(ctx && (ctx->flags==CTX_TEST)) return AUTHORITY_KEYID_new(); - X509V3err(X509V3_F_V2I_AUTHORITY_KEYID,X509V3_R_NO_ISSUER_CERTIFICATE); + for(i = 0; i < sk_CONF_VALUE_num(values); i++) + { + cnf = sk_CONF_VALUE_value(values, i); + if(!strcmp(cnf->name, "keyid")) + { + keyid = 1; + if(cnf->value && !strcmp(cnf->value, "always")) + keyid = 2; + } + else if(!strcmp(cnf->name, "issuer")) + { + issuer = 1; + if(cnf->value && !strcmp(cnf->value, "always")) + issuer = 2; + } + else + { + X509V3err(X509V3_F_V2I_AUTHORITY_KEYID,X509V3_R_UNKNOWN_OPTION); + ERR_add_error_data(2, "name=", cnf->name); + return NULL; + } + } + + if(!ctx || !ctx->issuer_cert) + { + if(ctx && (ctx->flags==CTX_TEST)) + return AUTHORITY_KEYID_new(); + X509V3err(X509V3_F_V2I_AUTHORITY_KEYID,X509V3_R_NO_ISSUER_CERTIFICATE); + return NULL; + } + + cert = ctx->issuer_cert; + + if(keyid) + { + i = X509_get_ext_by_NID(cert, NID_subject_key_identifier, -1); + if((i >= 0) && (ext = X509_get_ext(cert, i))) + ikeyid = X509V3_EXT_d2i(ext); + if(keyid==2 && !ikeyid) + { + X509V3err(X509V3_F_V2I_AUTHORITY_KEYID,X509V3_R_UNABLE_TO_GET_ISSUER_KEYID); + return NULL; + } + } + + if((issuer && !ikeyid) || (issuer == 2)) + { + isname = X509_NAME_dup(X509_get_issuer_name(cert)); + serial = M_ASN1_INTEGER_dup(X509_get_serialNumber(cert)); + if(!isname || !serial) + { + X509V3err(X509V3_F_V2I_AUTHORITY_KEYID,X509V3_R_UNABLE_TO_GET_ISSUER_DETAILS); + goto err; + } + } + + if(!(akeyid = AUTHORITY_KEYID_new())) goto err; + + if(isname) + { + if(!(gens = sk_GENERAL_NAME_new_null()) + || !(gen = GENERAL_NAME_new()) + || !sk_GENERAL_NAME_push(gens, gen)) + { + X509V3err(X509V3_F_V2I_AUTHORITY_KEYID,ERR_R_MALLOC_FAILURE); + goto err; + } + gen->type = GEN_DIRNAME; + gen->d.dirn = isname; + } + + akeyid->issuer = gens; + akeyid->serial = serial; + akeyid->keyid = ikeyid; + + return akeyid; + + err: + X509_NAME_free(isname); + M_ASN1_INTEGER_free(serial); + M_ASN1_OCTET_STRING_free(ikeyid); return NULL; -} - -cert = ctx->issuer_cert; - -if(keyid) { - i = X509_get_ext_by_NID(cert, NID_subject_key_identifier, -1); - if((i >= 0) && (ext = X509_get_ext(cert, i))) - ikeyid = X509V3_EXT_d2i(ext); - if(keyid==2 && !ikeyid) { - X509V3err(X509V3_F_V2I_AUTHORITY_KEYID,X509V3_R_UNABLE_TO_GET_ISSUER_KEYID); - return NULL; } -} - -if((issuer && !ikeyid) || (issuer == 2)) { - isname = X509_NAME_dup(X509_get_issuer_name(cert)); - serial = M_ASN1_INTEGER_dup(X509_get_serialNumber(cert)); - if(!isname || !serial) { - X509V3err(X509V3_F_V2I_AUTHORITY_KEYID,X509V3_R_UNABLE_TO_GET_ISSUER_DETAILS); - goto err; - } -} - -if(!(akeyid = AUTHORITY_KEYID_new())) goto err; - -if(isname) { - if(!(gens = sk_GENERAL_NAME_new_null()) || !(gen = GENERAL_NAME_new()) - || !sk_GENERAL_NAME_push(gens, gen)) { - X509V3err(X509V3_F_V2I_AUTHORITY_KEYID,ERR_R_MALLOC_FAILURE); - goto err; - } - gen->type = GEN_DIRNAME; - gen->d.dirn = isname; -} - -akeyid->issuer = gens; -akeyid->serial = serial; -akeyid->keyid = ikeyid; - -return akeyid; - -err: -X509_NAME_free(isname); -M_ASN1_INTEGER_free(serial); -M_ASN1_OCTET_STRING_free(ikeyid); -return NULL; - -} - From db598fbce2af2cc7c835b0e10253f49dda5b1b41 Mon Sep 17 00:00:00 2001 From: Richard Levitte Date: Thu, 3 Apr 2003 20:03:23 +0000 Subject: [PATCH 222/393] Don't try to free NULL values... --- apps/apps.c | 7 +++++-- 1 file changed, 5 insertions(+), 2 deletions(-) diff --git a/apps/apps.c b/apps/apps.c index bdd14dd51b..6092c395e5 100644 --- a/apps/apps.c +++ b/apps/apps.c @@ -1873,6 +1873,9 @@ int rotate_index(char *dbfile, char *new_suffix, char *old_suffix) void free_index(CA_DB *db) { - TXT_DB_free(db->db); - OPENSSL_free(db); + if (db) + { + if (db->db) TXT_DB_free(db->db); + OPENSSL_free(db); + } } From 4ce4884a5b629843f65a8269b4af1528cb719175 Mon Sep 17 00:00:00 2001 From: Richard Levitte Date: Thu, 3 Apr 2003 21:55:55 +0000 Subject: [PATCH 223/393] Typo correction --- doc/HOWTO/certificates.txt | 2 +- 1 file changed, 1 insertion(+), 1 deletion(-) diff --git a/doc/HOWTO/certificates.txt b/doc/HOWTO/certificates.txt index 82166e0dc2..d7e16c1da1 100644 --- a/doc/HOWTO/certificates.txt +++ b/doc/HOWTO/certificates.txt @@ -48,7 +48,7 @@ you have your own certificate authority, you may sign it yourself, or if you need a self-signed certificate (because you just want a test certificate or because you are setting up your own CA). -The certificate is created like this: +The certificate request is created like this: openssl req -new -key privkey.pem -out cert.csr From 8152d887992c8f15fcf63c7da48c5d8805f1b3b2 Mon Sep 17 00:00:00 2001 From: Richard Levitte Date: Thu, 3 Apr 2003 22:12:48 +0000 Subject: [PATCH 224/393] It's recommended to use req rather than x509 to create self-signed certificates --- doc/HOWTO/certificates.txt | 10 ++++------ 1 file changed, 4 insertions(+), 6 deletions(-) diff --git a/doc/HOWTO/certificates.txt b/doc/HOWTO/certificates.txt index d7e16c1da1..d3a62545ad 100644 --- a/doc/HOWTO/certificates.txt +++ b/doc/HOWTO/certificates.txt @@ -71,13 +71,11 @@ received. If you don't want to deal with another certificate authority, or just want to create a test certificate for yourself, or are setting up a certificate authority of your own, you may want to make the requested -certificate a self-signed one. If you have created a certificate -request as shown above, you can sign it using the 'openssl x509' -command, for example like this (to create a self-signed CA -certificate): +certificate a self-signed one. This is similar to creating a +certificate request, but creates a certificate instead of a +certificate request (1095 is 3 years): - openssl x509 -req -in cert.csr -extfile openssl.cnf -extensions v3_ca \ - -signkey privkey.pem -out cacert.pem -trustout + openssl req -new -x509 -key privkey.pem -out cacert.pem -days 1095 5. What to do with the certificate From e6526fbf4dc894d71ae3517a1ba484475b79b402 Mon Sep 17 00:00:00 2001 From: Richard Levitte Date: Thu, 3 Apr 2003 22:27:24 +0000 Subject: [PATCH 225/393] Add functionality to help making self-signed certificate. --- CHANGES | 5 ++++ crypto/evp/evp.h | 2 ++ crypto/evp/p_lib.c | 46 +++++++++++++++++++++++++++++++ crypto/x509/x509.h | 3 ++ crypto/x509/x509_cmp.c | 62 ++++++++++++------------------------------ crypto/x509/x509_err.c | 3 +- crypto/x509/x509_req.c | 40 +++++++++++++++++++++++++++ 7 files changed, 116 insertions(+), 45 deletions(-) diff --git a/CHANGES b/CHANGES index 505ef51880..0d767703cd 100644 --- a/CHANGES +++ b/CHANGES @@ -4,6 +4,11 @@ Changes between 0.9.7a and 0.9.8 [xx XXX xxxx] + *) Add functionality to check the public key of a certificate request + against a given private. This is useful to check that a certificate + request can be signed by that key (self-signing). + [Richard Levitte] + *) Make it possible to have multiple active certificates with the same subject in the CA index file. This is done only if the keyword 'unique_subject' is set to 'no' in the main CA section (default diff --git a/crypto/evp/evp.h b/crypto/evp/evp.h index b084a35809..4e4a667ab8 100644 --- a/crypto/evp/evp.h +++ b/crypto/evp/evp.h @@ -754,6 +754,8 @@ int EVP_PKEY_missing_parameters(EVP_PKEY *pkey); int EVP_PKEY_save_parameters(EVP_PKEY *pkey,int mode); int EVP_PKEY_cmp_parameters(EVP_PKEY *a,EVP_PKEY *b); +int EVP_PKEY_cmp(EVP_PKEY *a,EVP_PKEY *b); + int EVP_CIPHER_type(const EVP_CIPHER *ctx); /* calls methods */ diff --git a/crypto/evp/p_lib.c b/crypto/evp/p_lib.c index c7a3dee108..8d23c0bd72 100644 --- a/crypto/evp/p_lib.c +++ b/crypto/evp/p_lib.c @@ -237,6 +237,52 @@ int EVP_PKEY_cmp_parameters(EVP_PKEY *a, EVP_PKEY *b) return(-1); } +int EVP_PKEY_cmp(EVP_PKEY *a, EVP_PKEY *b) + { + if (a->type != b->type) + return -1; + + switch (a->type) + { +#ifndef OPENSSL_NO_RSA + case EVP_PKEY_RSA: + if (BN_cmp(b->pkey.rsa->n,a->pkey.rsa->n) != 0 + || BN_cmp(b->pkey.rsa->e,a->pkey.rsa->e) != 0) + return 0; + break; +#endif +#ifndef OPENSSL_NO_DSA + case EVP_PKEY_DSA: + if (BN_cmp(b->pkey.dsa->pub_key,a->pkey.dsa->pub_key) != 0) + return 0; + break; +#endif +#ifndef OPENSSL_NO_EC + case EVP_PKEY_EC: + { + int r = EC_POINT_cmp(b->pkey.eckey->group, + b->pkey.eckey->pub_key,a->pkey.eckey->pub_key,NULL); + if (r != 0) + { + if (r == 1) + return 0; + else + return -2; + } + } + break; +#endif +#ifndef OPENSSL_NO_DH + case EVP_PKEY_DH: + return -2; +#endif + default: + return -2; + } + + return 1; + } + EVP_PKEY *EVP_PKEY_new(void) { EVP_PKEY *ret; diff --git a/crypto/x509/x509.h b/crypto/x509/x509.h index 53a8f6c758..049308ba80 100644 --- a/crypto/x509/x509.h +++ b/crypto/x509/x509.h @@ -1038,6 +1038,8 @@ int X509_CRL_sort(X509_CRL *crl); int X509_REVOKED_set_serialNumber(X509_REVOKED *x, ASN1_INTEGER *serial); int X509_REVOKED_set_revocationDate(X509_REVOKED *r, ASN1_TIME *tm); +int X509_REQ_check_private_key(X509_REQ *x509,EVP_PKEY *pkey); + int X509_check_private_key(X509 *x509,EVP_PKEY *pkey); int X509_issuer_and_serial_cmp(const X509 *a, const X509 *b); @@ -1271,6 +1273,7 @@ void ERR_load_X509_strings(void); #define X509_F_X509_PRINT_FP 118 #define X509_F_X509_PUBKEY_GET 119 #define X509_F_X509_PUBKEY_SET 120 +#define X509_F_X509_REQ_CHECK_PRIVATE_KEY 144 #define X509_F_X509_REQ_PRINT 121 #define X509_F_X509_REQ_PRINT_FP 122 #define X509_F_X509_REQ_TO_X509 123 diff --git a/crypto/x509/x509_cmp.c b/crypto/x509/x509_cmp.c index 9b28911409..5dfdcd41cb 100644 --- a/crypto/x509/x509_cmp.c +++ b/crypto/x509/x509_cmp.c @@ -374,62 +374,36 @@ int X509_check_private_key(X509 *x, EVP_PKEY *k) int ok=0; xk=X509_get_pubkey(x); - if (xk->type != k->type) - { - X509err(X509_F_X509_CHECK_PRIVATE_KEY,X509_R_KEY_TYPE_MISMATCH); - goto err; - } - switch (k->type) + switch (EVP_PKEY_cmp(xk, k)) { -#ifndef OPENSSL_NO_RSA - case EVP_PKEY_RSA: - if (BN_cmp(xk->pkey.rsa->n,k->pkey.rsa->n) != 0 - || BN_cmp(xk->pkey.rsa->e,k->pkey.rsa->e) != 0) - { - X509err(X509_F_X509_CHECK_PRIVATE_KEY,X509_R_KEY_VALUES_MISMATCH); - goto err; - } + case 1: + ok=1; break; -#endif -#ifndef OPENSSL_NO_DSA - case EVP_PKEY_DSA: - if (BN_cmp(xk->pkey.dsa->pub_key,k->pkey.dsa->pub_key) != 0) - { - X509err(X509_F_X509_CHECK_PRIVATE_KEY,X509_R_KEY_VALUES_MISMATCH); - goto err; - } + case 0: + X509err(X509_F_X509_CHECK_PRIVATE_KEY,X509_R_KEY_VALUES_MISMATCH); break; -#endif + case -1: + X509err(X509_F_X509_CHECK_PRIVATE_KEY,X509_R_KEY_TYPE_MISMATCH); + break; + case -2: #ifndef OPENSSL_NO_EC - case EVP_PKEY_EC: - { - int r = EC_POINT_cmp(xk->pkey.eckey->group, - xk->pkey.eckey->pub_key,k->pkey.eckey->pub_key,NULL); - if (r != 0) + if (k->type == EVP_PKEY_EC) { - if (r == 1) - X509err(X509_F_X509_CHECK_PRIVATE_KEY, X509_R_KEY_VALUES_MISMATCH); - else - X509err(X509_F_X509_CHECK_PRIVATE_KEY, ERR_R_EC_LIB); - - goto err; + X509err(X509_F_X509_CHECK_PRIVATE_KEY, ERR_R_EC_LIB); + break; } - } - break; #endif #ifndef OPENSSL_NO_DH - case EVP_PKEY_DH: - /* No idea */ - X509err(X509_F_X509_CHECK_PRIVATE_KEY,X509_R_CANT_CHECK_DH_KEY); - goto err; + if (k->type == EVP_PKEY_DH) + { + /* No idea */ + X509err(X509_F_X509_CHECK_PRIVATE_KEY,X509_R_CANT_CHECK_DH_KEY); + break; + } #endif - default: X509err(X509_F_X509_CHECK_PRIVATE_KEY,X509_R_UNKNOWN_KEY_TYPE); - goto err; } - ok=1; -err: EVP_PKEY_free(xk); return(ok); } diff --git a/crypto/x509/x509_err.c b/crypto/x509/x509_err.c index 5bbf4acf76..7a6d5a0072 100644 --- a/crypto/x509/x509_err.c +++ b/crypto/x509/x509_err.c @@ -1,6 +1,6 @@ /* crypto/x509/x509_err.c */ /* ==================================================================== - * Copyright (c) 1999 The OpenSSL Project. All rights reserved. + * Copyright (c) 1999-2003 The OpenSSL Project. All rights reserved. * * Redistribution and use in source and binary forms, with or without * modification, are permitted provided that the following conditions @@ -95,6 +95,7 @@ static ERR_STRING_DATA X509_str_functs[]= {ERR_PACK(0,X509_F_X509_PRINT_FP,0), "X509_print_fp"}, {ERR_PACK(0,X509_F_X509_PUBKEY_GET,0), "X509_PUBKEY_get"}, {ERR_PACK(0,X509_F_X509_PUBKEY_SET,0), "X509_PUBKEY_set"}, +{ERR_PACK(0,X509_F_X509_REQ_CHECK_PRIVATE_KEY,0), "X509_REQ_check_private_key"}, {ERR_PACK(0,X509_F_X509_REQ_PRINT,0), "X509_REQ_print"}, {ERR_PACK(0,X509_F_X509_REQ_PRINT_FP,0), "X509_REQ_print_fp"}, {ERR_PACK(0,X509_F_X509_REQ_TO_X509,0), "X509_REQ_to_X509"}, diff --git a/crypto/x509/x509_req.c b/crypto/x509/x509_req.c index 0affa3bf30..b4ad53431e 100644 --- a/crypto/x509/x509_req.c +++ b/crypto/x509/x509_req.c @@ -113,6 +113,46 @@ EVP_PKEY *X509_REQ_get_pubkey(X509_REQ *req) return(X509_PUBKEY_get(req->req_info->pubkey)); } +int X509_REQ_check_private_key(X509_REQ *x, EVP_PKEY *k) + { + EVP_PKEY *xk=NULL; + int ok=0; + + xk=X509_REQ_get_pubkey(x); + switch (EVP_PKEY_cmp(xk, k)) + { + case 1: + ok=1; + break; + case 0: + X509err(X509_F_X509_REQ_CHECK_PRIVATE_KEY,X509_R_KEY_VALUES_MISMATCH); + break; + case -1: + X509err(X509_F_X509_REQ_CHECK_PRIVATE_KEY,X509_R_KEY_TYPE_MISMATCH); + break; + case -2: +#ifndef OPENSSL_NO_EC + if (k->type == EVP_PKEY_EC) + { + X509err(X509_F_X509_REQ_CHECK_PRIVATE_KEY, ERR_R_EC_LIB); + break; + } +#endif +#ifndef OPENSSL_NO_DH + if (k->type == EVP_PKEY_DH) + { + /* No idea */ + X509err(X509_F_X509_REQ_CHECK_PRIVATE_KEY,X509_R_CANT_CHECK_DH_KEY); + break; + } +#endif + X509err(X509_F_X509_REQ_CHECK_PRIVATE_KEY,X509_R_UNKNOWN_KEY_TYPE); + } + + EVP_PKEY_free(xk); + return(ok); + } + /* It seems several organisations had the same idea of including a list of * extensions in a certificate request. There are at least two OIDs that are * used and there may be more: so the list is configurable. From 16b1b03543fc6362f9e48f1bd9d4b153ea58c553 Mon Sep 17 00:00:00 2001 From: Richard Levitte Date: Thu, 3 Apr 2003 22:33:59 +0000 Subject: [PATCH 226/393] Implement self-signing in 'openssl ca'. This makes it easier to have the CA certificate part of the CA database, and combined with 'unique_subject=no', it should make operations like CA certificate roll-over easier. --- CHANGES | 7 +++ apps/CA.pl.in | 11 +++-- apps/CA.sh | 13 ++++-- apps/ca.c | 90 +++++++++++++++++++++++++------------- doc/HOWTO/certificates.txt | 11 +++-- 5 files changed, 88 insertions(+), 44 deletions(-) diff --git a/CHANGES b/CHANGES index 0d767703cd..66870e6c87 100644 --- a/CHANGES +++ b/CHANGES @@ -4,6 +4,13 @@ Changes between 0.9.7a and 0.9.8 [xx XXX xxxx] + *) Make it possible to create self-signed certificates with 'openssl ca' + in such a way that the self-signed certificate becomes part of the + CA database and uses the same mechanisms for serial number generation + as all other certificate signing. The new flag '-selfsign' enables + this functionality. Adapt CA.sh and CA.pl.in. + [Richard Levitte] + *) Add functionality to check the public key of a certificate request against a given private. This is useful to check that a certificate request can be signed by that key (self-signing). diff --git a/apps/CA.pl.in b/apps/CA.pl.in index 8b2ce7ea42..2242f7e03b 100644 --- a/apps/CA.pl.in +++ b/apps/CA.pl.in @@ -37,7 +37,8 @@ # demoCA ... where everything is stored $SSLEAY_CONFIG=$ENV{"SSLEAY_CONFIG"}; -$DAYS="-days 365"; +$DAYS="-days 365"; # 1 year +$CADAYS="-days 1095"; # 3 years $REQ="openssl req $SSLEAY_CONFIG"; $CA="openssl ca $SSLEAY_CONFIG"; $VERIFY="openssl verify"; @@ -46,6 +47,7 @@ $PKCS12="openssl pkcs12"; $CATOP="./demoCA"; $CAKEY="cakey.pem"; +$CAREQ="careq.pem"; $CACERT="cacert.pem"; $DIRMODE = 0777; @@ -101,8 +103,11 @@ foreach (@ARGV) { $RET=$?; } else { print "Making CA certificate ...\n"; - system ("$REQ -new -x509 -keyout " . - "${CATOP}/private/$CAKEY -out ${CATOP}/$CACERT $DAYS"); + system ("$REQ -new -keyout " . + "${CATOP}/private/$CAKEY -out ${CATOP}/$CAREQ"); + system ("$CA -out ${CATOP}/$CACERT $CADAYS -batch " . + "-keyfile ${CATOP}/private/$CAKEY -selfsign " . + "-infiles ${CATOP}/$CAREQ "); $RET=$?; } } diff --git a/apps/CA.sh b/apps/CA.sh index d9f3069fb2..e63a2267ee 100644 --- a/apps/CA.sh +++ b/apps/CA.sh @@ -30,7 +30,8 @@ # default openssl.cnf file has setup as per the following # demoCA ... where everything is stored -DAYS="-days 365" +DAYS="-days 365" # 1 year +CADAYS="-days 1095" # 3 years REQ="openssl req $SSLEAY_CONFIG" CA="openssl ca $SSLEAY_CONFIG" VERIFY="openssl verify" @@ -38,6 +39,7 @@ X509="openssl x509" CATOP=./demoCA CAKEY=./cakey.pem +CAREQ=./careq.pem CACERT=./cacert.pem for i @@ -70,7 +72,7 @@ case $i in mkdir ${CATOP}/crl mkdir ${CATOP}/newcerts mkdir ${CATOP}/private - echo "01" > ${CATOP}/serial + echo "00" > ${CATOP}/serial touch ${CATOP}/index.txt fi if [ ! -f ${CATOP}/private/$CAKEY ]; then @@ -83,8 +85,11 @@ case $i in RET=$? else echo "Making CA certificate ..." - $REQ -new -x509 -keyout ${CATOP}/private/$CAKEY \ - -out ${CATOP}/$CACERT $DAYS + $REQ -new -keyout ${CATOP}/private/$CAKEY \ + -out ${CATOP}/$CAREQ + $CA -out ${CATOP}/$CACERT $CADAYS -batch \ + -keyfile ${CATOP}/private/$CAKEY -selfsign \ + -infiles ${CATOP}/$CAREQ RET=$? fi fi diff --git a/apps/ca.c b/apps/ca.c index 0f65506d75..eb328f2b87 100644 --- a/apps/ca.c +++ b/apps/ca.c @@ -204,7 +204,7 @@ static int certify(X509 **xret, char *infile,EVP_PKEY *pkey,X509 *x509, BIGNUM *serial, char *subj, int email_dn, char *startdate, char *enddate, long days, int batch, char *ext_sect, CONF *conf, int verbose, unsigned long certopt, unsigned long nameopt, - int default_op, int ext_copy); + int default_op, int ext_copy, int selfsign); static int certify_cert(X509 **xret, char *infile,EVP_PKEY *pkey,X509 *x509, const EVP_MD *dgst,STACK_OF(CONF_VALUE) *policy, CA_DB *db, BIGNUM *serial, char *subj, int email_dn, @@ -225,7 +225,7 @@ static int do_body(X509 **xret, EVP_PKEY *pkey, X509 *x509, const EVP_MD *dgst, int email_dn, char *startdate, char *enddate, long days, int batch, int verbose, X509_REQ *req, char *ext_sect, CONF *conf, unsigned long certopt, unsigned long nameopt, int default_op, - int ext_copy); + int ext_copy, int selfsign); static int do_revoke(X509 *x509, CA_DB *db, int ext, char *extval); static int get_certificate_status(const char *ser_status, CA_DB *db); static int do_updatedb(CA_DB *db); @@ -292,7 +292,8 @@ int MAIN(int argc, char **argv) unsigned long nameopt = 0, certopt = 0; int default_op = 1; int ext_copy = EXT_COPY_NONE; - X509 *x509=NULL; + int selfsign = 0; + X509 *x509=NULL, *x509p = NULL; X509 *x=NULL; BIO *in=NULL,*out=NULL,*Sout=NULL,*Cout=NULL; char *dbfile=NULL; @@ -406,6 +407,8 @@ EF_ALIGNMENT=0; if (--argc < 1) goto bad; certfile= *(++argv); } + else if (strcmp(*argv,"-selfsign") == 0) + selfsign=1; else if (strcmp(*argv,"-in") == 0) { if (--argc < 1) goto bad; @@ -700,7 +703,7 @@ bad: } /*****************************************************************/ - /* we definitely need a public key, so let's get it */ + /* we definitely need a private key, so let's get it */ if ((keyfile == NULL) && ((keyfile=NCONF_get_string(conf, section,ENV_PRIVATE_KEY)) == NULL)) @@ -728,22 +731,27 @@ bad: /*****************************************************************/ /* we need a certificate */ - if ((certfile == NULL) && ((certfile=NCONF_get_string(conf, - section,ENV_CERTIFICATE)) == NULL)) + if (!selfsign || spkac_file || ss_cert_file || gencrl) { - lookup_fail(section,ENV_CERTIFICATE); - goto err; - } - x509=load_cert(bio_err, certfile, FORMAT_PEM, NULL, e, - "CA certificate"); - if (x509 == NULL) - goto err; + if ((certfile == NULL) + && ((certfile=NCONF_get_string(conf, + section,ENV_CERTIFICATE)) == NULL)) + { + lookup_fail(section,ENV_CERTIFICATE); + goto err; + } + x509=load_cert(bio_err, certfile, FORMAT_PEM, NULL, e, + "CA certificate"); + if (x509 == NULL) + goto err; - if (!X509_check_private_key(x509,pkey)) - { - BIO_printf(bio_err,"CA certificate and CA private key do not match\n"); - goto err; + if (!X509_check_private_key(x509,pkey)) + { + BIO_printf(bio_err,"CA certificate and CA private key do not match\n"); + goto err; + } } + if (!selfsign) x509p = x509; f=NCONF_get_string(conf,BASE_SECTION,ENV_PRESERVE); if (f == NULL) @@ -1175,10 +1183,10 @@ bad: if (infile != NULL) { total++; - j=certify(&x,infile,pkey,x509,dgst,attribs,db, + j=certify(&x,infile,pkey,x509p,dgst,attribs,db, serial,subj,email_dn,startdate,enddate,days,batch, extensions,conf,verbose, certopt, nameopt, - default_op, ext_copy); + default_op, ext_copy, selfsign); if (j < 0) goto err; if (j > 0) { @@ -1195,10 +1203,10 @@ bad: for (i=0; i 0) { @@ -1515,7 +1523,7 @@ err: BN_free(serial); free_index(db); EVP_PKEY_free(pkey); - X509_free(x509); + if (x509) X509_free(x509); X509_CRL_free(crl); NCONF_free(conf); OBJ_cleanup(); @@ -1533,7 +1541,7 @@ static int certify(X509 **xret, char *infile, EVP_PKEY *pkey, X509 *x509, BIGNUM *serial, char *subj, int email_dn, char *startdate, char *enddate, long days, int batch, char *ext_sect, CONF *lconf, int verbose, unsigned long certopt, unsigned long nameopt, int default_op, - int ext_copy) + int ext_copy, int selfsign) { X509_REQ *req=NULL; BIO *in=NULL; @@ -1558,6 +1566,12 @@ static int certify(X509 **xret, char *infile, EVP_PKEY *pkey, X509 *x509, BIO_printf(bio_err,"Check that the request matches the signature\n"); + if (selfsign && !X509_REQ_check_private_key(req,pkey)) + { + BIO_printf(bio_err,"Certificate request and CA private key do not match\n"); + ok=0; + goto err; + } if ((pktmp=X509_REQ_get_pubkey(req)) == NULL) { BIO_printf(bio_err,"error unpacking public key\n"); @@ -1582,7 +1596,7 @@ static int certify(X509 **xret, char *infile, EVP_PKEY *pkey, X509 *x509, ok=do_body(xret,pkey,x509,dgst,policy,db,serial,subj, email_dn, startdate,enddate,days,batch,verbose,req,ext_sect,lconf, - certopt, nameopt, default_op, ext_copy); + certopt, nameopt, default_op, ext_copy, selfsign); err: if (req != NULL) X509_REQ_free(req); @@ -1636,7 +1650,7 @@ static int certify_cert(X509 **xret, char *infile, EVP_PKEY *pkey, X509 *x509, ok=do_body(xret,pkey,x509,dgst,policy,db,serial,subj,email_dn,startdate,enddate, days,batch,verbose,rreq,ext_sect,lconf, certopt, nameopt, default_op, - ext_copy); + ext_copy, 0); err: if (rreq != NULL) X509_REQ_free(rreq); @@ -1649,7 +1663,7 @@ static int do_body(X509 **xret, EVP_PKEY *pkey, X509 *x509, const EVP_MD *dgst, int email_dn, char *startdate, char *enddate, long days, int batch, int verbose, X509_REQ *req, char *ext_sect, CONF *lconf, unsigned long certopt, unsigned long nameopt, int default_op, - int ext_copy) + int ext_copy, int selfsign) { X509_NAME *name=NULL,*CAname=NULL,*subject=NULL, *dn_subject=NULL; ASN1_UTCTIME *tm,*tmptm; @@ -1753,7 +1767,10 @@ static int do_body(X509 **xret, EVP_PKEY *pkey, X509 *x509, const EVP_MD *dgst, } /* take a copy of the issuer name before we mess with it. */ - CAname=X509_NAME_dup(x509->cert_info->subject); + if (selfsign) + CAname=X509_NAME_dup(name); + else + CAname=X509_NAME_dup(x509->cert_info->subject); if (CAname == NULL) goto err; str=str2=NULL; @@ -1965,8 +1982,16 @@ again2: if (BN_to_ASN1_INTEGER(serial,ci->serialNumber) == NULL) goto err; - if (!X509_set_issuer_name(ret,X509_get_subject_name(x509))) - goto err; + if (selfsign) + { + if (!X509_set_issuer_name(ret,subject)) + goto err; + } + else + { + if (!X509_set_issuer_name(ret,X509_get_subject_name(x509))) + goto err; + } if (strcmp(startdate,"today") == 0) X509_gmtime_adj(X509_get_notBefore(ret),0); @@ -2001,7 +2026,10 @@ again2: ci->extensions = NULL; /* Initialize the context structure */ - X509V3_set_ctx(&ctx, x509, ret, req, NULL, 0); + if (selfsign) + X509V3_set_ctx(&ctx, ret, ret, req, NULL, 0); + else + X509V3_set_ctx(&ctx, x509, ret, req, NULL, 0); if (extconf) { @@ -2344,7 +2372,7 @@ static int certify_spkac(X509 **xret, char *infile, EVP_PKEY *pkey, X509 *x509, EVP_PKEY_free(pktmp); ok=do_body(xret,pkey,x509,dgst,policy,db,serial,subj,email_dn,startdate,enddate, days,1,verbose,req,ext_sect,lconf, certopt, nameopt, default_op, - ext_copy); + ext_copy, 0); err: if (req != NULL) X509_REQ_free(req); if (parms != NULL) CONF_free(parms); diff --git a/doc/HOWTO/certificates.txt b/doc/HOWTO/certificates.txt index d3a62545ad..a8a34c7abc 100644 --- a/doc/HOWTO/certificates.txt +++ b/doc/HOWTO/certificates.txt @@ -66,14 +66,13 @@ Section 5 will tell you more on how to handle the certificate you received. -4. Creating a self-signed certificate +4. Creating a self-signed test certificate If you don't want to deal with another certificate authority, or just -want to create a test certificate for yourself, or are setting up a -certificate authority of your own, you may want to make the requested -certificate a self-signed one. This is similar to creating a -certificate request, but creates a certificate instead of a -certificate request (1095 is 3 years): +want to create a test certificate for yourself. This is similar to +creating a certificate request, but creates a certificate instead of +a certificate request. This is NOT the recommended way to create a +CA certificate, see ca.txt. openssl req -new -x509 -key privkey.pem -out cacert.pem -days 1095 From 4342c5c1a0715eafc56a523e92160da51db37bd1 Mon Sep 17 00:00:00 2001 From: Richard Levitte Date: Thu, 3 Apr 2003 22:38:31 +0000 Subject: [PATCH 227/393] Add a CA section, to make sure the test will work with the changes in CA.sh. --- test/CAss.cnf | 49 +++++++++++++++++++++++++++++++++++++++++++++++++ 1 file changed, 49 insertions(+) diff --git a/test/CAss.cnf b/test/CAss.cnf index b941b7ae15..0884fee361 100644 --- a/test/CAss.cnf +++ b/test/CAss.cnf @@ -23,3 +23,52 @@ organizationName_value = Dodgy Brothers commonName = Common Name (eg, YOUR name) commonName_value = Dodgy CA + +#################################################################### +[ ca ] +default_ca = CA_default # The default ca section + +#################################################################### +[ CA_default ] + +dir = ./demoCA # Where everything is kept +certs = $dir/certs # Where the issued certs are kept +crl_dir = $dir/crl # Where the issued crl are kept +database = $dir/index.txt # database index file. +#unique_subject = no # Set to 'no' to allow creation of + # several ctificates with same subject. +new_certs_dir = $dir/newcerts # default place for new certs. + +certificate = $dir/cacert.pem # The CA certificate +serial = $dir/serial # The current serial number +crl = $dir/crl.pem # The current CRL +private_key = $dir/private/cakey.pem# The private key +RANDFILE = $dir/private/.rand # private random number file + +x509_extensions = v3_ca # The extentions to add to the cert + +name_opt = ca_default # Subject Name options +cert_opt = ca_default # Certificate field options + +default_days = 365 # how long to certify for +default_crl_days= 30 # how long before next CRL +default_md = md5 # which md to use. +preserve = no # keep passed DN ordering + +policy = policy_anything + +[ policy_anything ] +countryName = optional +stateOrProvinceName = optional +localityName = optional +organizationName = optional +organizationalUnitName = optional +commonName = supplied +emailAddress = optional + + + +[ v3_ca ] +subjectKeyIdentifier=hash +authorityKeyIdentifier=keyid:always,issuer:always +basicConstraints = CA:true From 83b23ed967d1847e7393dfb9ff14a2c03b28654b Mon Sep 17 00:00:00 2001 From: Richard Levitte Date: Thu, 3 Apr 2003 23:01:20 +0000 Subject: [PATCH 228/393] One more debug line to conditionalise. --- apps/apps.c | 2 ++ 1 file changed, 2 insertions(+) diff --git a/apps/apps.c b/apps/apps.c index 6092c395e5..0cdc1ad69b 100644 --- a/apps/apps.c +++ b/apps/apps.c @@ -1624,7 +1624,9 @@ CA_DB *load_index(char *dbfile, DB_ATTR *db_attr) char *p = NCONF_get_string(dbattr_conf,NULL,"unique_subject"); if (p) { +#ifdef RL_DEBUG BIO_printf(bio_err, "DEBUG[load_index]: unique_subject = \"%s\"\n", p); +#endif switch(*p) { case 'f': /* false */ From 57544ee2248a2f9d976844fe8eaaf404d4d70f1a Mon Sep 17 00:00:00 2001 From: Richard Levitte Date: Thu, 3 Apr 2003 23:04:48 +0000 Subject: [PATCH 229/393] Counter for GCC attributes. --- util/mkdef.pl | 10 +++++----- util/mkerr.pl | 14 +++++++------- 2 files changed, 12 insertions(+), 12 deletions(-) diff --git a/util/mkdef.pl b/util/mkdef.pl index dc5b12b904..4c15a942d2 100755 --- a/util/mkdef.pl +++ b/util/mkdef.pl @@ -833,14 +833,14 @@ sub do_defs } elsif (/\(\*(\w*(\{[0-9]+\})?)\([^\)]+/) { $s = $1; print STDERR "DEBUG: found ANSI C function $s\n" if $debug; - } elsif (/\w+\W+(\w+)\W*\(\s*\)$/s) { + } elsif (/\w+\W+(\w+)\W*\(\s*\)(\s*__attribute__\(.*\)\s*)?$/s) { # K&R C print STDERR "DEBUG: found K&R C function $s\n" if $debug; next; - } elsif (/\w+\W+\w+(\{[0-9]+\})?\W*\(.*\)$/s) { - while (not /\(\)$/s) { - s/[^\(\)]*\)$/\)/s; - s/\([^\(\)]*\)\)$/\)/s; + } elsif (/\w+\W+\w+(\{[0-9]+\})?\W*\(.*\)(\s*__attribute__\(.*\)\s*)?$/s) { + while (not /\(\)(\s*__attribute__\(.*\)\s*)?$/s) { + s/[^\(\)]*\)(\s*__attribute__\(.*\)\s*)?$/\)/s; + s/\([^\(\)]*\)\)(\s*__attribute__\(.*\)\s*)?$/\)/s; } s/\(void\)//; /(\w+(\{[0-9]+\})?)\W*\(\)/s; diff --git a/util/mkerr.pl b/util/mkerr.pl index f1178602ef..cf34a35ce1 100644 --- a/util/mkerr.pl +++ b/util/mkerr.pl @@ -128,20 +128,20 @@ while (($hdr, $lib) = each %libinc) s/^[\n\s]*//g; s/[\n\s]*$//g; next if(/typedef\W/); - if (/\(\*(\w*)\([^\)]+/) { + if (/\(\*(\w*)\([^\)]+\)(\s*__attribute__\(.*\)\s*)?$/) { my $name = $1; $name =~ tr/[a-z]/[A-Z]/; $ftrans{$name} = $1; - } elsif (/\w+\W+(\w+)\W*\(\s*\)$/s){ + } elsif (/\w+\W+(\w+)\W*\(\s*\)(\s*__attribute__\(.*\)\s*)?$/s){ # K&R C next ; - } elsif (/\w+\W+\w+\W*\(.*\)$/s) { - while (not /\(\)$/s) { - s/[^\(\)]*\)$/\)/s; - s/\([^\(\)]*\)\)$/\)/s; + } elsif (/\w+\W+\w+\W*\(.*\)(\s*__attribute__\(.*\)\s*)?$/s) { + while (not /\(\)(\s*__attribute__\(.*\)\s*)?$/s) { + s/[^\(\)]*\)(\s*__attribute__\(.*\)\s*)?$/\)/s; + s/\([^\(\)]*\)\)(\s*__attribute__\(.*\)\s*)?$/\)/s; } s/\(void\)//; - /(\w+)\W*\(\)/s; + /(\w+(\{[0-9]+\})?)\W*\(\)/s; my $name = $1; $name =~ tr/[a-z]/[A-Z]/; $ftrans{$name} = $1; From 68b42986cb47be2bb22c05a5c44584e749599616 Mon Sep 17 00:00:00 2001 From: Richard Levitte Date: Thu, 3 Apr 2003 23:06:05 +0000 Subject: [PATCH 230/393] Add GCC attributes when compiled with gcc. This helps find out if we're using the printing functions correctly or not. I used the corresponding attributes found in the header files of my Linux installation. --- crypto/bio/bio.h | 15 +++++++++++---- 1 file changed, 11 insertions(+), 4 deletions(-) diff --git a/crypto/bio/bio.h b/crypto/bio/bio.h index ce8b19ce2e..e8bb8aa4de 100644 --- a/crypto/bio/bio.h +++ b/crypto/bio/bio.h @@ -612,10 +612,17 @@ void BIO_copy_next_retry(BIO *b); /*long BIO_ghbn_ctrl(int cmd,int iarg,char *parg);*/ -int BIO_printf(BIO *bio, const char *format, ...); -int BIO_vprintf(BIO *bio, const char *format, va_list args); -int BIO_snprintf(char *buf, size_t n, const char *format, ...); -int BIO_vsnprintf(char *buf, size_t n, const char *format, va_list args); +#ifndef __GNUC__ +#define __attribute__(x) +#endif +int BIO_printf(BIO *bio, const char *format, ...) + __attribute__((__format__(__printf__,2,3))); +int BIO_vprintf(BIO *bio, const char *format, va_list args) + __attribute__((__format__(__printf__,2,0))); +int BIO_snprintf(char *buf, size_t n, const char *format, ...) + __attribute__((__format__(__printf__,3,4))); +int BIO_vsnprintf(char *buf, size_t n, const char *format, va_list args) + __attribute__((__format__(__printf__,3,0))); /* BEGIN ERROR CODES */ /* The following lines are auto generated by the script mkerr.pl. Any changes From c433d72593bb77c0200d2f3b61c9192f81163631 Mon Sep 17 00:00:00 2001 From: Richard Levitte Date: Thu, 3 Apr 2003 23:35:14 +0000 Subject: [PATCH 231/393] Make %p and %# work properly, at least with pointers and floats. --- crypto/bio/b_print.c | 19 +++++++++++++++---- 1 file changed, 15 insertions(+), 4 deletions(-) diff --git a/crypto/bio/b_print.c b/crypto/bio/b_print.c index 3f5d6a74bf..a9e552f245 100644 --- a/crypto/bio/b_print.c +++ b/crypto/bio/b_print.c @@ -378,7 +378,7 @@ _dopr( case 'p': value = (long)va_arg(args, void *); fmtint(sbuffer, buffer, &currlen, maxlen, - value, 16, min, max, flags); + value, 16, min, max, flags|DP_F_NUM); break; case 'n': /* XXX */ if (cflags == DP_C_SHORT) { @@ -482,8 +482,9 @@ fmtint( int flags) { int signvalue = 0; + char *prefix = ""; unsigned LLONG uvalue; - char convert[DECIMAL_SIZE(value)+1]; + char convert[DECIMAL_SIZE(value)+3]; int place = 0; int spadlen = 0; int zpadlen = 0; @@ -501,6 +502,10 @@ fmtint( else if (flags & DP_F_SPACE) signvalue = ' '; } + if (flags & DP_F_NUM) { + if (base == 8) prefix = "0"; + if (base == 16) prefix = "0x"; + } if (flags & DP_F_UP) caps = 1; do { @@ -514,7 +519,7 @@ fmtint( convert[place] = 0; zpadlen = max - place; - spadlen = min - OSSL_MAX(max, place) - (signvalue ? 1 : 0); + spadlen = min - OSSL_MAX(max, place) - (signvalue ? 1 : 0) - strlen(prefix); if (zpadlen < 0) zpadlen = 0; if (spadlen < 0) @@ -536,6 +541,12 @@ fmtint( if (signvalue) doapr_outch(sbuffer, buffer, currlen, maxlen, signvalue); + /* prefix */ + while (*prefix) { + doapr_outch(sbuffer, buffer, currlen, maxlen, *prefix); + prefix++; + } + /* zeros */ if (zpadlen > 0) { while (zpadlen > 0) { @@ -692,7 +703,7 @@ fmtfp( * Decimal point. This should probably use locale to find the correct * char to print out. */ - if (max > 0) { + if (max > 0 || (flags & DP_F_NUM)) { doapr_outch(sbuffer, buffer, currlen, maxlen, '.'); while (fplace > 0) From 3ae70939baf60524135f7e3c47e93ad2a55e611b Mon Sep 17 00:00:00 2001 From: Richard Levitte Date: Thu, 3 Apr 2003 23:39:48 +0000 Subject: [PATCH 232/393] Correct a lot of printing calls. Remove extra arguments... --- apps/ca.c | 2 +- apps/ocsp.c | 4 ++-- apps/pkcs12.c | 5 +++-- apps/pkcs8.c | 11 +++++------ apps/req.c | 4 ++-- apps/s_cb.c | 4 ++-- apps/s_server.c | 22 +++++++++++----------- apps/speed.c | 4 ++-- crypto/asn1/t_crl.c | 2 +- crypto/asn1/t_req.c | 2 +- crypto/dsa/dsatest.c | 2 +- crypto/ocsp/ocsp_prn.c | 4 ++-- crypto/x509v3/v3_prn.c | 2 +- crypto/x509v3/v3_sxnet.c | 2 +- ssl/ssltest.c | 2 +- 15 files changed, 36 insertions(+), 36 deletions(-) diff --git a/apps/ca.c b/apps/ca.c index eb328f2b87..ea84facac9 100644 --- a/apps/ca.c +++ b/apps/ca.c @@ -2096,7 +2096,7 @@ again2: BIO_printf(bio_err,"Certificate is to be certified until "); ASN1_UTCTIME_print(bio_err,X509_get_notAfter(ret)); - if (days) BIO_printf(bio_err," (%d days)",days); + if (days) BIO_printf(bio_err," (%ld days)",days); BIO_printf(bio_err, "\n"); if (!batch) diff --git a/apps/ocsp.c b/apps/ocsp.c index 885e68e363..0cf4aad3f8 100644 --- a/apps/ocsp.c +++ b/apps/ocsp.c @@ -781,7 +781,7 @@ int MAIN(int argc, char **argv) if (i != OCSP_RESPONSE_STATUS_SUCCESSFUL) { - BIO_printf(out, "Responder Error: %s (%ld)\n", + BIO_printf(out, "Responder Error: %s (%d)\n", OCSP_response_status_str(i), i); ret = 0; goto end; @@ -845,7 +845,7 @@ int MAIN(int argc, char **argv) if(i <= 0) { - BIO_printf(bio_err, "Response Verify Failure\n", i); + BIO_printf(bio_err, "Response Verify Failure\n"); ERR_print_errors(bio_err); } else diff --git a/apps/pkcs12.c b/apps/pkcs12.c index a00b438f96..385011b457 100644 --- a/apps/pkcs12.c +++ b/apps/pkcs12.c @@ -814,8 +814,9 @@ int alg_print (BIO *x, X509_ALGOR *alg) unsigned char *p; p = alg->parameter->value.sequence->data; pbe = d2i_PBEPARAM (NULL, &p, alg->parameter->value.sequence->length); - BIO_printf (bio_err, "%s, Iteration %d\n", - OBJ_nid2ln(OBJ_obj2nid(alg->algorithm)), ASN1_INTEGER_get(pbe->iter)); + BIO_printf (bio_err, "%s, Iteration %ld\n", + OBJ_nid2ln(OBJ_obj2nid(alg->algorithm)), + ASN1_INTEGER_get(pbe->iter)); PBEPARAM_free (pbe); return 0; } diff --git a/apps/pkcs8.c b/apps/pkcs8.c index 6be27e7f44..ee8cf02813 100644 --- a/apps/pkcs8.c +++ b/apps/pkcs8.c @@ -235,7 +235,7 @@ int MAIN(int argc, char **argv) return (1); } if (!(p8inf = EVP_PKEY2PKCS8_broken(pkey, p8_broken))) { - BIO_printf(bio_err, "Error converting key\n", outfile); + BIO_printf(bio_err, "Error converting key\n"); ERR_print_errors(bio_err); return (1); } @@ -259,8 +259,7 @@ int MAIN(int argc, char **argv) if (!(p8 = PKCS8_encrypt(pbe_nid, cipher, p8pass, strlen(p8pass), NULL, 0, iter, p8inf))) { - BIO_printf(bio_err, "Error encrypting key\n", - outfile); + BIO_printf(bio_err, "Error encrypting key\n"); ERR_print_errors(bio_err); return (1); } @@ -303,7 +302,7 @@ int MAIN(int argc, char **argv) } if (!p8) { - BIO_printf (bio_err, "Error reading key\n", outfile); + BIO_printf (bio_err, "Error reading key\n"); ERR_print_errors(bio_err); return (1); } @@ -317,13 +316,13 @@ int MAIN(int argc, char **argv) } if (!p8inf) { - BIO_printf(bio_err, "Error decrypting key\n", outfile); + BIO_printf(bio_err, "Error decrypting key\n"); ERR_print_errors(bio_err); return (1); } if (!(pkey = EVP_PKCS82PKEY(p8inf))) { - BIO_printf(bio_err, "Error converting key\n", outfile); + BIO_printf(bio_err, "Error converting key\n"); ERR_print_errors(bio_err); return (1); } diff --git a/apps/req.c b/apps/req.c index c297599610..80b623c506 100644 --- a/apps/req.c +++ b/apps/req.c @@ -728,10 +728,10 @@ bad: if (newkey < MIN_KEY_LENGTH && (pkey_type == TYPE_RSA || pkey_type == TYPE_DSA)) { BIO_printf(bio_err,"private key length is too short,\n"); - BIO_printf(bio_err,"it needs to be at least %d bits, not %d\n",MIN_KEY_LENGTH,newkey); + BIO_printf(bio_err,"it needs to be at least %d bits, not %ld\n",MIN_KEY_LENGTH,newkey); goto end; } - BIO_printf(bio_err,"Generating a %d bit %s private key\n", + BIO_printf(bio_err,"Generating a %ld bit %s private key\n", newkey,(pkey_type == TYPE_RSA)?"RSA": (pkey_type == TYPE_DSA)?"DSA":"EC"); diff --git a/apps/s_cb.c b/apps/s_cb.c index 675527df1f..1410178d65 100644 --- a/apps/s_cb.c +++ b/apps/s_cb.c @@ -239,14 +239,14 @@ long MS_CALLBACK bio_dump_cb(BIO *bio, int cmd, const char *argp, int argi, if (cmd == (BIO_CB_READ|BIO_CB_RETURN)) { - BIO_printf(out,"read from %08X [%08lX] (%d bytes => %ld (0x%X))\n", + BIO_printf(out,"read from %p [%p] (%d bytes => %ld (0x%lX))\n", bio,argp,argi,ret,ret); BIO_dump(out,argp,(int)ret); return(ret); } else if (cmd == (BIO_CB_WRITE|BIO_CB_RETURN)) { - BIO_printf(out,"write to %08X [%08lX] (%d bytes => %ld (0x%X))\n", + BIO_printf(out,"write to %p [%p] (%d bytes => %ld (0x%lX))\n", bio,argp,argi,ret,ret); BIO_dump(out,argp,(int)ret); } diff --git a/apps/s_server.c b/apps/s_server.c index 814f3b9c15..7ce65a3e8e 100644 --- a/apps/s_server.c +++ b/apps/s_server.c @@ -971,23 +971,23 @@ static void print_stats(BIO *bio, SSL_CTX *ssl_ctx) { BIO_printf(bio,"%4ld items in the session cache\n", SSL_CTX_sess_number(ssl_ctx)); - BIO_printf(bio,"%4d client connects (SSL_connect())\n", + BIO_printf(bio,"%4ld client connects (SSL_connect())\n", SSL_CTX_sess_connect(ssl_ctx)); - BIO_printf(bio,"%4d client renegotiates (SSL_connect())\n", + BIO_printf(bio,"%4ld client renegotiates (SSL_connect())\n", SSL_CTX_sess_connect_renegotiate(ssl_ctx)); - BIO_printf(bio,"%4d client connects that finished\n", + BIO_printf(bio,"%4ld client connects that finished\n", SSL_CTX_sess_connect_good(ssl_ctx)); - BIO_printf(bio,"%4d server accepts (SSL_accept())\n", + BIO_printf(bio,"%4ld server accepts (SSL_accept())\n", SSL_CTX_sess_accept(ssl_ctx)); - BIO_printf(bio,"%4d server renegotiates (SSL_accept())\n", + BIO_printf(bio,"%4ld server renegotiates (SSL_accept())\n", SSL_CTX_sess_accept_renegotiate(ssl_ctx)); - BIO_printf(bio,"%4d server accepts that finished\n", + BIO_printf(bio,"%4ld server accepts that finished\n", SSL_CTX_sess_accept_good(ssl_ctx)); - BIO_printf(bio,"%4d session cache hits\n",SSL_CTX_sess_hits(ssl_ctx)); - BIO_printf(bio,"%4d session cache misses\n",SSL_CTX_sess_misses(ssl_ctx)); - BIO_printf(bio,"%4d session cache timeouts\n",SSL_CTX_sess_timeouts(ssl_ctx)); - BIO_printf(bio,"%4d callback cache hits\n",SSL_CTX_sess_cb_hits(ssl_ctx)); - BIO_printf(bio,"%4d cache full overflows (%d allowed)\n", + BIO_printf(bio,"%4ld session cache hits\n",SSL_CTX_sess_hits(ssl_ctx)); + BIO_printf(bio,"%4ld session cache misses\n",SSL_CTX_sess_misses(ssl_ctx)); + BIO_printf(bio,"%4ld session cache timeouts\n",SSL_CTX_sess_timeouts(ssl_ctx)); + BIO_printf(bio,"%4ld callback cache hits\n",SSL_CTX_sess_cb_hits(ssl_ctx)); + BIO_printf(bio,"%4ld cache full overflows (%ld allowed)\n", SSL_CTX_sess_cache_full(ssl_ctx), SSL_CTX_sess_get_cache_size(ssl_ctx)); } diff --git a/apps/speed.c b/apps/speed.c index c4add36d2b..a634b11729 100644 --- a/apps/speed.c +++ b/apps/speed.c @@ -2382,8 +2382,8 @@ static void pkey_print_message(char *str, char *str2, long num, int bits, static void print_result(int alg,int run_no,int count,double time_used) { - BIO_printf(bio_err,mr ? "+R:%ld:%s:%f\n" - : "%ld %s's in %.2fs\n",count,names[alg],time_used); + BIO_printf(bio_err,mr ? "+R:%d:%s:%f\n" + : "%d %s's in %.2fs\n",count,names[alg],time_used); results[alg][run_no]=((double)count)/time_used*lengths[run_no]; } diff --git a/crypto/asn1/t_crl.c b/crypto/asn1/t_crl.c index 757c148df8..f183a11b65 100644 --- a/crypto/asn1/t_crl.c +++ b/crypto/asn1/t_crl.c @@ -121,7 +121,7 @@ int X509_CRL_print(BIO *out, X509_CRL *x) r = sk_X509_REVOKED_value(rev, i); BIO_printf(out," Serial Number: "); i2a_ASN1_INTEGER(out,r->serialNumber); - BIO_printf(out,"\n Revocation Date: ",""); + BIO_printf(out,"\n Revocation Date: "); ASN1_TIME_print(out,r->revocationDate); BIO_printf(out,"\n"); X509V3_extensions_print(out, "CRL entry extensions", diff --git a/crypto/asn1/t_req.c b/crypto/asn1/t_req.c index b70bda71db..7088486a91 100644 --- a/crypto/asn1/t_req.c +++ b/crypto/asn1/t_req.c @@ -254,7 +254,7 @@ get_next: obj=X509_EXTENSION_get_object(ex); i2a_ASN1_OBJECT(bp,obj); j=X509_EXTENSION_get_critical(ex); - if (BIO_printf(bp,": %s\n",j?"critical":"","") <= 0) + if (BIO_printf(bp,": %s\n",j?"critical":"") <= 0) goto err; if(!X509V3_EXT_print(bp, ex, 0, 16)) { diff --git a/crypto/dsa/dsatest.c b/crypto/dsa/dsatest.c index 71ff566edb..53c73c5cc2 100644 --- a/crypto/dsa/dsatest.c +++ b/crypto/dsa/dsatest.c @@ -166,7 +166,7 @@ int main(int argc, char **argv) BIO_printf(bio_err,"%02X%02X%02X%02X ", seed[i],seed[i+1],seed[i+2],seed[i+3]); } - BIO_printf(bio_err,"\ncounter=%d h=%d\n",counter,h); + BIO_printf(bio_err,"\ncounter=%d h=%ld\n",counter,h); if (dsa == NULL) goto end; DSA_print(bio_err,dsa,0); diff --git a/crypto/ocsp/ocsp_prn.c b/crypto/ocsp/ocsp_prn.c index 4b7bc28769..3dfb51c1e4 100644 --- a/crypto/ocsp/ocsp_prn.c +++ b/crypto/ocsp/ocsp_prn.c @@ -194,7 +194,7 @@ int OCSP_RESPONSE_print(BIO *bp, OCSP_RESPONSE* o, unsigned long flags) if (BIO_puts(bp,"OCSP Response Data:\n") <= 0) goto err; l=ASN1_ENUMERATED_get(o->responseStatus); - if (BIO_printf(bp," OCSP Response Status: %s (0x%x)\n", + if (BIO_printf(bp," OCSP Response Status: %s (0x%lx)\n", OCSP_response_status_str(l), l) <= 0) goto err; if (rb == NULL) return 1; if (BIO_puts(bp," Response Type: ") <= 0) @@ -252,7 +252,7 @@ int OCSP_RESPONSE_print(BIO *bp, OCSP_RESPONSE* o, unsigned long flags) { l=ASN1_ENUMERATED_get(rev->revocationReason); if (BIO_printf(bp, - "\n Revocation Reason: %s (0x%x)", + "\n Revocation Reason: %s (0x%lx)", OCSP_crl_reason_str(l), l) <= 0) goto err; } diff --git a/crypto/x509v3/v3_prn.c b/crypto/x509v3/v3_prn.c index 754808b625..9be6c95a63 100644 --- a/crypto/x509v3/v3_prn.c +++ b/crypto/x509v3/v3_prn.c @@ -182,7 +182,7 @@ int X509V3_extensions_print(BIO *bp, char *title, STACK_OF(X509_EXTENSION) *exts obj=X509_EXTENSION_get_object(ex); i2a_ASN1_OBJECT(bp,obj); j=X509_EXTENSION_get_critical(ex); - if (BIO_printf(bp,": %s\n",j?"critical":"","") <= 0) + if (BIO_printf(bp,": %s\n",j?"critical":"") <= 0) return 0; if(!X509V3_EXT_print(bp, ex, flag, 12)) { diff --git a/crypto/x509v3/v3_sxnet.c b/crypto/x509v3/v3_sxnet.c index d3f4ba3a72..860909a83b 100644 --- a/crypto/x509v3/v3_sxnet.c +++ b/crypto/x509v3/v3_sxnet.c @@ -109,7 +109,7 @@ static int sxnet_i2r(X509V3_EXT_METHOD *method, SXNET *sx, BIO *out, SXNETID *id; int i; v = ASN1_INTEGER_get(sx->version); - BIO_printf(out, "%*sVersion: %d (0x%X)", indent, "", v + 1, v); + BIO_printf(out, "%*sVersion: %ld (0x%lX)", indent, "", v + 1, v); for(i = 0; i < sk_SXNETID_num(sx->ids); i++) { id = sk_SXNETID_value(sx->ids, i); tmp = i2s_ASN1_INTEGER(NULL, id->zone); diff --git a/ssl/ssltest.c b/ssl/ssltest.c index 45b211b4c6..a304398b9f 100644 --- a/ssl/ssltest.c +++ b/ssl/ssltest.c @@ -1597,7 +1597,7 @@ static RSA MS_CALLBACK *tmp_rsa_cb(SSL *s, int is_export, int keylength) (void)BIO_flush(bio_err); if(!RSA_generate_key_ex(rsa_tmp,keylength,RSA_F4,NULL)) { - BIO_printf(bio_err, "Error generating key.", keylength); + BIO_printf(bio_err, "Error generating key."); RSA_free(rsa_tmp); rsa_tmp = NULL; } From b5f96e8818188c542dcff3d38deb9303ccd2ccca Mon Sep 17 00:00:00 2001 From: Richard Levitte Date: Fri, 4 Apr 2003 14:19:00 +0000 Subject: [PATCH 233/393] There's no need to check for __attribute__ with ANSI functions, since we only check to the opening parenthesis anyway... --- util/mkerr.pl | 2 +- 1 file changed, 1 insertion(+), 1 deletion(-) diff --git a/util/mkerr.pl b/util/mkerr.pl index cf34a35ce1..1b2915c767 100644 --- a/util/mkerr.pl +++ b/util/mkerr.pl @@ -128,7 +128,7 @@ while (($hdr, $lib) = each %libinc) s/^[\n\s]*//g; s/[\n\s]*$//g; next if(/typedef\W/); - if (/\(\*(\w*)\([^\)]+\)(\s*__attribute__\(.*\)\s*)?$/) { + if (/\(\*(\w*)\([^\)]+/) { my $name = $1; $name =~ tr/[a-z]/[A-Z]/; $ftrans{$name} = $1; From 6fcf7354975b839ad8bf76e9427e721d8ed5f5cf Mon Sep 17 00:00:00 2001 From: Richard Levitte Date: Fri, 4 Apr 2003 14:19:15 +0000 Subject: [PATCH 234/393] make update --- util/libeay.num | 2 ++ 1 file changed, 2 insertions(+) diff --git a/util/libeay.num b/util/libeay.num index c83c89ad6d..865fa9fe75 100755 --- a/util/libeay.num +++ b/util/libeay.num @@ -3020,3 +3020,5 @@ GENERAL_SUBTREE_it 3450 EXIST:!EXPORT_VAR_AS_FUNCTION:VARIA GENERAL_SUBTREE_it 3450 EXIST:EXPORT_VAR_AS_FUNCTION:FUNCTION: GENERAL_SUBTREE_free 3451 EXIST::FUNCTION: GENERAL_SUBTREE_new 3452 EXIST::FUNCTION: +EVP_PKEY_cmp 3453 EXIST::FUNCTION: +X509_REQ_check_private_key 3454 EXIST::FUNCTION: From d6df2b281f4eb0524606e3313afe8caf45d7e342 Mon Sep 17 00:00:00 2001 From: Richard Levitte Date: Fri, 4 Apr 2003 14:39:44 +0000 Subject: [PATCH 235/393] Add documentation on the added functionality in 'openssl ca'. --- apps/ca.c | 1 + doc/apps/ca.pod | 25 +++++++++++++++++++++++++ 2 files changed, 26 insertions(+) diff --git a/apps/ca.c b/apps/ca.c index ea84facac9..34b1507aee 100644 --- a/apps/ca.c +++ b/apps/ca.c @@ -169,6 +169,7 @@ static char *ca_usage[]={ " -keyform arg - private key file format (PEM or ENGINE)\n", " -key arg - key to decode the private key if it is encrypted\n", " -cert file - The CA certificate\n", +" -selfsign - sign a certificate with the key associated with it\n", " -in file - The input PEM encoded certificate request(s)\n", " -out file - Where to put the output file(s)\n", " -outdir dir - Where to put output certificates\n", diff --git a/doc/apps/ca.pod b/doc/apps/ca.pod index de66c534b5..6d010216e7 100644 --- a/doc/apps/ca.pod +++ b/doc/apps/ca.pod @@ -30,6 +30,7 @@ B B [B<-key arg>] [B<-passin arg>] [B<-cert file>] +[B<-selfsign>] [B<-in file>] [B<-out file>] [B<-notext>] @@ -113,6 +114,20 @@ the password used to encrypt the private key. Since on some systems the command line arguments are visible (e.g. Unix with the 'ps' utility) this option should be used with caution. +=item B<-selfsign> + +indicates the issued certificates are to be signed with the key +the certificate requests were signed with (given with B<-keyfile>). +Cerificate requests signed with a different key are ignored. If +B<-spkac>, B<-ss_cert> or B<-gencrl> are given, B<-selfsign> is +ignored. + +A consequence of using B<-selfsign> is that the self-signed +certificate appears among the entries in the certificate database +(see the configuration option B), and uses the same +serial number counter as all other certificates sign with the +self-signed certificate. + =item B<-passin arg> the key password source. For more information about the format of B @@ -359,6 +374,16 @@ the same as the B<-md> option. The message digest to use. Mandatory. the text database file to use. Mandatory. This file must be present though initially it will be empty. +=item B + +if the value B is given, the valid certificate entries in the +database must have unique subjects. if the value B is given, +several valid certificate entries may have the exact same subject. +The default value is B, to be compatible with older (pre 0.9.8) +versions of OpenSSL. However, to make CA certificate roll-over easier, +it's recommended to use the value B, especially if combined with +the B<-selfsign> command line option. + =item B a text file containing the next serial number to use in hex. Mandatory. From 4c771796d59f895c58e88bb7161fc0d711d05604 Mon Sep 17 00:00:00 2001 From: Richard Levitte Date: Fri, 4 Apr 2003 15:10:35 +0000 Subject: [PATCH 236/393] Convert save_serial() to work like save_index(), and add a rotate_serial() that works like rotate_index(). --- apps/apps.c | 101 ++++++++++++++++++++++++++++++++++++++++++++++++++-- apps/apps.h | 3 +- apps/ca.c | 45 ++--------------------- apps/x509.c | 2 +- 4 files changed, 103 insertions(+), 48 deletions(-) diff --git a/apps/apps.c b/apps/apps.c index 0cdc1ad69b..ac9e3daa5e 100644 --- a/apps/apps.c +++ b/apps/apps.c @@ -1519,19 +1519,44 @@ BIGNUM *load_serial(char *serialfile, int create, ASN1_INTEGER **retai) return(ret); } -int save_serial(char *serialfile, BIGNUM *serial, ASN1_INTEGER **retai) +int save_serial(char *serialfile, char *suffix, BIGNUM *serial, ASN1_INTEGER **retai) { - BIO *out; + char buf[1][BSIZE]; + BIO *out = NULL; int ret=0; ASN1_INTEGER *ai=NULL; + int j; + if (suffix == NULL) + j = strlen(serialfile); + else + j = strlen(serialfile) + strlen(suffix) + 1; + if (j >= BSIZE) + { + BIO_printf(bio_err,"file name too long\n"); + goto err; + } + + if (suffix == NULL) + BUF_strlcpy(buf[0], serialfile, BSIZE); + else + { +#ifndef OPENSSL_SYS_VMS + j = BIO_snprintf(buf[0], sizeof buf[0], "%s.%s", serialfile, suffix); +#else + j = BIO_snprintf(buf[0], sizeof buf[0], "%s-%s", serialfile, suffix); +#endif + } +#ifdef RL_DEBUG + BIO_printf(bio_err, "DEBUG: writing \"%s\"\n", buf[0]); +#endif out=BIO_new(BIO_s_file()); if (out == NULL) { ERR_print_errors(bio_err); goto err; } - if (BIO_write_filename(out,serialfile) <= 0) + if (BIO_write_filename(out,buf[0]) <= 0) { perror(serialfile); goto err; @@ -1556,6 +1581,76 @@ err: return(ret); } +int rotate_serial(char *serialfile, char *new_suffix, char *old_suffix) + { + char buf[5][BSIZE]; + int i,j; + struct stat sb; + + i = strlen(serialfile) + strlen(old_suffix); + j = strlen(serialfile) + strlen(new_suffix); + if (i > j) j = i; + if (j + 1 >= BSIZE) + { + BIO_printf(bio_err,"file name too long\n"); + goto err; + } + +#ifndef OPENSSL_SYS_VMS + j = BIO_snprintf(buf[0], sizeof buf[0], "%s.%s", + serialfile, new_suffix); +#else + j = BIO_snprintf(buf[0], sizeof buf[0], "%s-%s", + serialfile, new_suffix); +#endif +#ifndef OPENSSL_SYS_VMS + j = BIO_snprintf(buf[1], sizeof buf[1], "%s.%s", + serialfile, old_suffix); +#else + j = BIO_snprintf(buf[1], sizeof buf[1], "%s-%s", + serialfile, old_suffix); +#endif + if (stat(serialfile,&sb) < 0) + { + if (errno != ENOENT +#ifdef ENOTDIR + && errno != ENOTDIR) +#endif + goto err; + } + else + { +#ifdef RL_DEBUG + BIO_printf(bio_err, "DEBUG: renaming \"%s\" to \"%s\"\n", + serialfile, buf[1]); +#endif + if (rename(serialfile,buf[1]) < 0) + { + BIO_printf(bio_err, + "unable to rename %s to %s\n", + serialfile, buf[1]); + perror("reason"); + goto err; + } + } +#ifdef RL_DEBUG + BIO_printf(bio_err, "DEBUG: renaming \"%s\" to \"%s\"\n", + buf[0],serialfile); +#endif + if (rename(buf[0],serialfile) < 0) + { + BIO_printf(bio_err, + "unable to rename %s to %s\n", + buf[0],serialfile); + perror("reason"); + rename(buf[1],serialfile); + goto err; + } + return 1; + err: + return 0; + } + CA_DB *load_index(char *dbfile, DB_ATTR *db_attr) { CA_DB *retdb = NULL; diff --git a/apps/apps.h b/apps/apps.h index 974eb4f1c9..8a9c4ab0a0 100644 --- a/apps/apps.h +++ b/apps/apps.h @@ -311,7 +311,8 @@ typedef struct ca_db_st } CA_DB; BIGNUM *load_serial(char *serialfile, int create, ASN1_INTEGER **retai); -int save_serial(char *serialfile, BIGNUM *serial, ASN1_INTEGER **retai); +int save_serial(char *serialfile, char *suffix, BIGNUM *serial, ASN1_INTEGER **retai); +int rotate_serial(char *serialfile, char *new_suffix, char *old_suffix); CA_DB *load_index(char *dbfile, DB_ATTR *dbattr); int index_index(CA_DB *db); int save_index(char *dbfile, char *suffix, CA_DB *db); diff --git a/apps/ca.c b/apps/ca.c index 34b1507aee..618d88b2d0 100644 --- a/apps/ca.c +++ b/apps/ca.c @@ -1243,21 +1243,7 @@ bad: BIO_printf(bio_err,"Write out database with %d new entries\n",sk_X509_num(cert_sk)); - if(strlen(serialfile) > BSIZE-5 || strlen(dbfile) > BSIZE-5) - { - BIO_printf(bio_err,"file name too long\n"); - goto err; - } - - strcpy(buf[0],serialfile); - -#ifdef OPENSSL_SYS_VMS - strcat(buf[0],"-new"); -#else - strcat(buf[0],".new"); -#endif - - if (!save_serial(buf[0],serial,NULL)) goto err; + if (!save_serial(serialfile,"new",serial,NULL)) goto err; if (!save_index(dbfile, "new", db)) goto err; } @@ -1317,34 +1303,7 @@ bad: if (sk_X509_num(cert_sk)) { /* Rename the database and the serial file */ - strncpy(buf[2],serialfile,BSIZE-4); - buf[2][BSIZE-4]='\0'; - -#ifdef OPENSSL_SYS_VMS - strcat(buf[2],"-old"); -#else - strcat(buf[2],".old"); -#endif - - BIO_free(in); - BIO_free_all(out); - in=NULL; - out=NULL; - if (rename(serialfile,buf[2]) < 0) - { - BIO_printf(bio_err,"unable to rename %s to %s\n", - serialfile,buf[2]); - perror("reason"); - goto err; - } - if (rename(buf[0],serialfile) < 0) - { - BIO_printf(bio_err,"unable to rename %s to %s\n", - buf[0],serialfile); - perror("reason"); - rename(buf[2],serialfile); - goto err; - } + if (!rotate_serial(serialfile,"new","old")) goto err; if (!rotate_index(dbfile,"new","old")) goto err; diff --git a/apps/x509.c b/apps/x509.c index efb7b0d8b2..ed9e40574a 100644 --- a/apps/x509.c +++ b/apps/x509.c @@ -1064,7 +1064,7 @@ static ASN1_INTEGER *x509_load_serial(char *CAfile, char *serialfile, int create if (!BN_add_word(serial,1)) { BIO_printf(bio_err,"add_word failure\n"); goto end; } - if (!save_serial(buf, serial, &bs)) goto end; + if (!save_serial(buf, NULL, serial, &bs)) goto end; end: if (buf) OPENSSL_free(buf); From 8d570498a268acff0c311c1149f872bf84827583 Mon Sep 17 00:00:00 2001 From: Richard Levitte Date: Sat, 5 Apr 2003 21:21:26 +0000 Subject: [PATCH 237/393] Do not call ENGINE_setup_bsd_cryptodev() when OPENSSL_NO_ENGINE is defined. PR: 564 --- crypto/evp/c_all.c | 4 +++- 1 file changed, 3 insertions(+), 1 deletion(-) diff --git a/crypto/evp/c_all.c b/crypto/evp/c_all.c index 19737f39f6..879d84ae79 100644 --- a/crypto/evp/c_all.c +++ b/crypto/evp/c_all.c @@ -74,7 +74,9 @@ void OPENSSL_add_all_algorithms_noconf(void) { OpenSSL_add_all_ciphers(); OpenSSL_add_all_digests(); -#if defined(__OpenBSD__) || defined(__FreeBSD__) +#ifndef OPENSSL_NO_ENGINE +# if defined(__OpenBSD__) || defined(__FreeBSD__) ENGINE_setup_bsd_cryptodev(); +# endif #endif } From af0f0f3e8fce83cf65c7f306eef88fa2d7516e5f Mon Sep 17 00:00:00 2001 From: Richard Levitte Date: Sun, 6 Apr 2003 15:31:18 +0000 Subject: [PATCH 238/393] Constify --- crypto/evp/evp.h | 8 ++++---- crypto/evp/p_lib.c | 8 ++++---- 2 files changed, 8 insertions(+), 8 deletions(-) diff --git a/crypto/evp/evp.h b/crypto/evp/evp.h index 4e4a667ab8..a1dd3da1bf 100644 --- a/crypto/evp/evp.h +++ b/crypto/evp/evp.h @@ -749,12 +749,12 @@ EVP_PKEY * d2i_AutoPrivateKey(EVP_PKEY **a, unsigned char **pp, long length); int i2d_PrivateKey(EVP_PKEY *a, unsigned char **pp); -int EVP_PKEY_copy_parameters(EVP_PKEY *to,EVP_PKEY *from); -int EVP_PKEY_missing_parameters(EVP_PKEY *pkey); +int EVP_PKEY_copy_parameters(EVP_PKEY *to, const EVP_PKEY *from); +int EVP_PKEY_missing_parameters(const EVP_PKEY *pkey); int EVP_PKEY_save_parameters(EVP_PKEY *pkey,int mode); -int EVP_PKEY_cmp_parameters(EVP_PKEY *a,EVP_PKEY *b); +int EVP_PKEY_cmp_parameters(const EVP_PKEY *a, const EVP_PKEY *b); -int EVP_PKEY_cmp(EVP_PKEY *a,EVP_PKEY *b); +int EVP_PKEY_cmp(const EVP_PKEY *a, const EVP_PKEY *b); int EVP_CIPHER_type(const EVP_CIPHER *ctx); diff --git a/crypto/evp/p_lib.c b/crypto/evp/p_lib.c index 8d23c0bd72..74a007e29d 100644 --- a/crypto/evp/p_lib.c +++ b/crypto/evp/p_lib.c @@ -150,7 +150,7 @@ int EVP_PKEY_save_parameters(EVP_PKEY *pkey, int mode) return(0); } -int EVP_PKEY_copy_parameters(EVP_PKEY *to, EVP_PKEY *from) +int EVP_PKEY_copy_parameters(EVP_PKEY *to, cpnst EVP_PKEY *from) { if (to->type != from->type) { @@ -198,7 +198,7 @@ err: return(0); } -int EVP_PKEY_missing_parameters(EVP_PKEY *pkey) +int EVP_PKEY_missing_parameters(const EVP_PKEY *pkey) { #ifndef OPENSSL_NO_DSA if (pkey->type == EVP_PKEY_DSA) @@ -221,7 +221,7 @@ int EVP_PKEY_missing_parameters(EVP_PKEY *pkey) return(0); } -int EVP_PKEY_cmp_parameters(EVP_PKEY *a, EVP_PKEY *b) +int EVP_PKEY_cmp_parameters(const EVP_PKEY *a, const EVP_PKEY *b) { #ifndef OPENSSL_NO_DSA if ((a->type == EVP_PKEY_DSA) && (b->type == EVP_PKEY_DSA)) @@ -237,7 +237,7 @@ int EVP_PKEY_cmp_parameters(EVP_PKEY *a, EVP_PKEY *b) return(-1); } -int EVP_PKEY_cmp(EVP_PKEY *a, EVP_PKEY *b) +int EVP_PKEY_cmp(const EVP_PKEY *a, const EVP_PKEY *b) { if (a->type != b->type) return -1; From a8b728445c6d2d3f1d3ef568b8bff2b651aa0b52 Mon Sep 17 00:00:00 2001 From: Richard Levitte Date: Mon, 7 Apr 2003 10:09:44 +0000 Subject: [PATCH 239/393] Correct a typo. Have EVP_PKEY_cmp() call EVP_PKEY_cmp_parameters(), and make a note about the lack of parameter comparison for EC. --- crypto/evp/p_lib.c | 11 ++++++++++- 1 file changed, 10 insertions(+), 1 deletion(-) diff --git a/crypto/evp/p_lib.c b/crypto/evp/p_lib.c index 74a007e29d..2760d7b1ed 100644 --- a/crypto/evp/p_lib.c +++ b/crypto/evp/p_lib.c @@ -150,7 +150,7 @@ int EVP_PKEY_save_parameters(EVP_PKEY *pkey, int mode) return(0); } -int EVP_PKEY_copy_parameters(EVP_PKEY *to, cpnst EVP_PKEY *from) +int EVP_PKEY_copy_parameters(EVP_PKEY *to, const EVP_PKEY *from) { if (to->type != from->type) { @@ -242,6 +242,15 @@ int EVP_PKEY_cmp(const EVP_PKEY *a, const EVP_PKEY *b) if (a->type != b->type) return -1; + /* XXXXX + We should really check for != 0, but cmp_paramters doesn't compare EC + groups, and I'm currently unsure how to handle that case... Except for + adding such functionality to cmp_parameters, but that would require + things like EC_GROUP_cmp(), which I'm not currently ready to write. + -- Richard Levitte */ + if (EVP_PKEY_cmp_parameters(a, b) == 1) + return 1; + switch (a->type) { #ifndef OPENSSL_NO_RSA From 7b36590b1778c26ad96a36002b55b17fa3e41bf6 Mon Sep 17 00:00:00 2001 From: Richard Levitte Date: Mon, 7 Apr 2003 10:15:32 +0000 Subject: [PATCH 240/393] What was I smoking? EVP_PKEY_cmp() should return with 0 if EVP_PKEY_cmp_parameters() returned 0, otherwise it should go on processing the public key component. Thia has nothing to do with the proper handling of EC parameters or not. --- crypto/evp/p_lib.c | 10 ++-------- 1 file changed, 2 insertions(+), 8 deletions(-) diff --git a/crypto/evp/p_lib.c b/crypto/evp/p_lib.c index 2760d7b1ed..730ef4d0a9 100644 --- a/crypto/evp/p_lib.c +++ b/crypto/evp/p_lib.c @@ -242,14 +242,8 @@ int EVP_PKEY_cmp(const EVP_PKEY *a, const EVP_PKEY *b) if (a->type != b->type) return -1; - /* XXXXX - We should really check for != 0, but cmp_paramters doesn't compare EC - groups, and I'm currently unsure how to handle that case... Except for - adding such functionality to cmp_parameters, but that would require - things like EC_GROUP_cmp(), which I'm not currently ready to write. - -- Richard Levitte */ - if (EVP_PKEY_cmp_parameters(a, b) == 1) - return 1; + if (EVP_PKEY_cmp_parameters(a, b) == 0) + return 0; switch (a->type) { From 0a861ab7f36b6a8436e62dcf9f98446bc022b6ff Mon Sep 17 00:00:00 2001 From: Richard Levitte Date: Mon, 7 Apr 2003 19:15:25 +0000 Subject: [PATCH 241/393] RSA_FLAG_SIGN_VER indicates the special rsa_sign and rsa_verify function pointers should be used. It doesn't necessarely mean it should go through the ENGINE framework. --- crypto/rsa/rsa_sign.c | 24 ++++++++++++++++-------- 1 file changed, 16 insertions(+), 8 deletions(-) diff --git a/crypto/rsa/rsa_sign.c b/crypto/rsa/rsa_sign.c index 9dd62ac956..619755ce0b 100644 --- a/crypto/rsa/rsa_sign.c +++ b/crypto/rsa/rsa_sign.c @@ -79,12 +79,16 @@ int RSA_sign(int type, const unsigned char *m, unsigned int m_len, const unsigned char *s = NULL; X509_ALGOR algor; ASN1_OCTET_STRING digest; + if(rsa->flags & RSA_FLAG_SIGN_VER) + { #ifndef OPENSSL_NO_ENGINE - if((rsa->flags & RSA_FLAG_SIGN_VER) - && ENGINE_get_RSA(rsa->engine)->rsa_sign) - return ENGINE_get_RSA(rsa->engine)->rsa_sign(type, - m, m_len, sigret, siglen, rsa); + if(ENGINE_get_RSA(rsa->engine)->rsa_sign) + return ENGINE_get_RSA(rsa->engine)->rsa_sign(type, + m, m_len, sigret, siglen, rsa); #endif + return rsa->meth->rsa_sign(type, m, m_len, + sigret, siglen, rsa); + } /* Special case: SSL signature, just check the length */ if(type == NID_md5_sha1) { if(m_len != SSL_SIG_LENGTH) { @@ -159,12 +163,16 @@ int RSA_verify(int dtype, const unsigned char *m, unsigned int m_len, return(0); } + if(rsa->flags & RSA_FLAG_SIGN_VER) + { #ifndef OPENSSL_NO_ENGINE - if((rsa->flags & RSA_FLAG_SIGN_VER) - && ENGINE_get_RSA(rsa->engine)->rsa_verify) - return ENGINE_get_RSA(rsa->engine)->rsa_verify(dtype, - m, m_len, sigbuf, siglen, rsa); + if(ENGINE_get_RSA(rsa->engine)->rsa_verify) + return ENGINE_get_RSA(rsa->engine)->rsa_verify(dtype, + m, m_len, sigbuf, siglen, rsa); #endif + return rsa->meth->rsa_verify(dtype, m, m_len, + sigbuf, siglen, rsa); + } s=(unsigned char *)OPENSSL_malloc((unsigned int)siglen); if (s == NULL) From 43eb3b0130539b6ebce32e683b56c531f19adb1e Mon Sep 17 00:00:00 2001 From: Richard Levitte Date: Tue, 8 Apr 2003 06:00:05 +0000 Subject: [PATCH 242/393] We seem to carry some rests of the 0.9.6 [engine] ENGINE framework in form of unneeded includes of openssl/engine.h. --- crypto/dh/dh_key.c | 3 --- crypto/dsa/dsa_ossl.c | 3 --- crypto/dsa/dsa_sign.c | 3 --- crypto/dsa/dsa_vrf.c | 3 --- crypto/dsa/dsatest.c | 4 ---- crypto/evp/evp_acnf.c | 3 --- crypto/rsa/rsa_eay.c | 3 --- crypto/rsa/rsa_test.c | 3 --- 8 files changed, 25 deletions(-) diff --git a/crypto/dh/dh_key.c b/crypto/dh/dh_key.c index 28c20750bd..48e7be45c5 100644 --- a/crypto/dh/dh_key.c +++ b/crypto/dh/dh_key.c @@ -61,9 +61,6 @@ #include #include #include -#ifndef OPENSSL_NO_ENGINE -#include -#endif static int generate_key(DH *dh); static int compute_key(unsigned char *key, const BIGNUM *pub_key, DH *dh); diff --git a/crypto/dsa/dsa_ossl.c b/crypto/dsa/dsa_ossl.c index b6e08584a6..c3ad7a14ab 100644 --- a/crypto/dsa/dsa_ossl.c +++ b/crypto/dsa/dsa_ossl.c @@ -64,9 +64,6 @@ #include #include #include -#ifndef OPENSSL_NO_ENGINE -#include -#endif static DSA_SIG *dsa_do_sign(const unsigned char *dgst, int dlen, DSA *dsa); static int dsa_sign_setup(DSA *dsa, BN_CTX *ctx_in, BIGNUM **kinvp, BIGNUM **rp); diff --git a/crypto/dsa/dsa_sign.c b/crypto/dsa/dsa_sign.c index 5cdc8ed851..89205026f0 100644 --- a/crypto/dsa/dsa_sign.c +++ b/crypto/dsa/dsa_sign.c @@ -64,9 +64,6 @@ #include #include #include -#ifndef OPENSSL_NO_ENGINE -#include -#endif DSA_SIG * DSA_do_sign(const unsigned char *dgst, int dlen, DSA *dsa) { diff --git a/crypto/dsa/dsa_vrf.c b/crypto/dsa/dsa_vrf.c index fffb129f8f..c4aeddd056 100644 --- a/crypto/dsa/dsa_vrf.c +++ b/crypto/dsa/dsa_vrf.c @@ -65,9 +65,6 @@ #include #include #include -#ifndef OPENSSL_NO_ENGINE -#include -#endif int DSA_do_verify(const unsigned char *dgst, int dgst_len, DSA_SIG *sig, DSA *dsa) diff --git a/crypto/dsa/dsatest.c b/crypto/dsa/dsatest.c index 53c73c5cc2..49c630b106 100644 --- a/crypto/dsa/dsatest.c +++ b/crypto/dsa/dsatest.c @@ -74,10 +74,6 @@ #include #include #include -#ifndef OPENSSL_NO_ENGINE -#include -#include -#endif #ifdef OPENSSL_NO_DSA int main(int argc, char *argv[]) diff --git a/crypto/evp/evp_acnf.c b/crypto/evp/evp_acnf.c index 54c073ca44..ff3e311cc5 100644 --- a/crypto/evp/evp_acnf.c +++ b/crypto/evp/evp_acnf.c @@ -59,9 +59,6 @@ #include "cryptlib.h" #include #include -#ifndef OPENSSL_NO_ENGINE -#include -#endif /* Load all algorithms and configure OpenSSL. diff --git a/crypto/rsa/rsa_eay.c b/crypto/rsa/rsa_eay.c index ad6ccf634d..aff86343cc 100644 --- a/crypto/rsa/rsa_eay.c +++ b/crypto/rsa/rsa_eay.c @@ -61,9 +61,6 @@ #include #include #include -#ifndef OPENSSL_NO_ENGINE -#include -#endif #ifndef RSA_NULL diff --git a/crypto/rsa/rsa_test.c b/crypto/rsa/rsa_test.c index 99abb1fde7..924e9ad1f6 100644 --- a/crypto/rsa/rsa_test.c +++ b/crypto/rsa/rsa_test.c @@ -16,9 +16,6 @@ int main(int argc, char *argv[]) } #else #include -#ifndef OPENSSL_NO_ENGINE -#include -#endif #define SetKey \ key->n = BN_bin2bn(n, sizeof(n)-1, key->n); \ From 0b553683063250d29c4e5405844b860724fb8009 Mon Sep 17 00:00:00 2001 From: Richard Levitte Date: Tue, 8 Apr 2003 06:01:55 +0000 Subject: [PATCH 243/393] We seem to carry some rests of the 0.9.6 [engine] ENGINE framework, here in form of unneeded direct calls through the engine pointer.. --- crypto/rsa/rsa_sign.c | 13 ------------- 1 file changed, 13 deletions(-) diff --git a/crypto/rsa/rsa_sign.c b/crypto/rsa/rsa_sign.c index 619755ce0b..02eb8136b0 100644 --- a/crypto/rsa/rsa_sign.c +++ b/crypto/rsa/rsa_sign.c @@ -62,9 +62,6 @@ #include #include #include -#ifndef OPENSSL_NO_ENGINE -#include -#endif /* Size of an SSL signature: MD5+SHA1 */ #define SSL_SIG_LENGTH 36 @@ -81,11 +78,6 @@ int RSA_sign(int type, const unsigned char *m, unsigned int m_len, ASN1_OCTET_STRING digest; if(rsa->flags & RSA_FLAG_SIGN_VER) { -#ifndef OPENSSL_NO_ENGINE - if(ENGINE_get_RSA(rsa->engine)->rsa_sign) - return ENGINE_get_RSA(rsa->engine)->rsa_sign(type, - m, m_len, sigret, siglen, rsa); -#endif return rsa->meth->rsa_sign(type, m, m_len, sigret, siglen, rsa); } @@ -165,11 +157,6 @@ int RSA_verify(int dtype, const unsigned char *m, unsigned int m_len, if(rsa->flags & RSA_FLAG_SIGN_VER) { -#ifndef OPENSSL_NO_ENGINE - if(ENGINE_get_RSA(rsa->engine)->rsa_verify) - return ENGINE_get_RSA(rsa->engine)->rsa_verify(dtype, - m, m_len, sigbuf, siglen, rsa); -#endif return rsa->meth->rsa_verify(dtype, m, m_len, sigbuf, siglen, rsa); } From f65a75786b4eaf633ffab2ccb52f2c0dd51d268d Mon Sep 17 00:00:00 2001 From: =?UTF-8?q?Lutz=20J=C3=A4nicke?= Date: Tue, 8 Apr 2003 06:31:36 +0000 Subject: [PATCH 244/393] Fix ordering of compare functions: strncmp() must be used first, a the cipher name in the list is not guaranteed to be at least "buflen" long. PR: 567 Submitted by: "Matt Harren" --- ssl/ssl_ciph.c | 7 ++++--- 1 file changed, 4 insertions(+), 3 deletions(-) diff --git a/ssl/ssl_ciph.c b/ssl/ssl_ciph.c index d4f86f6ed9..f175dc8756 100644 --- a/ssl/ssl_ciph.c +++ b/ssl/ssl_ciph.c @@ -715,13 +715,14 @@ static int ssl_cipher_process_rulestr(const char *rule_str, * So additionally check whether the cipher name found * has the correct length. We can save a strlen() call: * just checking for the '\0' at the right place is - * sufficient, we have to strncmp() anyway. + * sufficient, we have to strncmp() anyway. (We cannot + * use strcmp(), because buf is not '\0' terminated.) */ j = found = 0; while (ca_list[j]) { - if ((ca_list[j]->name[buflen] == '\0') && - !strncmp(buf, ca_list[j]->name, buflen)) + if (!strncmp(buf, ca_list[j]->name, buflen) && + (ca_list[j]->name[buflen] == '\0')) { found = 1; break; From e96133e4cf60f9185203202b7bbbd79485eeeb12 Mon Sep 17 00:00:00 2001 From: Richard Levitte Date: Tue, 8 Apr 2003 08:36:20 +0000 Subject: [PATCH 245/393] It seems like OpenUnix's ld uses LD_LIBRARY_PATH to search for libraries. What's worse, the directories given in LD_LIBRARY_PATH are checked first! Therefore, we need a hack to prepend all the directories we give with -L to the current value of LD_LIBRARY_PATH, thereby temporarly forming a hacked value. Only copy LIBEXTRAS if they are given. Svr5 doesn't use -z allextract... --- Makefile.shared | 17 ++++++++++++----- 1 file changed, 12 insertions(+), 5 deletions(-) diff --git a/Makefile.shared b/Makefile.shared index 3584158b9c..c39c8424e6 100644 --- a/Makefile.shared +++ b/Makefile.shared @@ -88,11 +88,17 @@ CALC_VERSIONS= \ LINK_APP= \ ( $(DEBUG); \ + LIBPATH=`for x in $$LIBDEPS; do if echo $$x | grep '^ *-L' > /dev/null 2>&1; then echo $$x | sed -e 's/^ *-L//'; fi; done | uniq | while read d; do echo -n $${d}:; done'`; \ + LIBPATH=`echo $$LIBPATH | sed -e 's/ /:/g'` + LD_LIBRARY_PATH=$$LIBPATH:$$LD_LIBRARY_PATH \ $$LDCMD $(LDFLAGS) $$LDFLAGS -o $$APPNAME $(OBJECTS) $$LIBDEPS ) LINK_SO= \ ( $(DEBUG); \ nm -Pg $$SHOBJECTS | grep ' [BDT] ' | cut -f1 -d' ' > lib$(LIBNAME).exp; \ + LIBPATH=`for x in $$LIBDEPS; do if echo $$x | grep '^ *-L' > /dev/null 2>&1; then echo $$x | sed -e 's/^ *-L//'; fi; done | uniq | while read d; do echo -n $${d}:; done'`; \ + LIBPATH=`echo $$LIBPATH | sed -e 's/ /:/g'` + LD_LIBRARY_PATH=$$LIBPATH:$$LD_LIBRARY_PATH \ $$SHAREDCMD $(SHARED_LDFLAGS) $$SHAREDFLAGS -o $$SHLIB$$SHLIB_SOVER$$SHLIB_SUFFIX \ $$ALLSYMSFLAGS $$SHOBJECTS $$NOALLSYMSFLAGS $$LIBDEPS ) && \ $(SYMLINK_SO); ( $(DEBUG); rm -f lib$(LIBNAME).exp ) @@ -122,7 +128,8 @@ LINK_SO_A_VIA_O= \ $(LINK_SO) && rm -f $(LIBNAME).o LINK_SO_A_UNPACKED= \ UNPACKDIR=link_tmp.$$$$; rm -rf $$UNPACKDIR; mkdir $$UNPACKDIR; \ - (cd $$UNPACKDIR; ar x ../lib$(LIBNAME).a) && cp $(LIBEXTRAS) $$UNPACKDIR && \ + (cd $$UNPACKDIR; ar x ../lib$(LIBNAME).a) && \ + ([ -z "$(LIBEXTRAS)" ] || cp $(LIBEXTRAS) $$UNPACKDIR) && \ SHOBJECTS=$$UNPACKDIR/*.o; \ $(LINK_SO) && rm -rf $$UNPACKDIR @@ -457,11 +464,11 @@ link_o.svr3: else \ $(CALC_VERSIONS); \ SHARE_FLAG='-G'; \ - (${CC} -v 2>&1 | grep gcc) > /dev/null && SHARE_FLAGS='-shared'; \ + (${CC} -v 2>&1 | grep gcc) > /dev/null && SHARE_FLAG='-shared'; \ SHLIB=lib$(LIBNAME).so; \ SHLIB_SUFFIX=; \ LIBDEPS="$(LIBDEPS) -lc"; \ - ALLSYMSFLAGS='-z allextract'; \ + ALLSYMSFLAGS=''; \ NOALLSYMSFLAGS=''; \ SHAREDFLAGS="$${SHARE_FLAG} -h $$SHLIB$$SHLIB_SOVER$$SHLIB_SUFFIX"; \ SHAREDCMD='$(CC)'; \ @@ -473,11 +480,11 @@ link_a.svr3: else \ $(CALC_VERSIONS); \ SHARE_FLAG='-G'; \ - (${CC} -v 2>&1 | grep gcc) > /dev/null && SHARE_FLAGS='-shared'; \ + (${CC} -v 2>&1 | grep gcc) > /dev/null && SHARE_FLAG='-shared'; \ SHLIB=lib$(LIBNAME).so; \ SHLIB_SUFFIX=; \ LIBDEPS="$(LIBDEPS) -lc"; \ - ALLSYMSFLAGS='-z allextract'; \ + ALLSYMSFLAGS=''; \ NOALLSYMSFLAGS=''; \ SHAREDFLAGS="$${SHARE_FLAG} -h $$SHLIB$$SHLIB_SOVER$$SHLIB_SUFFIX"; \ SHAREDCMD='$(CC)'; \ From d6fd88fffd7afffaa666d7206b1cb55db8adb69f Mon Sep 17 00:00:00 2001 From: Richard Levitte Date: Tue, 8 Apr 2003 08:57:23 +0000 Subject: [PATCH 246/393] I forgot to continuation mark. --- Makefile.shared | 4 ++-- 1 file changed, 2 insertions(+), 2 deletions(-) diff --git a/Makefile.shared b/Makefile.shared index c39c8424e6..ec1e1788ba 100644 --- a/Makefile.shared +++ b/Makefile.shared @@ -89,7 +89,7 @@ CALC_VERSIONS= \ LINK_APP= \ ( $(DEBUG); \ LIBPATH=`for x in $$LIBDEPS; do if echo $$x | grep '^ *-L' > /dev/null 2>&1; then echo $$x | sed -e 's/^ *-L//'; fi; done | uniq | while read d; do echo -n $${d}:; done'`; \ - LIBPATH=`echo $$LIBPATH | sed -e 's/ /:/g'` + LIBPATH=`echo $$LIBPATH | sed -e 's/ /:/g'`; \ LD_LIBRARY_PATH=$$LIBPATH:$$LD_LIBRARY_PATH \ $$LDCMD $(LDFLAGS) $$LDFLAGS -o $$APPNAME $(OBJECTS) $$LIBDEPS ) @@ -97,7 +97,7 @@ LINK_SO= \ ( $(DEBUG); \ nm -Pg $$SHOBJECTS | grep ' [BDT] ' | cut -f1 -d' ' > lib$(LIBNAME).exp; \ LIBPATH=`for x in $$LIBDEPS; do if echo $$x | grep '^ *-L' > /dev/null 2>&1; then echo $$x | sed -e 's/^ *-L//'; fi; done | uniq | while read d; do echo -n $${d}:; done'`; \ - LIBPATH=`echo $$LIBPATH | sed -e 's/ /:/g'` + LIBPATH=`echo $$LIBPATH | sed -e 's/ /:/g'`; \ LD_LIBRARY_PATH=$$LIBPATH:$$LD_LIBRARY_PATH \ $$SHAREDCMD $(SHARED_LDFLAGS) $$SHAREDFLAGS -o $$SHLIB$$SHLIB_SOVER$$SHLIB_SUFFIX \ $$ALLSYMSFLAGS $$SHOBJECTS $$NOALLSYMSFLAGS $$LIBDEPS ) && \ From 4a4a04622e21c6ef3a14771b62094e32538594e4 Mon Sep 17 00:00:00 2001 From: Richard Levitte Date: Tue, 8 Apr 2003 08:58:56 +0000 Subject: [PATCH 247/393] A single quote too many. --- Makefile.shared | 4 ++-- 1 file changed, 2 insertions(+), 2 deletions(-) diff --git a/Makefile.shared b/Makefile.shared index ec1e1788ba..22a3bd927c 100644 --- a/Makefile.shared +++ b/Makefile.shared @@ -88,7 +88,7 @@ CALC_VERSIONS= \ LINK_APP= \ ( $(DEBUG); \ - LIBPATH=`for x in $$LIBDEPS; do if echo $$x | grep '^ *-L' > /dev/null 2>&1; then echo $$x | sed -e 's/^ *-L//'; fi; done | uniq | while read d; do echo -n $${d}:; done'`; \ + LIBPATH=`for x in $$LIBDEPS; do if echo $$x | grep '^ *-L' > /dev/null 2>&1; then echo $$x | sed -e 's/^ *-L//'; fi; done | uniq | while read d; do echo -n $${d}:; done`; \ LIBPATH=`echo $$LIBPATH | sed -e 's/ /:/g'`; \ LD_LIBRARY_PATH=$$LIBPATH:$$LD_LIBRARY_PATH \ $$LDCMD $(LDFLAGS) $$LDFLAGS -o $$APPNAME $(OBJECTS) $$LIBDEPS ) @@ -96,7 +96,7 @@ LINK_APP= \ LINK_SO= \ ( $(DEBUG); \ nm -Pg $$SHOBJECTS | grep ' [BDT] ' | cut -f1 -d' ' > lib$(LIBNAME).exp; \ - LIBPATH=`for x in $$LIBDEPS; do if echo $$x | grep '^ *-L' > /dev/null 2>&1; then echo $$x | sed -e 's/^ *-L//'; fi; done | uniq | while read d; do echo -n $${d}:; done'`; \ + LIBPATH=`for x in $$LIBDEPS; do if echo $$x | grep '^ *-L' > /dev/null 2>&1; then echo $$x | sed -e 's/^ *-L//'; fi; done | uniq | while read d; do echo -n $${d}:; done`; \ LIBPATH=`echo $$LIBPATH | sed -e 's/ /:/g'`; \ LD_LIBRARY_PATH=$$LIBPATH:$$LD_LIBRARY_PATH \ $$SHAREDCMD $(SHARED_LDFLAGS) $$SHAREDFLAGS -o $$SHLIB$$SHLIB_SOVER$$SHLIB_SUFFIX \ From a10922010776ff15413d0a04ba339aaea150ee82 Mon Sep 17 00:00:00 2001 From: Richard Levitte Date: Tue, 8 Apr 2003 09:27:43 +0000 Subject: [PATCH 248/393] Correct a few typos. It seems that svr3 and svr5 differ, after all. --- Makefile.shared | 59 ++++++++++++++++++++++++++++++++++++++++--------- 1 file changed, 49 insertions(+), 10 deletions(-) diff --git a/Makefile.shared b/Makefile.shared index 22a3bd927c..aee364bea8 100644 --- a/Makefile.shared +++ b/Makefile.shared @@ -88,7 +88,7 @@ CALC_VERSIONS= \ LINK_APP= \ ( $(DEBUG); \ - LIBPATH=`for x in $$LIBDEPS; do if echo $$x | grep '^ *-L' > /dev/null 2>&1; then echo $$x | sed -e 's/^ *-L//'; fi; done | uniq | while read d; do echo -n $${d}:; done`; \ + LIBPATH=`for x in $$LIBDEPS; do if echo $$x | grep '^ *-L' > /dev/null 2>&1; then echo $$x | sed -e 's/^ *-L//'; fi; done | uniq`; \ LIBPATH=`echo $$LIBPATH | sed -e 's/ /:/g'`; \ LD_LIBRARY_PATH=$$LIBPATH:$$LD_LIBRARY_PATH \ $$LDCMD $(LDFLAGS) $$LDFLAGS -o $$APPNAME $(OBJECTS) $$LIBDEPS ) @@ -96,7 +96,7 @@ LINK_APP= \ LINK_SO= \ ( $(DEBUG); \ nm -Pg $$SHOBJECTS | grep ' [BDT] ' | cut -f1 -d' ' > lib$(LIBNAME).exp; \ - LIBPATH=`for x in $$LIBDEPS; do if echo $$x | grep '^ *-L' > /dev/null 2>&1; then echo $$x | sed -e 's/^ *-L//'; fi; done | uniq | while read d; do echo -n $${d}:; done`; \ + LIBPATH=`for x in $$LIBDEPS; do if echo $$x | grep '^ *-L' > /dev/null 2>&1; then echo $$x | sed -e 's/^ *-L//'; fi; done | uniq`; \ LIBPATH=`echo $$LIBPATH | sed -e 's/ /:/g'`; \ LD_LIBRARY_PATH=$$LIBPATH:$$LD_LIBRARY_PATH \ $$SHAREDCMD $(SHARED_LDFLAGS) $$SHAREDFLAGS -o $$SHLIB$$SHLIB_SOVER$$SHLIB_SUFFIX \ @@ -457,8 +457,47 @@ link_app.solaris: $(LINK_APP) # OpenServer 5 native compilers used -# UnixWare 7 and OpenUNIX 8 native compilers used link_o.svr3: + @ if ${DETECT_GNU_LD}; then \ + $(DO_GNU_SO); \ + else \ + $(CALC_VERSIONS); \ + SHLIB=lib$(LIBNAME).so; \ + SHLIB_SUFFIX=; \ + LIBDEPS="$(LIBDEPS) -lc"; \ + ALLSYMSFLAGS=''; \ + NOALLSYMSFLAGS=''; \ + SHAREDFLAGS="-G -h $$SHLIB$$SHLIB_SOVER$$SHLIB_SUFFIX"; \ + SHAREDCMD='$(CC)'; \ + fi; \ + $(LINK_SO_O) +link_a.svr3: + @ if ${DETECT_GNU_LD}; then \ + $(DO_GNU_SO); \ + else \ + $(CALC_VERSIONS); \ + SHLIB=lib$(LIBNAME).so; \ + SHLIB_SUFFIX=; \ + LIBDEPS="$(LIBDEPS) -lc"; \ + ALLSYMSFLAGS=''; \ + NOALLSYMSFLAGS=''; \ + SHAREDFLAGS="-G -h $$SHLIB$$SHLIB_SOVER$$SHLIB_SUFFIX"; \ + SHAREDCMD='$(CC)'; \ + fi; \ + $(LINK_SO_A_UNPACKED) +link_app.svr3: + @ if ${DETECT_GNU_LD}; then \ + $(DO_GNU_APP); \ + else \ + LDCMD=$(CC);\ + LDFLAGS=""; \ + LIBDEPS="$(LIBDEPS) -lc"; \ + APPNAME="$(APPNAME)"; \ + fi; \ + $(LINK_APP) + +# UnixWare 7 and OpenUNIX 8 native compilers used +link_o.svr5: @ if ${DETECT_GNU_LD}; then \ $(DO_GNU_SO); \ else \ @@ -474,7 +513,7 @@ link_o.svr3: SHAREDCMD='$(CC)'; \ fi; \ $(LINK_SO_O) -link_a.svr3: +link_a.svr5: @ if ${DETECT_GNU_LD}; then \ $(DO_GNU_SO); \ else \ @@ -490,7 +529,7 @@ link_a.svr3: SHAREDCMD='$(CC)'; \ fi; \ $(LINK_SO_A_UNPACKED) -link_app.svr3: +link_app.svr5: @ if ${DETECT_GNU_LD}; then \ $(DO_GNU_APP); \ else \ @@ -667,7 +706,7 @@ link_app.reliantunix: $(LINK_APP) # Targets to build symbolic links when needed -symlink.gnu symlink.solaris symlink.svr3 symlink.irix \ +symlink.gnu symlink.solaris symlink.svr3 symlink.svr5 symlink.irix \ symlink.aix symlink.reliantunix: @ $(CALC_VERSIONS); \ SHLIB=lib$(LIBNAME).so; \ @@ -717,10 +756,10 @@ link_o.svr3-shared: link_o.svr3 link_a.svr3-shared: link_a.svr3 link_app.svr3-shared: link_app.svr3 symlink.svr3-shared: symlink.svr3 -link_o.svr5-shared: link_o.svr3 -link_a.svr5-shared: link_a.svr3 -link_app.svr5-shared: link_app.svr3 -symlink.svr5-shared: symlink.svr3 +link_o.svr5-shared: link_o.svr5 +link_a.svr5-shared: link_a.svr5 +link_app.svr5-shared: link_app.svr5 +symlink.svr5-shared: symlink.svr5 link_o.irix-shared: link_o.irix link_a.irix-shared: link_a.irix link_app.irix-shared: link_app.irix From 721688c2f8d6fd8f4559af8167cbfdc377169ad4 Mon Sep 17 00:00:00 2001 From: Richard Levitte Date: Tue, 8 Apr 2003 11:07:05 +0000 Subject: [PATCH 249/393] Include rand.h, so RAND_status() and friends get properly declared. --- crypto/rsa/rsa_lib.c | 1 + 1 file changed, 1 insertion(+) diff --git a/crypto/rsa/rsa_lib.c b/crypto/rsa/rsa_lib.c index 3ebde4fd93..53c5092014 100644 --- a/crypto/rsa/rsa_lib.c +++ b/crypto/rsa/rsa_lib.c @@ -62,6 +62,7 @@ #include #include #include +#include #ifndef OPENSSL_NO_ENGINE #include #endif From 0b1c00abeb0a33e5a63b804c797a41e2b72ad92d Mon Sep 17 00:00:00 2001 From: "Dr. Stephen Henson" Date: Thu, 10 Apr 2003 00:04:02 +0000 Subject: [PATCH 250/393] Typo. --- crypto/asn1/asn1.h | 2 +- 1 file changed, 1 insertion(+), 1 deletion(-) diff --git a/crypto/asn1/asn1.h b/crypto/asn1/asn1.h index 790e7b967b..a9ba2d6e9b 100644 --- a/crypto/asn1/asn1.h +++ b/crypto/asn1/asn1.h @@ -132,7 +132,7 @@ extern "C" { #define B_ASN1_NUMERICSTRING 0x0001 #define B_ASN1_PRINTABLESTRING 0x0002 #define B_ASN1_T61STRING 0x0004 -#define B_ASN1_TELETEXSTRING 0x0008 +#define B_ASN1_TELETEXSTRING 0x0004 #define B_ASN1_VIDEOTEXSTRING 0x0008 #define B_ASN1_IA5STRING 0x0010 #define B_ASN1_GRAPHICSTRING 0x0020 From c93fbfaebc661e3a601c9af70bdf2aa0d2abd054 Mon Sep 17 00:00:00 2001 From: Richard Levitte Date: Thu, 10 Apr 2003 05:46:51 +0000 Subject: [PATCH 251/393] Explicitely tell the compiler we're mips3 for the target irix-mips3-cc. --- Configure | 2 +- 1 file changed, 1 insertion(+), 1 deletion(-) diff --git a/Configure b/Configure index 54536235f7..b829d66322 100755 --- a/Configure +++ b/Configure @@ -218,7 +218,7 @@ my %table=( # './Configure irix-[g]cc' manually. # -mips4 flag is added by ./config when appropriate. "irix-mips3-gcc","gcc:-mabi=n32 -mmips-as -O3 -DTERMIOS -DB_ENDIAN -DBN_DIV3W::-D_SGI_MP_SOURCE:::MD2_CHAR RC4_INDEX RC4_CHAR RC4_CHUNK_LL DES_UNROLL DES_RISC2 DES_PTR BF_PTR SIXTY_FOUR_BIT:${mips3_irix_asm}:dlfcn:irix-shared:::.so.\$(SHLIB_MAJOR).\$(SHLIB_MINOR)", -"irix-mips3-cc", "cc:-n32 -O2 -use_readonly_const -DTERMIOS -DB_ENDIAN -DBN_DIV3W::-D_SGI_MP_SOURCE:::DES_PTR RC4_CHAR RC4_CHUNK_LL DES_RISC2 DES_UNROLL BF_PTR SIXTY_FOUR_BIT:${mips3_irix_asm}:dlfcn:irix-shared:::.so.\$(SHLIB_MAJOR).\$(SHLIB_MINOR)", +"irix-mips3-cc", "cc:-n32 -mips3 -O2 -use_readonly_const -DTERMIOS -DB_ENDIAN -DBN_DIV3W::-D_SGI_MP_SOURCE:::DES_PTR RC4_CHAR RC4_CHUNK_LL DES_RISC2 DES_UNROLL BF_PTR SIXTY_FOUR_BIT:${mips3_irix_asm}:dlfcn:irix-shared:::.so.\$(SHLIB_MAJOR).\$(SHLIB_MINOR)", # N64 ABI builds. "irix64-mips4-gcc","gcc:-mabi=64 -mips4 -mmips-as -O3 -DTERMIOS -DB_ENDIAN -DBN_DIV3W::-D_SGI_MP_SOURCE:::RC4_CHAR RC4_CHUNK DES_RISC2 DES_UNROLL SIXTY_FOUR_BIT_LONG:${mips3_irix_asm}:dlfcn:irix-shared:::.so.\$(SHLIB_MAJOR).\$(SHLIB_MINOR)", "irix64-mips4-cc", "cc:-64 -mips4 -O2 -use_readonly_const -DTERMIOS -DB_ENDIAN -DBN_DIV3W::-D_SGI_MP_SOURCE:::RC4_CHAR RC4_CHUNK DES_RISC2 DES_UNROLL SIXTY_FOUR_BIT_LONG:${mips3_irix_asm}:dlfcn:irix-shared:::.so.\$(SHLIB_MAJOR).\$(SHLIB_MINOR)", From 5924c21608fcd31d5ac9773c71f101e5ff3b7217 Mon Sep 17 00:00:00 2001 From: Richard Levitte Date: Thu, 10 Apr 2003 18:36:31 +0000 Subject: [PATCH 252/393] There's a problem building shared libraries on the sco5-gcc target. However, it's time for a release, so I'm just adding an enty in PROBLEMS, and will hopefully solve this for a later release --- PROBLEMS | 31 +++++++++++++++++++++++++++++++ 1 file changed, 31 insertions(+) diff --git a/PROBLEMS b/PROBLEMS index 1a956b5481..85e96a5ebe 100644 --- a/PROBLEMS +++ b/PROBLEMS @@ -98,3 +98,34 @@ config-line. './Configure aix43-cc shared' is working, but not libraries. It's possible to build 64-bit shared libraries by running 'env OBJECT_MODE=64 make', but we need more elegant solution. Preferably one supporting even gcc shared builds. See RT#463 for background information. + +* Problems building shared libraries on SCO OpenServer Release 5.0.6 + with gcc 2.95.3 + +The symptoms appear when running the test suite, more specifically +test/ectest, with the following result: + +OSSL_LIBPATH="`cd ..; pwd`"; LD_LIBRARY_PATH="$OSSL_LIBPATH:$LD_LIBRARY_PATH"; DYLD_LIBRARY_PATH="$OSSL_LIBPATH:$DYLD_LIBRARY_PATH"; SHLIB_PATH="$OSSL_LIBPATH:$SHLIB_PATH"; LIBPATH="$OSSL_LIBPATH:$LIBPATH"; if [ "debug-sco5-gcc" = "Cygwin" ]; then PATH="${LIBPATH}:$PATH"; fi; export LD_LIBRARY_PATH DYLD_LIBRARY_PATH SHLIB_PATH LIBPATH PATH; ./ectest +ectest.c:186: ABORT + +The cause of the problem seems to be that isxdigit(), called from +BN_hex2bn(), returns 0 on a perfectly legitimate hex digit. Further +investigation shows that any of the isxxx() macros return 0 on any +input. A direct look in the information array that the isxxx() use, +called __ctype, shows that it contains all zeroes... + +Taking a look at the newly created libcrypto.so with nm, one can see +that the variable __ctype is defined in libcrypto's .bss (which +explains why it is filled with zeroes): + +$ nm -Pg libcrypto.so | grep __ctype +__ctype B 0011659c +__ctype2 U + +Curiously, __ctype2 is undefined, in spite of being declared in +/usr/include/ctype.h in exactly the same way as __ctype. + +Any information helping to solve this issue would be deeply +appreciated. + +NOTE: building non-shared doesn't come with this problem. From 26abc8f01ad1007615bdd3e6c595857bbbac55c9 Mon Sep 17 00:00:00 2001 From: Richard Levitte Date: Thu, 10 Apr 2003 19:11:32 +0000 Subject: [PATCH 253/393] Remove all those infernal stupid CR characters --- INSTALL.W32 | 576 ++++++++++++++++++++++++++-------------------------- 1 file changed, 288 insertions(+), 288 deletions(-) diff --git a/INSTALL.W32 b/INSTALL.W32 index d4996560dd..78d289e16a 100644 --- a/INSTALL.W32 +++ b/INSTALL.W32 @@ -1,288 +1,288 @@ - - INSTALLATION ON THE WIN32 PLATFORM - ---------------------------------- - - [Instructions for building for Windows CE can be found in INSTALL.WCE] - - Heres a few comments about building OpenSSL in Windows environments. Most - of this is tested on Win32 but it may also work in Win 3.1 with some - modification. - - You need Perl for Win32. Unless you will build on Cygwin, you will need - ActiveState Perl, available from http://www.activestate.com/ActivePerl. - - and one of the following C compilers: - - * Visual C++ - * Borland C - * GNU C (Cygwin or MinGW) - - If you are compiling from a tarball or a CVS snapshot then the Win32 files - may well be not up to date. This may mean that some "tweaking" is required to - get it all to work. See the trouble shooting section later on for if (when?) - it goes wrong. - - Visual C++ - ---------- - - If you want to compile in the assembly language routines with Visual C++ then - you will need an assembler. This is worth doing because it will result in - faster code: for example it will typically result in a 2 times speedup in the - RSA routines. Currently the following assemblers are supported: - - * Microsoft MASM (aka "ml") - * Free Netwide Assembler NASM. - - MASM is distributed with most versions of VC++. For the versions where it is - not included in VC++, it is also distributed with some Microsoft DDKs, for - example the Windows NT 4.0 DDK and the Windows 98 DDK. If you do not have - either of these DDKs then you can just download the binaries for the Windows - 98 DDK and extract and rename the two files XXXXXml.exe and XXXXXml.err, to - ml.exe and ml.err and install somewhere on your PATH. Both DDKs can be - downloaded from the Microsoft developers site www.msdn.com. - - NASM is freely available. Version 0.98 was used during testing: other versions - may also work. It is available from many places, see for example: - http://www.kernel.org/pub/software/devel/nasm/binaries/win32/ - The NASM binary nasmw.exe needs to be installed anywhere on your PATH. - - Firstly you should run Configure: - - > perl Configure VC-WIN32 - - Next you need to build the Makefiles and optionally the assembly language - files: - - - If you are using MASM then run: - - > ms\do_masm - - - If you are using NASM then run: - - > ms\do_nasm - - - If you don't want to use the assembly language files at all then run: - - > ms\do_ms - - If you get errors about things not having numbers assigned then check the - troubleshooting section: you probably won't be able to compile it as it - stands. - - Then from the VC++ environment at a prompt do: - - > nmake -f ms\ntdll.mak - - If all is well it should compile and you will have some DLLs and executables - in out32dll. If you want to try the tests then do: - - > cd out32dll - > ..\ms\test - - Tweaks: - - There are various changes you can make to the Win32 compile environment. By - default the library is not compiled with debugging symbols. If you add 'debug' - to the mk1mf.pl lines in the do_* batch file then debugging symbols will be - compiled in. Note that mk1mf.pl expects the platform to be the last argument - on the command line, so 'debug' must appear before that, as all other options. - - The default Win32 environment is to leave out any Windows NT specific - features. - - If you want to enable the NT specific features of OpenSSL (currently only the - logging BIO) follow the instructions above but call the batch file do_nt.bat - instead of do_ms.bat. - - You can also build a static version of the library using the Makefile - ms\nt.mak - - Borland C++ builder 5 - --------------------- - - * Configure for building with Borland Builder: - > perl Configure BC-32 - - * Create the appropriate makefile - > ms\do_nasm - - * Build - > make -f ms\bcb.mak - - Borland C++ builder 3 and 4 - --------------------------- - - * Setup PATH. First must be GNU make then bcb4/bin - - * Run ms\bcb4.bat - - * Run make: - > make -f bcb.mak - - GNU C (Cygwin) - -------------- - - Cygwin provides a bash shell and GNU tools environment running - on NT 4.0, Windows 9x, Windows ME, Windows 2000, and Windows XP. - Consequently, a make of OpenSSL with Cygwin is closer to a GNU - bash environment such as Linux than to other the other Win32 - makes. - - Cygwin implements a Posix/Unix runtime system (cygwin1.dll). - It is also possible to create Win32 binaries that only use the - Microsoft C runtime system (msvcrt.dll or crtdll.dll) using - MinGW. MinGW can be used in the Cygwin development environment - or in a standalone setup as described in the following section. - - To build OpenSSL using Cygwin: - - * Install Cygwin (see http://cygwin.com/) - - * Install Perl and ensure it is in the path. Both Cygwin perl - (5.6.1-2 or newer) and ActivePerl work. - - * Run the Cygwin bash shell - - * $ tar zxvf openssl-x.x.x.tar.gz - $ cd openssl-x.x.x - - To build the Cygwin version of OpenSSL: - - $ ./config - [...] - $ make - [...] - $ make test - $ make install - - This will create a default install in /usr/local/ssl. - - To build the MinGW version (native Windows) in Cygwin: - - $ ./Configure mingw - [...] - $ make - [...] - $ make test - $ make install - - Cygwin Notes: - - "make test" and normal file operations may fail in directories - mounted as text (i.e. mount -t c:\somewhere /home) due to Cygwin - stripping of carriage returns. To avoid this ensure that a binary - mount is used, e.g. mount -b c:\somewhere /home. - - "bc" is not provided in older Cygwin distribution. This causes a - non-fatal error in "make test" but is otherwise harmless. If - desired and needed, GNU bc can be built with Cygwin without change. - - GNU C (MinGW) - ------------- - - * Compiler installation: - - MinGW is available from http://www.mingw.org. Run the installer and - set the MinGW bin directory to the PATH in "System Properties" or - autoexec.bat. - - * Compile OpenSSL: - - > ms\mingw32 - - This will create the library and binaries in out. In case any problems - occur, try - > ms\mingw32 no-asm - instead. - - libcrypto.a and libssl.a are the static libraries. To use the DLLs, - link with libeay32.a and libssl32.a instead. - - See troubleshooting if you get error messages about functions not having - a number assigned. - - * You can now try the tests: - - > cd out - > ..\ms\test - - - Installation - ------------ - - If you used the Cygwin procedure above, you have already installed and - can skip this section. For all other procedures, there's currently no real - installation procedure for Win32. There are, however, some suggestions: - - - do nothing. The include files are found in the inc32/ subdirectory, - all binaries are found in out32dll/ or out32/ depending if you built - dynamic or static libraries. - - - do as is written in INSTALL.Win32 that comes with modssl: - - $ md c:\openssl - $ md c:\openssl\bin - $ md c:\openssl\lib - $ md c:\openssl\include - $ md c:\openssl\include\openssl - $ copy /b inc32\* c:\openssl\include\openssl - $ copy /b out32dll\ssleay32.lib c:\openssl\lib - $ copy /b out32dll\libeay32.lib c:\openssl\lib - $ copy /b out32dll\ssleay32.dll c:\openssl\bin - $ copy /b out32dll\libeay32.dll c:\openssl\bin - $ copy /b out32dll\openssl.exe c:\openssl\bin - - Of course, you can choose another device than c:. C: is used here - because that's usually the first (and often only) harddisk device. - Note: in the modssl INSTALL.Win32, p: is used rather than c:. - - - Troubleshooting - --------------- - - Since the Win32 build is only occasionally tested it may not always compile - cleanly. If you get an error about functions not having numbers assigned - when you run ms\do_ms then this means the Win32 ordinal files are not up to - date. You can do: - - > perl util\mkdef.pl crypto ssl update - - then ms\do_XXX should not give a warning any more. However the numbers that - get assigned by this technique may not match those that eventually get - assigned in the CVS tree: so anything linked against this version of the - library may need to be recompiled. - - If you get errors about unresolved symbols there are several possible - causes. - - If this happens when the DLL is being linked and you have disabled some - ciphers then it is possible the DEF file generator hasn't removed all - the disabled symbols: the easiest solution is to edit the DEF files manually - to delete them. The DEF files are ms\libeay32.def ms\ssleay32.def. - - Another cause is if you missed or ignored the errors about missing numbers - mentioned above. - - If you get warnings in the code then the compilation will halt. - - The default Makefile for Win32 halts whenever any warnings occur. Since VC++ - has its own ideas about warnings which don't always match up to other - environments this can happen. The best fix is to edit the file with the - warning in and fix it. Alternatively you can turn off the halt on warnings by - editing the CFLAG line in the Makefile and deleting the /WX option. - - You might get compilation errors. Again you will have to fix these or report - them. - - One final comment about compiling applications linked to the OpenSSL library. - If you don't use the multithreaded DLL runtime library (/MD option) your - program will almost certainly crash because malloc gets confused -- the - OpenSSL DLLs are statically linked to one version, the application must - not use a different one. You might be able to work around such problems - by adding CRYPTO_malloc_init() to your program before any calls to the - OpenSSL libraries: This tells the OpenSSL libraries to use the same - malloc(), free() and realloc() as the application. However there are many - standard library functions used by OpenSSL that call malloc() internally - (e.g. fopen()), and OpenSSL cannot change these; so in general you cannot - rely on CRYPTO_malloc_init() solving your problem, and you should - consistently use the multithreaded library. + + INSTALLATION ON THE WIN32 PLATFORM + ---------------------------------- + + [Instructions for building for Windows CE can be found in INSTALL.WCE] + + Heres a few comments about building OpenSSL in Windows environments. Most + of this is tested on Win32 but it may also work in Win 3.1 with some + modification. + + You need Perl for Win32. Unless you will build on Cygwin, you will need + ActiveState Perl, available from http://www.activestate.com/ActivePerl. + + and one of the following C compilers: + + * Visual C++ + * Borland C + * GNU C (Cygwin or MinGW) + + If you are compiling from a tarball or a CVS snapshot then the Win32 files + may well be not up to date. This may mean that some "tweaking" is required to + get it all to work. See the trouble shooting section later on for if (when?) + it goes wrong. + + Visual C++ + ---------- + + If you want to compile in the assembly language routines with Visual C++ then + you will need an assembler. This is worth doing because it will result in + faster code: for example it will typically result in a 2 times speedup in the + RSA routines. Currently the following assemblers are supported: + + * Microsoft MASM (aka "ml") + * Free Netwide Assembler NASM. + + MASM is distributed with most versions of VC++. For the versions where it is + not included in VC++, it is also distributed with some Microsoft DDKs, for + example the Windows NT 4.0 DDK and the Windows 98 DDK. If you do not have + either of these DDKs then you can just download the binaries for the Windows + 98 DDK and extract and rename the two files XXXXXml.exe and XXXXXml.err, to + ml.exe and ml.err and install somewhere on your PATH. Both DDKs can be + downloaded from the Microsoft developers site www.msdn.com. + + NASM is freely available. Version 0.98 was used during testing: other versions + may also work. It is available from many places, see for example: + http://www.kernel.org/pub/software/devel/nasm/binaries/win32/ + The NASM binary nasmw.exe needs to be installed anywhere on your PATH. + + Firstly you should run Configure: + + > perl Configure VC-WIN32 + + Next you need to build the Makefiles and optionally the assembly language + files: + + - If you are using MASM then run: + + > ms\do_masm + + - If you are using NASM then run: + + > ms\do_nasm + + - If you don't want to use the assembly language files at all then run: + + > ms\do_ms + + If you get errors about things not having numbers assigned then check the + troubleshooting section: you probably won't be able to compile it as it + stands. + + Then from the VC++ environment at a prompt do: + + > nmake -f ms\ntdll.mak + + If all is well it should compile and you will have some DLLs and executables + in out32dll. If you want to try the tests then do: + + > cd out32dll + > ..\ms\test + + Tweaks: + + There are various changes you can make to the Win32 compile environment. By + default the library is not compiled with debugging symbols. If you add 'debug' + to the mk1mf.pl lines in the do_* batch file then debugging symbols will be + compiled in. Note that mk1mf.pl expects the platform to be the last argument + on the command line, so 'debug' must appear before that, as all other options. + + The default Win32 environment is to leave out any Windows NT specific + features. + + If you want to enable the NT specific features of OpenSSL (currently only the + logging BIO) follow the instructions above but call the batch file do_nt.bat + instead of do_ms.bat. + + You can also build a static version of the library using the Makefile + ms\nt.mak + + Borland C++ builder 5 + --------------------- + + * Configure for building with Borland Builder: + > perl Configure BC-32 + + * Create the appropriate makefile + > ms\do_nasm + + * Build + > make -f ms\bcb.mak + + Borland C++ builder 3 and 4 + --------------------------- + + * Setup PATH. First must be GNU make then bcb4/bin + + * Run ms\bcb4.bat + + * Run make: + > make -f bcb.mak + + GNU C (Cygwin) + -------------- + + Cygwin provides a bash shell and GNU tools environment running + on NT 4.0, Windows 9x, Windows ME, Windows 2000, and Windows XP. + Consequently, a make of OpenSSL with Cygwin is closer to a GNU + bash environment such as Linux than to other the other Win32 + makes. + + Cygwin implements a Posix/Unix runtime system (cygwin1.dll). + It is also possible to create Win32 binaries that only use the + Microsoft C runtime system (msvcrt.dll or crtdll.dll) using + MinGW. MinGW can be used in the Cygwin development environment + or in a standalone setup as described in the following section. + + To build OpenSSL using Cygwin: + + * Install Cygwin (see http://cygwin.com/) + + * Install Perl and ensure it is in the path. Both Cygwin perl + (5.6.1-2 or newer) and ActivePerl work. + + * Run the Cygwin bash shell + + * $ tar zxvf openssl-x.x.x.tar.gz + $ cd openssl-x.x.x + + To build the Cygwin version of OpenSSL: + + $ ./config + [...] + $ make + [...] + $ make test + $ make install + + This will create a default install in /usr/local/ssl. + + To build the MinGW version (native Windows) in Cygwin: + + $ ./Configure mingw + [...] + $ make + [...] + $ make test + $ make install + + Cygwin Notes: + + "make test" and normal file operations may fail in directories + mounted as text (i.e. mount -t c:\somewhere /home) due to Cygwin + stripping of carriage returns. To avoid this ensure that a binary + mount is used, e.g. mount -b c:\somewhere /home. + + "bc" is not provided in older Cygwin distribution. This causes a + non-fatal error in "make test" but is otherwise harmless. If + desired and needed, GNU bc can be built with Cygwin without change. + + GNU C (MinGW) + ------------- + + * Compiler installation: + + MinGW is available from http://www.mingw.org. Run the installer and + set the MinGW bin directory to the PATH in "System Properties" or + autoexec.bat. + + * Compile OpenSSL: + + > ms\mingw32 + + This will create the library and binaries in out. In case any problems + occur, try + > ms\mingw32 no-asm + instead. + + libcrypto.a and libssl.a are the static libraries. To use the DLLs, + link with libeay32.a and libssl32.a instead. + + See troubleshooting if you get error messages about functions not having + a number assigned. + + * You can now try the tests: + + > cd out + > ..\ms\test + + + Installation + ------------ + + If you used the Cygwin procedure above, you have already installed and + can skip this section. For all other procedures, there's currently no real + installation procedure for Win32. There are, however, some suggestions: + + - do nothing. The include files are found in the inc32/ subdirectory, + all binaries are found in out32dll/ or out32/ depending if you built + dynamic or static libraries. + + - do as is written in INSTALL.Win32 that comes with modssl: + + $ md c:\openssl + $ md c:\openssl\bin + $ md c:\openssl\lib + $ md c:\openssl\include + $ md c:\openssl\include\openssl + $ copy /b inc32\* c:\openssl\include\openssl + $ copy /b out32dll\ssleay32.lib c:\openssl\lib + $ copy /b out32dll\libeay32.lib c:\openssl\lib + $ copy /b out32dll\ssleay32.dll c:\openssl\bin + $ copy /b out32dll\libeay32.dll c:\openssl\bin + $ copy /b out32dll\openssl.exe c:\openssl\bin + + Of course, you can choose another device than c:. C: is used here + because that's usually the first (and often only) harddisk device. + Note: in the modssl INSTALL.Win32, p: is used rather than c:. + + + Troubleshooting + --------------- + + Since the Win32 build is only occasionally tested it may not always compile + cleanly. If you get an error about functions not having numbers assigned + when you run ms\do_ms then this means the Win32 ordinal files are not up to + date. You can do: + + > perl util\mkdef.pl crypto ssl update + + then ms\do_XXX should not give a warning any more. However the numbers that + get assigned by this technique may not match those that eventually get + assigned in the CVS tree: so anything linked against this version of the + library may need to be recompiled. + + If you get errors about unresolved symbols there are several possible + causes. + + If this happens when the DLL is being linked and you have disabled some + ciphers then it is possible the DEF file generator hasn't removed all + the disabled symbols: the easiest solution is to edit the DEF files manually + to delete them. The DEF files are ms\libeay32.def ms\ssleay32.def. + + Another cause is if you missed or ignored the errors about missing numbers + mentioned above. + + If you get warnings in the code then the compilation will halt. + + The default Makefile for Win32 halts whenever any warnings occur. Since VC++ + has its own ideas about warnings which don't always match up to other + environments this can happen. The best fix is to edit the file with the + warning in and fix it. Alternatively you can turn off the halt on warnings by + editing the CFLAG line in the Makefile and deleting the /WX option. + + You might get compilation errors. Again you will have to fix these or report + them. + + One final comment about compiling applications linked to the OpenSSL library. + If you don't use the multithreaded DLL runtime library (/MD option) your + program will almost certainly crash because malloc gets confused -- the + OpenSSL DLLs are statically linked to one version, the application must + not use a different one. You might be able to work around such problems + by adding CRYPTO_malloc_init() to your program before any calls to the + OpenSSL libraries: This tells the OpenSSL libraries to use the same + malloc(), free() and realloc() as the application. However there are many + standard library functions used by OpenSSL that call malloc() internally + (e.g. fopen()), and OpenSSL cannot change these; so in general you cannot + rely on CRYPTO_malloc_init() solving your problem, and you should + consistently use the multithreaded library. From 1774e22d6f4cfec2b7c078f27b130c1dfeeeb41b Mon Sep 17 00:00:00 2001 From: Richard Levitte Date: Thu, 10 Apr 2003 19:33:09 +0000 Subject: [PATCH 254/393] New NEWS --- NEWS | 11 +++++++++++ 1 file changed, 11 insertions(+) diff --git a/NEWS b/NEWS index 629d77f957..31eaa7eabd 100644 --- a/NEWS +++ b/NEWS @@ -5,6 +5,17 @@ This file gives a brief overview of the major changes between each OpenSSL release. For more details please read the CHANGES file. + Major changes between OpenSSL 0.9.7a and OpenSSL 0.9.7b: + + o Security: counter the Klima-Pokorny-Rosa extension of + Bleichbacher's attack + o Security: make RSA blinding default. + o Configuration: Irix fixes, AIX fixes, better mingw support. + o Support for new platforms: linux-ia64-ecc. + o Build: shared library support fixes. + o ASN.1: treat domainComponent correctly. + o Documentation: fixes and additions. + Major changes between OpenSSL 0.9.7 and OpenSSL 0.9.7a: o Security: Important security related bugfixes. From 1a0c1f90525ae2815784184546bc07649a2c788b Mon Sep 17 00:00:00 2001 From: Richard Levitte Date: Thu, 10 Apr 2003 20:11:09 +0000 Subject: [PATCH 255/393] make update --- TABLE | 2 +- crypto/dh/Makefile.ssl | 14 +++++--------- crypto/dsa/Makefile.ssl | 25 ++++++++----------------- crypto/evp/Makefile.ssl | 9 ++------- crypto/rsa/Makefile.ssl | 22 ++++++++-------------- test/Makefile.ssl | 24 +++++++++--------------- 6 files changed, 33 insertions(+), 63 deletions(-) diff --git a/TABLE b/TABLE index 9660871578..d8fd63c06a 100644 --- a/TABLE +++ b/TABLE @@ -2727,7 +2727,7 @@ $arflags = *** irix-mips3-cc $cc = cc -$cflags = -n32 -O2 -use_readonly_const -DTERMIOS -DB_ENDIAN -DBN_DIV3W +$cflags = -n32 -mips3 -O2 -use_readonly_const -DTERMIOS -DB_ENDIAN -DBN_DIV3W $unistd = $thread_cflag = -D_SGI_MP_SOURCE $sys_id = diff --git a/crypto/dh/Makefile.ssl b/crypto/dh/Makefile.ssl index c1ccf0060a..1f72d521ea 100644 --- a/crypto/dh/Makefile.ssl +++ b/crypto/dh/Makefile.ssl @@ -120,18 +120,14 @@ dh_gen.o: ../../include/openssl/opensslconf.h ../../include/openssl/opensslv.h dh_gen.o: ../../include/openssl/ossl_typ.h ../../include/openssl/safestack.h dh_gen.o: ../../include/openssl/stack.h ../../include/openssl/symhacks.h dh_gen.o: ../cryptlib.h dh_gen.c -dh_key.o: ../../e_os.h ../../include/openssl/asn1.h ../../include/openssl/bio.h -dh_key.o: ../../include/openssl/bn.h ../../include/openssl/buffer.h -dh_key.o: ../../include/openssl/crypto.h ../../include/openssl/dh.h -dh_key.o: ../../include/openssl/dsa.h ../../include/openssl/e_os2.h -dh_key.o: ../../include/openssl/ec.h ../../include/openssl/ecdh.h -dh_key.o: ../../include/openssl/ecdsa.h ../../include/openssl/engine.h +dh_key.o: ../../e_os.h ../../include/openssl/bio.h ../../include/openssl/bn.h +dh_key.o: ../../include/openssl/buffer.h ../../include/openssl/crypto.h +dh_key.o: ../../include/openssl/dh.h ../../include/openssl/e_os2.h dh_key.o: ../../include/openssl/err.h ../../include/openssl/lhash.h dh_key.o: ../../include/openssl/opensslconf.h ../../include/openssl/opensslv.h dh_key.o: ../../include/openssl/ossl_typ.h ../../include/openssl/rand.h -dh_key.o: ../../include/openssl/rsa.h ../../include/openssl/safestack.h -dh_key.o: ../../include/openssl/stack.h ../../include/openssl/symhacks.h -dh_key.o: ../../include/openssl/ui.h ../cryptlib.h dh_key.c +dh_key.o: ../../include/openssl/safestack.h ../../include/openssl/stack.h +dh_key.o: ../../include/openssl/symhacks.h ../cryptlib.h dh_key.c dh_lib.o: ../../e_os.h ../../include/openssl/asn1.h ../../include/openssl/bio.h dh_lib.o: ../../include/openssl/bn.h ../../include/openssl/buffer.h dh_lib.o: ../../include/openssl/crypto.h ../../include/openssl/dh.h diff --git a/crypto/dsa/Makefile.ssl b/crypto/dsa/Makefile.ssl index 29fa723c61..6a60976f41 100644 --- a/crypto/dsa/Makefile.ssl +++ b/crypto/dsa/Makefile.ssl @@ -149,38 +149,29 @@ dsa_ossl.o: ../../e_os.h ../../include/openssl/asn1.h dsa_ossl.o: ../../include/openssl/bio.h ../../include/openssl/bn.h dsa_ossl.o: ../../include/openssl/buffer.h ../../include/openssl/crypto.h dsa_ossl.o: ../../include/openssl/dh.h ../../include/openssl/dsa.h -dsa_ossl.o: ../../include/openssl/e_os2.h ../../include/openssl/ec.h -dsa_ossl.o: ../../include/openssl/ecdh.h ../../include/openssl/ecdsa.h -dsa_ossl.o: ../../include/openssl/engine.h ../../include/openssl/err.h +dsa_ossl.o: ../../include/openssl/e_os2.h ../../include/openssl/err.h dsa_ossl.o: ../../include/openssl/lhash.h ../../include/openssl/opensslconf.h dsa_ossl.o: ../../include/openssl/opensslv.h ../../include/openssl/ossl_typ.h -dsa_ossl.o: ../../include/openssl/rand.h ../../include/openssl/rsa.h -dsa_ossl.o: ../../include/openssl/safestack.h ../../include/openssl/stack.h -dsa_ossl.o: ../../include/openssl/symhacks.h ../../include/openssl/ui.h +dsa_ossl.o: ../../include/openssl/rand.h ../../include/openssl/safestack.h +dsa_ossl.o: ../../include/openssl/stack.h ../../include/openssl/symhacks.h dsa_ossl.o: ../cryptlib.h dsa_ossl.c dsa_sign.o: ../../e_os.h ../../include/openssl/asn1.h dsa_sign.o: ../../include/openssl/bio.h ../../include/openssl/bn.h dsa_sign.o: ../../include/openssl/buffer.h ../../include/openssl/crypto.h dsa_sign.o: ../../include/openssl/dh.h ../../include/openssl/dsa.h -dsa_sign.o: ../../include/openssl/e_os2.h ../../include/openssl/ec.h -dsa_sign.o: ../../include/openssl/ecdh.h ../../include/openssl/ecdsa.h -dsa_sign.o: ../../include/openssl/engine.h ../../include/openssl/err.h +dsa_sign.o: ../../include/openssl/e_os2.h ../../include/openssl/err.h dsa_sign.o: ../../include/openssl/lhash.h ../../include/openssl/opensslconf.h dsa_sign.o: ../../include/openssl/opensslv.h ../../include/openssl/ossl_typ.h -dsa_sign.o: ../../include/openssl/rand.h ../../include/openssl/rsa.h -dsa_sign.o: ../../include/openssl/safestack.h ../../include/openssl/stack.h -dsa_sign.o: ../../include/openssl/symhacks.h ../../include/openssl/ui.h +dsa_sign.o: ../../include/openssl/rand.h ../../include/openssl/safestack.h +dsa_sign.o: ../../include/openssl/stack.h ../../include/openssl/symhacks.h dsa_sign.o: ../cryptlib.h dsa_sign.c dsa_vrf.o: ../../e_os.h ../../include/openssl/asn1.h dsa_vrf.o: ../../include/openssl/asn1_mac.h ../../include/openssl/bio.h dsa_vrf.o: ../../include/openssl/bn.h ../../include/openssl/buffer.h dsa_vrf.o: ../../include/openssl/crypto.h ../../include/openssl/dh.h dsa_vrf.o: ../../include/openssl/dsa.h ../../include/openssl/e_os2.h -dsa_vrf.o: ../../include/openssl/ec.h ../../include/openssl/ecdh.h -dsa_vrf.o: ../../include/openssl/ecdsa.h ../../include/openssl/engine.h dsa_vrf.o: ../../include/openssl/err.h ../../include/openssl/lhash.h dsa_vrf.o: ../../include/openssl/opensslconf.h ../../include/openssl/opensslv.h dsa_vrf.o: ../../include/openssl/ossl_typ.h ../../include/openssl/rand.h -dsa_vrf.o: ../../include/openssl/rsa.h ../../include/openssl/safestack.h -dsa_vrf.o: ../../include/openssl/stack.h ../../include/openssl/symhacks.h -dsa_vrf.o: ../../include/openssl/ui.h ../cryptlib.h dsa_vrf.c +dsa_vrf.o: ../../include/openssl/safestack.h ../../include/openssl/stack.h +dsa_vrf.o: ../../include/openssl/symhacks.h ../cryptlib.h dsa_vrf.c diff --git a/crypto/evp/Makefile.ssl b/crypto/evp/Makefile.ssl index 0f82cf78df..2d51730d2d 100644 --- a/crypto/evp/Makefile.ssl +++ b/crypto/evp/Makefile.ssl @@ -321,18 +321,13 @@ encode.o: ../../include/openssl/symhacks.h ../cryptlib.h encode.c evp_acnf.o: ../../e_os.h ../../include/openssl/asn1.h evp_acnf.o: ../../include/openssl/bio.h ../../include/openssl/bn.h evp_acnf.o: ../../include/openssl/buffer.h ../../include/openssl/conf.h -evp_acnf.o: ../../include/openssl/crypto.h ../../include/openssl/dh.h -evp_acnf.o: ../../include/openssl/dsa.h ../../include/openssl/e_os2.h -evp_acnf.o: ../../include/openssl/ec.h ../../include/openssl/ecdh.h -evp_acnf.o: ../../include/openssl/ecdsa.h ../../include/openssl/engine.h +evp_acnf.o: ../../include/openssl/crypto.h ../../include/openssl/e_os2.h evp_acnf.o: ../../include/openssl/err.h ../../include/openssl/evp.h evp_acnf.o: ../../include/openssl/lhash.h ../../include/openssl/obj_mac.h evp_acnf.o: ../../include/openssl/objects.h ../../include/openssl/opensslconf.h evp_acnf.o: ../../include/openssl/opensslv.h ../../include/openssl/ossl_typ.h -evp_acnf.o: ../../include/openssl/rand.h ../../include/openssl/rsa.h evp_acnf.o: ../../include/openssl/safestack.h ../../include/openssl/stack.h -evp_acnf.o: ../../include/openssl/symhacks.h ../../include/openssl/ui.h -evp_acnf.o: ../cryptlib.h evp_acnf.c +evp_acnf.o: ../../include/openssl/symhacks.h ../cryptlib.h evp_acnf.c evp_enc.o: ../../e_os.h ../../include/openssl/asn1.h evp_enc.o: ../../include/openssl/bio.h ../../include/openssl/bn.h evp_enc.o: ../../include/openssl/buffer.h ../../include/openssl/crypto.h diff --git a/crypto/rsa/Makefile.ssl b/crypto/rsa/Makefile.ssl index 31fe777b2c..cd7f94deb8 100644 --- a/crypto/rsa/Makefile.ssl +++ b/crypto/rsa/Makefile.ssl @@ -113,16 +113,12 @@ rsa_depr.o: ../cryptlib.h rsa_depr.c rsa_eay.o: ../../e_os.h ../../include/openssl/asn1.h rsa_eay.o: ../../include/openssl/bio.h ../../include/openssl/bn.h rsa_eay.o: ../../include/openssl/buffer.h ../../include/openssl/crypto.h -rsa_eay.o: ../../include/openssl/dh.h ../../include/openssl/dsa.h -rsa_eay.o: ../../include/openssl/e_os2.h ../../include/openssl/ec.h -rsa_eay.o: ../../include/openssl/ecdh.h ../../include/openssl/ecdsa.h -rsa_eay.o: ../../include/openssl/engine.h ../../include/openssl/err.h +rsa_eay.o: ../../include/openssl/e_os2.h ../../include/openssl/err.h rsa_eay.o: ../../include/openssl/lhash.h ../../include/openssl/opensslconf.h rsa_eay.o: ../../include/openssl/opensslv.h ../../include/openssl/ossl_typ.h rsa_eay.o: ../../include/openssl/rand.h ../../include/openssl/rsa.h rsa_eay.o: ../../include/openssl/safestack.h ../../include/openssl/stack.h -rsa_eay.o: ../../include/openssl/symhacks.h ../../include/openssl/ui.h -rsa_eay.o: ../cryptlib.h rsa_eay.c +rsa_eay.o: ../../include/openssl/symhacks.h ../cryptlib.h rsa_eay.c rsa_err.o: ../../include/openssl/asn1.h ../../include/openssl/bio.h rsa_err.o: ../../include/openssl/bn.h ../../include/openssl/crypto.h rsa_err.o: ../../include/openssl/e_os2.h ../../include/openssl/err.h @@ -213,15 +209,13 @@ rsa_sign.o: ../../include/openssl/buffer.h ../../include/openssl/crypto.h rsa_sign.o: ../../include/openssl/dh.h ../../include/openssl/dsa.h rsa_sign.o: ../../include/openssl/e_os2.h ../../include/openssl/ec.h rsa_sign.o: ../../include/openssl/ecdh.h ../../include/openssl/ecdsa.h -rsa_sign.o: ../../include/openssl/engine.h ../../include/openssl/err.h -rsa_sign.o: ../../include/openssl/evp.h ../../include/openssl/lhash.h -rsa_sign.o: ../../include/openssl/obj_mac.h ../../include/openssl/objects.h -rsa_sign.o: ../../include/openssl/opensslconf.h +rsa_sign.o: ../../include/openssl/err.h ../../include/openssl/evp.h +rsa_sign.o: ../../include/openssl/lhash.h ../../include/openssl/obj_mac.h +rsa_sign.o: ../../include/openssl/objects.h ../../include/openssl/opensslconf.h rsa_sign.o: ../../include/openssl/opensslv.h ../../include/openssl/ossl_typ.h -rsa_sign.o: ../../include/openssl/pkcs7.h ../../include/openssl/rand.h -rsa_sign.o: ../../include/openssl/rsa.h ../../include/openssl/safestack.h -rsa_sign.o: ../../include/openssl/sha.h ../../include/openssl/stack.h -rsa_sign.o: ../../include/openssl/symhacks.h ../../include/openssl/ui.h +rsa_sign.o: ../../include/openssl/pkcs7.h ../../include/openssl/rsa.h +rsa_sign.o: ../../include/openssl/safestack.h ../../include/openssl/sha.h +rsa_sign.o: ../../include/openssl/stack.h ../../include/openssl/symhacks.h rsa_sign.o: ../../include/openssl/x509.h ../../include/openssl/x509_vfy.h rsa_sign.o: ../cryptlib.h rsa_sign.c rsa_ssl.o: ../../e_os.h ../../include/openssl/asn1.h diff --git a/test/Makefile.ssl b/test/Makefile.ssl index 2b61e6f007..15247879c2 100644 --- a/test/Makefile.ssl +++ b/test/Makefile.ssl @@ -811,17 +811,14 @@ dhtest.o: ../include/openssl/lhash.h ../include/openssl/opensslconf.h dhtest.o: ../include/openssl/opensslv.h ../include/openssl/ossl_typ.h dhtest.o: ../include/openssl/rand.h ../include/openssl/safestack.h dhtest.o: ../include/openssl/stack.h ../include/openssl/symhacks.h dhtest.c -dsatest.o: ../e_os.h ../include/openssl/asn1.h ../include/openssl/bio.h -dsatest.o: ../include/openssl/bn.h ../include/openssl/crypto.h -dsatest.o: ../include/openssl/dh.h ../include/openssl/dsa.h -dsatest.o: ../include/openssl/e_os2.h ../include/openssl/ec.h -dsatest.o: ../include/openssl/ecdh.h ../include/openssl/ecdsa.h -dsatest.o: ../include/openssl/engine.h ../include/openssl/err.h -dsatest.o: ../include/openssl/lhash.h ../include/openssl/opensslconf.h -dsatest.o: ../include/openssl/opensslv.h ../include/openssl/ossl_typ.h -dsatest.o: ../include/openssl/rand.h ../include/openssl/rsa.h +dsatest.o: ../e_os.h ../include/openssl/bio.h ../include/openssl/bn.h +dsatest.o: ../include/openssl/crypto.h ../include/openssl/dh.h +dsatest.o: ../include/openssl/dsa.h ../include/openssl/e_os2.h +dsatest.o: ../include/openssl/err.h ../include/openssl/lhash.h +dsatest.o: ../include/openssl/opensslconf.h ../include/openssl/opensslv.h +dsatest.o: ../include/openssl/ossl_typ.h ../include/openssl/rand.h dsatest.o: ../include/openssl/safestack.h ../include/openssl/stack.h -dsatest.o: ../include/openssl/symhacks.h ../include/openssl/ui.h dsatest.c +dsatest.o: ../include/openssl/symhacks.h dsatest.c ecdhtest.o: ../e_os.h ../include/openssl/asn1.h ../include/openssl/bio.h ecdhtest.o: ../include/openssl/bn.h ../include/openssl/crypto.h ecdhtest.o: ../include/openssl/e_os2.h ../include/openssl/ec.h @@ -952,15 +949,12 @@ rmdtest.o: ../include/openssl/safestack.h ../include/openssl/stack.h rmdtest.o: ../include/openssl/symhacks.h rmdtest.c rsa_test.o: ../e_os.h ../include/openssl/asn1.h ../include/openssl/bio.h rsa_test.o: ../include/openssl/bn.h ../include/openssl/crypto.h -rsa_test.o: ../include/openssl/dh.h ../include/openssl/dsa.h -rsa_test.o: ../include/openssl/e_os2.h ../include/openssl/ec.h -rsa_test.o: ../include/openssl/ecdh.h ../include/openssl/ecdsa.h -rsa_test.o: ../include/openssl/engine.h ../include/openssl/err.h +rsa_test.o: ../include/openssl/e_os2.h ../include/openssl/err.h rsa_test.o: ../include/openssl/lhash.h ../include/openssl/opensslconf.h rsa_test.o: ../include/openssl/opensslv.h ../include/openssl/ossl_typ.h rsa_test.o: ../include/openssl/rand.h ../include/openssl/rsa.h rsa_test.o: ../include/openssl/safestack.h ../include/openssl/stack.h -rsa_test.o: ../include/openssl/symhacks.h ../include/openssl/ui.h rsa_test.c +rsa_test.o: ../include/openssl/symhacks.h rsa_test.c sha1test.o: ../e_os.h ../include/openssl/asn1.h ../include/openssl/bio.h sha1test.o: ../include/openssl/bn.h ../include/openssl/crypto.h sha1test.o: ../include/openssl/e_os2.h ../include/openssl/evp.h From 138f970e6ea32914eac3d9216dabc8511088ad71 Mon Sep 17 00:00:00 2001 From: Richard Levitte Date: Thu, 10 Apr 2003 20:38:24 +0000 Subject: [PATCH 256/393] Add the 0.9.6j news. --- NEWS | 7 +++++++ 1 file changed, 7 insertions(+) diff --git a/NEWS b/NEWS index 31eaa7eabd..cc9405c3bc 100644 --- a/NEWS +++ b/NEWS @@ -70,6 +70,13 @@ o SSL/TLS: add callback to retrieve SSL/TLS messages. o SSL/TLS: support AES cipher suites (RFC3268). + Major changes between OpenSSL 0.9.6i and OpenSSL 0.9.6j: + + o Security: counter the Klima-Pokorny-Rosa extension of + Bleichbacher's attack + o Security: make RSA blinding default. + o Build: shared library support fixes. + Major changes between OpenSSL 0.9.6h and OpenSSL 0.9.6i: o Important security related bugfixes. From 7a04fdd87f544cef6aa08d54f7b9ff6b1eb4e7ab Mon Sep 17 00:00:00 2001 From: =?UTF-8?q?Bodo=20M=C3=B6ller?= Date: Fri, 11 Apr 2003 15:03:12 +0000 Subject: [PATCH 257/393] include 'Changes between 0.9.6i and 0.9.6j' --- CHANGES | 25 +++++++++++++++++++++++++ 1 file changed, 25 insertions(+) diff --git a/CHANGES b/CHANGES index 66870e6c87..6b1d73c5ef 100644 --- a/CHANGES +++ b/CHANGES @@ -2424,6 +2424,31 @@ des-cbc 3624.96k 5258.21k 5530.91k 5624.30k 5628.26k *) Clean old EAY MD5 hack from e_os.h. [Richard Levitte] + Changes between 0.9.6i and 0.9.6j [10 Apr 2003] + + *) Countermeasure against the Klima-Pokorny-Rosa extension of + Bleichbacher's attack on PKCS #1 v1.5 padding: treat + a protocol version number mismatch like a decryption error + in ssl3_get_client_key_exchange (ssl/s3_srvr.c). + [Bodo Moeller] + + *) Turn on RSA blinding by default in the default implementation + to avoid a timing attack. Applications that don't want it can call + RSA_blinding_off() or use the new flag RSA_FLAG_NO_BLINDING. + They would be ill-advised to do so in most cases. + [Ben Laurie, Steve Henson, Geoff Thorpe, Bodo Moeller] + + *) Change RSA blinding code so that it works when the PRNG is not + seeded (in this case, the secret RSA exponent is abused as + an unpredictable seed -- if it is not unpredictable, there + is no point in blinding anyway). Make RSA blinding thread-safe + by remembering the creator's thread ID in rsa->blinding and + having all other threads use local one-time blinding factors + (this requires more computation than sharing rsa->blinding, but + avoids excessive locking; and if an RSA object is not shared + between threads, blinding will still be very fast). + [Bodo Moeller] + Changes between 0.9.6h and 0.9.6i [19 Feb 2003] *) In ssl3_get_record (ssl/s3_pkt.c), minimize information leaked From cd1226bc6a7849e8103bb5fae55fe560ad16d20f Mon Sep 17 00:00:00 2001 From: Richard Levitte Date: Tue, 15 Apr 2003 13:01:37 +0000 Subject: [PATCH 258/393] Memory leak fix: local blinding structure not freed in rsa_eay_private_decrypt() --- crypto/rsa/rsa_eay.c | 2 ++ 1 file changed, 2 insertions(+) diff --git a/crypto/rsa/rsa_eay.c b/crypto/rsa/rsa_eay.c index aff86343cc..ee2a70bb48 100644 --- a/crypto/rsa/rsa_eay.c +++ b/crypto/rsa/rsa_eay.c @@ -504,6 +504,8 @@ err: if (ctx != NULL) BN_CTX_free(ctx); BN_clear_free(&f); BN_clear_free(&ret); + if (local_blinding) + BN_BLINDING_free(blinding); if (buf != NULL) { OPENSSL_cleanse(buf,num); From 040c687ce479bda5b68fd865d5ab97a91035e29e Mon Sep 17 00:00:00 2001 From: Richard Levitte Date: Wed, 16 Apr 2003 06:25:21 +0000 Subject: [PATCH 259/393] Memory leak fix: RSA_blinding_on() didn't free Ai under certain circumstances. Memory leak fix: RSA_blinding_on() would leave a dangling pointer in rsa->blinding under certain circumstances. Double definition fix: RSA_FLAG_NO_BLINDING was defined twice. --- crypto/rsa/rsa.h | 11 +++++------ crypto/rsa/rsa_lib.c | 8 ++++++-- 2 files changed, 11 insertions(+), 8 deletions(-) diff --git a/crypto/rsa/rsa.h b/crypto/rsa/rsa.h index 604fc26442..12689fc22d 100644 --- a/crypto/rsa/rsa.h +++ b/crypto/rsa/rsa.h @@ -162,11 +162,6 @@ struct rsa_st #define RSA_FLAG_CACHE_PUBLIC 0x02 #define RSA_FLAG_CACHE_PRIVATE 0x04 #define RSA_FLAG_BLINDING 0x08 -#define RSA_FLAG_NO_BLINDING 0x80 /* new with 0.9.6j and 0.9.7b; the built-in - * RSA implementation now uses blinding by - * default (ignoring RSA_FLAG_BLINDING), - * but other engines might not need it - */ #define RSA_FLAG_THREAD_SAFE 0x10 /* This flag means the private key operations will be handled by rsa_mod_exp * and that they do not depend on the private key components being present: @@ -179,7 +174,11 @@ struct rsa_st */ #define RSA_FLAG_SIGN_VER 0x40 -#define RSA_FLAG_NO_BLINDING 0x80 +#define RSA_FLAG_NO_BLINDING 0x80 /* new with 0.9.6j and 0.9.7b; the built-in + * RSA implementation now uses blinding by + * default (ignoring RSA_FLAG_BLINDING), + * but other engines might not need it + */ #define RSA_PKCS1_PADDING 1 #define RSA_SSLV23_PADDING 2 diff --git a/crypto/rsa/rsa_lib.c b/crypto/rsa/rsa_lib.c index 53c5092014..e4d622851e 100644 --- a/crypto/rsa/rsa_lib.c +++ b/crypto/rsa/rsa_lib.c @@ -316,7 +316,7 @@ void RSA_blinding_off(RSA *rsa) int RSA_blinding_on(RSA *rsa, BN_CTX *p_ctx) { - BIGNUM *A,*Ai; + BIGNUM *A,*Ai = NULL; BN_CTX *ctx; int ret=0; @@ -327,8 +327,12 @@ int RSA_blinding_on(RSA *rsa, BN_CTX *p_ctx) else ctx=p_ctx; + /* XXXXX: Shouldn't this be RSA_blinding_off(rsa)? */ if (rsa->blinding != NULL) + { BN_BLINDING_free(rsa->blinding); + rsa->blinding = NULL; + } /* NB: similar code appears in setup_blinding (rsa_eay.c); * this should be placed in a new function of its own, but for reasons @@ -356,9 +360,9 @@ int RSA_blinding_on(RSA *rsa, BN_CTX *p_ctx) rsa->blinding->thread_id = CRYPTO_thread_id(); rsa->flags |= RSA_FLAG_BLINDING; rsa->flags &= ~RSA_FLAG_NO_BLINDING; - BN_free(Ai); ret=1; err: + if (Ai != NULL) BN_free(Ai); BN_CTX_end(ctx); if (ctx != p_ctx) BN_CTX_free(ctx); return(ret); From 1cc087fe4f8367075058d30aee6c04816fcbe74a Mon Sep 17 00:00:00 2001 From: Richard Levitte Date: Mon, 21 Apr 2003 22:00:36 +0000 Subject: [PATCH 260/393] Make it possible to affect the extension of man pages. PR: 578 --- Makefile.org | 13 +++++++------ openssl.spec | 7 +------ 2 files changed, 8 insertions(+), 12 deletions(-) diff --git a/Makefile.org b/Makefile.org index 58c0807fbf..6f2188ad82 100644 --- a/Makefile.org +++ b/Makefile.org @@ -191,6 +191,7 @@ MAKE= $(NEWMAKE) -f Makefile.ssl MANDIR=$(OPENSSLDIR)/man MAN1=1 MAN3=3 +MANSUFFIX= SHELL=/bin/sh TOP= . @@ -568,33 +569,33 @@ install_docs: for i in doc/apps/*.pod; do \ fn=`basename $$i .pod`; \ if [ "$$fn" = "config" ]; then sec=5; else sec=1; fi; \ - echo "installing man$$sec/$$fn.$$sec"; \ + echo "installing man$$sec/$$fn.$${sec}$(MANSUFFIX)"; \ (cd `$(PERL) util/dirname.pl $$i`; \ sh -c "$$pod2man \ --section=$$sec --center=OpenSSL \ --release=$(VERSION) `basename $$i`") \ - > $(INSTALL_PREFIX)$(MANDIR)/man$$sec/$$fn.$$sec; \ + > $(INSTALL_PREFIX)$(MANDIR)/man$$sec/$$fn.$${sec}$(MANSUFFIX); \ $(PERL) util/extract-names.pl < $$i | \ grep -v $$filecase "^$$fn\$$" | \ (cd $(INSTALL_PREFIX)$(MANDIR)/man$$sec/; \ while read n; do \ - $$here/util/point.sh $$fn.$$sec $$n.$$sec; \ + $$here/util/point.sh $$fn.$${sec}$(MANSUFFIX) $$n.$${sec}$(MANSUFFIX); \ done); \ done; \ for i in doc/crypto/*.pod doc/ssl/*.pod; do \ fn=`basename $$i .pod`; \ if [ "$$fn" = "des_modes" ]; then sec=7; else sec=3; fi; \ - echo "installing man$$sec/$$fn.$$sec"; \ + echo "installing man$$sec/$$fn.$${sec}$(MANSUFFIX)"; \ (cd `$(PERL) util/dirname.pl $$i`; \ sh -c "$$pod2man \ --section=$$sec --center=OpenSSL \ --release=$(VERSION) `basename $$i`") \ - > $(INSTALL_PREFIX)$(MANDIR)/man$$sec/$$fn.$$sec; \ + > $(INSTALL_PREFIX)$(MANDIR)/man$$sec/$$fn.$${sec}$(MANSUFFIX); \ $(PERL) util/extract-names.pl < $$i | \ grep -v $$filecase "^$$fn\$$" | \ (cd $(INSTALL_PREFIX)$(MANDIR)/man$$sec/; \ while read n; do \ - $$here/util/point.sh $$fn.$$sec $$n.$$sec; \ + $$here/util/point.sh $$fn.$${sec}$(MANSUFFIX) $$n.$${sec}$(MANSUFFIX); \ done); \ done diff --git a/openssl.spec b/openssl.spec index 3085d3e94b..27b74934a2 100644 --- a/openssl.spec +++ b/openssl.spec @@ -102,12 +102,7 @@ LD_LIBRARY_PATH=`pwd` make test %install rm -rf $RPM_BUILD_ROOT -make MANDIR=/usr/man INSTALL_PREFIX="$RPM_BUILD_ROOT" install - -# Rename manpages -for x in $RPM_BUILD_ROOT/usr/man/man*/* - do mv ${x} ${x}ssl -done +make MANDIR=/usr/man MANSUFFIX=ssl INSTALL_PREFIX="$RPM_BUILD_ROOT" install # Make backwards-compatibility symlink to ssleay ln -sf /usr/bin/openssl $RPM_BUILD_ROOT/usr/bin/ssleay From eec7968f18bf16034ff924cd56ce07611fb188da Mon Sep 17 00:00:00 2001 From: =?UTF-8?q?Bodo=20M=C3=B6ller?= Date: Tue, 22 Apr 2003 08:29:21 +0000 Subject: [PATCH 261/393] fix typo Submitted by: Nils Larsch --- crypto/x509/x509type.c | 4 ++-- 1 file changed, 2 insertions(+), 2 deletions(-) diff --git a/crypto/x509/x509type.c b/crypto/x509/x509type.c index 8eaf102480..4af98214a8 100644 --- a/crypto/x509/x509type.c +++ b/crypto/x509/x509type.c @@ -102,10 +102,10 @@ int X509_certificate_type(X509 *x, EVP_PKEY *pkey) case EVP_PKEY_RSA: ret|=EVP_PKS_RSA; break; - case EVP_PKS_DSA: + case EVP_PKEY_DSA: ret|=EVP_PKS_DSA; break; - case EVP_PKS_EC: + case EVP_PKEY_EC: ret|=EVP_PKS_EC; break; default: From ea5240a5edceccc6c6410a56b68ec4d8038da4bb Mon Sep 17 00:00:00 2001 From: Richard Levitte Date: Tue, 29 Apr 2003 20:25:21 +0000 Subject: [PATCH 262/393] Add an extended variant of OBJ_bsearch() that can be given a few flags. --- CHANGES | 15 +++++++++++++++ crypto/objects/obj_dat.c | 35 +++++++++++++++++++++++++++-------- crypto/objects/objects.h | 7 ++++++- 3 files changed, 48 insertions(+), 9 deletions(-) diff --git a/CHANGES b/CHANGES index 6b1d73c5ef..c65cf1f5fc 100644 --- a/CHANGES +++ b/CHANGES @@ -4,6 +4,21 @@ Changes between 0.9.7a and 0.9.8 [xx XXX xxxx] + *) Add the function OBJ_bsearch_ex() which works like OBJ_bsearch() but + takes an extra flags argument for optional functionality. Currently, + the following flags are defined: + + OBJ_BSEARCH_VALUE_ON_NOMATCH + This one gets OBJ_bsearch_ex() to return a pointer to the first + element where the comparing function returns a negative or zero + number. + + OBJ_BSEARCH_FIRST_VALUE_ON_MATCH + This one gets OBJ_bsearch_ex() to return a pointer to the first + element where the comparing function returns zero. This is useful + if there are more than one element where the comparing function + returns zero. + *) Make it possible to create self-signed certificates with 'openssl ca' in such a way that the self-signed certificate becomes part of the CA database and uses the same mechanisms for serial number generation diff --git a/crypto/objects/obj_dat.c b/crypto/objects/obj_dat.c index 5d983e3ed4..adab7a7343 100644 --- a/crypto/objects/obj_dat.c +++ b/crypto/objects/obj_dat.c @@ -556,8 +556,14 @@ static int obj_cmp(const void *ap, const void *bp) const char *OBJ_bsearch(const char *key, const char *base, int num, int size, int (*cmp)(const void *, const void *)) { + return OBJ_bsearch_ex(key, base, num, size, cmp, 0); + } + +const char *OBJ_bsearch_ex(const char *key, const char *base, int num, + int size, int (*cmp)(const void *, const void *), int flags) + { int l,h,i,c; - const char *p; + const char *p = NULL; if (num == 0) return(NULL); l=0; @@ -572,20 +578,33 @@ const char *OBJ_bsearch(const char *key, const char *base, int num, int size, else if (c > 0) l=i+1; else - return(p); + break; } #ifdef CHARSET_EBCDIC /* THIS IS A KLUDGE - Because the *_obj is sorted in ASCII order, and * I don't have perl (yet), we revert to a *LINEAR* search * when the object wasn't found in the binary search. */ - for (i=0; i 0 && (*cmp)(key,&(base[(i-1)*size])) == 0) + i--; + p = &(base[i*size]); + } + return(p); } int OBJ_create_objects(BIO *in) diff --git a/crypto/objects/objects.h b/crypto/objects/objects.h index de10532813..8b509516fc 100644 --- a/crypto/objects/objects.h +++ b/crypto/objects/objects.h @@ -966,7 +966,10 @@ #define OBJ_NAME_TYPE_COMP_METH 0x04 #define OBJ_NAME_TYPE_NUM 0x05 -#define OBJ_NAME_ALIAS 0x8000 +#define OBJ_NAME_ALIAS 0x8000 + +#define OBJ_BSEARCH_VALUE_ON_NOMATCH 0x01 +#define OBJ_BSEARCH_FIRST_VALUE_ON_MATCH 0x02 #ifdef __cplusplus @@ -1010,6 +1013,8 @@ int OBJ_sn2nid(const char *s); int OBJ_cmp(const ASN1_OBJECT *a,const ASN1_OBJECT *b); const char * OBJ_bsearch(const char *key,const char *base,int num,int size, int (*cmp)(const void *, const void *)); +const char * OBJ_bsearch_ex(const char *key,const char *base,int num, + int size, int (*cmp)(const void *, const void *), int flags); int OBJ_new_nid(int num); int OBJ_add_object(const ASN1_OBJECT *obj); From 26851b6b42260bdfd5c5b8332b5d3d00fa60f3df Mon Sep 17 00:00:00 2001 From: Richard Levitte Date: Tue, 29 Apr 2003 20:30:55 +0000 Subject: [PATCH 263/393] Add an extended variant of sk_find() which returns a non-NULL pointer even if an exact match wasn't found. --- crypto/stack/safestack.h | 78 ++++++++++++++++++++++++++++++++++++++++ crypto/stack/stack.c | 26 +++++++------- crypto/stack/stack.h | 1 + util/mkstack.pl | 1 + 4 files changed, 93 insertions(+), 13 deletions(-) diff --git a/crypto/stack/safestack.h b/crypto/stack/safestack.h index ecb2b8ffed..3110e50a84 100644 --- a/crypto/stack/safestack.h +++ b/crypto/stack/safestack.h @@ -214,6 +214,7 @@ STACK_OF(type) \ #define sk_ACCESS_DESCRIPTION_push(st, val) SKM_sk_push(ACCESS_DESCRIPTION, (st), (val)) #define sk_ACCESS_DESCRIPTION_unshift(st, val) SKM_sk_unshift(ACCESS_DESCRIPTION, (st), (val)) #define sk_ACCESS_DESCRIPTION_find(st, val) SKM_sk_find(ACCESS_DESCRIPTION, (st), (val)) +#define sk_ACCESS_DESCRIPTION_find_ex(st, val) SKM_sk_find_ex(ACCESS_DESCRIPTION, (st), (val)) #define sk_ACCESS_DESCRIPTION_delete(st, i) SKM_sk_delete(ACCESS_DESCRIPTION, (st), (i)) #define sk_ACCESS_DESCRIPTION_delete_ptr(st, ptr) SKM_sk_delete_ptr(ACCESS_DESCRIPTION, (st), (ptr)) #define sk_ACCESS_DESCRIPTION_insert(st, val, i) SKM_sk_insert(ACCESS_DESCRIPTION, (st), (val), (i)) @@ -234,6 +235,7 @@ STACK_OF(type) \ #define sk_ASN1_GENERALSTRING_push(st, val) SKM_sk_push(ASN1_GENERALSTRING, (st), (val)) #define sk_ASN1_GENERALSTRING_unshift(st, val) SKM_sk_unshift(ASN1_GENERALSTRING, (st), (val)) #define sk_ASN1_GENERALSTRING_find(st, val) SKM_sk_find(ASN1_GENERALSTRING, (st), (val)) +#define sk_ASN1_GENERALSTRING_find_ex(st, val) SKM_sk_find_ex(ASN1_GENERALSTRING, (st), (val)) #define sk_ASN1_GENERALSTRING_delete(st, i) SKM_sk_delete(ASN1_GENERALSTRING, (st), (i)) #define sk_ASN1_GENERALSTRING_delete_ptr(st, ptr) SKM_sk_delete_ptr(ASN1_GENERALSTRING, (st), (ptr)) #define sk_ASN1_GENERALSTRING_insert(st, val, i) SKM_sk_insert(ASN1_GENERALSTRING, (st), (val), (i)) @@ -254,6 +256,7 @@ STACK_OF(type) \ #define sk_ASN1_INTEGER_push(st, val) SKM_sk_push(ASN1_INTEGER, (st), (val)) #define sk_ASN1_INTEGER_unshift(st, val) SKM_sk_unshift(ASN1_INTEGER, (st), (val)) #define sk_ASN1_INTEGER_find(st, val) SKM_sk_find(ASN1_INTEGER, (st), (val)) +#define sk_ASN1_INTEGER_find_ex(st, val) SKM_sk_find_ex(ASN1_INTEGER, (st), (val)) #define sk_ASN1_INTEGER_delete(st, i) SKM_sk_delete(ASN1_INTEGER, (st), (i)) #define sk_ASN1_INTEGER_delete_ptr(st, ptr) SKM_sk_delete_ptr(ASN1_INTEGER, (st), (ptr)) #define sk_ASN1_INTEGER_insert(st, val, i) SKM_sk_insert(ASN1_INTEGER, (st), (val), (i)) @@ -274,6 +277,7 @@ STACK_OF(type) \ #define sk_ASN1_OBJECT_push(st, val) SKM_sk_push(ASN1_OBJECT, (st), (val)) #define sk_ASN1_OBJECT_unshift(st, val) SKM_sk_unshift(ASN1_OBJECT, (st), (val)) #define sk_ASN1_OBJECT_find(st, val) SKM_sk_find(ASN1_OBJECT, (st), (val)) +#define sk_ASN1_OBJECT_find_ex(st, val) SKM_sk_find_ex(ASN1_OBJECT, (st), (val)) #define sk_ASN1_OBJECT_delete(st, i) SKM_sk_delete(ASN1_OBJECT, (st), (i)) #define sk_ASN1_OBJECT_delete_ptr(st, ptr) SKM_sk_delete_ptr(ASN1_OBJECT, (st), (ptr)) #define sk_ASN1_OBJECT_insert(st, val, i) SKM_sk_insert(ASN1_OBJECT, (st), (val), (i)) @@ -294,6 +298,7 @@ STACK_OF(type) \ #define sk_ASN1_STRING_TABLE_push(st, val) SKM_sk_push(ASN1_STRING_TABLE, (st), (val)) #define sk_ASN1_STRING_TABLE_unshift(st, val) SKM_sk_unshift(ASN1_STRING_TABLE, (st), (val)) #define sk_ASN1_STRING_TABLE_find(st, val) SKM_sk_find(ASN1_STRING_TABLE, (st), (val)) +#define sk_ASN1_STRING_TABLE_find_ex(st, val) SKM_sk_find_ex(ASN1_STRING_TABLE, (st), (val)) #define sk_ASN1_STRING_TABLE_delete(st, i) SKM_sk_delete(ASN1_STRING_TABLE, (st), (i)) #define sk_ASN1_STRING_TABLE_delete_ptr(st, ptr) SKM_sk_delete_ptr(ASN1_STRING_TABLE, (st), (ptr)) #define sk_ASN1_STRING_TABLE_insert(st, val, i) SKM_sk_insert(ASN1_STRING_TABLE, (st), (val), (i)) @@ -314,6 +319,7 @@ STACK_OF(type) \ #define sk_ASN1_TYPE_push(st, val) SKM_sk_push(ASN1_TYPE, (st), (val)) #define sk_ASN1_TYPE_unshift(st, val) SKM_sk_unshift(ASN1_TYPE, (st), (val)) #define sk_ASN1_TYPE_find(st, val) SKM_sk_find(ASN1_TYPE, (st), (val)) +#define sk_ASN1_TYPE_find_ex(st, val) SKM_sk_find_ex(ASN1_TYPE, (st), (val)) #define sk_ASN1_TYPE_delete(st, i) SKM_sk_delete(ASN1_TYPE, (st), (i)) #define sk_ASN1_TYPE_delete_ptr(st, ptr) SKM_sk_delete_ptr(ASN1_TYPE, (st), (ptr)) #define sk_ASN1_TYPE_insert(st, val, i) SKM_sk_insert(ASN1_TYPE, (st), (val), (i)) @@ -334,6 +340,7 @@ STACK_OF(type) \ #define sk_ASN1_VALUE_push(st, val) SKM_sk_push(ASN1_VALUE, (st), (val)) #define sk_ASN1_VALUE_unshift(st, val) SKM_sk_unshift(ASN1_VALUE, (st), (val)) #define sk_ASN1_VALUE_find(st, val) SKM_sk_find(ASN1_VALUE, (st), (val)) +#define sk_ASN1_VALUE_find_ex(st, val) SKM_sk_find_ex(ASN1_VALUE, (st), (val)) #define sk_ASN1_VALUE_delete(st, i) SKM_sk_delete(ASN1_VALUE, (st), (i)) #define sk_ASN1_VALUE_delete_ptr(st, ptr) SKM_sk_delete_ptr(ASN1_VALUE, (st), (ptr)) #define sk_ASN1_VALUE_insert(st, val, i) SKM_sk_insert(ASN1_VALUE, (st), (val), (i)) @@ -354,6 +361,7 @@ STACK_OF(type) \ #define sk_BIO_push(st, val) SKM_sk_push(BIO, (st), (val)) #define sk_BIO_unshift(st, val) SKM_sk_unshift(BIO, (st), (val)) #define sk_BIO_find(st, val) SKM_sk_find(BIO, (st), (val)) +#define sk_BIO_find_ex(st, val) SKM_sk_find_ex(BIO, (st), (val)) #define sk_BIO_delete(st, i) SKM_sk_delete(BIO, (st), (i)) #define sk_BIO_delete_ptr(st, ptr) SKM_sk_delete_ptr(BIO, (st), (ptr)) #define sk_BIO_insert(st, val, i) SKM_sk_insert(BIO, (st), (val), (i)) @@ -374,6 +382,7 @@ STACK_OF(type) \ #define sk_CONF_IMODULE_push(st, val) SKM_sk_push(CONF_IMODULE, (st), (val)) #define sk_CONF_IMODULE_unshift(st, val) SKM_sk_unshift(CONF_IMODULE, (st), (val)) #define sk_CONF_IMODULE_find(st, val) SKM_sk_find(CONF_IMODULE, (st), (val)) +#define sk_CONF_IMODULE_find_ex(st, val) SKM_sk_find_ex(CONF_IMODULE, (st), (val)) #define sk_CONF_IMODULE_delete(st, i) SKM_sk_delete(CONF_IMODULE, (st), (i)) #define sk_CONF_IMODULE_delete_ptr(st, ptr) SKM_sk_delete_ptr(CONF_IMODULE, (st), (ptr)) #define sk_CONF_IMODULE_insert(st, val, i) SKM_sk_insert(CONF_IMODULE, (st), (val), (i)) @@ -394,6 +403,7 @@ STACK_OF(type) \ #define sk_CONF_MODULE_push(st, val) SKM_sk_push(CONF_MODULE, (st), (val)) #define sk_CONF_MODULE_unshift(st, val) SKM_sk_unshift(CONF_MODULE, (st), (val)) #define sk_CONF_MODULE_find(st, val) SKM_sk_find(CONF_MODULE, (st), (val)) +#define sk_CONF_MODULE_find_ex(st, val) SKM_sk_find_ex(CONF_MODULE, (st), (val)) #define sk_CONF_MODULE_delete(st, i) SKM_sk_delete(CONF_MODULE, (st), (i)) #define sk_CONF_MODULE_delete_ptr(st, ptr) SKM_sk_delete_ptr(CONF_MODULE, (st), (ptr)) #define sk_CONF_MODULE_insert(st, val, i) SKM_sk_insert(CONF_MODULE, (st), (val), (i)) @@ -414,6 +424,7 @@ STACK_OF(type) \ #define sk_CONF_VALUE_push(st, val) SKM_sk_push(CONF_VALUE, (st), (val)) #define sk_CONF_VALUE_unshift(st, val) SKM_sk_unshift(CONF_VALUE, (st), (val)) #define sk_CONF_VALUE_find(st, val) SKM_sk_find(CONF_VALUE, (st), (val)) +#define sk_CONF_VALUE_find_ex(st, val) SKM_sk_find_ex(CONF_VALUE, (st), (val)) #define sk_CONF_VALUE_delete(st, i) SKM_sk_delete(CONF_VALUE, (st), (i)) #define sk_CONF_VALUE_delete_ptr(st, ptr) SKM_sk_delete_ptr(CONF_VALUE, (st), (ptr)) #define sk_CONF_VALUE_insert(st, val, i) SKM_sk_insert(CONF_VALUE, (st), (val), (i)) @@ -434,6 +445,7 @@ STACK_OF(type) \ #define sk_CRYPTO_EX_DATA_FUNCS_push(st, val) SKM_sk_push(CRYPTO_EX_DATA_FUNCS, (st), (val)) #define sk_CRYPTO_EX_DATA_FUNCS_unshift(st, val) SKM_sk_unshift(CRYPTO_EX_DATA_FUNCS, (st), (val)) #define sk_CRYPTO_EX_DATA_FUNCS_find(st, val) SKM_sk_find(CRYPTO_EX_DATA_FUNCS, (st), (val)) +#define sk_CRYPTO_EX_DATA_FUNCS_find_ex(st, val) SKM_sk_find_ex(CRYPTO_EX_DATA_FUNCS, (st), (val)) #define sk_CRYPTO_EX_DATA_FUNCS_delete(st, i) SKM_sk_delete(CRYPTO_EX_DATA_FUNCS, (st), (i)) #define sk_CRYPTO_EX_DATA_FUNCS_delete_ptr(st, ptr) SKM_sk_delete_ptr(CRYPTO_EX_DATA_FUNCS, (st), (ptr)) #define sk_CRYPTO_EX_DATA_FUNCS_insert(st, val, i) SKM_sk_insert(CRYPTO_EX_DATA_FUNCS, (st), (val), (i)) @@ -454,6 +466,7 @@ STACK_OF(type) \ #define sk_CRYPTO_dynlock_push(st, val) SKM_sk_push(CRYPTO_dynlock, (st), (val)) #define sk_CRYPTO_dynlock_unshift(st, val) SKM_sk_unshift(CRYPTO_dynlock, (st), (val)) #define sk_CRYPTO_dynlock_find(st, val) SKM_sk_find(CRYPTO_dynlock, (st), (val)) +#define sk_CRYPTO_dynlock_find_ex(st, val) SKM_sk_find_ex(CRYPTO_dynlock, (st), (val)) #define sk_CRYPTO_dynlock_delete(st, i) SKM_sk_delete(CRYPTO_dynlock, (st), (i)) #define sk_CRYPTO_dynlock_delete_ptr(st, ptr) SKM_sk_delete_ptr(CRYPTO_dynlock, (st), (ptr)) #define sk_CRYPTO_dynlock_insert(st, val, i) SKM_sk_insert(CRYPTO_dynlock, (st), (val), (i)) @@ -474,6 +487,7 @@ STACK_OF(type) \ #define sk_DIST_POINT_push(st, val) SKM_sk_push(DIST_POINT, (st), (val)) #define sk_DIST_POINT_unshift(st, val) SKM_sk_unshift(DIST_POINT, (st), (val)) #define sk_DIST_POINT_find(st, val) SKM_sk_find(DIST_POINT, (st), (val)) +#define sk_DIST_POINT_find_ex(st, val) SKM_sk_find_ex(DIST_POINT, (st), (val)) #define sk_DIST_POINT_delete(st, i) SKM_sk_delete(DIST_POINT, (st), (i)) #define sk_DIST_POINT_delete_ptr(st, ptr) SKM_sk_delete_ptr(DIST_POINT, (st), (ptr)) #define sk_DIST_POINT_insert(st, val, i) SKM_sk_insert(DIST_POINT, (st), (val), (i)) @@ -494,6 +508,7 @@ STACK_OF(type) \ #define sk_ENGINE_push(st, val) SKM_sk_push(ENGINE, (st), (val)) #define sk_ENGINE_unshift(st, val) SKM_sk_unshift(ENGINE, (st), (val)) #define sk_ENGINE_find(st, val) SKM_sk_find(ENGINE, (st), (val)) +#define sk_ENGINE_find_ex(st, val) SKM_sk_find_ex(ENGINE, (st), (val)) #define sk_ENGINE_delete(st, i) SKM_sk_delete(ENGINE, (st), (i)) #define sk_ENGINE_delete_ptr(st, ptr) SKM_sk_delete_ptr(ENGINE, (st), (ptr)) #define sk_ENGINE_insert(st, val, i) SKM_sk_insert(ENGINE, (st), (val), (i)) @@ -514,6 +529,7 @@ STACK_OF(type) \ #define sk_ENGINE_CLEANUP_ITEM_push(st, val) SKM_sk_push(ENGINE_CLEANUP_ITEM, (st), (val)) #define sk_ENGINE_CLEANUP_ITEM_unshift(st, val) SKM_sk_unshift(ENGINE_CLEANUP_ITEM, (st), (val)) #define sk_ENGINE_CLEANUP_ITEM_find(st, val) SKM_sk_find(ENGINE_CLEANUP_ITEM, (st), (val)) +#define sk_ENGINE_CLEANUP_ITEM_find_ex(st, val) SKM_sk_find_ex(ENGINE_CLEANUP_ITEM, (st), (val)) #define sk_ENGINE_CLEANUP_ITEM_delete(st, i) SKM_sk_delete(ENGINE_CLEANUP_ITEM, (st), (i)) #define sk_ENGINE_CLEANUP_ITEM_delete_ptr(st, ptr) SKM_sk_delete_ptr(ENGINE_CLEANUP_ITEM, (st), (ptr)) #define sk_ENGINE_CLEANUP_ITEM_insert(st, val, i) SKM_sk_insert(ENGINE_CLEANUP_ITEM, (st), (val), (i)) @@ -534,6 +550,7 @@ STACK_OF(type) \ #define sk_GENERAL_NAME_push(st, val) SKM_sk_push(GENERAL_NAME, (st), (val)) #define sk_GENERAL_NAME_unshift(st, val) SKM_sk_unshift(GENERAL_NAME, (st), (val)) #define sk_GENERAL_NAME_find(st, val) SKM_sk_find(GENERAL_NAME, (st), (val)) +#define sk_GENERAL_NAME_find_ex(st, val) SKM_sk_find_ex(GENERAL_NAME, (st), (val)) #define sk_GENERAL_NAME_delete(st, i) SKM_sk_delete(GENERAL_NAME, (st), (i)) #define sk_GENERAL_NAME_delete_ptr(st, ptr) SKM_sk_delete_ptr(GENERAL_NAME, (st), (ptr)) #define sk_GENERAL_NAME_insert(st, val, i) SKM_sk_insert(GENERAL_NAME, (st), (val), (i)) @@ -554,6 +571,7 @@ STACK_OF(type) \ #define sk_GENERAL_SUBTREE_push(st, val) SKM_sk_push(GENERAL_SUBTREE, (st), (val)) #define sk_GENERAL_SUBTREE_unshift(st, val) SKM_sk_unshift(GENERAL_SUBTREE, (st), (val)) #define sk_GENERAL_SUBTREE_find(st, val) SKM_sk_find(GENERAL_SUBTREE, (st), (val)) +#define sk_GENERAL_SUBTREE_find_ex(st, val) SKM_sk_find_ex(GENERAL_SUBTREE, (st), (val)) #define sk_GENERAL_SUBTREE_delete(st, i) SKM_sk_delete(GENERAL_SUBTREE, (st), (i)) #define sk_GENERAL_SUBTREE_delete_ptr(st, ptr) SKM_sk_delete_ptr(GENERAL_SUBTREE, (st), (ptr)) #define sk_GENERAL_SUBTREE_insert(st, val, i) SKM_sk_insert(GENERAL_SUBTREE, (st), (val), (i)) @@ -574,6 +592,7 @@ STACK_OF(type) \ #define sk_KRB5_APREQBODY_push(st, val) SKM_sk_push(KRB5_APREQBODY, (st), (val)) #define sk_KRB5_APREQBODY_unshift(st, val) SKM_sk_unshift(KRB5_APREQBODY, (st), (val)) #define sk_KRB5_APREQBODY_find(st, val) SKM_sk_find(KRB5_APREQBODY, (st), (val)) +#define sk_KRB5_APREQBODY_find_ex(st, val) SKM_sk_find_ex(KRB5_APREQBODY, (st), (val)) #define sk_KRB5_APREQBODY_delete(st, i) SKM_sk_delete(KRB5_APREQBODY, (st), (i)) #define sk_KRB5_APREQBODY_delete_ptr(st, ptr) SKM_sk_delete_ptr(KRB5_APREQBODY, (st), (ptr)) #define sk_KRB5_APREQBODY_insert(st, val, i) SKM_sk_insert(KRB5_APREQBODY, (st), (val), (i)) @@ -594,6 +613,7 @@ STACK_OF(type) \ #define sk_KRB5_AUTHDATA_push(st, val) SKM_sk_push(KRB5_AUTHDATA, (st), (val)) #define sk_KRB5_AUTHDATA_unshift(st, val) SKM_sk_unshift(KRB5_AUTHDATA, (st), (val)) #define sk_KRB5_AUTHDATA_find(st, val) SKM_sk_find(KRB5_AUTHDATA, (st), (val)) +#define sk_KRB5_AUTHDATA_find_ex(st, val) SKM_sk_find_ex(KRB5_AUTHDATA, (st), (val)) #define sk_KRB5_AUTHDATA_delete(st, i) SKM_sk_delete(KRB5_AUTHDATA, (st), (i)) #define sk_KRB5_AUTHDATA_delete_ptr(st, ptr) SKM_sk_delete_ptr(KRB5_AUTHDATA, (st), (ptr)) #define sk_KRB5_AUTHDATA_insert(st, val, i) SKM_sk_insert(KRB5_AUTHDATA, (st), (val), (i)) @@ -614,6 +634,7 @@ STACK_OF(type) \ #define sk_KRB5_AUTHENTBODY_push(st, val) SKM_sk_push(KRB5_AUTHENTBODY, (st), (val)) #define sk_KRB5_AUTHENTBODY_unshift(st, val) SKM_sk_unshift(KRB5_AUTHENTBODY, (st), (val)) #define sk_KRB5_AUTHENTBODY_find(st, val) SKM_sk_find(KRB5_AUTHENTBODY, (st), (val)) +#define sk_KRB5_AUTHENTBODY_find_ex(st, val) SKM_sk_find_ex(KRB5_AUTHENTBODY, (st), (val)) #define sk_KRB5_AUTHENTBODY_delete(st, i) SKM_sk_delete(KRB5_AUTHENTBODY, (st), (i)) #define sk_KRB5_AUTHENTBODY_delete_ptr(st, ptr) SKM_sk_delete_ptr(KRB5_AUTHENTBODY, (st), (ptr)) #define sk_KRB5_AUTHENTBODY_insert(st, val, i) SKM_sk_insert(KRB5_AUTHENTBODY, (st), (val), (i)) @@ -634,6 +655,7 @@ STACK_OF(type) \ #define sk_KRB5_CHECKSUM_push(st, val) SKM_sk_push(KRB5_CHECKSUM, (st), (val)) #define sk_KRB5_CHECKSUM_unshift(st, val) SKM_sk_unshift(KRB5_CHECKSUM, (st), (val)) #define sk_KRB5_CHECKSUM_find(st, val) SKM_sk_find(KRB5_CHECKSUM, (st), (val)) +#define sk_KRB5_CHECKSUM_find_ex(st, val) SKM_sk_find_ex(KRB5_CHECKSUM, (st), (val)) #define sk_KRB5_CHECKSUM_delete(st, i) SKM_sk_delete(KRB5_CHECKSUM, (st), (i)) #define sk_KRB5_CHECKSUM_delete_ptr(st, ptr) SKM_sk_delete_ptr(KRB5_CHECKSUM, (st), (ptr)) #define sk_KRB5_CHECKSUM_insert(st, val, i) SKM_sk_insert(KRB5_CHECKSUM, (st), (val), (i)) @@ -654,6 +676,7 @@ STACK_OF(type) \ #define sk_KRB5_ENCDATA_push(st, val) SKM_sk_push(KRB5_ENCDATA, (st), (val)) #define sk_KRB5_ENCDATA_unshift(st, val) SKM_sk_unshift(KRB5_ENCDATA, (st), (val)) #define sk_KRB5_ENCDATA_find(st, val) SKM_sk_find(KRB5_ENCDATA, (st), (val)) +#define sk_KRB5_ENCDATA_find_ex(st, val) SKM_sk_find_ex(KRB5_ENCDATA, (st), (val)) #define sk_KRB5_ENCDATA_delete(st, i) SKM_sk_delete(KRB5_ENCDATA, (st), (i)) #define sk_KRB5_ENCDATA_delete_ptr(st, ptr) SKM_sk_delete_ptr(KRB5_ENCDATA, (st), (ptr)) #define sk_KRB5_ENCDATA_insert(st, val, i) SKM_sk_insert(KRB5_ENCDATA, (st), (val), (i)) @@ -674,6 +697,7 @@ STACK_OF(type) \ #define sk_KRB5_ENCKEY_push(st, val) SKM_sk_push(KRB5_ENCKEY, (st), (val)) #define sk_KRB5_ENCKEY_unshift(st, val) SKM_sk_unshift(KRB5_ENCKEY, (st), (val)) #define sk_KRB5_ENCKEY_find(st, val) SKM_sk_find(KRB5_ENCKEY, (st), (val)) +#define sk_KRB5_ENCKEY_find_ex(st, val) SKM_sk_find_ex(KRB5_ENCKEY, (st), (val)) #define sk_KRB5_ENCKEY_delete(st, i) SKM_sk_delete(KRB5_ENCKEY, (st), (i)) #define sk_KRB5_ENCKEY_delete_ptr(st, ptr) SKM_sk_delete_ptr(KRB5_ENCKEY, (st), (ptr)) #define sk_KRB5_ENCKEY_insert(st, val, i) SKM_sk_insert(KRB5_ENCKEY, (st), (val), (i)) @@ -694,6 +718,7 @@ STACK_OF(type) \ #define sk_KRB5_PRINCNAME_push(st, val) SKM_sk_push(KRB5_PRINCNAME, (st), (val)) #define sk_KRB5_PRINCNAME_unshift(st, val) SKM_sk_unshift(KRB5_PRINCNAME, (st), (val)) #define sk_KRB5_PRINCNAME_find(st, val) SKM_sk_find(KRB5_PRINCNAME, (st), (val)) +#define sk_KRB5_PRINCNAME_find_ex(st, val) SKM_sk_find_ex(KRB5_PRINCNAME, (st), (val)) #define sk_KRB5_PRINCNAME_delete(st, i) SKM_sk_delete(KRB5_PRINCNAME, (st), (i)) #define sk_KRB5_PRINCNAME_delete_ptr(st, ptr) SKM_sk_delete_ptr(KRB5_PRINCNAME, (st), (ptr)) #define sk_KRB5_PRINCNAME_insert(st, val, i) SKM_sk_insert(KRB5_PRINCNAME, (st), (val), (i)) @@ -714,6 +739,7 @@ STACK_OF(type) \ #define sk_KRB5_TKTBODY_push(st, val) SKM_sk_push(KRB5_TKTBODY, (st), (val)) #define sk_KRB5_TKTBODY_unshift(st, val) SKM_sk_unshift(KRB5_TKTBODY, (st), (val)) #define sk_KRB5_TKTBODY_find(st, val) SKM_sk_find(KRB5_TKTBODY, (st), (val)) +#define sk_KRB5_TKTBODY_find_ex(st, val) SKM_sk_find_ex(KRB5_TKTBODY, (st), (val)) #define sk_KRB5_TKTBODY_delete(st, i) SKM_sk_delete(KRB5_TKTBODY, (st), (i)) #define sk_KRB5_TKTBODY_delete_ptr(st, ptr) SKM_sk_delete_ptr(KRB5_TKTBODY, (st), (ptr)) #define sk_KRB5_TKTBODY_insert(st, val, i) SKM_sk_insert(KRB5_TKTBODY, (st), (val), (i)) @@ -734,6 +760,7 @@ STACK_OF(type) \ #define sk_MIME_HEADER_push(st, val) SKM_sk_push(MIME_HEADER, (st), (val)) #define sk_MIME_HEADER_unshift(st, val) SKM_sk_unshift(MIME_HEADER, (st), (val)) #define sk_MIME_HEADER_find(st, val) SKM_sk_find(MIME_HEADER, (st), (val)) +#define sk_MIME_HEADER_find_ex(st, val) SKM_sk_find_ex(MIME_HEADER, (st), (val)) #define sk_MIME_HEADER_delete(st, i) SKM_sk_delete(MIME_HEADER, (st), (i)) #define sk_MIME_HEADER_delete_ptr(st, ptr) SKM_sk_delete_ptr(MIME_HEADER, (st), (ptr)) #define sk_MIME_HEADER_insert(st, val, i) SKM_sk_insert(MIME_HEADER, (st), (val), (i)) @@ -754,6 +781,7 @@ STACK_OF(type) \ #define sk_MIME_PARAM_push(st, val) SKM_sk_push(MIME_PARAM, (st), (val)) #define sk_MIME_PARAM_unshift(st, val) SKM_sk_unshift(MIME_PARAM, (st), (val)) #define sk_MIME_PARAM_find(st, val) SKM_sk_find(MIME_PARAM, (st), (val)) +#define sk_MIME_PARAM_find_ex(st, val) SKM_sk_find_ex(MIME_PARAM, (st), (val)) #define sk_MIME_PARAM_delete(st, i) SKM_sk_delete(MIME_PARAM, (st), (i)) #define sk_MIME_PARAM_delete_ptr(st, ptr) SKM_sk_delete_ptr(MIME_PARAM, (st), (ptr)) #define sk_MIME_PARAM_insert(st, val, i) SKM_sk_insert(MIME_PARAM, (st), (val), (i)) @@ -774,6 +802,7 @@ STACK_OF(type) \ #define sk_NAME_FUNCS_push(st, val) SKM_sk_push(NAME_FUNCS, (st), (val)) #define sk_NAME_FUNCS_unshift(st, val) SKM_sk_unshift(NAME_FUNCS, (st), (val)) #define sk_NAME_FUNCS_find(st, val) SKM_sk_find(NAME_FUNCS, (st), (val)) +#define sk_NAME_FUNCS_find_ex(st, val) SKM_sk_find_ex(NAME_FUNCS, (st), (val)) #define sk_NAME_FUNCS_delete(st, i) SKM_sk_delete(NAME_FUNCS, (st), (i)) #define sk_NAME_FUNCS_delete_ptr(st, ptr) SKM_sk_delete_ptr(NAME_FUNCS, (st), (ptr)) #define sk_NAME_FUNCS_insert(st, val, i) SKM_sk_insert(NAME_FUNCS, (st), (val), (i)) @@ -794,6 +823,7 @@ STACK_OF(type) \ #define sk_OCSP_CERTID_push(st, val) SKM_sk_push(OCSP_CERTID, (st), (val)) #define sk_OCSP_CERTID_unshift(st, val) SKM_sk_unshift(OCSP_CERTID, (st), (val)) #define sk_OCSP_CERTID_find(st, val) SKM_sk_find(OCSP_CERTID, (st), (val)) +#define sk_OCSP_CERTID_find_ex(st, val) SKM_sk_find_ex(OCSP_CERTID, (st), (val)) #define sk_OCSP_CERTID_delete(st, i) SKM_sk_delete(OCSP_CERTID, (st), (i)) #define sk_OCSP_CERTID_delete_ptr(st, ptr) SKM_sk_delete_ptr(OCSP_CERTID, (st), (ptr)) #define sk_OCSP_CERTID_insert(st, val, i) SKM_sk_insert(OCSP_CERTID, (st), (val), (i)) @@ -814,6 +844,7 @@ STACK_OF(type) \ #define sk_OCSP_ONEREQ_push(st, val) SKM_sk_push(OCSP_ONEREQ, (st), (val)) #define sk_OCSP_ONEREQ_unshift(st, val) SKM_sk_unshift(OCSP_ONEREQ, (st), (val)) #define sk_OCSP_ONEREQ_find(st, val) SKM_sk_find(OCSP_ONEREQ, (st), (val)) +#define sk_OCSP_ONEREQ_find_ex(st, val) SKM_sk_find_ex(OCSP_ONEREQ, (st), (val)) #define sk_OCSP_ONEREQ_delete(st, i) SKM_sk_delete(OCSP_ONEREQ, (st), (i)) #define sk_OCSP_ONEREQ_delete_ptr(st, ptr) SKM_sk_delete_ptr(OCSP_ONEREQ, (st), (ptr)) #define sk_OCSP_ONEREQ_insert(st, val, i) SKM_sk_insert(OCSP_ONEREQ, (st), (val), (i)) @@ -834,6 +865,7 @@ STACK_OF(type) \ #define sk_OCSP_SINGLERESP_push(st, val) SKM_sk_push(OCSP_SINGLERESP, (st), (val)) #define sk_OCSP_SINGLERESP_unshift(st, val) SKM_sk_unshift(OCSP_SINGLERESP, (st), (val)) #define sk_OCSP_SINGLERESP_find(st, val) SKM_sk_find(OCSP_SINGLERESP, (st), (val)) +#define sk_OCSP_SINGLERESP_find_ex(st, val) SKM_sk_find_ex(OCSP_SINGLERESP, (st), (val)) #define sk_OCSP_SINGLERESP_delete(st, i) SKM_sk_delete(OCSP_SINGLERESP, (st), (i)) #define sk_OCSP_SINGLERESP_delete_ptr(st, ptr) SKM_sk_delete_ptr(OCSP_SINGLERESP, (st), (ptr)) #define sk_OCSP_SINGLERESP_insert(st, val, i) SKM_sk_insert(OCSP_SINGLERESP, (st), (val), (i)) @@ -854,6 +886,7 @@ STACK_OF(type) \ #define sk_PKCS12_SAFEBAG_push(st, val) SKM_sk_push(PKCS12_SAFEBAG, (st), (val)) #define sk_PKCS12_SAFEBAG_unshift(st, val) SKM_sk_unshift(PKCS12_SAFEBAG, (st), (val)) #define sk_PKCS12_SAFEBAG_find(st, val) SKM_sk_find(PKCS12_SAFEBAG, (st), (val)) +#define sk_PKCS12_SAFEBAG_find_ex(st, val) SKM_sk_find_ex(PKCS12_SAFEBAG, (st), (val)) #define sk_PKCS12_SAFEBAG_delete(st, i) SKM_sk_delete(PKCS12_SAFEBAG, (st), (i)) #define sk_PKCS12_SAFEBAG_delete_ptr(st, ptr) SKM_sk_delete_ptr(PKCS12_SAFEBAG, (st), (ptr)) #define sk_PKCS12_SAFEBAG_insert(st, val, i) SKM_sk_insert(PKCS12_SAFEBAG, (st), (val), (i)) @@ -874,6 +907,7 @@ STACK_OF(type) \ #define sk_PKCS7_push(st, val) SKM_sk_push(PKCS7, (st), (val)) #define sk_PKCS7_unshift(st, val) SKM_sk_unshift(PKCS7, (st), (val)) #define sk_PKCS7_find(st, val) SKM_sk_find(PKCS7, (st), (val)) +#define sk_PKCS7_find_ex(st, val) SKM_sk_find_ex(PKCS7, (st), (val)) #define sk_PKCS7_delete(st, i) SKM_sk_delete(PKCS7, (st), (i)) #define sk_PKCS7_delete_ptr(st, ptr) SKM_sk_delete_ptr(PKCS7, (st), (ptr)) #define sk_PKCS7_insert(st, val, i) SKM_sk_insert(PKCS7, (st), (val), (i)) @@ -894,6 +928,7 @@ STACK_OF(type) \ #define sk_PKCS7_RECIP_INFO_push(st, val) SKM_sk_push(PKCS7_RECIP_INFO, (st), (val)) #define sk_PKCS7_RECIP_INFO_unshift(st, val) SKM_sk_unshift(PKCS7_RECIP_INFO, (st), (val)) #define sk_PKCS7_RECIP_INFO_find(st, val) SKM_sk_find(PKCS7_RECIP_INFO, (st), (val)) +#define sk_PKCS7_RECIP_INFO_find_ex(st, val) SKM_sk_find_ex(PKCS7_RECIP_INFO, (st), (val)) #define sk_PKCS7_RECIP_INFO_delete(st, i) SKM_sk_delete(PKCS7_RECIP_INFO, (st), (i)) #define sk_PKCS7_RECIP_INFO_delete_ptr(st, ptr) SKM_sk_delete_ptr(PKCS7_RECIP_INFO, (st), (ptr)) #define sk_PKCS7_RECIP_INFO_insert(st, val, i) SKM_sk_insert(PKCS7_RECIP_INFO, (st), (val), (i)) @@ -914,6 +949,7 @@ STACK_OF(type) \ #define sk_PKCS7_SIGNER_INFO_push(st, val) SKM_sk_push(PKCS7_SIGNER_INFO, (st), (val)) #define sk_PKCS7_SIGNER_INFO_unshift(st, val) SKM_sk_unshift(PKCS7_SIGNER_INFO, (st), (val)) #define sk_PKCS7_SIGNER_INFO_find(st, val) SKM_sk_find(PKCS7_SIGNER_INFO, (st), (val)) +#define sk_PKCS7_SIGNER_INFO_find_ex(st, val) SKM_sk_find_ex(PKCS7_SIGNER_INFO, (st), (val)) #define sk_PKCS7_SIGNER_INFO_delete(st, i) SKM_sk_delete(PKCS7_SIGNER_INFO, (st), (i)) #define sk_PKCS7_SIGNER_INFO_delete_ptr(st, ptr) SKM_sk_delete_ptr(PKCS7_SIGNER_INFO, (st), (ptr)) #define sk_PKCS7_SIGNER_INFO_insert(st, val, i) SKM_sk_insert(PKCS7_SIGNER_INFO, (st), (val), (i)) @@ -934,6 +970,7 @@ STACK_OF(type) \ #define sk_POLICYINFO_push(st, val) SKM_sk_push(POLICYINFO, (st), (val)) #define sk_POLICYINFO_unshift(st, val) SKM_sk_unshift(POLICYINFO, (st), (val)) #define sk_POLICYINFO_find(st, val) SKM_sk_find(POLICYINFO, (st), (val)) +#define sk_POLICYINFO_find_ex(st, val) SKM_sk_find_ex(POLICYINFO, (st), (val)) #define sk_POLICYINFO_delete(st, i) SKM_sk_delete(POLICYINFO, (st), (i)) #define sk_POLICYINFO_delete_ptr(st, ptr) SKM_sk_delete_ptr(POLICYINFO, (st), (ptr)) #define sk_POLICYINFO_insert(st, val, i) SKM_sk_insert(POLICYINFO, (st), (val), (i)) @@ -954,6 +991,7 @@ STACK_OF(type) \ #define sk_POLICYQUALINFO_push(st, val) SKM_sk_push(POLICYQUALINFO, (st), (val)) #define sk_POLICYQUALINFO_unshift(st, val) SKM_sk_unshift(POLICYQUALINFO, (st), (val)) #define sk_POLICYQUALINFO_find(st, val) SKM_sk_find(POLICYQUALINFO, (st), (val)) +#define sk_POLICYQUALINFO_find_ex(st, val) SKM_sk_find_ex(POLICYQUALINFO, (st), (val)) #define sk_POLICYQUALINFO_delete(st, i) SKM_sk_delete(POLICYQUALINFO, (st), (i)) #define sk_POLICYQUALINFO_delete_ptr(st, ptr) SKM_sk_delete_ptr(POLICYQUALINFO, (st), (ptr)) #define sk_POLICYQUALINFO_insert(st, val, i) SKM_sk_insert(POLICYQUALINFO, (st), (val), (i)) @@ -974,6 +1012,7 @@ STACK_OF(type) \ #define sk_POLICY_MAPPING_push(st, val) SKM_sk_push(POLICY_MAPPING, (st), (val)) #define sk_POLICY_MAPPING_unshift(st, val) SKM_sk_unshift(POLICY_MAPPING, (st), (val)) #define sk_POLICY_MAPPING_find(st, val) SKM_sk_find(POLICY_MAPPING, (st), (val)) +#define sk_POLICY_MAPPING_find_ex(st, val) SKM_sk_find_ex(POLICY_MAPPING, (st), (val)) #define sk_POLICY_MAPPING_delete(st, i) SKM_sk_delete(POLICY_MAPPING, (st), (i)) #define sk_POLICY_MAPPING_delete_ptr(st, ptr) SKM_sk_delete_ptr(POLICY_MAPPING, (st), (ptr)) #define sk_POLICY_MAPPING_insert(st, val, i) SKM_sk_insert(POLICY_MAPPING, (st), (val), (i)) @@ -994,6 +1033,7 @@ STACK_OF(type) \ #define sk_SSL_CIPHER_push(st, val) SKM_sk_push(SSL_CIPHER, (st), (val)) #define sk_SSL_CIPHER_unshift(st, val) SKM_sk_unshift(SSL_CIPHER, (st), (val)) #define sk_SSL_CIPHER_find(st, val) SKM_sk_find(SSL_CIPHER, (st), (val)) +#define sk_SSL_CIPHER_find_ex(st, val) SKM_sk_find_ex(SSL_CIPHER, (st), (val)) #define sk_SSL_CIPHER_delete(st, i) SKM_sk_delete(SSL_CIPHER, (st), (i)) #define sk_SSL_CIPHER_delete_ptr(st, ptr) SKM_sk_delete_ptr(SSL_CIPHER, (st), (ptr)) #define sk_SSL_CIPHER_insert(st, val, i) SKM_sk_insert(SSL_CIPHER, (st), (val), (i)) @@ -1014,6 +1054,7 @@ STACK_OF(type) \ #define sk_SSL_COMP_push(st, val) SKM_sk_push(SSL_COMP, (st), (val)) #define sk_SSL_COMP_unshift(st, val) SKM_sk_unshift(SSL_COMP, (st), (val)) #define sk_SSL_COMP_find(st, val) SKM_sk_find(SSL_COMP, (st), (val)) +#define sk_SSL_COMP_find_ex(st, val) SKM_sk_find_ex(SSL_COMP, (st), (val)) #define sk_SSL_COMP_delete(st, i) SKM_sk_delete(SSL_COMP, (st), (i)) #define sk_SSL_COMP_delete_ptr(st, ptr) SKM_sk_delete_ptr(SSL_COMP, (st), (ptr)) #define sk_SSL_COMP_insert(st, val, i) SKM_sk_insert(SSL_COMP, (st), (val), (i)) @@ -1024,6 +1065,27 @@ STACK_OF(type) \ #define sk_SSL_COMP_pop(st) SKM_sk_pop(SSL_COMP, (st)) #define sk_SSL_COMP_sort(st) SKM_sk_sort(SSL_COMP, (st)) +#define sk_STORE_OBJECT_new(st) SKM_sk_new(STORE_OBJECT, (st)) +#define sk_STORE_OBJECT_new_null() SKM_sk_new_null(STORE_OBJECT) +#define sk_STORE_OBJECT_free(st) SKM_sk_free(STORE_OBJECT, (st)) +#define sk_STORE_OBJECT_num(st) SKM_sk_num(STORE_OBJECT, (st)) +#define sk_STORE_OBJECT_value(st, i) SKM_sk_value(STORE_OBJECT, (st), (i)) +#define sk_STORE_OBJECT_set(st, i, val) SKM_sk_set(STORE_OBJECT, (st), (i), (val)) +#define sk_STORE_OBJECT_zero(st) SKM_sk_zero(STORE_OBJECT, (st)) +#define sk_STORE_OBJECT_push(st, val) SKM_sk_push(STORE_OBJECT, (st), (val)) +#define sk_STORE_OBJECT_unshift(st, val) SKM_sk_unshift(STORE_OBJECT, (st), (val)) +#define sk_STORE_OBJECT_find(st, val) SKM_sk_find(STORE_OBJECT, (st), (val)) +#define sk_STORE_OBJECT_find_ex(st, val) SKM_sk_find_ex(STORE_OBJECT, (st), (val)) +#define sk_STORE_OBJECT_delete(st, i) SKM_sk_delete(STORE_OBJECT, (st), (i)) +#define sk_STORE_OBJECT_delete_ptr(st, ptr) SKM_sk_delete_ptr(STORE_OBJECT, (st), (ptr)) +#define sk_STORE_OBJECT_insert(st, val, i) SKM_sk_insert(STORE_OBJECT, (st), (val), (i)) +#define sk_STORE_OBJECT_set_cmp_func(st, cmp) SKM_sk_set_cmp_func(STORE_OBJECT, (st), (cmp)) +#define sk_STORE_OBJECT_dup(st) SKM_sk_dup(STORE_OBJECT, st) +#define sk_STORE_OBJECT_pop_free(st, free_func) SKM_sk_pop_free(STORE_OBJECT, (st), (free_func)) +#define sk_STORE_OBJECT_shift(st) SKM_sk_shift(STORE_OBJECT, (st)) +#define sk_STORE_OBJECT_pop(st) SKM_sk_pop(STORE_OBJECT, (st)) +#define sk_STORE_OBJECT_sort(st) SKM_sk_sort(STORE_OBJECT, (st)) + #define sk_SXNETID_new(st) SKM_sk_new(SXNETID, (st)) #define sk_SXNETID_new_null() SKM_sk_new_null(SXNETID) #define sk_SXNETID_free(st) SKM_sk_free(SXNETID, (st)) @@ -1034,6 +1096,7 @@ STACK_OF(type) \ #define sk_SXNETID_push(st, val) SKM_sk_push(SXNETID, (st), (val)) #define sk_SXNETID_unshift(st, val) SKM_sk_unshift(SXNETID, (st), (val)) #define sk_SXNETID_find(st, val) SKM_sk_find(SXNETID, (st), (val)) +#define sk_SXNETID_find_ex(st, val) SKM_sk_find_ex(SXNETID, (st), (val)) #define sk_SXNETID_delete(st, i) SKM_sk_delete(SXNETID, (st), (i)) #define sk_SXNETID_delete_ptr(st, ptr) SKM_sk_delete_ptr(SXNETID, (st), (ptr)) #define sk_SXNETID_insert(st, val, i) SKM_sk_insert(SXNETID, (st), (val), (i)) @@ -1054,6 +1117,7 @@ STACK_OF(type) \ #define sk_UI_STRING_push(st, val) SKM_sk_push(UI_STRING, (st), (val)) #define sk_UI_STRING_unshift(st, val) SKM_sk_unshift(UI_STRING, (st), (val)) #define sk_UI_STRING_find(st, val) SKM_sk_find(UI_STRING, (st), (val)) +#define sk_UI_STRING_find_ex(st, val) SKM_sk_find_ex(UI_STRING, (st), (val)) #define sk_UI_STRING_delete(st, i) SKM_sk_delete(UI_STRING, (st), (i)) #define sk_UI_STRING_delete_ptr(st, ptr) SKM_sk_delete_ptr(UI_STRING, (st), (ptr)) #define sk_UI_STRING_insert(st, val, i) SKM_sk_insert(UI_STRING, (st), (val), (i)) @@ -1074,6 +1138,7 @@ STACK_OF(type) \ #define sk_X509_push(st, val) SKM_sk_push(X509, (st), (val)) #define sk_X509_unshift(st, val) SKM_sk_unshift(X509, (st), (val)) #define sk_X509_find(st, val) SKM_sk_find(X509, (st), (val)) +#define sk_X509_find_ex(st, val) SKM_sk_find_ex(X509, (st), (val)) #define sk_X509_delete(st, i) SKM_sk_delete(X509, (st), (i)) #define sk_X509_delete_ptr(st, ptr) SKM_sk_delete_ptr(X509, (st), (ptr)) #define sk_X509_insert(st, val, i) SKM_sk_insert(X509, (st), (val), (i)) @@ -1094,6 +1159,7 @@ STACK_OF(type) \ #define sk_X509V3_EXT_METHOD_push(st, val) SKM_sk_push(X509V3_EXT_METHOD, (st), (val)) #define sk_X509V3_EXT_METHOD_unshift(st, val) SKM_sk_unshift(X509V3_EXT_METHOD, (st), (val)) #define sk_X509V3_EXT_METHOD_find(st, val) SKM_sk_find(X509V3_EXT_METHOD, (st), (val)) +#define sk_X509V3_EXT_METHOD_find_ex(st, val) SKM_sk_find_ex(X509V3_EXT_METHOD, (st), (val)) #define sk_X509V3_EXT_METHOD_delete(st, i) SKM_sk_delete(X509V3_EXT_METHOD, (st), (i)) #define sk_X509V3_EXT_METHOD_delete_ptr(st, ptr) SKM_sk_delete_ptr(X509V3_EXT_METHOD, (st), (ptr)) #define sk_X509V3_EXT_METHOD_insert(st, val, i) SKM_sk_insert(X509V3_EXT_METHOD, (st), (val), (i)) @@ -1114,6 +1180,7 @@ STACK_OF(type) \ #define sk_X509_ALGOR_push(st, val) SKM_sk_push(X509_ALGOR, (st), (val)) #define sk_X509_ALGOR_unshift(st, val) SKM_sk_unshift(X509_ALGOR, (st), (val)) #define sk_X509_ALGOR_find(st, val) SKM_sk_find(X509_ALGOR, (st), (val)) +#define sk_X509_ALGOR_find_ex(st, val) SKM_sk_find_ex(X509_ALGOR, (st), (val)) #define sk_X509_ALGOR_delete(st, i) SKM_sk_delete(X509_ALGOR, (st), (i)) #define sk_X509_ALGOR_delete_ptr(st, ptr) SKM_sk_delete_ptr(X509_ALGOR, (st), (ptr)) #define sk_X509_ALGOR_insert(st, val, i) SKM_sk_insert(X509_ALGOR, (st), (val), (i)) @@ -1134,6 +1201,7 @@ STACK_OF(type) \ #define sk_X509_ATTRIBUTE_push(st, val) SKM_sk_push(X509_ATTRIBUTE, (st), (val)) #define sk_X509_ATTRIBUTE_unshift(st, val) SKM_sk_unshift(X509_ATTRIBUTE, (st), (val)) #define sk_X509_ATTRIBUTE_find(st, val) SKM_sk_find(X509_ATTRIBUTE, (st), (val)) +#define sk_X509_ATTRIBUTE_find_ex(st, val) SKM_sk_find_ex(X509_ATTRIBUTE, (st), (val)) #define sk_X509_ATTRIBUTE_delete(st, i) SKM_sk_delete(X509_ATTRIBUTE, (st), (i)) #define sk_X509_ATTRIBUTE_delete_ptr(st, ptr) SKM_sk_delete_ptr(X509_ATTRIBUTE, (st), (ptr)) #define sk_X509_ATTRIBUTE_insert(st, val, i) SKM_sk_insert(X509_ATTRIBUTE, (st), (val), (i)) @@ -1154,6 +1222,7 @@ STACK_OF(type) \ #define sk_X509_CRL_push(st, val) SKM_sk_push(X509_CRL, (st), (val)) #define sk_X509_CRL_unshift(st, val) SKM_sk_unshift(X509_CRL, (st), (val)) #define sk_X509_CRL_find(st, val) SKM_sk_find(X509_CRL, (st), (val)) +#define sk_X509_CRL_find_ex(st, val) SKM_sk_find_ex(X509_CRL, (st), (val)) #define sk_X509_CRL_delete(st, i) SKM_sk_delete(X509_CRL, (st), (i)) #define sk_X509_CRL_delete_ptr(st, ptr) SKM_sk_delete_ptr(X509_CRL, (st), (ptr)) #define sk_X509_CRL_insert(st, val, i) SKM_sk_insert(X509_CRL, (st), (val), (i)) @@ -1174,6 +1243,7 @@ STACK_OF(type) \ #define sk_X509_EXTENSION_push(st, val) SKM_sk_push(X509_EXTENSION, (st), (val)) #define sk_X509_EXTENSION_unshift(st, val) SKM_sk_unshift(X509_EXTENSION, (st), (val)) #define sk_X509_EXTENSION_find(st, val) SKM_sk_find(X509_EXTENSION, (st), (val)) +#define sk_X509_EXTENSION_find_ex(st, val) SKM_sk_find_ex(X509_EXTENSION, (st), (val)) #define sk_X509_EXTENSION_delete(st, i) SKM_sk_delete(X509_EXTENSION, (st), (i)) #define sk_X509_EXTENSION_delete_ptr(st, ptr) SKM_sk_delete_ptr(X509_EXTENSION, (st), (ptr)) #define sk_X509_EXTENSION_insert(st, val, i) SKM_sk_insert(X509_EXTENSION, (st), (val), (i)) @@ -1194,6 +1264,7 @@ STACK_OF(type) \ #define sk_X509_INFO_push(st, val) SKM_sk_push(X509_INFO, (st), (val)) #define sk_X509_INFO_unshift(st, val) SKM_sk_unshift(X509_INFO, (st), (val)) #define sk_X509_INFO_find(st, val) SKM_sk_find(X509_INFO, (st), (val)) +#define sk_X509_INFO_find_ex(st, val) SKM_sk_find_ex(X509_INFO, (st), (val)) #define sk_X509_INFO_delete(st, i) SKM_sk_delete(X509_INFO, (st), (i)) #define sk_X509_INFO_delete_ptr(st, ptr) SKM_sk_delete_ptr(X509_INFO, (st), (ptr)) #define sk_X509_INFO_insert(st, val, i) SKM_sk_insert(X509_INFO, (st), (val), (i)) @@ -1214,6 +1285,7 @@ STACK_OF(type) \ #define sk_X509_LOOKUP_push(st, val) SKM_sk_push(X509_LOOKUP, (st), (val)) #define sk_X509_LOOKUP_unshift(st, val) SKM_sk_unshift(X509_LOOKUP, (st), (val)) #define sk_X509_LOOKUP_find(st, val) SKM_sk_find(X509_LOOKUP, (st), (val)) +#define sk_X509_LOOKUP_find_ex(st, val) SKM_sk_find_ex(X509_LOOKUP, (st), (val)) #define sk_X509_LOOKUP_delete(st, i) SKM_sk_delete(X509_LOOKUP, (st), (i)) #define sk_X509_LOOKUP_delete_ptr(st, ptr) SKM_sk_delete_ptr(X509_LOOKUP, (st), (ptr)) #define sk_X509_LOOKUP_insert(st, val, i) SKM_sk_insert(X509_LOOKUP, (st), (val), (i)) @@ -1234,6 +1306,7 @@ STACK_OF(type) \ #define sk_X509_NAME_push(st, val) SKM_sk_push(X509_NAME, (st), (val)) #define sk_X509_NAME_unshift(st, val) SKM_sk_unshift(X509_NAME, (st), (val)) #define sk_X509_NAME_find(st, val) SKM_sk_find(X509_NAME, (st), (val)) +#define sk_X509_NAME_find_ex(st, val) SKM_sk_find_ex(X509_NAME, (st), (val)) #define sk_X509_NAME_delete(st, i) SKM_sk_delete(X509_NAME, (st), (i)) #define sk_X509_NAME_delete_ptr(st, ptr) SKM_sk_delete_ptr(X509_NAME, (st), (ptr)) #define sk_X509_NAME_insert(st, val, i) SKM_sk_insert(X509_NAME, (st), (val), (i)) @@ -1254,6 +1327,7 @@ STACK_OF(type) \ #define sk_X509_NAME_ENTRY_push(st, val) SKM_sk_push(X509_NAME_ENTRY, (st), (val)) #define sk_X509_NAME_ENTRY_unshift(st, val) SKM_sk_unshift(X509_NAME_ENTRY, (st), (val)) #define sk_X509_NAME_ENTRY_find(st, val) SKM_sk_find(X509_NAME_ENTRY, (st), (val)) +#define sk_X509_NAME_ENTRY_find_ex(st, val) SKM_sk_find_ex(X509_NAME_ENTRY, (st), (val)) #define sk_X509_NAME_ENTRY_delete(st, i) SKM_sk_delete(X509_NAME_ENTRY, (st), (i)) #define sk_X509_NAME_ENTRY_delete_ptr(st, ptr) SKM_sk_delete_ptr(X509_NAME_ENTRY, (st), (ptr)) #define sk_X509_NAME_ENTRY_insert(st, val, i) SKM_sk_insert(X509_NAME_ENTRY, (st), (val), (i)) @@ -1274,6 +1348,7 @@ STACK_OF(type) \ #define sk_X509_OBJECT_push(st, val) SKM_sk_push(X509_OBJECT, (st), (val)) #define sk_X509_OBJECT_unshift(st, val) SKM_sk_unshift(X509_OBJECT, (st), (val)) #define sk_X509_OBJECT_find(st, val) SKM_sk_find(X509_OBJECT, (st), (val)) +#define sk_X509_OBJECT_find_ex(st, val) SKM_sk_find_ex(X509_OBJECT, (st), (val)) #define sk_X509_OBJECT_delete(st, i) SKM_sk_delete(X509_OBJECT, (st), (i)) #define sk_X509_OBJECT_delete_ptr(st, ptr) SKM_sk_delete_ptr(X509_OBJECT, (st), (ptr)) #define sk_X509_OBJECT_insert(st, val, i) SKM_sk_insert(X509_OBJECT, (st), (val), (i)) @@ -1294,6 +1369,7 @@ STACK_OF(type) \ #define sk_X509_PURPOSE_push(st, val) SKM_sk_push(X509_PURPOSE, (st), (val)) #define sk_X509_PURPOSE_unshift(st, val) SKM_sk_unshift(X509_PURPOSE, (st), (val)) #define sk_X509_PURPOSE_find(st, val) SKM_sk_find(X509_PURPOSE, (st), (val)) +#define sk_X509_PURPOSE_find_ex(st, val) SKM_sk_find_ex(X509_PURPOSE, (st), (val)) #define sk_X509_PURPOSE_delete(st, i) SKM_sk_delete(X509_PURPOSE, (st), (i)) #define sk_X509_PURPOSE_delete_ptr(st, ptr) SKM_sk_delete_ptr(X509_PURPOSE, (st), (ptr)) #define sk_X509_PURPOSE_insert(st, val, i) SKM_sk_insert(X509_PURPOSE, (st), (val), (i)) @@ -1314,6 +1390,7 @@ STACK_OF(type) \ #define sk_X509_REVOKED_push(st, val) SKM_sk_push(X509_REVOKED, (st), (val)) #define sk_X509_REVOKED_unshift(st, val) SKM_sk_unshift(X509_REVOKED, (st), (val)) #define sk_X509_REVOKED_find(st, val) SKM_sk_find(X509_REVOKED, (st), (val)) +#define sk_X509_REVOKED_find_ex(st, val) SKM_sk_find_ex(X509_REVOKED, (st), (val)) #define sk_X509_REVOKED_delete(st, i) SKM_sk_delete(X509_REVOKED, (st), (i)) #define sk_X509_REVOKED_delete_ptr(st, ptr) SKM_sk_delete_ptr(X509_REVOKED, (st), (ptr)) #define sk_X509_REVOKED_insert(st, val, i) SKM_sk_insert(X509_REVOKED, (st), (val), (i)) @@ -1334,6 +1411,7 @@ STACK_OF(type) \ #define sk_X509_TRUST_push(st, val) SKM_sk_push(X509_TRUST, (st), (val)) #define sk_X509_TRUST_unshift(st, val) SKM_sk_unshift(X509_TRUST, (st), (val)) #define sk_X509_TRUST_find(st, val) SKM_sk_find(X509_TRUST, (st), (val)) +#define sk_X509_TRUST_find_ex(st, val) SKM_sk_find_ex(X509_TRUST, (st), (val)) #define sk_X509_TRUST_delete(st, i) SKM_sk_delete(X509_TRUST, (st), (i)) #define sk_X509_TRUST_delete_ptr(st, ptr) SKM_sk_delete_ptr(X509_TRUST, (st), (ptr)) #define sk_X509_TRUST_insert(st, val, i) SKM_sk_insert(X509_TRUST, (st), (val), (i)) diff --git a/crypto/stack/stack.c b/crypto/stack/stack.c index 2496f28a8c..98a3eeee64 100644 --- a/crypto/stack/stack.c +++ b/crypto/stack/stack.c @@ -210,7 +210,7 @@ char *sk_delete(STACK *st, int loc) return(ret); } -int sk_find(STACK *st, char *data) +static int internal_find(STACK *st, char *data, int ret_val_options) { char **r; int i; @@ -233,19 +233,19 @@ int sk_find(STACK *st, char *data) * not (type *) pointers, but the *pointers* to (type *) pointers, * so we get our extra level of pointer dereferencing that way. */ comp_func=(int (*)(const void *,const void *))(st->comp); - r=(char **)bsearch(&data,(char *)st->data, - st->num,sizeof(char *), comp_func); + r=(char **)OBJ_bsearch(&data,(char *)st->data, + st->num,sizeof(char *),comp_func,ret_val_options); if (r == NULL) return(-1); - i=(int)(r-st->data); - for ( ; i>0; i--) - /* This needs a cast because the type being pointed to from - * the "&" expressions are (char *) rather than (const char *). - * For an explanation, read: - * http://www.eskimo.com/~scs/C-faq/q11.10.html :-) */ - if ((*st->comp)((const char * const *)&(st->data[i-1]), - (const char * const *)&data) < 0) - break; - return(i); + return((int)(r-st->data)); + } + +int sk_find(STACK *st, char *data) + { + return internal_find(st, data, OBJ_BSEARCH_FIRST_VALUE_ON_MATCH); + } +int sk_find_ex(STACK *st, char *data) + { + return internal_find(st, data, OBJ_BSEARCH_VALUE_ON_NOMATCH); } int sk_push(STACK *st, char *data) diff --git a/crypto/stack/stack.h b/crypto/stack/stack.h index 8b436ca4b9..0058d50f12 100644 --- a/crypto/stack/stack.h +++ b/crypto/stack/stack.h @@ -89,6 +89,7 @@ int sk_insert(STACK *sk,char *data,int where); char *sk_delete(STACK *st,int loc); char *sk_delete_ptr(STACK *st, char *p); int sk_find(STACK *st,char *data); +int sk_find_ex(STACK *st,char *data); int sk_push(STACK *st,char *data); int sk_unshift(STACK *st,char *data); char *sk_shift(STACK *st); diff --git a/util/mkstack.pl b/util/mkstack.pl index 085c50f790..be2cb4f1e7 100755 --- a/util/mkstack.pl +++ b/util/mkstack.pl @@ -75,6 +75,7 @@ while() { #define sk_${type_thing}_push(st, val) SKM_sk_push($type_thing, (st), (val)) #define sk_${type_thing}_unshift(st, val) SKM_sk_unshift($type_thing, (st), (val)) #define sk_${type_thing}_find(st, val) SKM_sk_find($type_thing, (st), (val)) +#define sk_${type_thing}_find_ex(st, val) SKM_sk_find_ex($type_thing, (st), (val)) #define sk_${type_thing}_delete(st, i) SKM_sk_delete($type_thing, (st), (i)) #define sk_${type_thing}_delete_ptr(st, ptr) SKM_sk_delete_ptr($type_thing, (st), (ptr)) #define sk_${type_thing}_insert(st, val, i) SKM_sk_insert($type_thing, (st), (val), (i)) From 9d6c32d6d1e35274277a861ac3199a1db3f3f81a Mon Sep 17 00:00:00 2001 From: Richard Levitte Date: Tue, 29 Apr 2003 20:31:58 +0000 Subject: [PATCH 264/393] Correct documentation. sk_find_ex() doesn't return a pointer, it returns an index. --- CHANGES | 7 +++++++ 1 file changed, 7 insertions(+) diff --git a/CHANGES b/CHANGES index c65cf1f5fc..2a926d1917 100644 --- a/CHANGES +++ b/CHANGES @@ -4,6 +4,12 @@ Changes between 0.9.7a and 0.9.8 [xx XXX xxxx] + *) Add the function sk_find_ex() which works like sk_find(), but will + return an index to an element even if an exact match couldn't be + found. The index is guaranteed to point at the element where the + searched-for key would be inserted to preserve sorting order. + [Richard Levitte] + *) Add the function OBJ_bsearch_ex() which works like OBJ_bsearch() but takes an extra flags argument for optional functionality. Currently, the following flags are defined: @@ -18,6 +24,7 @@ element where the comparing function returns zero. This is useful if there are more than one element where the comparing function returns zero. + [Richard Levitte] *) Make it possible to create self-signed certificates with 'openssl ca' in such a way that the self-signed certificate becomes part of the From 54dbdd983702525a5d11c11e18aa1fe07a6aeb43 Mon Sep 17 00:00:00 2001 From: Richard Levitte Date: Tue, 29 Apr 2003 20:45:36 +0000 Subject: [PATCH 265/393] Some variables were uninitialised... --- crypto/objects/obj_dat.c | 2 +- 1 file changed, 1 insertion(+), 1 deletion(-) diff --git a/crypto/objects/obj_dat.c b/crypto/objects/obj_dat.c index adab7a7343..d463c11f54 100644 --- a/crypto/objects/obj_dat.c +++ b/crypto/objects/obj_dat.c @@ -562,7 +562,7 @@ const char *OBJ_bsearch(const char *key, const char *base, int num, int size, const char *OBJ_bsearch_ex(const char *key, const char *base, int num, int size, int (*cmp)(const void *, const void *), int flags) { - int l,h,i,c; + int l,h,i=0,c=0; const char *p = NULL; if (num == 0) return(NULL); From d584fd6b661604e2e70cc5d27321666733ceed78 Mon Sep 17 00:00:00 2001 From: Richard Levitte Date: Tue, 29 Apr 2003 20:46:32 +0000 Subject: [PATCH 266/393] Include objects.h to get a correct declaration of OBJ_bsearch_ex(), not to mention the OBJ_BSEARCH_* macros. --- crypto/stack/stack.c | 3 ++- 1 file changed, 2 insertions(+), 1 deletion(-) diff --git a/crypto/stack/stack.c b/crypto/stack/stack.c index 98a3eeee64..1d2b47ee67 100644 --- a/crypto/stack/stack.c +++ b/crypto/stack/stack.c @@ -68,6 +68,7 @@ #include #include "cryptlib.h" #include +#include #undef MIN_NODES #define MIN_NODES 4 @@ -233,7 +234,7 @@ static int internal_find(STACK *st, char *data, int ret_val_options) * not (type *) pointers, but the *pointers* to (type *) pointers, * so we get our extra level of pointer dereferencing that way. */ comp_func=(int (*)(const void *,const void *))(st->comp); - r=(char **)OBJ_bsearch(&data,(char *)st->data, + r=(char **)OBJ_bsearch_ex((char *)&data,(char *)st->data, st->num,sizeof(char *),comp_func,ret_val_options); if (r == NULL) return(-1); return((int)(r-st->data)); From 7ae46c676142a675ea3fd0c8ca66d2cbc6a5a30e Mon Sep 17 00:00:00 2001 From: Richard Levitte Date: Tue, 29 Apr 2003 21:35:28 +0000 Subject: [PATCH 267/393] make update --- crypto/stack/Makefile.ssl | 12 +++++++----- crypto/stack/safestack.h | 21 --------------------- util/libeay.num | 2 ++ 3 files changed, 9 insertions(+), 26 deletions(-) diff --git a/crypto/stack/Makefile.ssl b/crypto/stack/Makefile.ssl index e4acfe6aba..5e32ad90e6 100644 --- a/crypto/stack/Makefile.ssl +++ b/crypto/stack/Makefile.ssl @@ -79,10 +79,12 @@ clean: # DO NOT DELETE THIS LINE -- make depend depends on it. -stack.o: ../../e_os.h ../../include/openssl/bio.h -stack.o: ../../include/openssl/buffer.h ../../include/openssl/crypto.h -stack.o: ../../include/openssl/e_os2.h ../../include/openssl/err.h -stack.o: ../../include/openssl/lhash.h ../../include/openssl/opensslconf.h -stack.o: ../../include/openssl/opensslv.h ../../include/openssl/safestack.h +stack.o: ../../e_os.h ../../include/openssl/asn1.h ../../include/openssl/bio.h +stack.o: ../../include/openssl/bn.h ../../include/openssl/buffer.h +stack.o: ../../include/openssl/crypto.h ../../include/openssl/e_os2.h +stack.o: ../../include/openssl/err.h ../../include/openssl/lhash.h +stack.o: ../../include/openssl/obj_mac.h ../../include/openssl/objects.h +stack.o: ../../include/openssl/opensslconf.h ../../include/openssl/opensslv.h +stack.o: ../../include/openssl/ossl_typ.h ../../include/openssl/safestack.h stack.o: ../../include/openssl/stack.h ../../include/openssl/symhacks.h stack.o: ../cryptlib.h stack.c diff --git a/crypto/stack/safestack.h b/crypto/stack/safestack.h index 3110e50a84..ce4bf35389 100644 --- a/crypto/stack/safestack.h +++ b/crypto/stack/safestack.h @@ -1065,27 +1065,6 @@ STACK_OF(type) \ #define sk_SSL_COMP_pop(st) SKM_sk_pop(SSL_COMP, (st)) #define sk_SSL_COMP_sort(st) SKM_sk_sort(SSL_COMP, (st)) -#define sk_STORE_OBJECT_new(st) SKM_sk_new(STORE_OBJECT, (st)) -#define sk_STORE_OBJECT_new_null() SKM_sk_new_null(STORE_OBJECT) -#define sk_STORE_OBJECT_free(st) SKM_sk_free(STORE_OBJECT, (st)) -#define sk_STORE_OBJECT_num(st) SKM_sk_num(STORE_OBJECT, (st)) -#define sk_STORE_OBJECT_value(st, i) SKM_sk_value(STORE_OBJECT, (st), (i)) -#define sk_STORE_OBJECT_set(st, i, val) SKM_sk_set(STORE_OBJECT, (st), (i), (val)) -#define sk_STORE_OBJECT_zero(st) SKM_sk_zero(STORE_OBJECT, (st)) -#define sk_STORE_OBJECT_push(st, val) SKM_sk_push(STORE_OBJECT, (st), (val)) -#define sk_STORE_OBJECT_unshift(st, val) SKM_sk_unshift(STORE_OBJECT, (st), (val)) -#define sk_STORE_OBJECT_find(st, val) SKM_sk_find(STORE_OBJECT, (st), (val)) -#define sk_STORE_OBJECT_find_ex(st, val) SKM_sk_find_ex(STORE_OBJECT, (st), (val)) -#define sk_STORE_OBJECT_delete(st, i) SKM_sk_delete(STORE_OBJECT, (st), (i)) -#define sk_STORE_OBJECT_delete_ptr(st, ptr) SKM_sk_delete_ptr(STORE_OBJECT, (st), (ptr)) -#define sk_STORE_OBJECT_insert(st, val, i) SKM_sk_insert(STORE_OBJECT, (st), (val), (i)) -#define sk_STORE_OBJECT_set_cmp_func(st, cmp) SKM_sk_set_cmp_func(STORE_OBJECT, (st), (cmp)) -#define sk_STORE_OBJECT_dup(st) SKM_sk_dup(STORE_OBJECT, st) -#define sk_STORE_OBJECT_pop_free(st, free_func) SKM_sk_pop_free(STORE_OBJECT, (st), (free_func)) -#define sk_STORE_OBJECT_shift(st) SKM_sk_shift(STORE_OBJECT, (st)) -#define sk_STORE_OBJECT_pop(st) SKM_sk_pop(STORE_OBJECT, (st)) -#define sk_STORE_OBJECT_sort(st) SKM_sk_sort(STORE_OBJECT, (st)) - #define sk_SXNETID_new(st) SKM_sk_new(SXNETID, (st)) #define sk_SXNETID_new_null() SKM_sk_new_null(SXNETID) #define sk_SXNETID_free(st) SKM_sk_free(SXNETID, (st)) diff --git a/util/libeay.num b/util/libeay.num index 865fa9fe75..dc31ec3f5f 100755 --- a/util/libeay.num +++ b/util/libeay.num @@ -3022,3 +3022,5 @@ GENERAL_SUBTREE_free 3451 EXIST::FUNCTION: GENERAL_SUBTREE_new 3452 EXIST::FUNCTION: EVP_PKEY_cmp 3453 EXIST::FUNCTION: X509_REQ_check_private_key 3454 EXIST::FUNCTION: +sk_find_ex 3455 EXIST::FUNCTION: +OBJ_bsearch_ex 3456 EXIST::FUNCTION: From 1ae0a83bdd37cdbe09d6612b7d50627dbabbe882 Mon Sep 17 00:00:00 2001 From: Richard Levitte Date: Tue, 29 Apr 2003 22:08:57 +0000 Subject: [PATCH 268/393] Add BUF_strndup() and BUF_memdup(). Not currently used, but I've code that uses them that I'll commit in a few days. --- CHANGES | 6 ++++++ crypto/buffer/buf_err.c | 5 +++-- crypto/buffer/buffer.c | 29 ++++++++++++++++++++++++----- crypto/buffer/buffer.h | 4 ++++ 4 files changed, 37 insertions(+), 7 deletions(-) diff --git a/CHANGES b/CHANGES index 2a926d1917..9a416dea6b 100644 --- a/CHANGES +++ b/CHANGES @@ -4,6 +4,12 @@ Changes between 0.9.7a and 0.9.8 [xx XXX xxxx] + *) Add the functions BUF_strndup() and BUF_memdup(). BUF_strndup() + works like BUF_strdup() but can be used to duplicate a portion of + a string. The copy gets NUL-terminated. BUF_memdup() duplicates + a memory area. + [Richard Levitte] + *) Add the function sk_find_ex() which works like sk_find(), but will return an index to an element even if an exact match couldn't be found. The index is guaranteed to point at the element where the diff --git a/crypto/buffer/buf_err.c b/crypto/buffer/buf_err.c index 6559060784..73702f0f10 100644 --- a/crypto/buffer/buf_err.c +++ b/crypto/buffer/buf_err.c @@ -1,6 +1,6 @@ /* crypto/buffer/buf_err.c */ /* ==================================================================== - * Copyright (c) 1999 The OpenSSL Project. All rights reserved. + * Copyright (c) 1999-2003 The OpenSSL Project. All rights reserved. * * Redistribution and use in source and binary forms, with or without * modification, are permitted provided that the following conditions @@ -61,15 +61,16 @@ #include #include #include -#include /* To see if OPENSSL_NO_ERR is defined */ /* BEGIN ERROR CODES */ #ifndef OPENSSL_NO_ERR static ERR_STRING_DATA BUF_str_functs[]= { +{ERR_PACK(0,BUF_F_BUF_MEMDUP,0), "BUF_memdup"}, {ERR_PACK(0,BUF_F_BUF_MEM_GROW,0), "BUF_MEM_grow"}, {ERR_PACK(0,BUF_F_BUF_MEM_NEW,0), "BUF_MEM_new"}, {ERR_PACK(0,BUF_F_BUF_STRDUP,0), "BUF_strdup"}, +{ERR_PACK(0,BUF_F_BUF_STRNDUP,0), "BUF_strndup"}, {0,NULL} }; diff --git a/crypto/buffer/buffer.c b/crypto/buffer/buffer.c index d96487e7db..03ebf23a14 100644 --- a/crypto/buffer/buffer.c +++ b/crypto/buffer/buffer.c @@ -163,23 +163,42 @@ int BUF_MEM_grow_clean(BUF_MEM *str, int len) } char *BUF_strdup(const char *str) + { + if (str == NULL) return(NULL); + return BUF_strndup(str, strlen(str)); + } + +char *BUF_strndup(const char *str, size_t siz) { char *ret; - int n; if (str == NULL) return(NULL); - n=strlen(str); - ret=OPENSSL_malloc(n+1); + ret=OPENSSL_malloc(siz+1); if (ret == NULL) { - BUFerr(BUF_F_BUF_STRDUP,ERR_R_MALLOC_FAILURE); + BUFerr(BUF_F_BUF_STRNDUP,ERR_R_MALLOC_FAILURE); return(NULL); } - memcpy(ret,str,n+1); + BUF_strlcpy(ret,str,siz+1); return(ret); } +void *BUF_memdup(const void *data, size_t siz) + { + void *ret; + + if (data == NULL) return(NULL); + + ret=OPENSSL_malloc(siz); + if (ret == NULL) + { + BUFerr(BUF_F_BUF_MEMDUP,ERR_R_MALLOC_FAILURE); + return(NULL); + } + return memcpy(ret, data, siz); + } + size_t BUF_strlcpy(char *dst, const char *src, size_t size) { size_t l = 0; diff --git a/crypto/buffer/buffer.h b/crypto/buffer/buffer.h index 465dc34f3f..164f8aa6ee 100644 --- a/crypto/buffer/buffer.h +++ b/crypto/buffer/buffer.h @@ -78,6 +78,8 @@ void BUF_MEM_free(BUF_MEM *a); int BUF_MEM_grow(BUF_MEM *str, int len); int BUF_MEM_grow_clean(BUF_MEM *str, int len); char * BUF_strdup(const char *str); +char * BUF_strndup(const char *str, size_t siz); +void * BUF_memdup(const void *data, size_t siz); /* safe string functions */ size_t BUF_strlcpy(char *dst,const char *src,size_t siz); @@ -93,9 +95,11 @@ void ERR_load_BUF_strings(void); /* Error codes for the BUF functions. */ /* Function codes. */ +#define BUF_F_BUF_MEMDUP 103 #define BUF_F_BUF_MEM_GROW 100 #define BUF_F_BUF_MEM_NEW 101 #define BUF_F_BUF_STRDUP 102 +#define BUF_F_BUF_STRNDUP 104 /* Reason codes. */ From 7e4140f73f3a3762523f1ca2eec3595852d89ed0 Mon Sep 17 00:00:00 2001 From: Richard Levitte Date: Tue, 29 Apr 2003 22:24:17 +0000 Subject: [PATCH 269/393] make update --- util/libeay.num | 2 ++ 1 file changed, 2 insertions(+) diff --git a/util/libeay.num b/util/libeay.num index dc31ec3f5f..32389b6241 100755 --- a/util/libeay.num +++ b/util/libeay.num @@ -3024,3 +3024,5 @@ EVP_PKEY_cmp 3453 EXIST::FUNCTION: X509_REQ_check_private_key 3454 EXIST::FUNCTION: sk_find_ex 3455 EXIST::FUNCTION: OBJ_bsearch_ex 3456 EXIST::FUNCTION: +BUF_memdup 3457 EXIST::FUNCTION: +BUF_strndup 3458 EXIST::FUNCTION: From 535fba49073d9f144469a83e0220b7ec0c283bf2 Mon Sep 17 00:00:00 2001 From: Richard Levitte Date: Thu, 1 May 2003 03:45:18 +0000 Subject: [PATCH 270/393] Define the OPENSSL_ITEM structure. --- CHANGES | 5 +++++ crypto/crypto.h | 14 +++++++++++++- 2 files changed, 18 insertions(+), 1 deletion(-) diff --git a/CHANGES b/CHANGES index 9a416dea6b..57f503b675 100644 --- a/CHANGES +++ b/CHANGES @@ -4,6 +4,11 @@ Changes between 0.9.7a and 0.9.8 [xx XXX xxxx] + *) Add a generic structure called OPENSSL_ITEM. This can be used to + pass a list of arguments to any function as well as provide a way + for a function to pass data back to the caller. + [Richard Levitte] + *) Add the functions BUF_strndup() and BUF_memdup(). BUF_strndup() works like BUF_strdup() but can be used to duplicate a portion of a string. The copy gets NUL-terminated. BUF_memdup() duplicates diff --git a/crypto/crypto.h b/crypto/crypto.h index 0f15a56544..dd90cfa55d 100644 --- a/crypto/crypto.h +++ b/crypto/crypto.h @@ -152,6 +152,16 @@ extern "C" { #define SSLEAY_PLATFORM 4 #define SSLEAY_DIR 5 +/* A generic structure to pass assorted data in a expandable way */ +typedef struct openssl_item_st + { + int code; + void *value; /* Not used for flag attributes */ + size_t value_size; /* Max size of value for output, length for input */ + size_t *value_length; /* Returned length of value for output */ + } OPENSSL_ITEM; + + /* When changing the CRYPTO_LOCK_* list, be sure to maintin the text lock * names in cryptlib.c */ @@ -192,7 +202,8 @@ extern "C" { #define CRYPTO_LOCK_ECDH 34 #define CRYPTO_LOCK_BN 35 #define CRYPTO_LOCK_EC_PRE_COMP 36 -#define CRYPTO_NUM_LOCKS 37 +#define CRYPTO_LOCK_STORE 37 +#define CRYPTO_NUM_LOCKS 38 #define CRYPTO_LOCK 1 #define CRYPTO_UNLOCK 2 @@ -302,6 +313,7 @@ DECLARE_STACK_OF(CRYPTO_EX_DATA_FUNCS) #define CRYPTO_EX_INDEX_ECDSA 12 #define CRYPTO_EX_INDEX_ECDH 13 #define CRYPTO_EX_INDEX_COMP 14 +#define CRYPTO_EX_INDEX_STORE 15 /* Dynamically assigned indexes start from this value (don't use directly, use * via CRYPTO_ex_data_new_class). */ From 9236b5b01351315532a36764f1d844d6b2d744c9 Mon Sep 17 00:00:00 2001 From: Richard Levitte Date: Thu, 1 May 2003 03:46:10 +0000 Subject: [PATCH 271/393] Define a STORE lock (the STORE type will be committed later). --- crypto/cryptlib.c | 3 ++- 1 file changed, 2 insertions(+), 1 deletion(-) diff --git a/crypto/cryptlib.c b/crypto/cryptlib.c index bc023e3f44..9c38f15ab2 100644 --- a/crypto/cryptlib.c +++ b/crypto/cryptlib.c @@ -167,7 +167,8 @@ static const char* lock_names[CRYPTO_NUM_LOCKS] = "ecdh", "bn", "ec_pre_comp", -#if CRYPTO_NUM_LOCKS != 37 + "store", +#if CRYPTO_NUM_LOCKS != 38 # error "Inconsistency between crypto.h and cryptlib.c" #endif }; From a5db6fa5760f21d16d59e025e930c02456e00fef Mon Sep 17 00:00:00 2001 From: Richard Levitte Date: Thu, 1 May 2003 03:53:12 +0000 Subject: [PATCH 272/393] Define a STORE type. For documentation, read the entry in CHANGES, crypto/store/README, crypto/store/store.h and crypto/store/str_locl.h. --- CHANGES | 6 + Makefile.org | 3 +- crypto/Makefile.ssl | 3 +- crypto/crypto-lib.com | 4 +- crypto/err/err.h | 3 + crypto/err/openssl.ec | 2 + crypto/store/.cvsignore | 2 + crypto/store/Makefile.ssl | 141 ++++ crypto/store/README | 94 +++ crypto/store/store.h | 482 ++++++++++++ crypto/store/str_err.c | 176 +++++ crypto/store/str_lib.c | 1507 +++++++++++++++++++++++++++++++++++++ crypto/store/str_locl.h | 123 +++ crypto/store/str_mem.c | 324 ++++++++ crypto/store/str_meth.c | 215 ++++++ util/mkdef.pl | 1 + 16 files changed, 3083 insertions(+), 3 deletions(-) create mode 100644 crypto/store/.cvsignore create mode 100644 crypto/store/Makefile.ssl create mode 100644 crypto/store/README create mode 100644 crypto/store/store.h create mode 100644 crypto/store/str_err.c create mode 100644 crypto/store/str_lib.c create mode 100644 crypto/store/str_locl.h create mode 100644 crypto/store/str_mem.c create mode 100644 crypto/store/str_meth.c diff --git a/CHANGES b/CHANGES index 57f503b675..7389f35924 100644 --- a/CHANGES +++ b/CHANGES @@ -4,6 +4,12 @@ Changes between 0.9.7a and 0.9.8 [xx XXX xxxx] + *) Add the STORE type. The intention is to provide a common interface + to certificate and key stores, be they simple file-based stores, or + HSM-type store, or LDAP stores, or... + NOTE: The code is currently UNTESTED and isn't really used anywhere. + [Richard Levitte] + *) Add a generic structure called OPENSSL_ITEM. This can be used to pass a list of arguments to any function as well as provide a way for a function to pass data back to the caller. diff --git a/Makefile.org b/Makefile.org index 6f2188ad82..02cad4dfac 100644 --- a/Makefile.org +++ b/Makefile.org @@ -178,7 +178,8 @@ SDIRS= \ des rc2 rc4 rc5 idea bf cast \ bn ec rsa dsa ecdsa dh ecdh dso engine aes \ buffer bio stack lhash rand err objects \ - evp asn1 pem x509 x509v3 conf txt_db pkcs7 pkcs12 comp ocsp ui krb5 + evp asn1 pem x509 x509v3 conf txt_db pkcs7 pkcs12 comp ocsp ui krb5 \ + store # tests to perform. "alltests" is a special word indicating that all tests # should be performed. diff --git a/crypto/Makefile.ssl b/crypto/Makefile.ssl index 522a162c1e..b52157e4db 100644 --- a/crypto/Makefile.ssl +++ b/crypto/Makefile.ssl @@ -30,7 +30,8 @@ SDIRS= md2 md5 sha mdc2 hmac ripemd \ des rc2 rc4 rc5 idea bf cast \ bn ec rsa dsa ecdsa ecdh dh dso engine aes \ buffer bio stack lhash rand err objects \ - evp asn1 pem x509 x509v3 conf txt_db pkcs7 pkcs12 comp ocsp ui krb5 + evp asn1 pem x509 x509v3 conf txt_db pkcs7 pkcs12 comp ocsp ui krb5 \ + store GENERAL=Makefile README crypto-lib.com install.com diff --git a/crypto/crypto-lib.com b/crypto/crypto-lib.com index c118da309a..a6838c2480 100644 --- a/crypto/crypto-lib.com +++ b/crypto/crypto-lib.com @@ -80,7 +80,8 @@ $ ENCRYPT_TYPES = "Basic,MD2,MD4,MD5,SHA,MDC2,HMAC,RIPEMD,"+ - "BN,EC,RSA,DSA,ECDSA,DH,ECDH,DSO,ENGINE,AES,"+ - "BUFFER,BIO,STACK,LHASH,RAND,ERR,OBJECTS,"+ - "EVP,EVP_2,ASN1,ASN1_2,PEM,X509,X509V3,"+ - - "CONF,TXT_DB,PKCS7,PKCS12,COMP,OCSP,UI,KRB5" + "CONF,TXT_DB,PKCS7,PKCS12,COMP,OCSP,UI,KRB5,"+ - + "STORE" $! $! Check To Make Sure We Have Valid Command Line Parameters. $! @@ -265,6 +266,7 @@ $ LIB_OCSP = "ocsp_asn,ocsp_ext,ocsp_ht,ocsp_lib,ocsp_cl,"+ - $ LIB_UI_COMPAT = ",ui_compat" $ LIB_UI = "ui_err,ui_lib,ui_openssl,ui_util"+LIB_UI_COMPAT $ LIB_KRB5 = "krb5_asn" +$ LIB_STORE = "str_err,str_lib,str_meth,str_mem" $! $! Setup exceptional compilations $! diff --git a/crypto/err/err.h b/crypto/err/err.h index 95658addf9..08838190fd 100644 --- a/crypto/err/err.h +++ b/crypto/err/err.h @@ -135,6 +135,7 @@ typedef struct err_state_st #define ERR_LIB_COMP 41 #define ERR_LIB_ECDSA 42 #define ERR_LIB_ECDH 43 +#define ERR_LIB_STORE 44 #define ERR_LIB_USER 128 @@ -165,6 +166,7 @@ typedef struct err_state_st #define COMPerr(f,r) ERR_PUT_error(ERR_LIB_COMP,(f),(r),__FILE__,__LINE__) #define ECDSAerr(f,r) ERR_PUT_error(ERR_LIB_ECDSA,(f),(r),__FILE__,__LINE__) #define ECDHerr(f,r) ERR_PUT_error(ERR_LIB_ECDH,(f),(r),__FILE__,__LINE__) +#define STOREerr(f,r) ERR_PUT_error(ERR_LIB_STORE,(f),(r),__FILE__,__LINE__) /* Borland C seems too stupid to be able to shift and do longs in * the pre-processor :-( */ @@ -219,6 +221,7 @@ typedef struct err_state_st #define ERR_R_COMP_LIB ERR_LIB_COMP /* 41 */ #define ERR_R_ECDSA_LIB ERR_LIB_ECDSA /* 42 */ #define ERR_R_ECDH_LIB ERR_LIB_ECDH /* 43 */ +#define ERR_R_STORE_LIB ERR_LIB_STORE /* 44 */ #define ERR_R_NESTED_ASN1_ERROR 58 #define ERR_R_BAD_ASN1_OBJECT_HEADER 59 diff --git a/crypto/err/openssl.ec b/crypto/err/openssl.ec index 3ac40512d2..64200fceba 100644 --- a/crypto/err/openssl.ec +++ b/crypto/err/openssl.ec @@ -27,8 +27,10 @@ L DSO crypto/dso/dso.h crypto/dso/dso_err.c L ENGINE crypto/engine/engine.h crypto/engine/eng_err.c L OCSP crypto/ocsp/ocsp.h crypto/ocsp/ocsp_err.c L UI crypto/ui/ui.h crypto/ui/ui_err.c +L COMP crypto/comp/comp.h crypto/comp/comp_err.c L ECDSA crypto/ecdsa/ecdsa.h crypto/ecdsa/ecs_err.c L ECDH crypto/ecdh/ecdh.h crypto/ecdh/ech_err.c +L STORE crypto/store/store.h crypto/store/str_err.c # additional header files to be scanned for function names L NONE crypto/x509/x509_vfy.h NONE diff --git a/crypto/store/.cvsignore b/crypto/store/.cvsignore new file mode 100644 index 0000000000..695fdd0059 --- /dev/null +++ b/crypto/store/.cvsignore @@ -0,0 +1,2 @@ +Makefile.save +lib diff --git a/crypto/store/Makefile.ssl b/crypto/store/Makefile.ssl new file mode 100644 index 0000000000..2d81355049 --- /dev/null +++ b/crypto/store/Makefile.ssl @@ -0,0 +1,141 @@ +# +# OpenSSL/crypto/store/Makefile +# + +DIR= store +TOP= ../.. +CC= cc +INCLUDES= -I.. -I$(TOP) -I../../include +CFLAG=-g +INSTALL_PREFIX= +OPENSSLDIR= /usr/local/ssl +INSTALLTOP=/usr/local/ssl +MAKE= make -f Makefile.ssl +MAKEDEPPROG= makedepend +MAKEDEPEND= $(TOP)/util/domd $(TOP) -MD $(MAKEDEPPROG) +MAKEFILE= Makefile.ssl +AR= ar r + +CFLAGS= $(INCLUDES) $(CFLAG) + +GENERAL=Makefile +#TEST= storetest.c +TEST= +APPS= + +LIB=$(TOP)/libcrypto.a +LIBSRC= str_err.c str_lib.c str_meth.c str_mem.c +LIBOBJ= str_err.o str_lib.o str_meth.o str_mem.o + +SRC= $(LIBSRC) + +EXHEADER= store.h str_compat.h +HEADER= $(EXHEADER) str_locl.h + +ALL= $(GENERAL) $(SRC) $(HEADER) + +top: + (cd ../..; $(MAKE) DIRS=crypto SDIRS=$(DIR) sub_all) + +all: lib + +lib: $(LIBOBJ) + $(AR) $(LIB) $(LIBOBJ) + $(RANLIB) $(LIB) || echo Never mind. + @touch lib + +files: + $(PERL) $(TOP)/util/files.pl Makefile.ssl >> $(TOP)/MINFO + +links: + @$(TOP)/util/point.sh Makefile.ssl Makefile + @$(PERL) $(TOP)/util/mklink.pl ../../include/openssl $(EXHEADER) + @$(PERL) $(TOP)/util/mklink.pl ../../test $(TEST) + @$(PERL) $(TOP)/util/mklink.pl ../../apps $(APPS) + +install: + @for i in $(EXHEADER) ; \ + do \ + (cp $$i $(INSTALL_PREFIX)$(INSTALLTOP)/include/openssl/$$i; \ + chmod 644 $(INSTALL_PREFIX)$(INSTALLTOP)/include/openssl/$$i ); \ + done; + +tags: + ctags $(SRC) + +tests: + +lint: + lint -DLINT $(INCLUDES) $(SRC)>fluff + +depend: + $(MAKEDEPEND) -- $(CFLAG) $(INCLUDES) $(DEPFLAG) -- $(PROGS) $(LIBSRC) + +dclean: + $(PERL) -pe 'if (/^# DO NOT DELETE THIS LINE/) {print; exit(0);}' $(MAKEFILE) >Makefile.new + mv -f Makefile.new $(MAKEFILE) + +clean: + rm -f *.o */*.o *.obj lib tags core .pure .nfs* *.old *.bak fluff + +# DO NOT DELETE THIS LINE -- make depend depends on it. + +str_err.o: ../../include/openssl/asn1.h ../../include/openssl/bio.h +str_err.o: ../../include/openssl/bn.h ../../include/openssl/buffer.h +str_err.o: ../../include/openssl/crypto.h ../../include/openssl/dh.h +str_err.o: ../../include/openssl/dsa.h ../../include/openssl/e_os2.h +str_err.o: ../../include/openssl/ec.h ../../include/openssl/ecdh.h +str_err.o: ../../include/openssl/ecdsa.h ../../include/openssl/err.h +str_err.o: ../../include/openssl/evp.h ../../include/openssl/lhash.h +str_err.o: ../../include/openssl/obj_mac.h ../../include/openssl/objects.h +str_err.o: ../../include/openssl/opensslconf.h ../../include/openssl/opensslv.h +str_err.o: ../../include/openssl/ossl_typ.h ../../include/openssl/pkcs7.h +str_err.o: ../../include/openssl/rsa.h ../../include/openssl/safestack.h +str_err.o: ../../include/openssl/sha.h ../../include/openssl/stack.h +str_err.o: ../../include/openssl/store.h ../../include/openssl/symhacks.h +str_err.o: ../../include/openssl/x509.h ../../include/openssl/x509_vfy.h +str_err.o: str_err.c +str_lib.o: ../../include/openssl/asn1.h ../../include/openssl/bio.h +str_lib.o: ../../include/openssl/bn.h ../../include/openssl/buffer.h +str_lib.o: ../../include/openssl/crypto.h ../../include/openssl/dh.h +str_lib.o: ../../include/openssl/dsa.h ../../include/openssl/e_os2.h +str_lib.o: ../../include/openssl/ec.h ../../include/openssl/ecdh.h +str_lib.o: ../../include/openssl/ecdsa.h ../../include/openssl/engine.h +str_lib.o: ../../include/openssl/err.h ../../include/openssl/evp.h +str_lib.o: ../../include/openssl/lhash.h ../../include/openssl/obj_mac.h +str_lib.o: ../../include/openssl/objects.h ../../include/openssl/opensslconf.h +str_lib.o: ../../include/openssl/opensslv.h ../../include/openssl/ossl_typ.h +str_lib.o: ../../include/openssl/pkcs7.h ../../include/openssl/rand.h +str_lib.o: ../../include/openssl/rsa.h ../../include/openssl/safestack.h +str_lib.o: ../../include/openssl/sha.h ../../include/openssl/stack.h +str_lib.o: ../../include/openssl/store.h ../../include/openssl/symhacks.h +str_lib.o: ../../include/openssl/ui.h ../../include/openssl/x509.h +str_lib.o: ../../include/openssl/x509_vfy.h str_lib.c str_locl.h +str_mem.o: ../../include/openssl/asn1.h ../../include/openssl/bio.h +str_mem.o: ../../include/openssl/bn.h ../../include/openssl/buffer.h +str_mem.o: ../../include/openssl/crypto.h ../../include/openssl/dh.h +str_mem.o: ../../include/openssl/dsa.h ../../include/openssl/e_os2.h +str_mem.o: ../../include/openssl/ec.h ../../include/openssl/ecdh.h +str_mem.o: ../../include/openssl/ecdsa.h ../../include/openssl/evp.h +str_mem.o: ../../include/openssl/lhash.h ../../include/openssl/obj_mac.h +str_mem.o: ../../include/openssl/objects.h ../../include/openssl/opensslconf.h +str_mem.o: ../../include/openssl/opensslv.h ../../include/openssl/ossl_typ.h +str_mem.o: ../../include/openssl/pkcs7.h ../../include/openssl/rsa.h +str_mem.o: ../../include/openssl/safestack.h ../../include/openssl/sha.h +str_mem.o: ../../include/openssl/stack.h ../../include/openssl/store.h +str_mem.o: ../../include/openssl/symhacks.h ../../include/openssl/x509.h +str_mem.o: ../../include/openssl/x509_vfy.h str_locl.h str_mem.c +str_meth.o: ../../include/openssl/asn1.h ../../include/openssl/bio.h +str_meth.o: ../../include/openssl/bn.h ../../include/openssl/buffer.h +str_meth.o: ../../include/openssl/crypto.h ../../include/openssl/dh.h +str_meth.o: ../../include/openssl/dsa.h ../../include/openssl/e_os2.h +str_meth.o: ../../include/openssl/ec.h ../../include/openssl/ecdh.h +str_meth.o: ../../include/openssl/ecdsa.h ../../include/openssl/evp.h +str_meth.o: ../../include/openssl/lhash.h ../../include/openssl/obj_mac.h +str_meth.o: ../../include/openssl/objects.h ../../include/openssl/opensslconf.h +str_meth.o: ../../include/openssl/opensslv.h ../../include/openssl/ossl_typ.h +str_meth.o: ../../include/openssl/pkcs7.h ../../include/openssl/rsa.h +str_meth.o: ../../include/openssl/safestack.h ../../include/openssl/sha.h +str_meth.o: ../../include/openssl/stack.h ../../include/openssl/store.h +str_meth.o: ../../include/openssl/symhacks.h ../../include/openssl/x509.h +str_meth.o: ../../include/openssl/x509_vfy.h str_locl.h str_meth.c diff --git a/crypto/store/README b/crypto/store/README new file mode 100644 index 0000000000..a5a494899d --- /dev/null +++ b/crypto/store/README @@ -0,0 +1,94 @@ +The STORE type +============== + +A STORE, as defined in this code section, is really a rather simple +thing which stores objects and per-object associations to a number +of attributes. What attributes are supported entirely depends on +the particular implementation of a STORE. It has some support for +generation of certain objects (for example, keys and CRLs). + + +Supported object types +---------------------- + +For now, the objects that are supported are the following: + +X.509 certificate +X.509 CRL +private key +public key +number + +The intention is that a STORE should be able to store everything +needed by an application that wants a cert/key store, as well as +the data a CA might need to store (this includes the serial number +counter, which explains the support for numbers). + + +Supported attribute types +------------------------- + +For now, the following attributes are supported: + +Friendly Name - the value is a normal C string +Key ID - the value is a 160 bit SHA1 hash +Issuer Key ID - the value is a 160 bit SHA1 hash +Subject Key ID - the value is a 160 bit SHA1 hash +Issuer/Serial Hash - the value is a 160 bit SHA1 hash +Issuer - the value is a X509_NAME +Serial - the value is a BIGNUM +Subject - the value is a X509_NAME +Certificate Hash - the value is a 160 bit SHA1 hash +Email - the value is a normal C string +Filename - the value is a normal C string + +It is expected that these attributes should be enough to support +the need from most, if not all, current applications. Applications +that need to do certificate verification would typically use Subject +Key ID, Issuer/Serial Hash or Subject to look up issuer certificates. +S/MIME applications would typically use Email to look up recipient +and signer certificates. + +There's added support for combined sets of attributes to search for, +with the special OR attribute. + + +Supported basic functionality +----------------------------- + +The functions that are supported through the STORE type are these: + +generate_object - for example to generate keys and CRLs +get_object - to look up one object + NOTE: this function is really rather + redundant and probably of lesser usage + than the list functions +store_object - store an object and the attributes + associated with it +modify_object - modify the attributes associated with + a specific object +revoke_object - revoke an object + NOTE: this only marks an object as + invalid, it doesn't remove the object + from the database +delete_object - remove an object from the database +list_object - list objects associated with a given + set of attributes + NOTE: this is really four functions: + list_start, list_next, list_end and + list_endp +update_store - update the internal data of the store +lock_store - lock the store +unlock_store - unlock the store + +The list functions need some extra explanation: list_start is +used to set up a lookup. That's where the attributes to use in +the search are set up. It returns a search context. list_next +returns the next object searched for. list_end closes the search. +list_endp is used to check if we have reached the end. + +A few words on the store functions as well: update_store is +typically used by a CA application to update the internal +structure of a database. This may for example involve automatic +removal of expired certificates. lock_store and unlock_store +are used for locking a store to allow exclusive writes. diff --git a/crypto/store/store.h b/crypto/store/store.h new file mode 100644 index 0000000000..f99a26414d --- /dev/null +++ b/crypto/store/store.h @@ -0,0 +1,482 @@ +/* crypto/store/store.h -*- mode:C; c-file-style: "eay" -*- */ +/* Written by Richard Levitte (richard@levitte.org) for the OpenSSL + * project 2001. + */ +/* ==================================================================== + * Copyright (c) 2003 The OpenSSL Project. All rights reserved. + * + * Redistribution and use in source and binary forms, with or without + * modification, are permitted provided that the following conditions + * are met: + * + * 1. Redistributions of source code must retain the above copyright + * notice, this list of conditions and the following disclaimer. + * + * 2. Redistributions in binary form must reproduce the above copyright + * notice, this list of conditions and the following disclaimer in + * the documentation and/or other materials provided with the + * distribution. + * + * 3. All advertising materials mentioning features or use of this + * software must display the following acknowledgment: + * "This product includes software developed by the OpenSSL Project + * for use in the OpenSSL Toolkit. (http://www.openssl.org/)" + * + * 4. The names "OpenSSL Toolkit" and "OpenSSL Project" must not be used to + * endorse or promote products derived from this software without + * prior written permission. For written permission, please contact + * openssl-core@openssl.org. + * + * 5. Products derived from this software may not be called "OpenSSL" + * nor may "OpenSSL" appear in their names without prior written + * permission of the OpenSSL Project. + * + * 6. Redistributions of any form whatsoever must retain the following + * acknowledgment: + * "This product includes software developed by the OpenSSL Project + * for use in the OpenSSL Toolkit (http://www.openssl.org/)" + * + * THIS SOFTWARE IS PROVIDED BY THE OpenSSL PROJECT ``AS IS'' AND ANY + * EXPRESSED OR IMPLIED WARRANTIES, INCLUDING, BUT NOT LIMITED TO, THE + * IMPLIED WARRANTIES OF MERCHANTABILITY AND FITNESS FOR A PARTICULAR + * PURPOSE ARE DISCLAIMED. IN NO EVENT SHALL THE OpenSSL PROJECT OR + * ITS CONTRIBUTORS BE LIABLE FOR ANY DIRECT, INDIRECT, INCIDENTAL, + * SPECIAL, EXEMPLARY, OR CONSEQUENTIAL DAMAGES (INCLUDING, BUT + * NOT LIMITED TO, PROCUREMENT OF SUBSTITUTE GOODS OR SERVICES; + * LOSS OF USE, DATA, OR PROFITS; OR BUSINESS INTERRUPTION) + * HOWEVER CAUSED AND ON ANY THEORY OF LIABILITY, WHETHER IN CONTRACT, + * STRICT LIABILITY, OR TORT (INCLUDING NEGLIGENCE OR OTHERWISE) + * ARISING IN ANY WAY OUT OF THE USE OF THIS SOFTWARE, EVEN IF ADVISED + * OF THE POSSIBILITY OF SUCH DAMAGE. + * ==================================================================== + * + * This product includes cryptographic software written by Eric Young + * (eay@cryptsoft.com). This product includes software written by Tim + * Hudson (tjh@cryptsoft.com). + * + */ + +#ifndef HEADER_STORE_H +#define HEADER_STORE_H + +#include +#include +#include + +#ifdef __cplusplus +extern "C" { +#endif + +/* The STORE type is a per-store context that holds all the necessary data + to perform all the supported storage operations. */ +typedef struct store_st STORE; + +/* All instances of STORE have a reference to a method structure, which is a + ordered vector of functions that implement the lower level things to do. + There is an instruction on the implementation further down, in the section + for method implementors. */ +typedef struct store_method_st STORE_METHOD; + + +/* All the following functions return 0, a negative number or NULL on error. + When everything is fine, they return a positive value or a non-NULL + pointer, all depending on their purpose. */ + +/* Creators and destructor. */ +STORE *STORE_new_method(const STORE_METHOD *method); +void STORE_free(STORE *ui); + + +/* Give a user interface parametrised control commands. This can be used to + send down an integer, a data pointer or a function pointer, as well as + be used to get information from a STORE. */ +int STORE_ctrl(STORE *store, int cmd, long i, void *p, void (*f)()); + +/* A control to set the directory with keys and certificates. Used by the + built-in directory level method. */ +#define STORE_CTRL_SET_DIRECTORY 0x0001 +/* A control to set a file to load. Used by the built-in file level method. */ +#define STORE_CTRL_SET_FILE 0x0002 +/* A control to set a configuration file to load. Can be used by any method + that wishes to load a configuration file. */ +#define STORE_CTRL_SET_CONF_FILE 0x0003 +/* A control to set a the section of the loaded configuration file. Can be + used by any method that wishes to load a configuration file. */ +#define STORE_CTRL_SET_CONF_SECTION 0x0004 + + +/* Some methods may use extra data */ +#define STORE_set_app_data(s,arg) STORE_set_ex_data(s,0,arg) +#define STORE_get_app_data(s) STORE_get_ex_data(s,0) +int STORE_get_ex_new_index(long argl, void *argp, CRYPTO_EX_new *new_func, + CRYPTO_EX_dup *dup_func, CRYPTO_EX_free *free_func); +int STORE_set_ex_data(STORE *r,int idx,void *arg); +void *STORE_get_ex_data(STORE *r, int idx); + +/* Use specific methods instead of the built-in one */ +const STORE_METHOD *STORE_get_method(STORE *store); +const STORE_METHOD *STORE_set_method(STORE *store, const STORE_METHOD *meth); + +/* The standard OpenSSL methods. */ +/* This is the in-memory method. It does everything except revoking and updating, + and is of course volatile. It's used by other methods that have an in-memory + cache. */ +const STORE_METHOD *STORE_Memory(void); +/* This is the directory store. It does everything except revoking and updating, + and uses STORE_Memory() to cache things in memory. */ +const STORE_METHOD *STORE_Directory(void); +/* This is the file store. It does everything except revoking and updating, + and uses STORE_Memory() to cache things in memory. Certificates are added + to it with the store operation, and it will only get cached certificates. */ +const STORE_METHOD *STORE_File(void); + + +/* Store functions take a type code for the type of data they should store + or fetch */ +typedef enum STORE_object_types + { + STORE_OBJECT_TYPE_X509_CERTIFICATE= 0x01, + STORE_OBJECT_TYPE_X509_CRL= 0x02, + STORE_OBJECT_TYPE_PRIVATE_KEY= 0x03, + STORE_OBJECT_TYPE_PUBLIC_KEY= 0x04, + STORE_OBJECT_TYPE_NUMBER= 0x05, + STORE_OBJECT_TYPE_NUM= 0x05 /* The amount of known + object types */ + } STORE_OBJECT_TYPES; +/* List of text strings corresponding to the object types. */ +extern const char * const STORE_object_type_string[STORE_OBJECT_TYPE_NUM+1]; + +/* Some store functions take a parameter list. Those parameters come with + one of the following codes. The comments following the codes below indicate + what type the value should be a pointer to. */ +typedef enum STORE_params + { + STORE_PARAM_EVP_TYPE= 0x01, /* int */ + STORE_PARAM_BITS= 0x02, /* size_t */ + STORE_PARAM_KEY_PARAMETERS= 0x03, /* ??? */ + STORE_PARAM_KEY_NO_PARAMETERS= 0x04, /* N/A */ + STORE_PARAM_TYPE_NUM= 0x04 /* The amount of known + parameter types */ + } STORE_PARAM_TYPES; +/* Parameter value sizes. -1 means unknown, anything else is the required size. */ +extern const int STORE_param_sizes[STORE_PARAM_TYPE_NUM+1]; + +/* Store functions take attribute lists. Those attributes come with codes. + The comments following the codes below indicate what type the value should + be a pointer to. */ +typedef enum STORE_attribs + { + STORE_ATTR_END= 0x00, + STORE_ATTR_FRIENDLYNAME= 0x01, /* C string */ + STORE_ATTR_KEYID= 0x02, /* 160 bit string (SHA1) */ + STORE_ATTR_ISSUERKEYID= 0x03, /* 160 bit string (SHA1) */ + STORE_ATTR_SUBJECTKEYID= 0x04, /* 160 bit string (SHA1) */ + STORE_ATTR_ISSUERSERIALHASH= 0x05, /* 160 bit string (SHA1) */ + STORE_ATTR_ISSUER= 0x06, /* X509_NAME * */ + STORE_ATTR_SERIAL= 0x07, /* BIGNUM * */ + STORE_ATTR_SUBJECT= 0x08, /* X509_NAME * */ + STORE_ATTR_CERTHASH= 0x09, /* 160 bit string (SHA1) */ + STORE_ATTR_EMAIL= 0x0a, /* C string */ + STORE_ATTR_FILENAME= 0x0b, /* C string */ + STORE_ATTR_TYPE_NUM= 0x0b, /* The amount of known + attribute types */ + STORE_ATTR_OR= 0xff /* This is a special + separator, which + expresses the OR + operation. */ + } STORE_ATTR_TYPES; +/* Attribute value sizes. -1 means unknown, anything else is the required size. */ +extern const int STORE_attr_sizes[STORE_ATTR_TYPE_NUM+1]; + +typedef enum STORE_certificate_status + { + STORE_X509_VALID= 0x00, + STORE_X509_EXPIRED= 0x01, + STORE_X509_SUSPENDED= 0x02, + STORE_X509_REVOKED= 0x03 + } STORE_CERTIFICATE_STATUS; + +/* Engine store functions will return a structure that contains all the necessary + * information, including revokation status for certificates. This is really not + * needed for application authors, as the ENGINE framework functions will extract + * the OpenSSL-specific information when at all possible. However, for engine + * authors, it's crucial to know this structure. */ +typedef struct STORE_OBJECT_st + { + STORE_OBJECT_TYPES type; + union + { + struct + { + STORE_CERTIFICATE_STATUS status; + X509 *certificate; + } x509; + X509_CRL *crl; + EVP_PKEY *key; + BIGNUM *number; + } data; + } STORE_OBJECT; +DECLARE_STACK_OF(STORE_OBJECT); +STORE_OBJECT *STORE_OBJECT_new(void); +void STORE_OBJECT_free(STORE_OBJECT *data); + + + +/* The following functions handle the storage. They return 0, a negative number + or NULL on error, anything else on success. */ +X509 *STORE_get_certificate(STORE *e, OPENSSL_ITEM attributes[]); +int STORE_store_certificate(STORE *e, X509 *data, OPENSSL_ITEM attributes[]); +int STORE_modify_certificate(STORE *e, OPENSSL_ITEM search_attributes[], + OPENSSL_ITEM add_attributes[], OPENSSL_ITEM modify_attributes[], + OPENSSL_ITEM delete_attributes[]); +int STORE_revoke_certificate(STORE *e, OPENSSL_ITEM attributes[]); +int STORE_delete_certificate(STORE *e, OPENSSL_ITEM attributes[]); +void *STORE_list_certificate_start(STORE *e, OPENSSL_ITEM attributes[]); +X509 *STORE_list_certificate_next(STORE *e, void *handle); +int STORE_list_certificate_end(STORE *e, void *handle); +int STORE_list_certificate_endp(STORE *e, void *handle); +EVP_PKEY *STORE_generate_key(STORE *e, + int evp_type, size_t bits, OPENSSL_ITEM attributes[]); +EVP_PKEY *STORE_get_private_key(STORE *e, OPENSSL_ITEM attributes[]); +int STORE_store_private_key(STORE *e, EVP_PKEY *data, OPENSSL_ITEM attributes[]); +int STORE_modify_private_key(STORE *e, OPENSSL_ITEM search_attributes[], + OPENSSL_ITEM add_sttributes[], OPENSSL_ITEM modify_attributes[], + OPENSSL_ITEM delete_attributes[]); +int STORE_revoke_private_key(STORE *e, OPENSSL_ITEM attributes[]); +int STORE_delete_private_key(STORE *e, OPENSSL_ITEM attributes[]); +void *STORE_list_private_key_start(STORE *e, OPENSSL_ITEM attributes[]); +EVP_PKEY *STORE_list_private_key_next(STORE *e, void *handle); +int STORE_list_private_key_end(STORE *e, void *handle); +int STORE_list_private_key_endp(STORE *e, void *handle); +EVP_PKEY *STORE_get_public_key(STORE *e, OPENSSL_ITEM attributes[]); +int STORE_store_public_key(STORE *e, EVP_PKEY *data, OPENSSL_ITEM attributes[]); +int STORE_modify_public_key(STORE *e, OPENSSL_ITEM search_attributes[], + OPENSSL_ITEM add_sttributes[], OPENSSL_ITEM modify_attributes[], + OPENSSL_ITEM delete_attributes[]); +int STORE_revoke_public_key(STORE *e, OPENSSL_ITEM attributes[]); +int STORE_delete_public_key(STORE *e, OPENSSL_ITEM attributes[]); +void *STORE_list_public_key_start(STORE *e, OPENSSL_ITEM attributes[]); +EVP_PKEY *STORE_list_public_key_next(STORE *e, void *handle); +int STORE_list_public_key_end(STORE *e, void *handle); +int STORE_list_public_key_endp(STORE *e, void *handle); +X509_CRL *STORE_generate_crl(STORE *e, OPENSSL_ITEM attributes[]); +X509_CRL *STORE_get_crl(STORE *e, OPENSSL_ITEM attributes[]); +int STORE_store_crl(STORE *e, X509_CRL *data, OPENSSL_ITEM attributes[]); +int STORE_modify_crl(STORE *e, OPENSSL_ITEM search_attributes[], + OPENSSL_ITEM add_sttributes[], OPENSSL_ITEM modify_attributes[], + OPENSSL_ITEM delete_attributes[]); +int STORE_delete_crl(STORE *e, OPENSSL_ITEM attributes[]); +void *STORE_list_crl_start(STORE *e, OPENSSL_ITEM attributes[]); +X509_CRL *STORE_list_crl_next(STORE *e, void *handle); +int STORE_list_crl_end(STORE *e, void *handle); +int STORE_list_crl_endp(STORE *e, void *handle); +int STORE_store_number(STORE *e, BIGNUM *data, OPENSSL_ITEM attributes[]); +int STORE_modify_number(STORE *e, OPENSSL_ITEM search_attributes[], + OPENSSL_ITEM add_sttributes[], OPENSSL_ITEM modify_attributes[], + OPENSSL_ITEM delete_attributes[]); +BIGNUM *STORE_get_number(STORE *e, OPENSSL_ITEM attributes[]); +int STORE_delete_number(STORE *e, BIGNUM *data, OPENSSL_ITEM attributes[]); + + +/* Create and manipulate methods */ +STORE_METHOD *STORE_create_method(char *name); +void STORE_destroy_method(STORE_METHOD *store_method); + +/* These callback types are use for store handlers */ +typedef int (*STORE_INITIALISE_FUNC_PTR)(STORE *); +typedef void (*STORE_CLEANUP_FUNC_PTR)(STORE *); +typedef STORE_OBJECT *(*STORE_GENERATE_OBJECT_FUNC_PTR)(STORE *, STORE_OBJECT_TYPES type, OPENSSL_ITEM parameters[], OPENSSL_ITEM attributes[]); +typedef STORE_OBJECT *(*STORE_GET_OBJECT_FUNC_PTR)(STORE *, STORE_OBJECT_TYPES type, OPENSSL_ITEM attributes[]); +typedef void *(*STORE_START_OBJECT_FUNC_PTR)(STORE *, STORE_OBJECT_TYPES type, OPENSSL_ITEM attributes[]); +typedef STORE_OBJECT *(*STORE_NEXT_OBJECT_FUNC_PTR)(STORE *, void *handle); +typedef int (*STORE_END_OBJECT_FUNC_PTR)(STORE *, void *handle); +typedef int (*STORE_HANDLE_OBJECT_FUNC_PTR)(STORE *, STORE_OBJECT_TYPES type, OPENSSL_ITEM attributes[]); +typedef int (*STORE_STORE_OBJECT_FUNC_PTR)(STORE *, STORE_OBJECT_TYPES type, STORE_OBJECT *data, OPENSSL_ITEM attributes[]); +typedef int (*STORE_MODIFY_OBJECT_FUNC_PTR)(STORE *, STORE_OBJECT_TYPES type, OPENSSL_ITEM search_attributes[], OPENSSL_ITEM add_attributes[], OPENSSL_ITEM modify_attributes[], OPENSSL_ITEM delete_attributes[]); +typedef int (*STORE_GENERIC_FUNC_PTR)(STORE *, OPENSSL_ITEM attributes[]); +typedef int (*STORE_CTRL_FUNC_PTR)(STORE *, int cmd, long l, void *p, void (*f)()); + +int STORE_method_set_initialise_function(STORE_METHOD *sm, STORE_INITIALISE_FUNC_PTR gen_f); +int STORE_method_set_cleanup_function(STORE_METHOD *sm, STORE_CLEANUP_FUNC_PTR gen_f); +int STORE_method_set_generate_function(STORE_METHOD *sm, STORE_GENERATE_OBJECT_FUNC_PTR gen_f); +int STORE_method_set_get_function(STORE_METHOD *sm, STORE_GET_OBJECT_FUNC_PTR get_f); +int STORE_method_set_store_function(STORE_METHOD *sm, STORE_STORE_OBJECT_FUNC_PTR store_f); +int STORE_method_set_modify_function(STORE_METHOD *sm, STORE_MODIFY_OBJECT_FUNC_PTR store_f); +int STORE_method_set_revoke_function(STORE_METHOD *sm, STORE_HANDLE_OBJECT_FUNC_PTR revoke_f); +int STORE_method_set_delete_function(STORE_METHOD *sm, STORE_HANDLE_OBJECT_FUNC_PTR delete_f); +int STORE_method_set_list_start_function(STORE_METHOD *sm, STORE_START_OBJECT_FUNC_PTR list_start_f); +int STORE_method_set_list_next_function(STORE_METHOD *sm, STORE_NEXT_OBJECT_FUNC_PTR list_next_f); +int STORE_method_set_list_end_function(STORE_METHOD *sm, STORE_END_OBJECT_FUNC_PTR list_end_f); +int STORE_method_set_update_store_function(STORE_METHOD *sm, STORE_GENERIC_FUNC_PTR); +int STORE_method_set_lock_store_function(STORE_METHOD *sm, STORE_GENERIC_FUNC_PTR); +int STORE_method_set_unlock_store_function(STORE_METHOD *sm, STORE_GENERIC_FUNC_PTR); +int STORE_method_set_ctrl_function(STORE_METHOD *sm, STORE_CTRL_FUNC_PTR ctrl_f); + +STORE_INITIALISE_FUNC_PTR STORE_method_get_initialise_function(STORE_METHOD *sm); +STORE_CLEANUP_FUNC_PTR STORE_method_get_cleanup_function(STORE_METHOD *sm); +STORE_GENERATE_OBJECT_FUNC_PTR STORE_method_get_generate_function(STORE_METHOD *sm); +STORE_GET_OBJECT_FUNC_PTR STORE_method_get_get_function(STORE_METHOD *sm); +STORE_STORE_OBJECT_FUNC_PTR STORE_method_get_store_function(STORE_METHOD *sm); +STORE_MODIFY_OBJECT_FUNC_PTR STORE_method_get_modify_function(STORE_METHOD *sm); +STORE_HANDLE_OBJECT_FUNC_PTR STORE_method_get_revoke_function(STORE_METHOD *sm); +STORE_HANDLE_OBJECT_FUNC_PTR STORE_method_get_delete_function(STORE_METHOD *sm); +STORE_START_OBJECT_FUNC_PTR STORE_method_get_list_start_function(STORE_METHOD *sm); +STORE_NEXT_OBJECT_FUNC_PTR STORE_method_get_list_next_function(STORE_METHOD *sm); +STORE_END_OBJECT_FUNC_PTR STORE_method_get_list_end_function(STORE_METHOD *sm); +STORE_GENERIC_FUNC_PTR STORE_method_get_update_store_function(STORE_METHOD *sm); +STORE_GENERIC_FUNC_PTR STORE_method_get_lock_store_function(STORE_METHOD *sm); +STORE_GENERIC_FUNC_PTR STORE_method_get_unlock_store_function(STORE_METHOD *sm); +STORE_CTRL_FUNC_PTR STORE_method_get_ctrl_function(STORE_METHOD *sm); + +/* Method helper structures and functions. */ + +/* This structure is the result of parsing through the information in a list + of OPENSSL_ITEMs. It stores all the necessary information in a structured + way.*/ +typedef struct STORE_attr_info_st STORE_ATTR_INFO; + +/* Parse a list of OPENSSL_ITEMs and return a pointer to a STORE_ATTR_INFO. + Note that we do this in the list form, since the list of OPENSSL_ITEMs can + come in blocks separated with STORE_ATTR_OR. Note that the value returned + by STORE_parse_attrs_next() must be freed with STORE_ATTR_INFO_free(). */ +void *STORE_parse_attrs_start(OPENSSL_ITEM *attributes); +STORE_ATTR_INFO *STORE_parse_attrs_next(void *handle); +int STORE_parse_attrs_end(void *handle); +int STORE_parse_attrs_endp(void *handle); + +/* Creator and destructor */ +STORE_ATTR_INFO *STORE_ATTR_INFO_new(void); +int STORE_ATTR_INFO_free(STORE_ATTR_INFO *attrs); + +/* Manipulators */ +char *STORE_ATTR_INFO_get0_cstr(STORE_ATTR_INFO *attrs, STORE_ATTR_TYPES code); +unsigned char *STORE_ATTR_INFO_get0_sha1str(STORE_ATTR_INFO *attrs, + STORE_ATTR_TYPES code); +X509_NAME *STORE_ATTR_INFO_get0_dn(STORE_ATTR_INFO *attrs, STORE_ATTR_TYPES code); +BIGNUM *STORE_ATTR_INFO_get0_number(STORE_ATTR_INFO *attrs, STORE_ATTR_TYPES code); +int STORE_ATTR_INFO_set_cstr(STORE_ATTR_INFO *attrs, STORE_ATTR_TYPES code, + char *cstr, size_t cstr_size); +int STORE_ATTR_INFO_set_sha1str(STORE_ATTR_INFO *attrs, STORE_ATTR_TYPES code, + unsigned char *sha1str, size_t sha1str_size); +int STORE_ATTR_INFO_set_dn(STORE_ATTR_INFO *attrs, STORE_ATTR_TYPES code, + X509_NAME *dn); +int STORE_ATTR_INFO_set_number(STORE_ATTR_INFO *attrs, STORE_ATTR_TYPES code, + BIGNUM *number); +int STORE_ATTR_INFO_modify_cstr(STORE_ATTR_INFO *attrs, STORE_ATTR_TYPES code, + char *cstr, size_t cstr_size); +int STORE_ATTR_INFO_modify_sha1str(STORE_ATTR_INFO *attrs, STORE_ATTR_TYPES code, + unsigned char *sha1str, size_t sha1str_size); +int STORE_ATTR_INFO_modify_dn(STORE_ATTR_INFO *attrs, STORE_ATTR_TYPES code, + X509_NAME *dn); +int STORE_ATTR_INFO_modify_number(STORE_ATTR_INFO *attrs, STORE_ATTR_TYPES code, + BIGNUM *number); + +/* Compare on basis of a bit pattern formed by the STORE_ATTR_TYPES values + in each contained attribute. */ +int STORE_ATTR_INFO_compare(STORE_ATTR_INFO *a, STORE_ATTR_INFO *b); +/* Check if the set of attributes in a are also set in b. */ +int STORE_ATTR_INFO_in(STORE_ATTR_INFO *a, STORE_ATTR_INFO *b); +/* Same as STORE_ATTR_INFO_in(), but also checks the attribute values. */ +int STORE_ATTR_INFO_in_ex(STORE_ATTR_INFO *a, STORE_ATTR_INFO *b); + + +/* BEGIN ERROR CODES */ +/* The following lines are auto generated by the script mkerr.pl. Any changes + * made after this point may be overwritten when the script is next run. + */ +void ERR_load_STORE_strings(void); + +/* Error codes for the STORE functions. */ + +/* Function codes. */ +#define STORE_F_MEM_DELETE 134 +#define STORE_F_MEM_GENERATE 135 +#define STORE_F_MEM_LIST_NEXT 136 +#define STORE_F_MEM_LIST_START 137 +#define STORE_F_MEM_STORE 138 +#define STORE_F_STORE_ATTR_INFO_GET0_CSTR 139 +#define STORE_F_STORE_ATTR_INFO_GET0_DN 140 +#define STORE_F_STORE_ATTR_INFO_GET0_NUMBER 141 +#define STORE_F_STORE_ATTR_INFO_GET0_SHA1STR 142 +#define STORE_F_STORE_ATTR_INFO_MODIFY_CSTR 143 +#define STORE_F_STORE_ATTR_INFO_MODIFY_DN 144 +#define STORE_F_STORE_ATTR_INFO_MODIFY_NUMBER 145 +#define STORE_F_STORE_ATTR_INFO_MODIFY_SHA1STR 146 +#define STORE_F_STORE_ATTR_INFO_SET_CSTR 147 +#define STORE_F_STORE_ATTR_INFO_SET_DN 148 +#define STORE_F_STORE_ATTR_INFO_SET_NUMBER 149 +#define STORE_F_STORE_ATTR_INFO_SET_SHA1STR 150 +#define STORE_F_STORE_CERTIFICATE 100 +#define STORE_F_STORE_CRL 101 +#define STORE_F_STORE_DELETE_CERTIFICATE 102 +#define STORE_F_STORE_DELETE_CRL 103 +#define STORE_F_STORE_DELETE_NUMBER 104 +#define STORE_F_STORE_DELETE_PRIVATE_KEY 105 +#define STORE_F_STORE_DELETE_PUBLIC_KEY 106 +#define STORE_F_STORE_GENERATE_CRL 107 +#define STORE_F_STORE_GENERATE_KEY 108 +#define STORE_F_STORE_GET_CERTIFICATE 109 +#define STORE_F_STORE_GET_CRL 110 +#define STORE_F_STORE_GET_NUMBER 111 +#define STORE_F_STORE_GET_PRIVATE_KEY 112 +#define STORE_F_STORE_GET_PUBLIC_KEY 113 +#define STORE_F_STORE_LIST_CERTIFICATE_END 114 +#define STORE_F_STORE_LIST_CERTIFICATE_NEXT 115 +#define STORE_F_STORE_LIST_CERTIFICATE_START 116 +#define STORE_F_STORE_LIST_CRL_END 117 +#define STORE_F_STORE_LIST_CRL_NEXT 118 +#define STORE_F_STORE_LIST_CRL_START 119 +#define STORE_F_STORE_LIST_PRIVATE_KEY_END 120 +#define STORE_F_STORE_LIST_PRIVATE_KEY_NEXT 121 +#define STORE_F_STORE_LIST_PRIVATE_KEY_START 122 +#define STORE_F_STORE_LIST_PUBLIC_KEY_END 123 +#define STORE_F_STORE_LIST_PUBLIC_KEY_NEXT 124 +#define STORE_F_STORE_LIST_PUBLIC_KEY_START 125 +#define STORE_F_STORE_NEW_ENGINE 133 +#define STORE_F_STORE_NEW_METHOD 132 +#define STORE_F_STORE_NUMBER 126 +#define STORE_F_STORE_PARSE_ATTRS_END 151 +#define STORE_F_STORE_PARSE_ATTRS_NEXT 152 +#define STORE_F_STORE_PRIVATE_KEY 127 +#define STORE_F_STORE_PUBLIC_KEY 128 +#define STORE_F_STORE_REVOKE_CERTIFICATE 129 +#define STORE_F_STORE_REVOKE_PRIVATE_KEY 130 +#define STORE_F_STORE_REVOKE_PUBLIC_KEY 131 + +/* Reason codes. */ +#define STORE_R_ALREADY_HAS_A_VALUE 127 +#define STORE_R_FAILED_DELETING_CERTIFICATE 100 +#define STORE_R_FAILED_DELETING_KEY 101 +#define STORE_R_FAILED_DELETING_NUMBER 102 +#define STORE_R_FAILED_GENERATING_CRL 103 +#define STORE_R_FAILED_GENERATING_KEY 104 +#define STORE_R_FAILED_GETTING_CERTIFICATE 105 +#define STORE_R_FAILED_GETTING_KEY 106 +#define STORE_R_FAILED_GETTING_NUMBER 107 +#define STORE_R_FAILED_LISTING_CERTIFICATES 108 +#define STORE_R_FAILED_LISTING_KEYS 109 +#define STORE_R_FAILED_REVOKING_CERTIFICATE 110 +#define STORE_R_FAILED_REVOKING_KEY 111 +#define STORE_R_FAILED_STORING_CERTIFICATE 112 +#define STORE_R_FAILED_STORING_KEY 113 +#define STORE_R_FAILED_STORING_NUMBER 114 +#define STORE_R_NOT_IMPLEMENTED 128 +#define STORE_R_NO_DELETE_NUMBER_FUNCTION 115 +#define STORE_R_NO_DELETE_OBJECT_FUNCTION 116 +#define STORE_R_NO_GENERATE_CRL_FUNCTION 117 +#define STORE_R_NO_GENERATE_OBJECT_FUNCTION 118 +#define STORE_R_NO_GET_OBJECT_FUNCTION 119 +#define STORE_R_NO_GET_OBJECT_NUMBER_FUNCTION 120 +#define STORE_R_NO_LIST_OBJECT_END_FUNCTION 121 +#define STORE_R_NO_LIST_OBJECT_NEXT_FUNCTION 122 +#define STORE_R_NO_LIST_OBJECT_START_FUNCTION 123 +#define STORE_R_NO_REVOKE_OBJECT_FUNCTION 124 +#define STORE_R_NO_STORE 129 +#define STORE_R_NO_STORE_OBJECT_FUNCTION 125 +#define STORE_R_NO_STORE_OBJECT_NUMBER_FUNCTION 126 +#define STORE_R_NO_VALUE 130 + +#ifdef __cplusplus +} +#endif +#endif diff --git a/crypto/store/str_err.c b/crypto/store/str_err.c new file mode 100644 index 0000000000..ac88dff0e1 --- /dev/null +++ b/crypto/store/str_err.c @@ -0,0 +1,176 @@ +/* crypto/store/str_err.c */ +/* ==================================================================== + * Copyright (c) 1999-2003 The OpenSSL Project. All rights reserved. + * + * Redistribution and use in source and binary forms, with or without + * modification, are permitted provided that the following conditions + * are met: + * + * 1. Redistributions of source code must retain the above copyright + * notice, this list of conditions and the following disclaimer. + * + * 2. Redistributions in binary form must reproduce the above copyright + * notice, this list of conditions and the following disclaimer in + * the documentation and/or other materials provided with the + * distribution. + * + * 3. All advertising materials mentioning features or use of this + * software must display the following acknowledgment: + * "This product includes software developed by the OpenSSL Project + * for use in the OpenSSL Toolkit. (http://www.OpenSSL.org/)" + * + * 4. The names "OpenSSL Toolkit" and "OpenSSL Project" must not be used to + * endorse or promote products derived from this software without + * prior written permission. For written permission, please contact + * openssl-core@OpenSSL.org. + * + * 5. Products derived from this software may not be called "OpenSSL" + * nor may "OpenSSL" appear in their names without prior written + * permission of the OpenSSL Project. + * + * 6. Redistributions of any form whatsoever must retain the following + * acknowledgment: + * "This product includes software developed by the OpenSSL Project + * for use in the OpenSSL Toolkit (http://www.OpenSSL.org/)" + * + * THIS SOFTWARE IS PROVIDED BY THE OpenSSL PROJECT ``AS IS'' AND ANY + * EXPRESSED OR IMPLIED WARRANTIES, INCLUDING, BUT NOT LIMITED TO, THE + * IMPLIED WARRANTIES OF MERCHANTABILITY AND FITNESS FOR A PARTICULAR + * PURPOSE ARE DISCLAIMED. IN NO EVENT SHALL THE OpenSSL PROJECT OR + * ITS CONTRIBUTORS BE LIABLE FOR ANY DIRECT, INDIRECT, INCIDENTAL, + * SPECIAL, EXEMPLARY, OR CONSEQUENTIAL DAMAGES (INCLUDING, BUT + * NOT LIMITED TO, PROCUREMENT OF SUBSTITUTE GOODS OR SERVICES; + * LOSS OF USE, DATA, OR PROFITS; OR BUSINESS INTERRUPTION) + * HOWEVER CAUSED AND ON ANY THEORY OF LIABILITY, WHETHER IN CONTRACT, + * STRICT LIABILITY, OR TORT (INCLUDING NEGLIGENCE OR OTHERWISE) + * ARISING IN ANY WAY OUT OF THE USE OF THIS SOFTWARE, EVEN IF ADVISED + * OF THE POSSIBILITY OF SUCH DAMAGE. + * ==================================================================== + * + * This product includes cryptographic software written by Eric Young + * (eay@cryptsoft.com). This product includes software written by Tim + * Hudson (tjh@cryptsoft.com). + * + */ + +/* NOTE: this file was auto generated by the mkerr.pl script: any changes + * made to it will be overwritten when the script next updates this file, + * only reason strings will be preserved. + */ + +#include +#include +#include + +/* BEGIN ERROR CODES */ +#ifndef OPENSSL_NO_ERR +static ERR_STRING_DATA STORE_str_functs[]= + { +{ERR_PACK(0,STORE_F_MEM_DELETE,0), "MEM_DELETE"}, +{ERR_PACK(0,STORE_F_MEM_GENERATE,0), "MEM_GENERATE"}, +{ERR_PACK(0,STORE_F_MEM_LIST_NEXT,0), "MEM_LIST_NEXT"}, +{ERR_PACK(0,STORE_F_MEM_LIST_START,0), "MEM_LIST_START"}, +{ERR_PACK(0,STORE_F_MEM_STORE,0), "MEM_STORE"}, +{ERR_PACK(0,STORE_F_STORE_ATTR_INFO_GET0_CSTR,0), "STORE_ATTR_INFO_get0_cstr"}, +{ERR_PACK(0,STORE_F_STORE_ATTR_INFO_GET0_DN,0), "STORE_ATTR_INFO_get0_dn"}, +{ERR_PACK(0,STORE_F_STORE_ATTR_INFO_GET0_NUMBER,0), "STORE_ATTR_INFO_get0_number"}, +{ERR_PACK(0,STORE_F_STORE_ATTR_INFO_GET0_SHA1STR,0), "STORE_ATTR_INFO_get0_sha1str"}, +{ERR_PACK(0,STORE_F_STORE_ATTR_INFO_MODIFY_CSTR,0), "STORE_ATTR_INFO_modify_cstr"}, +{ERR_PACK(0,STORE_F_STORE_ATTR_INFO_MODIFY_DN,0), "STORE_ATTR_INFO_modify_dn"}, +{ERR_PACK(0,STORE_F_STORE_ATTR_INFO_MODIFY_NUMBER,0), "STORE_ATTR_INFO_modify_number"}, +{ERR_PACK(0,STORE_F_STORE_ATTR_INFO_MODIFY_SHA1STR,0), "STORE_ATTR_INFO_modify_sha1str"}, +{ERR_PACK(0,STORE_F_STORE_ATTR_INFO_SET_CSTR,0), "STORE_ATTR_INFO_set_cstr"}, +{ERR_PACK(0,STORE_F_STORE_ATTR_INFO_SET_DN,0), "STORE_ATTR_INFO_set_dn"}, +{ERR_PACK(0,STORE_F_STORE_ATTR_INFO_SET_NUMBER,0), "STORE_ATTR_INFO_set_number"}, +{ERR_PACK(0,STORE_F_STORE_ATTR_INFO_SET_SHA1STR,0), "STORE_ATTR_INFO_set_sha1str"}, +{ERR_PACK(0,STORE_F_STORE_CERTIFICATE,0), "STORE_CERTIFICATE"}, +{ERR_PACK(0,STORE_F_STORE_CRL,0), "STORE_CRL"}, +{ERR_PACK(0,STORE_F_STORE_DELETE_CERTIFICATE,0), "STORE_delete_certificate"}, +{ERR_PACK(0,STORE_F_STORE_DELETE_CRL,0), "STORE_delete_crl"}, +{ERR_PACK(0,STORE_F_STORE_DELETE_NUMBER,0), "STORE_delete_number"}, +{ERR_PACK(0,STORE_F_STORE_DELETE_PRIVATE_KEY,0), "STORE_delete_private_key"}, +{ERR_PACK(0,STORE_F_STORE_DELETE_PUBLIC_KEY,0), "STORE_delete_public_key"}, +{ERR_PACK(0,STORE_F_STORE_GENERATE_CRL,0), "STORE_generate_crl"}, +{ERR_PACK(0,STORE_F_STORE_GENERATE_KEY,0), "STORE_generate_key"}, +{ERR_PACK(0,STORE_F_STORE_GET_CERTIFICATE,0), "STORE_get_certificate"}, +{ERR_PACK(0,STORE_F_STORE_GET_CRL,0), "STORE_get_crl"}, +{ERR_PACK(0,STORE_F_STORE_GET_NUMBER,0), "STORE_get_number"}, +{ERR_PACK(0,STORE_F_STORE_GET_PRIVATE_KEY,0), "STORE_get_private_key"}, +{ERR_PACK(0,STORE_F_STORE_GET_PUBLIC_KEY,0), "STORE_get_public_key"}, +{ERR_PACK(0,STORE_F_STORE_LIST_CERTIFICATE_END,0), "STORE_list_certificate_end"}, +{ERR_PACK(0,STORE_F_STORE_LIST_CERTIFICATE_NEXT,0), "STORE_list_certificate_next"}, +{ERR_PACK(0,STORE_F_STORE_LIST_CERTIFICATE_START,0), "STORE_list_certificate_start"}, +{ERR_PACK(0,STORE_F_STORE_LIST_CRL_END,0), "STORE_list_crl_end"}, +{ERR_PACK(0,STORE_F_STORE_LIST_CRL_NEXT,0), "STORE_list_crl_next"}, +{ERR_PACK(0,STORE_F_STORE_LIST_CRL_START,0), "STORE_list_crl_start"}, +{ERR_PACK(0,STORE_F_STORE_LIST_PRIVATE_KEY_END,0), "STORE_list_private_key_end"}, +{ERR_PACK(0,STORE_F_STORE_LIST_PRIVATE_KEY_NEXT,0), "STORE_list_private_key_next"}, +{ERR_PACK(0,STORE_F_STORE_LIST_PRIVATE_KEY_START,0), "STORE_list_private_key_start"}, +{ERR_PACK(0,STORE_F_STORE_LIST_PUBLIC_KEY_END,0), "STORE_list_public_key_end"}, +{ERR_PACK(0,STORE_F_STORE_LIST_PUBLIC_KEY_NEXT,0), "STORE_list_public_key_next"}, +{ERR_PACK(0,STORE_F_STORE_LIST_PUBLIC_KEY_START,0), "STORE_list_public_key_start"}, +{ERR_PACK(0,STORE_F_STORE_NEW_ENGINE,0), "STORE_NEW_ENGINE"}, +{ERR_PACK(0,STORE_F_STORE_NEW_METHOD,0), "STORE_new_method"}, +{ERR_PACK(0,STORE_F_STORE_NUMBER,0), "STORE_NUMBER"}, +{ERR_PACK(0,STORE_F_STORE_PARSE_ATTRS_END,0), "STORE_PARSE_ATTRS_END"}, +{ERR_PACK(0,STORE_F_STORE_PARSE_ATTRS_NEXT,0), "STORE_parse_attrs_next"}, +{ERR_PACK(0,STORE_F_STORE_PRIVATE_KEY,0), "STORE_PRIVATE_KEY"}, +{ERR_PACK(0,STORE_F_STORE_PUBLIC_KEY,0), "STORE_PUBLIC_KEY"}, +{ERR_PACK(0,STORE_F_STORE_REVOKE_CERTIFICATE,0), "STORE_revoke_certificate"}, +{ERR_PACK(0,STORE_F_STORE_REVOKE_PRIVATE_KEY,0), "STORE_revoke_private_key"}, +{ERR_PACK(0,STORE_F_STORE_REVOKE_PUBLIC_KEY,0), "STORE_revoke_public_key"}, +{0,NULL} + }; + +static ERR_STRING_DATA STORE_str_reasons[]= + { +{STORE_R_ALREADY_HAS_A_VALUE ,"already has a value"}, +{STORE_R_FAILED_DELETING_CERTIFICATE ,"failed deleting certificate"}, +{STORE_R_FAILED_DELETING_KEY ,"failed deleting key"}, +{STORE_R_FAILED_DELETING_NUMBER ,"failed deleting number"}, +{STORE_R_FAILED_GENERATING_CRL ,"failed generating crl"}, +{STORE_R_FAILED_GENERATING_KEY ,"failed generating key"}, +{STORE_R_FAILED_GETTING_CERTIFICATE ,"failed getting certificate"}, +{STORE_R_FAILED_GETTING_KEY ,"failed getting key"}, +{STORE_R_FAILED_GETTING_NUMBER ,"failed getting number"}, +{STORE_R_FAILED_LISTING_CERTIFICATES ,"failed listing certificates"}, +{STORE_R_FAILED_LISTING_KEYS ,"failed listing keys"}, +{STORE_R_FAILED_REVOKING_CERTIFICATE ,"failed revoking certificate"}, +{STORE_R_FAILED_REVOKING_KEY ,"failed revoking key"}, +{STORE_R_FAILED_STORING_CERTIFICATE ,"failed storing certificate"}, +{STORE_R_FAILED_STORING_KEY ,"failed storing key"}, +{STORE_R_FAILED_STORING_NUMBER ,"failed storing number"}, +{STORE_R_NOT_IMPLEMENTED ,"not implemented"}, +{STORE_R_NO_DELETE_NUMBER_FUNCTION ,"no delete number function"}, +{STORE_R_NO_DELETE_OBJECT_FUNCTION ,"no delete object function"}, +{STORE_R_NO_GENERATE_CRL_FUNCTION ,"no generate crl function"}, +{STORE_R_NO_GENERATE_OBJECT_FUNCTION ,"no generate object function"}, +{STORE_R_NO_GET_OBJECT_FUNCTION ,"no get object function"}, +{STORE_R_NO_GET_OBJECT_NUMBER_FUNCTION ,"no get object number function"}, +{STORE_R_NO_LIST_OBJECT_END_FUNCTION ,"no list object end function"}, +{STORE_R_NO_LIST_OBJECT_NEXT_FUNCTION ,"no list object next function"}, +{STORE_R_NO_LIST_OBJECT_START_FUNCTION ,"no list object start function"}, +{STORE_R_NO_REVOKE_OBJECT_FUNCTION ,"no revoke object function"}, +{STORE_R_NO_STORE ,"no store"}, +{STORE_R_NO_STORE_OBJECT_FUNCTION ,"no store object function"}, +{STORE_R_NO_STORE_OBJECT_NUMBER_FUNCTION ,"no store object number function"}, +{STORE_R_NO_VALUE ,"no value"}, +{0,NULL} + }; + +#endif + +void ERR_load_STORE_strings(void) + { + static int init=1; + + if (init) + { + init=0; +#ifndef OPENSSL_NO_ERR + ERR_load_strings(ERR_LIB_STORE,STORE_str_functs); + ERR_load_strings(ERR_LIB_STORE,STORE_str_reasons); +#endif + + } + } diff --git a/crypto/store/str_lib.c b/crypto/store/str_lib.c new file mode 100644 index 0000000000..8383a30e19 --- /dev/null +++ b/crypto/store/str_lib.c @@ -0,0 +1,1507 @@ +/* crypto/store/str_lib.c -*- mode:C; c-file-style: "eay" -*- */ +/* Written by Richard Levitte (richard@levitte.org) for the OpenSSL + * project 2003. + */ +/* ==================================================================== + * Copyright (c) 2003 The OpenSSL Project. All rights reserved. + * + * Redistribution and use in source and binary forms, with or without + * modification, are permitted provided that the following conditions + * are met: + * + * 1. Redistributions of source code must retain the above copyright + * notice, this list of conditions and the following disclaimer. + * + * 2. Redistributions in binary form must reproduce the above copyright + * notice, this list of conditions and the following disclaimer in + * the documentation and/or other materials provided with the + * distribution. + * + * 3. All advertising materials mentioning features or use of this + * software must display the following acknowledgment: + * "This product includes software developed by the OpenSSL Project + * for use in the OpenSSL Toolkit. (http://www.openssl.org/)" + * + * 4. The names "OpenSSL Toolkit" and "OpenSSL Project" must not be used to + * endorse or promote products derived from this software without + * prior written permission. For written permission, please contact + * openssl-core@openssl.org. + * + * 5. Products derived from this software may not be called "OpenSSL" + * nor may "OpenSSL" appear in their names without prior written + * permission of the OpenSSL Project. + * + * 6. Redistributions of any form whatsoever must retain the following + * acknowledgment: + * "This product includes software developed by the OpenSSL Project + * for use in the OpenSSL Toolkit (http://www.openssl.org/)" + * + * THIS SOFTWARE IS PROVIDED BY THE OpenSSL PROJECT ``AS IS'' AND ANY + * EXPRESSED OR IMPLIED WARRANTIES, INCLUDING, BUT NOT LIMITED TO, THE + * IMPLIED WARRANTIES OF MERCHANTABILITY AND FITNESS FOR A PARTICULAR + * PURPOSE ARE DISCLAIMED. IN NO EVENT SHALL THE OpenSSL PROJECT OR + * ITS CONTRIBUTORS BE LIABLE FOR ANY DIRECT, INDIRECT, INCIDENTAL, + * SPECIAL, EXEMPLARY, OR CONSEQUENTIAL DAMAGES (INCLUDING, BUT + * NOT LIMITED TO, PROCUREMENT OF SUBSTITUTE GOODS OR SERVICES; + * LOSS OF USE, DATA, OR PROFITS; OR BUSINESS INTERRUPTION) + * HOWEVER CAUSED AND ON ANY THEORY OF LIABILITY, WHETHER IN CONTRACT, + * STRICT LIABILITY, OR TORT (INCLUDING NEGLIGENCE OR OTHERWISE) + * ARISING IN ANY WAY OUT OF THE USE OF THIS SOFTWARE, EVEN IF ADVISED + * OF THE POSSIBILITY OF SUCH DAMAGE. + * ==================================================================== + * + * This product includes cryptographic software written by Eric Young + * (eay@cryptsoft.com). This product includes software written by Tim + * Hudson (tjh@cryptsoft.com). + * + */ + +#include +#include +#include +#include +#include "str_locl.h" + +const char * const STORE_object_type_string[STORE_OBJECT_TYPE_NUM+1] = + { + 0, + "X.509 Certificate", + "X.509 CRL", + "Private Key", + "Public Key", + "Number" + }; + +const int STORE_param_sizes[STORE_PARAM_TYPE_NUM+1] = + { + 0, + sizeof(int), /* EVP_TYPE */ + sizeof(size_t), /* BITS */ + -1, /* KEY_PARAMETERS */ + 0 /* KEY_NO_PARAMETERS */ + }; + +const int STORE_attr_sizes[STORE_ATTR_TYPE_NUM+1] = + { + 0, + -1, /* FRIENDLYNAME: C string */ + SHA_DIGEST_LENGTH, /* KEYID: SHA1 digest, 160 bits */ + SHA_DIGEST_LENGTH, /* ISSUERKEYID: SHA1 digest, 160 bits */ + SHA_DIGEST_LENGTH, /* SUBJECTKEYID: SHA1 digest, 160 bits */ + SHA_DIGEST_LENGTH, /* ISSUERSERIALHASH: SHA1 digest, 160 bits */ + sizeof(X509_NAME *), /* ISSUER: X509_NAME * */ + sizeof(BIGNUM *), /* SERIAL: BIGNUM * */ + sizeof(X509_NAME *), /* SUBJECT: X509_NAME * */ + SHA_DIGEST_LENGTH, /* CERTHASH: SHA1 digest, 160 bits */ + -1, /* EMAIL: C string */ + -1, /* FILENAME: C string */ + }; + +STORE *STORE_new_method(const STORE_METHOD *method) + { + STORE *ret; + + ret=(STORE *)OPENSSL_malloc(sizeof(STORE)); + if (ret == NULL) + { + STOREerr(STORE_F_STORE_NEW_METHOD,ERR_R_MALLOC_FAILURE); + return NULL; + } + if (method == NULL) + { + STOREerr(STORE_F_STORE_NEW_METHOD,ERR_R_PASSED_NULL_PARAMETER); + return NULL; + } + else + ret->meth=method; + + CRYPTO_new_ex_data(CRYPTO_EX_INDEX_STORE, ret, &ret->ex_data); + if (ret->meth->init && !ret->meth->init(ret)) + { + STORE_free(ret); + ret = NULL; + } + return ret; + } + +STORE *STORE_new_engine(ENGINE *engine) + { + STORE *ret = NULL; + ENGINE *e = engine; + const STORE_METHOD *meth = 0; + +#ifdef OPENSSL_NO_ENGINE + e = NULL; +#else + if (engine) + { + if (!ENGINE_init(engine)) + { + STOREerr(STORE_F_STORE_NEW_ENGINE, ERR_R_ENGINE_LIB); + return NULL; + } + e = engine; + } + else + { + STOREerr(STORE_F_STORE_NEW_ENGINE,ERR_R_PASSED_NULL_PARAMETER); + return NULL; + } + if(e) + { + meth = ENGINE_get_STORE(e); + if(!meth) + { + STOREerr(STORE_F_STORE_NEW_ENGINE, + ERR_R_ENGINE_LIB); + ENGINE_finish(e); + return NULL; + } + } +#endif + + ret = STORE_new_method(meth); + if (ret == NULL) + { + STOREerr(STORE_F_STORE_NEW_ENGINE,ERR_R_STORE_LIB); + return NULL; + } + + ret->engine = e; + + return(ret); + } + +void STORE_free(STORE *store) + { + if (store == NULL) + return; + if (store->meth->clean) + store->meth->clean(store); + CRYPTO_free_ex_data(CRYPTO_EX_INDEX_STORE, store, &store->ex_data); + OPENSSL_free(store); + } + + +int STORE_get_ex_new_index(long argl, void *argp, CRYPTO_EX_new *new_func, + CRYPTO_EX_dup *dup_func, CRYPTO_EX_free *free_func) + { + return CRYPTO_get_ex_new_index(CRYPTO_EX_INDEX_STORE, argl, argp, + new_func, dup_func, free_func); + } + +int STORE_set_ex_data(STORE *r, int idx, void *arg) + { + return(CRYPTO_set_ex_data(&r->ex_data,idx,arg)); + } + +void *STORE_get_ex_data(STORE *r, int idx) + { + return(CRYPTO_get_ex_data(&r->ex_data,idx)); + } + +const STORE_METHOD *STORE_get_method(STORE *store) + { + return store->meth; + } + +const STORE_METHOD *STORE_set_method(STORE *store, const STORE_METHOD *meth) + { + store->meth=meth; + return store->meth; + } + + +/* API helpers */ + +#define check_store(s,fncode,fnname,fnerrcode) \ + do \ + { \ + if ((s) == NULL || (s)->meth) \ + { \ + STOREerr((fncode), ERR_R_PASSED_NULL_PARAMETER); \ + return 0; \ + } \ + if ((s)->meth->fnname == NULL) \ + { \ + STOREerr((fncode), (fnerrcode)); \ + return 0; \ + } \ + } \ + while(0) + +/* API functions */ + +X509 *STORE_get_certificate(STORE *s, OPENSSL_ITEM attributes[]) + { + STORE_OBJECT *object; + X509 *x; + + check_store(s,STORE_F_STORE_GET_CERTIFICATE, + get_object,STORE_R_NO_GET_OBJECT_FUNCTION); + + object = s->meth->get_object(s, STORE_OBJECT_TYPE_X509_CERTIFICATE, attributes); + if (!object || !object->data.x509.certificate) + { + STOREerr(STORE_F_STORE_GET_CERTIFICATE, + STORE_R_FAILED_GETTING_CERTIFICATE); + return 0; + } + CRYPTO_add(&object->data.x509.certificate->references,1,CRYPTO_LOCK_X509); +#ifdef REF_PRINT + REF_PRINT("X509",data); +#endif + x = object->data.x509.certificate; + STORE_OBJECT_free(object); + return x; + } + +int store_certificate(STORE *s, X509 *data, OPENSSL_ITEM attributes[]) + { + STORE_OBJECT *object = STORE_OBJECT_new(); + int i; + + check_store(s,STORE_F_STORE_CERTIFICATE, + store_object,STORE_R_NO_STORE_OBJECT_FUNCTION); + + if (!object) + { + STOREerr(STORE_F_STORE_CERTIFICATE, + ERR_R_MALLOC_FAILURE); + return 0; + } + + CRYPTO_add(&data->references,1,CRYPTO_LOCK_X509); +#ifdef REF_PRINT + REF_PRINT("X509",data); +#endif + object->data.x509.certificate = data; + + i = s->meth->store_object(s, STORE_OBJECT_TYPE_X509_CERTIFICATE, object, attributes); + + STORE_OBJECT_free(object); + + if (!i) + { + STOREerr(STORE_F_STORE_CERTIFICATE, + STORE_R_FAILED_STORING_CERTIFICATE); + return 0; + } + return 1; + } + +int STORE_revoke_certificate(STORE *s, OPENSSL_ITEM attributes[]) + { + check_store(s,STORE_F_STORE_REVOKE_CERTIFICATE, + revoke_object,STORE_R_NO_REVOKE_OBJECT_FUNCTION); + + if (!s->meth->revoke_object(s, STORE_OBJECT_TYPE_X509_CERTIFICATE, attributes)) + { + STOREerr(STORE_F_STORE_REVOKE_CERTIFICATE, + STORE_R_FAILED_REVOKING_CERTIFICATE); + return 0; + } + return 1; + } + +int STORE_delete_certificate(STORE *s, OPENSSL_ITEM attributes[]) + { + check_store(s,STORE_F_STORE_DELETE_CERTIFICATE, + delete_object,STORE_R_NO_DELETE_OBJECT_FUNCTION); + + if (!s->meth->delete_object(s, STORE_OBJECT_TYPE_X509_CERTIFICATE, attributes)) + { + STOREerr(STORE_F_STORE_DELETE_CERTIFICATE, + STORE_R_FAILED_DELETING_CERTIFICATE); + return 0; + } + return 1; + } + +void *STORE_list_certificate_start(STORE *s, OPENSSL_ITEM attributes[]) + { + void *handle; + + check_store(s,STORE_F_STORE_LIST_CERTIFICATE_START, + list_object_start,STORE_R_NO_LIST_OBJECT_START_FUNCTION); + + handle = s->meth->list_object_start(s, STORE_OBJECT_TYPE_X509_CERTIFICATE, attributes); + if (!handle) + { + STOREerr(STORE_F_STORE_LIST_CERTIFICATE_START, + STORE_R_FAILED_LISTING_CERTIFICATES); + return 0; + } + return handle; + } + +X509 *STORE_list_certificate_next(STORE *s, void *handle) + { + STORE_OBJECT *object; + X509 *x; + + check_store(s,STORE_F_STORE_LIST_CERTIFICATE_NEXT, + list_object_next,STORE_R_NO_LIST_OBJECT_NEXT_FUNCTION); + + object = s->meth->list_object_next(s, handle); + if (!object || !object->data.x509.certificate) + { + STOREerr(STORE_F_STORE_LIST_CERTIFICATE_NEXT, + STORE_R_FAILED_LISTING_CERTIFICATES); + return 0; + } + CRYPTO_add(&object->data.x509.certificate->references,1,CRYPTO_LOCK_X509); +#ifdef REF_PRINT + REF_PRINT("X509",data); +#endif + x = object->data.x509.certificate; + STORE_OBJECT_free(object); + return x; + } + +int STORE_list_certificate_end(STORE *s, void *handle) + { + check_store(s,STORE_F_STORE_LIST_CERTIFICATE_END, + list_object_end,STORE_R_NO_LIST_OBJECT_END_FUNCTION); + + if (!s->meth->list_object_end(s, handle)) + { + STOREerr(STORE_F_STORE_LIST_CERTIFICATE_END, + STORE_R_FAILED_LISTING_CERTIFICATES); + return 0; + } + return 1; + } + +int STORE_list_certificate_endp(STORE *s, void *handle) + { + check_store(s,STORE_F_STORE_LIST_CERTIFICATE_ENDP, + list_object_endp,STORE_R_NO_LIST_OBJECT_ENDP_FUNCTION); + + if (!s->meth->list_object_endp(s, handle)) + { + STOREerr(STORE_F_STORE_LIST_CERTIFICATE_ENDP, + STORE_R_FAILED_LISTING_CERTIFICATES); + return 0; + } + return 1; + } + +EVP_PKEY *STORE_generate_key(STORE *s, + int evp_type, size_t bits, OPENSSL_ITEM attributes[]) + { + STORE_OBJECT *object; + EVP_PKEY *pkey; + OPENSSL_ITEM params[3]; + + params[0].code = STORE_PARAM_EVP_TYPE; + params[0].value = &evp_type; + params[0].value_size = sizeof(evp_type); + params[1].code = STORE_PARAM_BITS; + params[1].value = &bits; + params[1].value_size = sizeof(bits); + params[2].code = 0; + + check_store(s,STORE_F_STORE_GENERATE_KEY, + generate_object,STORE_R_NO_GENERATE_OBJECT_FUNCTION); + + object = s->meth->generate_object(s, STORE_OBJECT_TYPE_PRIVATE_KEY, + params, attributes); + if (!object || !object->data.key) + { + STOREerr(STORE_F_STORE_GENERATE_KEY, + STORE_R_FAILED_GENERATING_KEY); + return 0; + } + CRYPTO_add(&object->data.key->references,1,CRYPTO_LOCK_EVP_PKEY); +#ifdef REF_PRINT + REF_PRINT("EVP_PKEY",data); +#endif + pkey = object->data.key; + STORE_OBJECT_free(object); + return pkey; + } + +EVP_PKEY *STORE_get_private_key(STORE *s, OPENSSL_ITEM attributes[]) + { + STORE_OBJECT *object; + EVP_PKEY *pkey; + + check_store(s,STORE_F_STORE_GET_PRIVATE_KEY, + get_object,STORE_R_NO_GET_OBJECT_FUNCTION); + + object = s->meth->get_object(s, STORE_OBJECT_TYPE_PRIVATE_KEY, attributes); + if (!object || !object->data.key || !object->data.key) + { + STOREerr(STORE_F_STORE_GET_PRIVATE_KEY, + STORE_R_FAILED_GETTING_KEY); + return 0; + } + CRYPTO_add(&object->data.key->references,1,CRYPTO_LOCK_EVP_PKEY); +#ifdef REF_PRINT + REF_PRINT("EVP_PKEY",data); +#endif + pkey = object->data.key; + STORE_OBJECT_free(object); + return pkey; + } + +int store_private_key(STORE *s, EVP_PKEY *data, OPENSSL_ITEM attributes[]) + { + STORE_OBJECT *object = STORE_OBJECT_new(); + int i; + + check_store(s,STORE_F_STORE_PRIVATE_KEY, + store_object,STORE_R_NO_STORE_OBJECT_FUNCTION); + + if (!object) + { + STOREerr(STORE_F_STORE_PRIVATE_KEY, + ERR_R_MALLOC_FAILURE); + return 0; + } + object->data.key = EVP_PKEY_new(); + if (!object->data.key) + { + STOREerr(STORE_F_STORE_PRIVATE_KEY, + ERR_R_MALLOC_FAILURE); + return 0; + } + + CRYPTO_add(&data->references,1,CRYPTO_LOCK_EVP_PKEY); +#ifdef REF_PRINT + REF_PRINT("EVP_PKEY",data); +#endif + object->data.key = data; + + i = s->meth->store_object(s, STORE_OBJECT_TYPE_PRIVATE_KEY, object, attributes); + + STORE_OBJECT_free(object); + + if (!i) + { + STOREerr(STORE_F_STORE_PRIVATE_KEY, + STORE_R_FAILED_STORING_KEY); + return 0; + } + return i; + } + +int STORE_revoke_private_key(STORE *s, OPENSSL_ITEM attributes[]) + { + int i; + + check_store(s,STORE_F_STORE_REVOKE_PRIVATE_KEY, + revoke_object,STORE_R_NO_REVOKE_OBJECT_FUNCTION); + + i = s->meth->revoke_object(s, STORE_OBJECT_TYPE_PRIVATE_KEY, attributes); + + if (!i) + { + STOREerr(STORE_F_STORE_REVOKE_PRIVATE_KEY, + STORE_R_FAILED_REVOKING_KEY); + return 0; + } + return i; + } + +int STORE_delete_private_key(STORE *s, OPENSSL_ITEM attributes[]) + { + check_store(s,STORE_F_STORE_DELETE_PRIVATE_KEY, + delete_object,STORE_R_NO_DELETE_OBJECT_FUNCTION); + + if (!s->meth->delete_object(s, STORE_OBJECT_TYPE_PRIVATE_KEY, attributes)) + { + STOREerr(STORE_F_STORE_DELETE_PRIVATE_KEY, + STORE_R_FAILED_DELETING_KEY); + return 0; + } + return 1; + } + +void *STORE_list_private_key_start(STORE *s, OPENSSL_ITEM attributes[]) + { + void *handle; + + check_store(s,STORE_F_STORE_LIST_PRIVATE_KEY_START, + list_object_start,STORE_R_NO_LIST_OBJECT_START_FUNCTION); + + handle = s->meth->list_object_start(s, STORE_OBJECT_TYPE_PRIVATE_KEY, attributes); + if (!handle) + { + STOREerr(STORE_F_STORE_LIST_PRIVATE_KEY_START, + STORE_R_FAILED_LISTING_KEYS); + return 0; + } + return handle; + } + +EVP_PKEY *STORE_list_private_key_next(STORE *s, void *handle) + { + STORE_OBJECT *object; + EVP_PKEY *pkey; + + check_store(s,STORE_F_STORE_LIST_PRIVATE_KEY_NEXT, + list_object_next,STORE_R_NO_LIST_OBJECT_NEXT_FUNCTION); + + object = s->meth->list_object_next(s, handle); + if (!object || !object->data.key || !object->data.key) + { + STOREerr(STORE_F_STORE_LIST_PRIVATE_KEY_NEXT, + STORE_R_FAILED_LISTING_KEYS); + return 0; + } + CRYPTO_add(&object->data.key->references,1,CRYPTO_LOCK_EVP_PKEY); +#ifdef REF_PRINT + REF_PRINT("EVP_PKEY",data); +#endif + pkey = object->data.key; + STORE_OBJECT_free(object); + return pkey; + } + +int STORE_list_private_key_end(STORE *s, void *handle) + { + check_store(s,STORE_F_STORE_LIST_PRIVATE_KEY_END, + list_object_end,STORE_R_NO_LIST_OBJECT_END_FUNCTION); + + if (!s->meth->list_object_end(s, handle)) + { + STOREerr(STORE_F_STORE_LIST_PRIVATE_KEY_END, + STORE_R_FAILED_LISTING_KEYS); + return 0; + } + return 1; + } + +int STORE_list_private_key_endp(STORE *s, void *handle) + { + check_store(s,STORE_F_STORE_LIST_PRIVATE_KEY_ENDP, + list_object_endp,STORE_R_NO_LIST_OBJECT_ENDP_FUNCTION); + + if (!s->meth->list_object_endp(s, handle)) + { + STOREerr(STORE_F_STORE_LIST_PRIVATE_KEY_ENDP, + STORE_R_FAILED_LISTING_KEYS); + return 0; + } + return 1; + } + +EVP_PKEY *STORE_get_public_key(STORE *s, OPENSSL_ITEM attributes[]) + { + STORE_OBJECT *object; + EVP_PKEY *pkey; + + check_store(s,STORE_F_STORE_GET_PUBLIC_KEY, + get_object,STORE_R_NO_GET_OBJECT_FUNCTION); + + object = s->meth->get_object(s, STORE_OBJECT_TYPE_PUBLIC_KEY, attributes); + if (!object || !object->data.key || !object->data.key) + { + STOREerr(STORE_F_STORE_GET_PUBLIC_KEY, + STORE_R_FAILED_GETTING_KEY); + return 0; + } + CRYPTO_add(&object->data.key->references,1,CRYPTO_LOCK_EVP_PKEY); +#ifdef REF_PRINT + REF_PRINT("EVP_PKEY",data); +#endif + pkey = object->data.key; + STORE_OBJECT_free(object); + return pkey; + } + +int store_public_key(STORE *s, EVP_PKEY *data, OPENSSL_ITEM attributes[]) + { + STORE_OBJECT *object = STORE_OBJECT_new(); + int i; + + check_store(s,STORE_F_STORE_PUBLIC_KEY, + store_object,STORE_R_NO_STORE_OBJECT_FUNCTION); + + if (!object) + { + STOREerr(STORE_F_STORE_PUBLIC_KEY, + ERR_R_MALLOC_FAILURE); + return 0; + } + object->data.key = EVP_PKEY_new(); + if (!object->data.key) + { + STOREerr(STORE_F_STORE_PUBLIC_KEY, + ERR_R_MALLOC_FAILURE); + return 0; + } + + CRYPTO_add(&data->references,1,CRYPTO_LOCK_EVP_PKEY); +#ifdef REF_PRINT + REF_PRINT("EVP_PKEY",data); +#endif + object->data.key = data; + + i = s->meth->store_object(s, STORE_OBJECT_TYPE_PUBLIC_KEY, object, attributes); + + STORE_OBJECT_free(object); + + if (!i) + { + STOREerr(STORE_F_STORE_PUBLIC_KEY, + STORE_R_FAILED_STORING_KEY); + return 0; + } + return i; + } + +int STORE_revoke_public_key(STORE *s, OPENSSL_ITEM attributes[]) + { + int i; + + check_store(s,STORE_F_STORE_REVOKE_PUBLIC_KEY, + revoke_object,STORE_R_NO_REVOKE_OBJECT_FUNCTION); + + i = s->meth->revoke_object(s, STORE_OBJECT_TYPE_PUBLIC_KEY, attributes); + + if (!i) + { + STOREerr(STORE_F_STORE_REVOKE_PUBLIC_KEY, + STORE_R_FAILED_REVOKING_KEY); + return 0; + } + return i; + } + +int STORE_delete_public_key(STORE *s, OPENSSL_ITEM attributes[]) + { + check_store(s,STORE_F_STORE_DELETE_PUBLIC_KEY, + delete_object,STORE_R_NO_DELETE_OBJECT_FUNCTION); + + if (!s->meth->delete_object(s, STORE_OBJECT_TYPE_PUBLIC_KEY, attributes)) + { + STOREerr(STORE_F_STORE_DELETE_PUBLIC_KEY, + STORE_R_FAILED_DELETING_KEY); + return 0; + } + return 1; + } + +void *STORE_list_public_key_start(STORE *s, OPENSSL_ITEM attributes[]) + { + void *handle; + + check_store(s,STORE_F_STORE_LIST_PUBLIC_KEY_START, + list_object_start,STORE_R_NO_LIST_OBJECT_START_FUNCTION); + + handle = s->meth->list_object_start(s, STORE_OBJECT_TYPE_PUBLIC_KEY, attributes); + if (!handle) + { + STOREerr(STORE_F_STORE_LIST_PUBLIC_KEY_START, + STORE_R_FAILED_LISTING_KEYS); + return 0; + } + return handle; + } + +EVP_PKEY *STORE_list_public_key_next(STORE *s, void *handle) + { + STORE_OBJECT *object; + EVP_PKEY *pkey; + + check_store(s,STORE_F_STORE_LIST_PUBLIC_KEY_NEXT, + list_object_next,STORE_R_NO_LIST_OBJECT_NEXT_FUNCTION); + + object = s->meth->list_object_next(s, handle); + if (!object || !object->data.key || !object->data.key) + { + STOREerr(STORE_F_STORE_LIST_PUBLIC_KEY_NEXT, + STORE_R_FAILED_LISTING_KEYS); + return 0; + } + CRYPTO_add(&object->data.key->references,1,CRYPTO_LOCK_EVP_PKEY); +#ifdef REF_PRINT + REF_PRINT("EVP_PKEY",data); +#endif + pkey = object->data.key; + STORE_OBJECT_free(object); + return pkey; + } + +int STORE_list_public_key_end(STORE *s, void *handle) + { + check_store(s,STORE_F_STORE_LIST_PUBLIC_KEY_END, + list_object_end,STORE_R_NO_LIST_OBJECT_END_FUNCTION); + + if (!s->meth->list_object_end(s, handle)) + { + STOREerr(STORE_F_STORE_LIST_PUBLIC_KEY_END, + STORE_R_FAILED_LISTING_KEYS); + return 0; + } + return 1; + } + +int STORE_list_public_key_endp(STORE *s, void *handle) + { + check_store(s,STORE_F_STORE_LIST_PUBLIC_KEY_ENDP, + list_object_endp,STORE_R_NO_LIST_OBJECT_ENDP_FUNCTION); + + if (!s->meth->list_object_endp(s, handle)) + { + STOREerr(STORE_F_STORE_LIST_PUBLIC_KEY_ENDP, + STORE_R_FAILED_LISTING_KEYS); + return 0; + } + return 1; + } + +X509_CRL *STORE_generate_crl(STORE *s, OPENSSL_ITEM attributes[]) + { + STORE_OBJECT *object; + X509_CRL *crl; + + check_store(s,STORE_F_STORE_GENERATE_CRL, + generate_object,STORE_R_NO_GENERATE_CRL_FUNCTION); + + object = s->meth->generate_object(s, STORE_OBJECT_TYPE_X509_CRL, 0, attributes); + if (!object || !object->data.crl) + { + STOREerr(STORE_F_STORE_GENERATE_CRL, + STORE_R_FAILED_GENERATING_CRL); + return 0; + } + CRYPTO_add(&object->data.crl->references,1,CRYPTO_LOCK_X509_CRL); +#ifdef REF_PRINT + REF_PRINT("X509_CRL",data); +#endif + crl = object->data.crl; + STORE_OBJECT_free(object); + return crl; + } + +X509_CRL *STORE_get_crl(STORE *s, OPENSSL_ITEM attributes[]) + { + STORE_OBJECT *object; + X509_CRL *crl; + + check_store(s,STORE_F_STORE_GET_CRL, + get_object,STORE_R_NO_GET_OBJECT_FUNCTION); + + object = s->meth->get_object(s, STORE_OBJECT_TYPE_X509_CRL, attributes); + if (!object || !object->data.crl) + { + STOREerr(STORE_F_STORE_GET_CRL, + STORE_R_FAILED_GETTING_KEY); + return 0; + } + CRYPTO_add(&object->data.crl->references,1,CRYPTO_LOCK_X509_CRL); +#ifdef REF_PRINT + REF_PRINT("X509_CRL",data); +#endif + crl = object->data.crl; + STORE_OBJECT_free(object); + return crl; + } + +int store_crl(STORE *s, X509_CRL *data, OPENSSL_ITEM attributes[]) + { + STORE_OBJECT *object = STORE_OBJECT_new(); + int i; + + check_store(s,STORE_F_STORE_CRL, + store_object,STORE_R_NO_STORE_OBJECT_FUNCTION); + + if (!object) + { + STOREerr(STORE_F_STORE_CRL, + ERR_R_MALLOC_FAILURE); + return 0; + } + + CRYPTO_add(&data->references,1,CRYPTO_LOCK_X509_CRL); +#ifdef REF_PRINT + REF_PRINT("X509_CRL",data); +#endif + object->data.crl = data; + + i = s->meth->store_object(s, STORE_OBJECT_TYPE_X509_CRL, object, attributes); + + STORE_OBJECT_free(object); + + if (!i) + { + STOREerr(STORE_F_STORE_CRL, + STORE_R_FAILED_STORING_KEY); + return 0; + } + return i; + } + +int STORE_delete_crl(STORE *s, OPENSSL_ITEM attributes[]) + { + check_store(s,STORE_F_STORE_DELETE_CRL, + delete_object,STORE_R_NO_DELETE_OBJECT_FUNCTION); + + if (!s->meth->delete_object(s, STORE_OBJECT_TYPE_X509_CRL, attributes)) + { + STOREerr(STORE_F_STORE_DELETE_CRL, + STORE_R_FAILED_DELETING_KEY); + return 0; + } + return 1; + } + +void *STORE_list_crl_start(STORE *s, OPENSSL_ITEM attributes[]) + { + void *handle; + + check_store(s,STORE_F_STORE_LIST_CRL_START, + list_object_start,STORE_R_NO_LIST_OBJECT_START_FUNCTION); + + handle = s->meth->list_object_start(s, STORE_OBJECT_TYPE_X509_CRL, attributes); + if (!handle) + { + STOREerr(STORE_F_STORE_LIST_CRL_START, + STORE_R_FAILED_LISTING_KEYS); + return 0; + } + return handle; + } + +X509_CRL *STORE_list_crl_next(STORE *s, void *handle) + { + STORE_OBJECT *object; + X509_CRL *crl; + + check_store(s,STORE_F_STORE_LIST_CRL_NEXT, + list_object_next,STORE_R_NO_LIST_OBJECT_NEXT_FUNCTION); + + object = s->meth->list_object_next(s, handle); + if (!object || !object->data.crl) + { + STOREerr(STORE_F_STORE_LIST_CRL_NEXT, + STORE_R_FAILED_LISTING_KEYS); + return 0; + } + CRYPTO_add(&object->data.crl->references,1,CRYPTO_LOCK_X509_CRL); +#ifdef REF_PRINT + REF_PRINT("X509_CRL",data); +#endif + crl = object->data.crl; + STORE_OBJECT_free(object); + return crl; + } + +int STORE_list_crl_end(STORE *s, void *handle) + { + check_store(s,STORE_F_STORE_LIST_CRL_END, + list_object_end,STORE_R_NO_LIST_OBJECT_END_FUNCTION); + + if (!s->meth->list_object_end(s, handle)) + { + STOREerr(STORE_F_STORE_LIST_CRL_END, + STORE_R_FAILED_LISTING_KEYS); + return 0; + } + return 1; + } + +int STORE_list_crl_endp(STORE *s, void *handle) + { + check_store(s,STORE_F_STORE_LIST_CRL_ENDP, + list_object_endp,STORE_R_NO_LIST_OBJECT_ENDP_FUNCTION); + + if (!s->meth->list_object_endp(s, handle)) + { + STOREerr(STORE_F_STORE_LIST_CRL_ENDP, + STORE_R_FAILED_LISTING_KEYS); + return 0; + } + return 1; + } + +int store_number(STORE *s, BIGNUM *data, OPENSSL_ITEM attributes[]) + { + STORE_OBJECT *object = STORE_OBJECT_new(); + int i; + + check_store(s,STORE_F_STORE_NUMBER, + store_object,STORE_R_NO_STORE_OBJECT_NUMBER_FUNCTION); + + if (!object) + { + STOREerr(STORE_F_STORE_NUMBER, + ERR_R_MALLOC_FAILURE); + return 0; + } + + object->data.number = data; + + i = s->meth->store_object(s, STORE_OBJECT_TYPE_NUMBER, object, attributes); + + STORE_OBJECT_free(object); + + if (!i) + { + STOREerr(STORE_F_STORE_NUMBER, + STORE_R_FAILED_STORING_NUMBER); + return 0; + } + return 1; + } + +BIGNUM *STORE_get_number(STORE *s, OPENSSL_ITEM attributes[]) + { + STORE_OBJECT *object; + BIGNUM *n; + + check_store(s,STORE_F_STORE_GET_NUMBER, + get_object,STORE_R_NO_GET_OBJECT_NUMBER_FUNCTION); + + object = s->meth->get_object(s, STORE_OBJECT_TYPE_NUMBER, attributes); + if (!object || !object->data.number) + { + STOREerr(STORE_F_STORE_GET_NUMBER, + STORE_R_FAILED_GETTING_NUMBER); + return 0; + } + n = object->data.number; + object->data.number = NULL; + STORE_OBJECT_free(object); + return n; + } + +int STORE_delete_number(STORE *s, BIGNUM *data, OPENSSL_ITEM attributes[]) + { + check_store(s,STORE_F_STORE_DELETE_NUMBER, + delete_object,STORE_R_NO_DELETE_NUMBER_FUNCTION); + + if (!s->meth->delete_object(s, STORE_OBJECT_TYPE_NUMBER, attributes)) + { + STOREerr(STORE_F_STORE_DELETE_NUMBER, + STORE_R_FAILED_DELETING_NUMBER); + return 0; + } + return 1; + } + +STORE_OBJECT *STORE_OBJECT_new(void) + { + STORE_OBJECT *object = OPENSSL_malloc(sizeof(STORE_OBJECT)); + if (object) memset(object, 0, sizeof(STORE_OBJECT)); + return object; + } +void STORE_OBJECT_free(STORE_OBJECT *data) + { + if (!data) return; + switch (data->type) + { + case STORE_OBJECT_TYPE_X509_CERTIFICATE: + X509_free(data->data.x509.certificate); + break; + case STORE_OBJECT_TYPE_X509_CRL: + X509_CRL_free(data->data.crl); + break; + case STORE_OBJECT_TYPE_PRIVATE_KEY: + case STORE_OBJECT_TYPE_PUBLIC_KEY: + EVP_PKEY_free(data->data.key); + break; + case STORE_OBJECT_TYPE_NUMBER: + BN_free(data->data.number); + break; + } + OPENSSL_free(data); + } + +IMPLEMENT_STACK_OF(STORE_OBJECT*); + + +struct STORE_attr_info_st + { + unsigned char set[(STORE_ATTR_TYPE_NUM + 8) / 8]; + union + { + char *cstring; + unsigned char *sha1string; + X509_NAME *dn; + BIGNUM *number; + void *any; + } values[STORE_ATTR_TYPE_NUM+1]; + size_t value_sizes[STORE_ATTR_TYPE_NUM+1]; + }; + +#define ATTR_IS_SET(a,i) ((i) > 0 && (i) < STORE_ATTR_TYPE_NUM \ + && ((a)->set[(i) / 8] & (1 << ((i) % 8)))) +#define SET_ATTRBIT(a,i) ((a)->set[(i) / 8] |= (1 << ((i) % 8))) +#define CLEAR_ATTRBIT(a,i) ((a)->set[(i) / 8] &= ~(1 << ((i) % 8))) + +STORE_ATTR_INFO *STORE_ATTR_INFO_new(void) + { + return (STORE_ATTR_INFO *)OPENSSL_malloc(sizeof(STORE_ATTR_INFO)); + } +static void STORE_ATTR_INFO_attr_free(STORE_ATTR_INFO *attrs, + STORE_ATTR_TYPES code) + { + if (ATTR_IS_SET(attrs,code)) + { + switch(code) + { + case STORE_ATTR_FRIENDLYNAME: + case STORE_ATTR_EMAIL: + case STORE_ATTR_FILENAME: + STORE_ATTR_INFO_modify_cstr(attrs, code, NULL, 0); + break; + case STORE_ATTR_KEYID: + case STORE_ATTR_ISSUERKEYID: + case STORE_ATTR_SUBJECTKEYID: + case STORE_ATTR_ISSUERSERIALHASH: + case STORE_ATTR_CERTHASH: + STORE_ATTR_INFO_modify_sha1str(attrs, code, NULL, 0); + break; + case STORE_ATTR_ISSUER: + case STORE_ATTR_SUBJECT: + STORE_ATTR_INFO_modify_dn(attrs, code, NULL); + break; + case STORE_ATTR_SERIAL: + STORE_ATTR_INFO_modify_number(attrs, code, NULL); + break; + default: + break; + } + } + } +int STORE_ATTR_INFO_free(STORE_ATTR_INFO *attrs) + { + if (attrs) + { + STORE_ATTR_TYPES i; + for(i = 0; i++ < STORE_ATTR_TYPE_NUM;) + STORE_ATTR_INFO_attr_free(attrs, i); + OPENSSL_free(attrs); + } + return 1; + } +char *STORE_ATTR_INFO_get0_cstr(STORE_ATTR_INFO *attrs, STORE_ATTR_TYPES code) + { + if (!attrs) + { + STOREerr(STORE_F_STORE_ATTR_INFO_GET0_CSTR, + ERR_R_PASSED_NULL_PARAMETER); + return NULL; + } + if (ATTR_IS_SET(attrs,code)) + return attrs->values[code].cstring; + STOREerr(STORE_F_STORE_ATTR_INFO_GET0_CSTR, + STORE_R_NO_VALUE); + return NULL; + } +unsigned char *STORE_ATTR_INFO_get0_sha1str(STORE_ATTR_INFO *attrs, + STORE_ATTR_TYPES code) + { + if (!attrs) + { + STOREerr(STORE_F_STORE_ATTR_INFO_GET0_SHA1STR, + ERR_R_PASSED_NULL_PARAMETER); + return NULL; + } + if (ATTR_IS_SET(attrs,code)) + return attrs->values[code].sha1string; + STOREerr(STORE_F_STORE_ATTR_INFO_GET0_SHA1STR, + STORE_R_NO_VALUE); + return NULL; + } +X509_NAME *STORE_ATTR_INFO_get0_dn(STORE_ATTR_INFO *attrs, STORE_ATTR_TYPES code) + { + if (!attrs) + { + STOREerr(STORE_F_STORE_ATTR_INFO_GET0_DN, + ERR_R_PASSED_NULL_PARAMETER); + return NULL; + } + if (ATTR_IS_SET(attrs,code)) + return attrs->values[code].dn; + STOREerr(STORE_F_STORE_ATTR_INFO_GET0_DN, + STORE_R_NO_VALUE); + return NULL; + } +BIGNUM *STORE_ATTR_INFO_get0_number(STORE_ATTR_INFO *attrs, STORE_ATTR_TYPES code) + { + if (!attrs) + { + STOREerr(STORE_F_STORE_ATTR_INFO_GET0_NUMBER, + ERR_R_PASSED_NULL_PARAMETER); + return NULL; + } + if (ATTR_IS_SET(attrs,code)) + return attrs->values[code].number; + STOREerr(STORE_F_STORE_ATTR_INFO_GET0_NUMBER, + STORE_R_NO_VALUE); + return NULL; + } +int STORE_ATTR_INFO_set_cstr(STORE_ATTR_INFO *attrs, STORE_ATTR_TYPES code, + char *cstr, size_t cstr_size) + { + if (!attrs) + { + STOREerr(STORE_F_STORE_ATTR_INFO_SET_CSTR, + ERR_R_PASSED_NULL_PARAMETER); + return 0; + } + if (!ATTR_IS_SET(attrs,code)) + { + if ((attrs->values[code].cstring = BUF_strndup(cstr, cstr_size))) + return 1; + STOREerr(STORE_F_STORE_ATTR_INFO_SET_CSTR, + ERR_R_MALLOC_FAILURE); + return 0; + } + STOREerr(STORE_F_STORE_ATTR_INFO_SET_CSTR, STORE_R_ALREADY_HAS_A_VALUE); + return 0; + } +int STORE_ATTR_INFO_set_sha1str(STORE_ATTR_INFO *attrs, STORE_ATTR_TYPES code, + unsigned char *sha1str, size_t sha1str_size) + { + if (!attrs) + { + STOREerr(STORE_F_STORE_ATTR_INFO_SET_SHA1STR, + ERR_R_PASSED_NULL_PARAMETER); + return 0; + } + if (!ATTR_IS_SET(attrs,code)) + { + if ((attrs->values[code].sha1string = + (unsigned char *)BUF_memdup(sha1str, + sha1str_size))) + return 1; + STOREerr(STORE_F_STORE_ATTR_INFO_SET_CSTR, + ERR_R_MALLOC_FAILURE); + return 0; + } + STOREerr(STORE_F_STORE_ATTR_INFO_SET_SHA1STR, STORE_R_ALREADY_HAS_A_VALUE); + return 0; + } +int STORE_ATTR_INFO_set_dn(STORE_ATTR_INFO *attrs, STORE_ATTR_TYPES code, + X509_NAME *dn) + { + if (!attrs) + { + STOREerr(STORE_F_STORE_ATTR_INFO_SET_DN, + ERR_R_PASSED_NULL_PARAMETER); + return 0; + } + if (!ATTR_IS_SET(attrs,code)) + { + if ((attrs->values[code].dn = X509_NAME_dup(dn))) + return 1; + STOREerr(STORE_F_STORE_ATTR_INFO_SET_CSTR, + ERR_R_MALLOC_FAILURE); + return 0; + } + STOREerr(STORE_F_STORE_ATTR_INFO_SET_DN, STORE_R_ALREADY_HAS_A_VALUE); + return 0; + } +int STORE_ATTR_INFO_set_number(STORE_ATTR_INFO *attrs, STORE_ATTR_TYPES code, + BIGNUM *number) + { + if (!attrs) + { + STOREerr(STORE_F_STORE_ATTR_INFO_SET_NUMBER, + ERR_R_PASSED_NULL_PARAMETER); + return 0; + } + if (!ATTR_IS_SET(attrs,code)) + { + if ((attrs->values[code].number = BN_dup(number))) + return 1; + STOREerr(STORE_F_STORE_ATTR_INFO_SET_CSTR, + ERR_R_MALLOC_FAILURE); + return 0; + } + STOREerr(STORE_F_STORE_ATTR_INFO_SET_NUMBER, STORE_R_ALREADY_HAS_A_VALUE); + return 0; + } +int STORE_ATTR_INFO_modify_cstr(STORE_ATTR_INFO *attrs, STORE_ATTR_TYPES code, + char *cstr, size_t cstr_size) + { + if (!attrs) + { + STOREerr(STORE_F_STORE_ATTR_INFO_MODIFY_CSTR, + ERR_R_PASSED_NULL_PARAMETER); + return 0; + } + if (ATTR_IS_SET(attrs,code)) + { + OPENSSL_free(attrs->values[code].cstring); + attrs->values[code].cstring = NULL; + CLEAR_ATTRBIT(attrs, code); + } + return STORE_ATTR_INFO_set_cstr(attrs, code, cstr, cstr_size); + } +int STORE_ATTR_INFO_modify_sha1str(STORE_ATTR_INFO *attrs, STORE_ATTR_TYPES code, + unsigned char *sha1str, size_t sha1str_size) + { + if (!attrs) + { + STOREerr(STORE_F_STORE_ATTR_INFO_MODIFY_SHA1STR, + ERR_R_PASSED_NULL_PARAMETER); + return 0; + } + if (ATTR_IS_SET(attrs,code)) + { + OPENSSL_free(attrs->values[code].sha1string); + attrs->values[code].sha1string = NULL; + CLEAR_ATTRBIT(attrs, code); + } + return STORE_ATTR_INFO_set_sha1str(attrs, code, sha1str, sha1str_size); + } +int STORE_ATTR_INFO_modify_dn(STORE_ATTR_INFO *attrs, STORE_ATTR_TYPES code, + X509_NAME *dn) + { + if (!attrs) + { + STOREerr(STORE_F_STORE_ATTR_INFO_MODIFY_DN, + ERR_R_PASSED_NULL_PARAMETER); + return 0; + } + if (ATTR_IS_SET(attrs,code)) + { + OPENSSL_free(attrs->values[code].dn); + attrs->values[code].dn = NULL; + CLEAR_ATTRBIT(attrs, code); + } + return STORE_ATTR_INFO_set_dn(attrs, code, dn); + } +int STORE_ATTR_INFO_modify_number(STORE_ATTR_INFO *attrs, STORE_ATTR_TYPES code, + BIGNUM *number) + { + if (!attrs) + { + STOREerr(STORE_F_STORE_ATTR_INFO_MODIFY_NUMBER, + ERR_R_PASSED_NULL_PARAMETER); + return 0; + } + if (ATTR_IS_SET(attrs,code)) + { + OPENSSL_free(attrs->values[code].number); + attrs->values[code].number = NULL; + CLEAR_ATTRBIT(attrs, code); + } + return STORE_ATTR_INFO_set_number(attrs, code, number); + } + +struct attr_list_ctx_st + { + OPENSSL_ITEM *attributes; + }; +void *STORE_parse_attrs_start(OPENSSL_ITEM *attributes) + { + if (attributes) + { + struct attr_list_ctx_st *context = + (struct attr_list_ctx_st *)OPENSSL_malloc(sizeof(struct attr_list_ctx_st)); + if (context) + context->attributes = attributes; + else + STOREerr(STORE_F_STORE_PARSE_ATTRS_END, + ERR_R_MALLOC_FAILURE); + return context; + } + STOREerr(STORE_F_STORE_PARSE_ATTRS_END, ERR_R_PASSED_NULL_PARAMETER); + return 0; + } +STORE_ATTR_INFO *STORE_parse_attrs_next(void *handle) + { + struct attr_list_ctx_st *context = (struct attr_list_ctx_st *)handle; + + if (context && context->attributes) + { + STORE_ATTR_INFO *attrs = NULL; + + while(context->attributes + && context->attributes->code != STORE_ATTR_OR + && context->attributes->code != STORE_ATTR_END) + { + switch(context->attributes->code) + { + case STORE_ATTR_FRIENDLYNAME: + case STORE_ATTR_EMAIL: + case STORE_ATTR_FILENAME: + if (!attrs) attrs = STORE_ATTR_INFO_new(); + if (attrs == NULL) + { + STOREerr(STORE_F_STORE_PARSE_ATTRS_NEXT, + ERR_R_MALLOC_FAILURE); + goto err; + } + STORE_ATTR_INFO_set_cstr(attrs, + context->attributes->code, + context->attributes->value, + context->attributes->value_size); + break; + case STORE_ATTR_KEYID: + case STORE_ATTR_ISSUERKEYID: + case STORE_ATTR_SUBJECTKEYID: + case STORE_ATTR_ISSUERSERIALHASH: + case STORE_ATTR_CERTHASH: + if (!attrs) attrs = STORE_ATTR_INFO_new(); + if (attrs == NULL) + { + STOREerr(STORE_F_STORE_PARSE_ATTRS_NEXT, + ERR_R_MALLOC_FAILURE); + goto err; + } + STORE_ATTR_INFO_set_sha1str(attrs, + context->attributes->code, + context->attributes->value, + context->attributes->value_size); + break; + case STORE_ATTR_ISSUER: + case STORE_ATTR_SUBJECT: + if (!attrs) attrs = STORE_ATTR_INFO_new(); + if (attrs == NULL) + { + STOREerr(STORE_F_STORE_PARSE_ATTRS_NEXT, + ERR_R_MALLOC_FAILURE); + goto err; + } + STORE_ATTR_INFO_modify_dn(attrs, + context->attributes->code, + context->attributes->value); + break; + case STORE_ATTR_SERIAL: + if (!attrs) attrs = STORE_ATTR_INFO_new(); + if (attrs == NULL) + { + STOREerr(STORE_F_STORE_PARSE_ATTRS_NEXT, + ERR_R_MALLOC_FAILURE); + goto err; + } + STORE_ATTR_INFO_modify_number(attrs, + context->attributes->code, + context->attributes->value); + break; + } + context->attributes++; + } + if (context->attributes->code == STORE_ATTR_OR) + context->attributes++; + return attrs; + err: + while(context->attributes + && context->attributes->code != STORE_ATTR_OR + && context->attributes->code != STORE_ATTR_END) + context->attributes++; + if (context->attributes->code == STORE_ATTR_OR) + context->attributes++; + return NULL; + } + STOREerr(STORE_F_STORE_PARSE_ATTRS_NEXT, ERR_R_PASSED_NULL_PARAMETER); + return NULL; + } +int STORE_parse_attrs_end(void *handle) + { + struct attr_list_ctx_st *context = (struct attr_list_ctx_st *)handle; + + if (context && context->attributes) + { +#if 0 + OPENSSL_ITEM *attributes = context->attributes; +#endif + OPENSSL_free(context); + return 1; + } + STOREerr(STORE_F_STORE_PARSE_ATTRS_END, ERR_R_PASSED_NULL_PARAMETER); + return 0; + } + +int STORE_parse_attrs_endp(void *handle) + { + struct attr_list_ctx_st *context = (struct attr_list_ctx_st *)handle; + + if (context && context->attributes) + { + return context->attributes->code == STORE_ATTR_END; + } + STOREerr(STORE_F_STORE_PARSE_ATTRS_END, ERR_R_PASSED_NULL_PARAMETER); + return 0; + } + +int STORE_ATTR_INFO_cmp(STORE_ATTR_INFO *a, STORE_ATTR_INFO *b) + { + unsigned char *abits, *bbits; + int i; + + if (a == b) return 0; + if (!a) return -1; + if (!b) return 1; + abits = a->set; + bbits = b->set; + for (i = 0; i < (STORE_ATTR_TYPE_NUM + 8) / 8; i++, abits++, bbits++) + { + if (*abits < *bbits) return -1; + if (*abits > *bbits) return 1; + } + return 0; + } +int STORE_ATTR_INFO_in(STORE_ATTR_INFO *a, STORE_ATTR_INFO *b) + { + unsigned char *abits, *bbits; + int i; + + if (a == b) return 1; + if (!a) return 0; + if (!b) return 0; + abits = a->set; + bbits = b->set; + for (i = 0; i < (STORE_ATTR_TYPE_NUM + 8) / 8; i++, abits++, bbits++) + { + if (*abits && *bbits != *abits) + return 0; + } + return 1; + } +int STORE_ATTR_INFO_in_ex(STORE_ATTR_INFO *a, STORE_ATTR_INFO *b) + { + STORE_ATTR_TYPES i; + + if (a == b) return 1; + if (!STORE_ATTR_INFO_in(a, b)) return 0; + for (i = 1; i < STORE_ATTR_TYPE_NUM; i++) + if (ATTR_IS_SET(a, i)) + { + switch(i) + { + case STORE_ATTR_FRIENDLYNAME: + case STORE_ATTR_EMAIL: + case STORE_ATTR_FILENAME: + if (strcmp(a->values[i].cstring, + b->values[i].cstring)) + return 0; + break; + case STORE_ATTR_KEYID: + case STORE_ATTR_ISSUERKEYID: + case STORE_ATTR_SUBJECTKEYID: + case STORE_ATTR_ISSUERSERIALHASH: + case STORE_ATTR_CERTHASH: + if (memcmp(a->values[i].sha1string, + b->values[i].sha1string, + a->value_sizes[i])) + return 0; + break; + case STORE_ATTR_ISSUER: + case STORE_ATTR_SUBJECT: + if (X509_NAME_cmp(a->values[i].dn, + b->values[i].dn)) + return 0; + break; + case STORE_ATTR_SERIAL: + if (BN_cmp(a->values[i].number, + b->values[i].number)) + return 0; + break; + default: + break; + } + } + + return 1; + } diff --git a/crypto/store/str_locl.h b/crypto/store/str_locl.h new file mode 100644 index 0000000000..fac0f44b05 --- /dev/null +++ b/crypto/store/str_locl.h @@ -0,0 +1,123 @@ +/* crypto/store/str_locl.h -*- mode:C; c-file-style: "eay" -*- */ +/* Written by Richard Levitte (richard@levitte.org) for the OpenSSL + * project 2001. + */ +/* ==================================================================== + * Copyright (c) 2003 The OpenSSL Project. All rights reserved. + * + * Redistribution and use in source and binary forms, with or without + * modification, are permitted provided that the following conditions + * are met: + * + * 1. Redistributions of source code must retain the above copyright + * notice, this list of conditions and the following disclaimer. + * + * 2. Redistributions in binary form must reproduce the above copyright + * notice, this list of conditions and the following disclaimer in + * the documentation and/or other materials provided with the + * distribution. + * + * 3. All advertising materials mentioning features or use of this + * software must display the following acknowledgment: + * "This product includes software developed by the OpenSSL Project + * for use in the OpenSSL Toolkit. (http://www.openssl.org/)" + * + * 4. The names "OpenSSL Toolkit" and "OpenSSL Project" must not be used to + * endorse or promote products derived from this software without + * prior written permission. For written permission, please contact + * openssl-core@openssl.org. + * + * 5. Products derived from this software may not be called "OpenSSL" + * nor may "OpenSSL" appear in their names without prior written + * permission of the OpenSSL Project. + * + * 6. Redistributions of any form whatsoever must retain the following + * acknowledgment: + * "This product includes software developed by the OpenSSL Project + * for use in the OpenSSL Toolkit (http://www.openssl.org/)" + * + * THIS SOFTWARE IS PROVIDED BY THE OpenSSL PROJECT ``AS IS'' AND ANY + * EXPRESSED OR IMPLIED WARRANTIES, INCLUDING, BUT NOT LIMITED TO, THE + * IMPLIED WARRANTIES OF MERCHANTABILITY AND FITNESS FOR A PARTICULAR + * PURPOSE ARE DISCLAIMED. IN NO EVENT SHALL THE OpenSSL PROJECT OR + * ITS CONTRIBUTORS BE LIABLE FOR ANY DIRECT, INDIRECT, INCIDENTAL, + * SPECIAL, EXEMPLARY, OR CONSEQUENTIAL DAMAGES (INCLUDING, BUT + * NOT LIMITED TO, PROCUREMENT OF SUBSTITUTE GOODS OR SERVICES; + * LOSS OF USE, DATA, OR PROFITS; OR BUSINESS INTERRUPTION) + * HOWEVER CAUSED AND ON ANY THEORY OF LIABILITY, WHETHER IN CONTRACT, + * STRICT LIABILITY, OR TORT (INCLUDING NEGLIGENCE OR OTHERWISE) + * ARISING IN ANY WAY OUT OF THE USE OF THIS SOFTWARE, EVEN IF ADVISED + * OF THE POSSIBILITY OF SUCH DAMAGE. + * ==================================================================== + * + * This product includes cryptographic software written by Eric Young + * (eay@cryptsoft.com). This product includes software written by Tim + * Hudson (tjh@cryptsoft.com). + * + */ + +#ifndef HEADER_STORE_LOCL_H +#define HEADER_STORE_LOCL_H + +#include + +#ifdef __cplusplus +extern "C" { +#endif + +struct store_method_st + { + char *name; + + /* All the functions return a positive integer or non-NULL for success + and 0, a negative integer or NULL for failure */ + + /* Initialise the STORE with private data */ + STORE_INITIALISE_FUNC_PTR init; + /* Initialise the STORE with private data */ + STORE_CLEANUP_FUNC_PTR clean; + /* Generate an object of a given type */ + STORE_GENERATE_OBJECT_FUNC_PTR generate_object; + /* Get an object of a given type. This function isn't really very + useful since the listing functions (below) can be used for the + same purpose and are much more general. */ + STORE_GET_OBJECT_FUNC_PTR get_object; + /* Store an object of a given type. */ + STORE_STORE_OBJECT_FUNC_PTR store_object; + /* Modify the attributes bound to an object of a given type. */ + STORE_MODIFY_OBJECT_FUNC_PTR modify_object; + /* Revoke an object of a given type. */ + STORE_HANDLE_OBJECT_FUNC_PTR revoke_object; + /* Delete an object of a given type. */ + STORE_HANDLE_OBJECT_FUNC_PTR delete_object; + /* List a bunch of objects of a given type and with the associated + attributes. */ + STORE_START_OBJECT_FUNC_PTR list_object_start; + STORE_NEXT_OBJECT_FUNC_PTR list_object_next; + STORE_END_OBJECT_FUNC_PTR list_object_end; + STORE_END_OBJECT_FUNC_PTR list_object_endp; + /* Store-level function to make any necessary update operations. */ + STORE_GENERIC_FUNC_PTR update_store; + /* Store-level function to get exclusive access to the store. */ + STORE_GENERIC_FUNC_PTR lock_store; + /* Store-level function to release exclusive access to the store. */ + STORE_GENERIC_FUNC_PTR unlock_store; + + /* Generic control function */ + STORE_CTRL_FUNC_PTR ctrl; + }; + +struct store_st + { + const STORE_METHOD *meth; + /* functional reference if 'meth' is ENGINE-provided */ + ENGINE *engine; + + CRYPTO_EX_DATA ex_data; + int references; + }; +#ifdef __cplusplus +} +#endif + +#endif diff --git a/crypto/store/str_mem.c b/crypto/store/str_mem.c new file mode 100644 index 0000000000..a6ca31d66b --- /dev/null +++ b/crypto/store/str_mem.c @@ -0,0 +1,324 @@ +/* crypto/store/str_mem.c -*- mode:C; c-file-style: "eay" -*- */ +/* Written by Richard Levitte (richard@levitte.org) for the OpenSSL + * project 2003. + */ +/* ==================================================================== + * Copyright (c) 2003 The OpenSSL Project. All rights reserved. + * + * Redistribution and use in source and binary forms, with or without + * modification, are permitted provided that the following conditions + * are met: + * + * 1. Redistributions of source code must retain the above copyright + * notice, this list of conditions and the following disclaimer. + * + * 2. Redistributions in binary form must reproduce the above copyright + * notice, this list of conditions and the following disclaimer in + * the documentation and/or other materials provided with the + * distribution. + * + * 3. All advertising materials mentioning features or use of this + * software must display the following acknowledgment: + * "This product includes software developed by the OpenSSL Project + * for use in the OpenSSL Toolkit. (http://www.openssl.org/)" + * + * 4. The names "OpenSSL Toolkit" and "OpenSSL Project" must not be used to + * endorse or promote products derived from this software without + * prior written permission. For written permission, please contact + * openssl-core@openssl.org. + * + * 5. Products derived from this software may not be called "OpenSSL" + * nor may "OpenSSL" appear in their names without prior written + * permission of the OpenSSL Project. + * + * 6. Redistributions of any form whatsoever must retain the following + * acknowledgment: + * "This product includes software developed by the OpenSSL Project + * for use in the OpenSSL Toolkit (http://www.openssl.org/)" + * + * THIS SOFTWARE IS PROVIDED BY THE OpenSSL PROJECT ``AS IS'' AND ANY + * EXPRESSED OR IMPLIED WARRANTIES, INCLUDING, BUT NOT LIMITED TO, THE + * IMPLIED WARRANTIES OF MERCHANTABILITY AND FITNESS FOR A PARTICULAR + * PURPOSE ARE DISCLAIMED. IN NO EVENT SHALL THE OpenSSL PROJECT OR + * ITS CONTRIBUTORS BE LIABLE FOR ANY DIRECT, INDIRECT, INCIDENTAL, + * SPECIAL, EXEMPLARY, OR CONSEQUENTIAL DAMAGES (INCLUDING, BUT + * NOT LIMITED TO, PROCUREMENT OF SUBSTITUTE GOODS OR SERVICES; + * LOSS OF USE, DATA, OR PROFITS; OR BUSINESS INTERRUPTION) + * HOWEVER CAUSED AND ON ANY THEORY OF LIABILITY, WHETHER IN CONTRACT, + * STRICT LIABILITY, OR TORT (INCLUDING NEGLIGENCE OR OTHERWISE) + * ARISING IN ANY WAY OUT OF THE USE OF THIS SOFTWARE, EVEN IF ADVISED + * OF THE POSSIBILITY OF SUCH DAMAGE. + * ==================================================================== + * + * This product includes cryptographic software written by Eric Young + * (eay@cryptsoft.com). This product includes software written by Tim + * Hudson (tjh@cryptsoft.com). + * + */ + +#include +#include +#include "str_locl.h" + +struct mem_object_data_st + { + STORE_OBJECT *object; + STORE_ATTR_INFO *attr_info; + int references; + }; + +struct mem_data_st + { + STACK *data; /* A stack of mem_object_data_st, + potentially sorted with a wrapper + around STORE_ATTR_INFO_cmp(). */ + unsigned int compute_components : 1; /* Currently unused, but can + be used to add attributes + from parts of the data. */ + }; + +struct mem_ctx_st + { + int type; /* The type we're searching for */ + STACK *search_attributes; /* Sets of attributes to search for. + Each element is a STORE_ATTR_INFO. */ + int search_index; /* which of the search attributes we found a match + for, -1 when we still haven't found any */ + int index; /* -1 as long as we're searching for the first */ + }; + +static int mem_init(STORE *s); +static void mem_clean(STORE *s); +static STORE_OBJECT *mem_generate(STORE *s, STORE_OBJECT_TYPES type, + OPENSSL_ITEM parameters[], OPENSSL_ITEM attributes[]); +static STORE_OBJECT *mem_get(STORE *s, STORE_OBJECT_TYPES type, + OPENSSL_ITEM attributes[]); +static int mem_store(STORE *s, STORE_OBJECT_TYPES type, + STORE_OBJECT *data, OPENSSL_ITEM attributes[]); +static int mem_modify(STORE *s, STORE_OBJECT_TYPES type, + OPENSSL_ITEM search_attributes[], OPENSSL_ITEM add_attributes[], + OPENSSL_ITEM modify_attributes[], OPENSSL_ITEM delete_attributes[]); +static int mem_delete(STORE *s, STORE_OBJECT_TYPES type, + OPENSSL_ITEM attributes[]); +static void *mem_list_start(STORE *s, STORE_OBJECT_TYPES type, + OPENSSL_ITEM attributes[]); +static STORE_OBJECT *mem_list_next(STORE *s, void *handle); +static int mem_list_end(STORE *s, void *handle); +static int mem_list_endp(STORE *s, void *handle); +static int mem_lock(STORE *s, OPENSSL_ITEM attributes[]); +static int mem_unlock(STORE *s, OPENSSL_ITEM attributes[]); +static int mem_ctrl(STORE *s, int cmd, long l, void *p, void (*f)()); + +static STORE_METHOD store_memory = + { + "OpenSSL memory store interface", + mem_init, + mem_clean, + mem_generate, + mem_get, + mem_store, + mem_modify, + NULL, /* revoke */ + mem_delete, + mem_list_start, + mem_list_next, + mem_list_end, + mem_list_endp, + NULL, /* update */ + mem_lock, + mem_unlock, + mem_ctrl + }; + +const STORE_METHOD *STORE_Memory(void) + { + return &store_memory; + } + +static int mem_init(STORE *s) + { + return 1; + } + +static void mem_clean(STORE *s) + { + return; + } + +static STORE_OBJECT *mem_generate(STORE *s, STORE_OBJECT_TYPES type, + OPENSSL_ITEM parameters[], OPENSSL_ITEM attributes[]) + { + STOREerr(STORE_F_MEM_GENERATE, STORE_R_NOT_IMPLEMENTED); + return 0; + } +static STORE_OBJECT *mem_get(STORE *s, STORE_OBJECT_TYPES type, + OPENSSL_ITEM attributes[]) + { + void *context = mem_list_start(s, type, attributes); + + if (context) + { + STORE_OBJECT *object = mem_list_next(s, context); + + if (mem_list_end(s, context)) + return object; + } + return NULL; + } +static int mem_store(STORE *s, STORE_OBJECT_TYPES type, + STORE_OBJECT *data, OPENSSL_ITEM attributes[]) + { + STOREerr(STORE_F_MEM_STORE, STORE_R_NOT_IMPLEMENTED); + return 0; + } +static int mem_modify(STORE *s, STORE_OBJECT_TYPES type, + OPENSSL_ITEM search_attributes[], OPENSSL_ITEM add_attributes[], + OPENSSL_ITEM modify_attributes[], OPENSSL_ITEM delete_attributes[]) + { + STOREerr(STORE_F_MEM_STORE, STORE_R_NOT_IMPLEMENTED); + return 0; + } +static int mem_delete(STORE *s, STORE_OBJECT_TYPES type, + OPENSSL_ITEM attributes[]) + { + STOREerr(STORE_F_MEM_DELETE, STORE_R_NOT_IMPLEMENTED); + return 0; + } +static void *mem_list_start(STORE *s, STORE_OBJECT_TYPES type, + OPENSSL_ITEM attributes[]) + { + struct mem_ctx_st *context = + (struct mem_ctx_st *)OPENSSL_malloc(sizeof(struct mem_ctx_st)); + void *attribute_context = NULL; + STORE_ATTR_INFO *attrs = NULL; + + if (!context) + { + STOREerr(STORE_F_MEM_LIST_START, ERR_R_MALLOC_FAILURE); + return 0; + } + memset(context, 0, sizeof(struct mem_ctx_st)); + + attribute_context = STORE_parse_attrs_start(attributes); + if (!attribute_context) + { + STOREerr(STORE_F_MEM_LIST_START, ERR_R_STORE_LIB); + goto err; + } + + while((attrs = STORE_parse_attrs_next(attribute_context))) + { + if (context->search_attributes == NULL) + { + context->search_attributes = + sk_new((int (*)(const char * const *, const char * const *))STORE_ATTR_INFO_compare); + if (!context->search_attributes) + { + STOREerr(STORE_F_MEM_LIST_START, + ERR_R_MALLOC_FAILURE); + goto err; + } + } + sk_push(context->search_attributes,(char *)attrs); + } + if (!STORE_parse_attrs_endp(attribute_context)) + goto err; + STORE_parse_attrs_end(attribute_context); + context->search_index = -1; + context->index = -1; + return context; + err: + if (attribute_context) STORE_parse_attrs_end(attribute_context); + mem_list_end(s, context); + return NULL; + } +static STORE_OBJECT *mem_list_next(STORE *s, void *handle) + { + int i; + struct mem_ctx_st *context = (struct mem_ctx_st *)handle; + struct mem_object_data_st key = { 0, 0, 1 }; + struct mem_data_st *store = + (struct mem_data_st *)STORE_get_ex_data(s, 1); + int srch; + int cres = 0; + + if (!context) + { + STOREerr(STORE_F_MEM_LIST_NEXT, ERR_R_PASSED_NULL_PARAMETER); + return NULL; + } + if (!store) + { + STOREerr(STORE_F_MEM_LIST_NEXT, STORE_R_NO_STORE); + return NULL; + } + + if (context->search_index == -1) + { + for (i = 0; i < sk_num(context->search_attributes); i++) + { + key.attr_info = + (STORE_ATTR_INFO *)sk_value(context->search_attributes, i); + srch = sk_find_ex(store->data, (char *)&key); + + if (srch >= 0) + { + context->search_index = srch; + break; + } + } + } + if (context->search_index < 0) + return NULL; + + key.attr_info = + (STORE_ATTR_INFO *)sk_value(context->search_attributes, + context->search_index); + for(srch = context->search_index; + srch < sk_num(store->data) + && !(cres = STORE_ATTR_INFO_in_ex(key.attr_info, + (STORE_ATTR_INFO *)sk_value(store->data, srch))); + srch++) + ; + + context->search_index = srch; + if (cres) + return ((struct mem_object_data_st *)sk_value(store->data, + srch))->object; + return NULL; + } +static int mem_list_end(STORE *s, void *handle) + { + struct mem_ctx_st *context = (struct mem_ctx_st *)handle; + + if (!context) + { + STOREerr(STORE_F_MEM_LIST_NEXT, ERR_R_PASSED_NULL_PARAMETER); + return 0; + } + if (context && context->search_attributes) + sk_free(context->search_attributes); + if (context) OPENSSL_free(context); + return 1; + } +static int mem_list_endp(STORE *s, void *handle) + { + struct mem_ctx_st *context = (struct mem_ctx_st *)handle; + + if (!context + || context->search_index == sk_num(context->search_attributes)) + return 1; + return 0; + } +static int mem_lock(STORE *s, OPENSSL_ITEM attributes[]) + { + return 1; + } +static int mem_unlock(STORE *s, OPENSSL_ITEM attributes[]) + { + return 1; + } +static int mem_ctrl(STORE *s, int cmd, long l, void *p, void (*f)()) + { + return 1; + } diff --git a/crypto/store/str_meth.c b/crypto/store/str_meth.c new file mode 100644 index 0000000000..ad6708a12f --- /dev/null +++ b/crypto/store/str_meth.c @@ -0,0 +1,215 @@ +/* crypto/store/str_meth.c -*- mode:C; c-file-style: "eay" -*- */ +/* Written by Richard Levitte (richard@levitte.org) for the OpenSSL + * project 2003. + */ +/* ==================================================================== + * Copyright (c) 2003 The OpenSSL Project. All rights reserved. + * + * Redistribution and use in source and binary forms, with or without + * modification, are permitted provided that the following conditions + * are met: + * + * 1. Redistributions of source code must retain the above copyright + * notice, this list of conditions and the following disclaimer. + * + * 2. Redistributions in binary form must reproduce the above copyright + * notice, this list of conditions and the following disclaimer in + * the documentation and/or other materials provided with the + * distribution. + * + * 3. All advertising materials mentioning features or use of this + * software must display the following acknowledgment: + * "This product includes software developed by the OpenSSL Project + * for use in the OpenSSL Toolkit. (http://www.openssl.org/)" + * + * 4. The names "OpenSSL Toolkit" and "OpenSSL Project" must not be used to + * endorse or promote products derived from this software without + * prior written permission. For written permission, please contact + * openssl-core@openssl.org. + * + * 5. Products derived from this software may not be called "OpenSSL" + * nor may "OpenSSL" appear in their names without prior written + * permission of the OpenSSL Project. + * + * 6. Redistributions of any form whatsoever must retain the following + * acknowledgment: + * "This product includes software developed by the OpenSSL Project + * for use in the OpenSSL Toolkit (http://www.openssl.org/)" + * + * THIS SOFTWARE IS PROVIDED BY THE OpenSSL PROJECT ``AS IS'' AND ANY + * EXPRESSED OR IMPLIED WARRANTIES, INCLUDING, BUT NOT LIMITED TO, THE + * IMPLIED WARRANTIES OF MERCHANTABILITY AND FITNESS FOR A PARTICULAR + * PURPOSE ARE DISCLAIMED. IN NO EVENT SHALL THE OpenSSL PROJECT OR + * ITS CONTRIBUTORS BE LIABLE FOR ANY DIRECT, INDIRECT, INCIDENTAL, + * SPECIAL, EXEMPLARY, OR CONSEQUENTIAL DAMAGES (INCLUDING, BUT + * NOT LIMITED TO, PROCUREMENT OF SUBSTITUTE GOODS OR SERVICES; + * LOSS OF USE, DATA, OR PROFITS; OR BUSINESS INTERRUPTION) + * HOWEVER CAUSED AND ON ANY THEORY OF LIABILITY, WHETHER IN CONTRACT, + * STRICT LIABILITY, OR TORT (INCLUDING NEGLIGENCE OR OTHERWISE) + * ARISING IN ANY WAY OUT OF THE USE OF THIS SOFTWARE, EVEN IF ADVISED + * OF THE POSSIBILITY OF SUCH DAMAGE. + * ==================================================================== + * + * This product includes cryptographic software written by Eric Young + * (eay@cryptsoft.com). This product includes software written by Tim + * Hudson (tjh@cryptsoft.com). + * + */ + +#include +#include +#include "str_locl.h" + +STORE_METHOD *STORE_create_method(char *name) + { + STORE_METHOD *store_method = (STORE_METHOD *)OPENSSL_malloc(sizeof(STORE_METHOD)); + + if (store_method) + memset(store_method, 0, sizeof(*store_method)); + store_method->name = BUF_strdup(name); + return store_method; + } + +/* BIG FSCKING WARNING!!!! If you use this on a statically allocated method + (that is, it hasn't been allocated using STORE_create_method(), you deserve + anything Murphy can throw at you and more! You have been warned. */ +void STORE_destroy_method(STORE_METHOD *store_method) + { + if (!store_method) return; + OPENSSL_free(store_method->name); + store_method->name = NULL; + OPENSSL_free(store_method); + } + +int STORE_method_set_generate_function(STORE_METHOD *sm, STORE_GENERATE_OBJECT_FUNC_PTR generate_f) + { + sm->generate_object = generate_f; + return 1; + } + +int STORE_method_set_get_function(STORE_METHOD *sm, STORE_GET_OBJECT_FUNC_PTR get_f) + { + sm->get_object = get_f; + return 1; + } + +int STORE_method_set_store_function(STORE_METHOD *sm, STORE_STORE_OBJECT_FUNC_PTR store_f) + { + sm->store_object = store_f; + return 1; + } + +int STORE_method_set_revoke_function(STORE_METHOD *sm, STORE_HANDLE_OBJECT_FUNC_PTR revoke_f) + { + sm->revoke_object = revoke_f; + return 1; + } + +int STORE_method_set_delete_function(STORE_METHOD *sm, STORE_HANDLE_OBJECT_FUNC_PTR delete_f) + { + sm->delete_object = delete_f; + return 1; + } + +int STORE_method_set_list_start_function(STORE_METHOD *sm, STORE_START_OBJECT_FUNC_PTR list_start_f) + { + sm->list_object_start = list_start_f; + return 1; + } + +int STORE_method_set_list_next_function(STORE_METHOD *sm, STORE_NEXT_OBJECT_FUNC_PTR list_next_f) + { + sm->list_object_next = list_next_f; + return 1; + } + +int STORE_method_set_list_end_function(STORE_METHOD *sm, STORE_END_OBJECT_FUNC_PTR list_end_f) + { + sm->list_object_end = list_end_f; + return 1; + } + +int STORE_method_set_update_function(STORE_METHOD *sm, STORE_GENERIC_FUNC_PTR update_f) + { + sm->update_store = update_f; + return 1; + } + +int STORE_method_set_lock_function(STORE_METHOD *sm, STORE_GENERIC_FUNC_PTR lock_f) + { + sm->lock_store = lock_f; + return 1; + } + +int STORE_method_set_unlock_function(STORE_METHOD *sm, STORE_GENERIC_FUNC_PTR unlock_f) + { + sm->unlock_store = unlock_f; + return 1; + } + +int STORE_method_set_ctrl_function(STORE_METHOD *sm, STORE_CTRL_FUNC_PTR ctrl_f) + { + sm->ctrl = ctrl_f; + return 1; + } + +STORE_GENERATE_OBJECT_FUNC_PTR STORE_method_get_generate_function(STORE_METHOD *sm) + { + return sm->generate_object; + } + +STORE_GET_OBJECT_FUNC_PTR STORE_method_get_get_function(STORE_METHOD *sm) + { + return sm->get_object; + } + +STORE_STORE_OBJECT_FUNC_PTR STORE_method_get_store_function(STORE_METHOD *sm) + { + return sm->store_object; + } + +STORE_HANDLE_OBJECT_FUNC_PTR STORE_method_get_revoke_function(STORE_METHOD *sm) + { + return sm->revoke_object; + } + +STORE_HANDLE_OBJECT_FUNC_PTR STORE_method_get_delete_function(STORE_METHOD *sm) + { + return sm->delete_object; + } + +STORE_START_OBJECT_FUNC_PTR STORE_method_get_list_start_function(STORE_METHOD *sm) + { + return sm->list_object_start; + } + +STORE_NEXT_OBJECT_FUNC_PTR STORE_method_get_list_next_function(STORE_METHOD *sm) + { + return sm->list_object_next; + } + +STORE_END_OBJECT_FUNC_PTR STORE_method_get_list_end_function(STORE_METHOD *sm) + { + return sm->list_object_end; + } + +STORE_GENERIC_FUNC_PTR STORE_method_get_update_function(STORE_METHOD *sm) + { + return sm->update_store; + } + +STORE_GENERIC_FUNC_PTR STORE_method_get_lock_function(STORE_METHOD *sm) + { + return sm->lock_store; + } + +STORE_GENERIC_FUNC_PTR STORE_method_get_unlock_function(STORE_METHOD *sm) + { + return sm->unlock_store; + } + +STORE_CTRL_FUNC_PTR STORE_method_get_ctrl_function(STORE_METHOD *sm) + { + return sm->ctrl; + } + diff --git a/util/mkdef.pl b/util/mkdef.pl index 4c15a942d2..64e0430a19 100755 --- a/util/mkdef.pl +++ b/util/mkdef.pl @@ -273,6 +273,7 @@ $crypto.=" crypto/ocsp/ocsp.h"; $crypto.=" crypto/ui/ui.h crypto/ui/ui_compat.h"; $crypto.=" crypto/krb5/krb5_asn.h"; $crypto.=" crypto/tmdiff.h"; +$crypto.=" crypto/store/store.h"; my $symhacks="crypto/symhacks.h"; From 3bbb0212f3d059d7148c62c73d719e6d79954901 Mon Sep 17 00:00:00 2001 From: Richard Levitte Date: Thu, 1 May 2003 03:57:46 +0000 Subject: [PATCH 273/393] Add STORE support in ENGINE. --- CHANGES | 3 + crypto/crypto-lib.com | 3 +- crypto/engine/Makefile.ssl | 435 ++++++++++++++++++++++--------------- crypto/engine/eng_int.h | 1 + crypto/engine/eng_lib.c | 1 + crypto/engine/eng_list.c | 1 + crypto/engine/engine.h | 26 ++- crypto/engine/tb_store.c | 120 ++++++++++ 8 files changed, 409 insertions(+), 181 deletions(-) create mode 100644 crypto/engine/tb_store.c diff --git a/CHANGES b/CHANGES index 7389f35924..a840284622 100644 --- a/CHANGES +++ b/CHANGES @@ -4,6 +4,9 @@ Changes between 0.9.7a and 0.9.8 [xx XXX xxxx] + *) Add support for STORE in ENGINE. + [Richard Levitte] + *) Add the STORE type. The intention is to provide a common interface to certificate and key stores, be they simple file-based stores, or HSM-type store, or LDAP stores, or... diff --git a/crypto/crypto-lib.com b/crypto/crypto-lib.com index a6838c2480..da1ee269b7 100644 --- a/crypto/crypto-lib.com +++ b/crypto/crypto-lib.com @@ -202,7 +202,8 @@ $ LIB_DSO = "dso_dl,dso_dlfcn,dso_err,dso_lib,dso_null,"+ - "dso_openssl,dso_win32,dso_vms" $ LIB_ENGINE = "eng_err,eng_lib,eng_list,eng_init,eng_ctrl,"+ - "eng_table,eng_pkey,eng_fat,eng_all,"+ - - "tb_rsa,tb_dsa,tb_ecdsa,tb_dh,tb_rand,tb_cipher,tb_digest,tb_ecdh,"+ - + "tb_rsa,tb_dsa,tb_ecdsa,tb_dh,tb_ecdh,tb_rand,tb_store,"+ - + "tb_cipher,tb_digest,"+ - "eng_openssl,eng_dyn,eng_cnf,eng_cryptodev" $ LIB_AES = "aes_core,aes_misc,aes_ecb,aes_cbc,aes_cfb,aes_ofb,aes_ctr" $ LIB_BUFFER = "buffer,buf_err" diff --git a/crypto/engine/Makefile.ssl b/crypto/engine/Makefile.ssl index 6b99263724..1530399328 100644 --- a/crypto/engine/Makefile.ssl +++ b/crypto/engine/Makefile.ssl @@ -25,11 +25,13 @@ APPS= LIB=$(TOP)/libcrypto.a LIBSRC= eng_err.c eng_lib.c eng_list.c eng_init.c eng_ctrl.c \ eng_table.c eng_pkey.c eng_fat.c eng_all.c \ - tb_rsa.c tb_dsa.c tb_ecdsa.c tb_dh.c tb_rand.c tb_cipher.c tb_digest.c tb_ecdh.c \ + tb_rsa.c tb_dsa.c tb_ecdsa.c tb_dh.c tb_ecdh.c tb_rand.c tb_store.c \ + tb_cipher.c tb_digest.c \ eng_openssl.c eng_cnf.c eng_dyn.c eng_cryptodev.c LIBOBJ= eng_err.o eng_lib.o eng_list.o eng_init.o eng_ctrl.o \ eng_table.o eng_pkey.o eng_fat.o eng_all.o \ - tb_rsa.o tb_dsa.o tb_ecdsa.o tb_dh.o tb_rand.o tb_cipher.o tb_digest.o tb_ecdh.o \ + tb_rsa.o tb_dsa.o tb_ecdsa.o tb_dh.o tb_ecdh.o tb_rand.o tb_store.c \ + tb_cipher.o tb_digest.o \ eng_openssl.o eng_cnf.o eng_dyn.o eng_cryptodev.o SRC= $(LIBSRC) @@ -86,17 +88,21 @@ clean: # DO NOT DELETE THIS LINE -- make depend depends on it. eng_all.o: ../../include/openssl/asn1.h ../../include/openssl/bio.h -eng_all.o: ../../include/openssl/bn.h ../../include/openssl/crypto.h -eng_all.o: ../../include/openssl/dh.h ../../include/openssl/dsa.h -eng_all.o: ../../include/openssl/e_os2.h ../../include/openssl/ec.h -eng_all.o: ../../include/openssl/ecdh.h ../../include/openssl/ecdsa.h -eng_all.o: ../../include/openssl/engine.h ../../include/openssl/err.h -eng_all.o: ../../include/openssl/lhash.h ../../include/openssl/opensslconf.h +eng_all.o: ../../include/openssl/bn.h ../../include/openssl/buffer.h +eng_all.o: ../../include/openssl/crypto.h ../../include/openssl/dh.h +eng_all.o: ../../include/openssl/dsa.h ../../include/openssl/e_os2.h +eng_all.o: ../../include/openssl/ec.h ../../include/openssl/ecdh.h +eng_all.o: ../../include/openssl/ecdsa.h ../../include/openssl/engine.h +eng_all.o: ../../include/openssl/err.h ../../include/openssl/evp.h +eng_all.o: ../../include/openssl/lhash.h ../../include/openssl/obj_mac.h +eng_all.o: ../../include/openssl/objects.h ../../include/openssl/opensslconf.h eng_all.o: ../../include/openssl/opensslv.h ../../include/openssl/ossl_typ.h -eng_all.o: ../../include/openssl/rand.h ../../include/openssl/rsa.h -eng_all.o: ../../include/openssl/safestack.h ../../include/openssl/stack.h -eng_all.o: ../../include/openssl/symhacks.h ../../include/openssl/ui.h -eng_all.o: eng_all.c eng_int.h +eng_all.o: ../../include/openssl/pkcs7.h ../../include/openssl/rand.h +eng_all.o: ../../include/openssl/rsa.h ../../include/openssl/safestack.h +eng_all.o: ../../include/openssl/sha.h ../../include/openssl/stack.h +eng_all.o: ../../include/openssl/store.h ../../include/openssl/symhacks.h +eng_all.o: ../../include/openssl/ui.h ../../include/openssl/x509.h +eng_all.o: ../../include/openssl/x509_vfy.h eng_all.c eng_int.h eng_cnf.o: ../../e_os.h ../../include/openssl/asn1.h eng_cnf.o: ../../include/openssl/bio.h ../../include/openssl/bn.h eng_cnf.o: ../../include/openssl/buffer.h ../../include/openssl/conf.h @@ -104,27 +110,34 @@ eng_cnf.o: ../../include/openssl/crypto.h ../../include/openssl/dh.h eng_cnf.o: ../../include/openssl/dsa.h ../../include/openssl/e_os2.h eng_cnf.o: ../../include/openssl/ec.h ../../include/openssl/ecdh.h eng_cnf.o: ../../include/openssl/ecdsa.h ../../include/openssl/engine.h -eng_cnf.o: ../../include/openssl/err.h ../../include/openssl/lhash.h -eng_cnf.o: ../../include/openssl/opensslconf.h ../../include/openssl/opensslv.h -eng_cnf.o: ../../include/openssl/ossl_typ.h ../../include/openssl/rand.h +eng_cnf.o: ../../include/openssl/err.h ../../include/openssl/evp.h +eng_cnf.o: ../../include/openssl/lhash.h ../../include/openssl/obj_mac.h +eng_cnf.o: ../../include/openssl/objects.h ../../include/openssl/opensslconf.h +eng_cnf.o: ../../include/openssl/opensslv.h ../../include/openssl/ossl_typ.h +eng_cnf.o: ../../include/openssl/pkcs7.h ../../include/openssl/rand.h eng_cnf.o: ../../include/openssl/rsa.h ../../include/openssl/safestack.h -eng_cnf.o: ../../include/openssl/stack.h ../../include/openssl/symhacks.h -eng_cnf.o: ../../include/openssl/ui.h ../cryptlib.h eng_cnf.c +eng_cnf.o: ../../include/openssl/sha.h ../../include/openssl/stack.h +eng_cnf.o: ../../include/openssl/store.h ../../include/openssl/symhacks.h +eng_cnf.o: ../../include/openssl/ui.h ../../include/openssl/x509.h +eng_cnf.o: ../../include/openssl/x509_vfy.h ../cryptlib.h eng_cnf.c eng_cryptodev.o: ../../include/openssl/asn1.h ../../include/openssl/bio.h -eng_cryptodev.o: ../../include/openssl/bn.h ../../include/openssl/crypto.h -eng_cryptodev.o: ../../include/openssl/dh.h ../../include/openssl/dsa.h -eng_cryptodev.o: ../../include/openssl/e_os2.h ../../include/openssl/ec.h -eng_cryptodev.o: ../../include/openssl/ecdh.h ../../include/openssl/ecdsa.h -eng_cryptodev.o: ../../include/openssl/engine.h ../../include/openssl/err.h -eng_cryptodev.o: ../../include/openssl/evp.h ../../include/openssl/lhash.h -eng_cryptodev.o: ../../include/openssl/obj_mac.h +eng_cryptodev.o: ../../include/openssl/bn.h ../../include/openssl/buffer.h +eng_cryptodev.o: ../../include/openssl/crypto.h ../../include/openssl/dh.h +eng_cryptodev.o: ../../include/openssl/dsa.h ../../include/openssl/e_os2.h +eng_cryptodev.o: ../../include/openssl/ec.h ../../include/openssl/ecdh.h +eng_cryptodev.o: ../../include/openssl/ecdsa.h ../../include/openssl/engine.h +eng_cryptodev.o: ../../include/openssl/err.h ../../include/openssl/evp.h +eng_cryptodev.o: ../../include/openssl/lhash.h ../../include/openssl/obj_mac.h eng_cryptodev.o: ../../include/openssl/objects.h eng_cryptodev.o: ../../include/openssl/opensslconf.h eng_cryptodev.o: ../../include/openssl/opensslv.h -eng_cryptodev.o: ../../include/openssl/ossl_typ.h ../../include/openssl/rand.h -eng_cryptodev.o: ../../include/openssl/rsa.h ../../include/openssl/safestack.h -eng_cryptodev.o: ../../include/openssl/stack.h ../../include/openssl/symhacks.h -eng_cryptodev.o: ../../include/openssl/ui.h eng_cryptodev.c +eng_cryptodev.o: ../../include/openssl/ossl_typ.h ../../include/openssl/pkcs7.h +eng_cryptodev.o: ../../include/openssl/rand.h ../../include/openssl/rsa.h +eng_cryptodev.o: ../../include/openssl/safestack.h ../../include/openssl/sha.h +eng_cryptodev.o: ../../include/openssl/stack.h ../../include/openssl/store.h +eng_cryptodev.o: ../../include/openssl/symhacks.h ../../include/openssl/ui.h +eng_cryptodev.o: ../../include/openssl/x509.h ../../include/openssl/x509_vfy.h +eng_cryptodev.o: eng_cryptodev.c eng_ctrl.o: ../../e_os.h ../../include/openssl/asn1.h eng_ctrl.o: ../../include/openssl/bio.h ../../include/openssl/bn.h eng_ctrl.o: ../../include/openssl/buffer.h ../../include/openssl/crypto.h @@ -132,12 +145,16 @@ eng_ctrl.o: ../../include/openssl/dh.h ../../include/openssl/dsa.h eng_ctrl.o: ../../include/openssl/e_os2.h ../../include/openssl/ec.h eng_ctrl.o: ../../include/openssl/ecdh.h ../../include/openssl/ecdsa.h eng_ctrl.o: ../../include/openssl/engine.h ../../include/openssl/err.h -eng_ctrl.o: ../../include/openssl/lhash.h ../../include/openssl/opensslconf.h +eng_ctrl.o: ../../include/openssl/evp.h ../../include/openssl/lhash.h +eng_ctrl.o: ../../include/openssl/obj_mac.h ../../include/openssl/objects.h +eng_ctrl.o: ../../include/openssl/opensslconf.h eng_ctrl.o: ../../include/openssl/opensslv.h ../../include/openssl/ossl_typ.h -eng_ctrl.o: ../../include/openssl/rand.h ../../include/openssl/rsa.h -eng_ctrl.o: ../../include/openssl/safestack.h ../../include/openssl/stack.h -eng_ctrl.o: ../../include/openssl/symhacks.h ../../include/openssl/ui.h -eng_ctrl.o: ../cryptlib.h eng_ctrl.c eng_int.h +eng_ctrl.o: ../../include/openssl/pkcs7.h ../../include/openssl/rand.h +eng_ctrl.o: ../../include/openssl/rsa.h ../../include/openssl/safestack.h +eng_ctrl.o: ../../include/openssl/sha.h ../../include/openssl/stack.h +eng_ctrl.o: ../../include/openssl/store.h ../../include/openssl/symhacks.h +eng_ctrl.o: ../../include/openssl/ui.h ../../include/openssl/x509.h +eng_ctrl.o: ../../include/openssl/x509_vfy.h ../cryptlib.h eng_ctrl.c eng_int.h eng_dyn.o: ../../e_os.h ../../include/openssl/asn1.h eng_dyn.o: ../../include/openssl/bio.h ../../include/openssl/bn.h eng_dyn.o: ../../include/openssl/buffer.h ../../include/openssl/crypto.h @@ -145,24 +162,32 @@ eng_dyn.o: ../../include/openssl/dh.h ../../include/openssl/dsa.h eng_dyn.o: ../../include/openssl/dso.h ../../include/openssl/e_os2.h eng_dyn.o: ../../include/openssl/ec.h ../../include/openssl/ecdh.h eng_dyn.o: ../../include/openssl/ecdsa.h ../../include/openssl/engine.h -eng_dyn.o: ../../include/openssl/err.h ../../include/openssl/lhash.h -eng_dyn.o: ../../include/openssl/opensslconf.h ../../include/openssl/opensslv.h -eng_dyn.o: ../../include/openssl/ossl_typ.h ../../include/openssl/rand.h +eng_dyn.o: ../../include/openssl/err.h ../../include/openssl/evp.h +eng_dyn.o: ../../include/openssl/lhash.h ../../include/openssl/obj_mac.h +eng_dyn.o: ../../include/openssl/objects.h ../../include/openssl/opensslconf.h +eng_dyn.o: ../../include/openssl/opensslv.h ../../include/openssl/ossl_typ.h +eng_dyn.o: ../../include/openssl/pkcs7.h ../../include/openssl/rand.h eng_dyn.o: ../../include/openssl/rsa.h ../../include/openssl/safestack.h -eng_dyn.o: ../../include/openssl/stack.h ../../include/openssl/symhacks.h -eng_dyn.o: ../../include/openssl/ui.h ../cryptlib.h eng_dyn.c eng_int.h +eng_dyn.o: ../../include/openssl/sha.h ../../include/openssl/stack.h +eng_dyn.o: ../../include/openssl/store.h ../../include/openssl/symhacks.h +eng_dyn.o: ../../include/openssl/ui.h ../../include/openssl/x509.h +eng_dyn.o: ../../include/openssl/x509_vfy.h ../cryptlib.h eng_dyn.c eng_int.h eng_err.o: ../../include/openssl/asn1.h ../../include/openssl/bio.h -eng_err.o: ../../include/openssl/bn.h ../../include/openssl/crypto.h -eng_err.o: ../../include/openssl/dh.h ../../include/openssl/dsa.h -eng_err.o: ../../include/openssl/e_os2.h ../../include/openssl/ec.h -eng_err.o: ../../include/openssl/ecdh.h ../../include/openssl/ecdsa.h -eng_err.o: ../../include/openssl/engine.h ../../include/openssl/err.h -eng_err.o: ../../include/openssl/lhash.h ../../include/openssl/opensslconf.h +eng_err.o: ../../include/openssl/bn.h ../../include/openssl/buffer.h +eng_err.o: ../../include/openssl/crypto.h ../../include/openssl/dh.h +eng_err.o: ../../include/openssl/dsa.h ../../include/openssl/e_os2.h +eng_err.o: ../../include/openssl/ec.h ../../include/openssl/ecdh.h +eng_err.o: ../../include/openssl/ecdsa.h ../../include/openssl/engine.h +eng_err.o: ../../include/openssl/err.h ../../include/openssl/evp.h +eng_err.o: ../../include/openssl/lhash.h ../../include/openssl/obj_mac.h +eng_err.o: ../../include/openssl/objects.h ../../include/openssl/opensslconf.h eng_err.o: ../../include/openssl/opensslv.h ../../include/openssl/ossl_typ.h -eng_err.o: ../../include/openssl/rand.h ../../include/openssl/rsa.h -eng_err.o: ../../include/openssl/safestack.h ../../include/openssl/stack.h -eng_err.o: ../../include/openssl/symhacks.h ../../include/openssl/ui.h -eng_err.o: eng_err.c +eng_err.o: ../../include/openssl/pkcs7.h ../../include/openssl/rand.h +eng_err.o: ../../include/openssl/rsa.h ../../include/openssl/safestack.h +eng_err.o: ../../include/openssl/sha.h ../../include/openssl/stack.h +eng_err.o: ../../include/openssl/store.h ../../include/openssl/symhacks.h +eng_err.o: ../../include/openssl/ui.h ../../include/openssl/x509.h +eng_err.o: ../../include/openssl/x509_vfy.h eng_err.c eng_fat.o: ../../e_os.h ../../include/openssl/asn1.h eng_fat.o: ../../include/openssl/bio.h ../../include/openssl/bn.h eng_fat.o: ../../include/openssl/buffer.h ../../include/openssl/conf.h @@ -170,12 +195,16 @@ eng_fat.o: ../../include/openssl/crypto.h ../../include/openssl/dh.h eng_fat.o: ../../include/openssl/dsa.h ../../include/openssl/e_os2.h eng_fat.o: ../../include/openssl/ec.h ../../include/openssl/ecdh.h eng_fat.o: ../../include/openssl/ecdsa.h ../../include/openssl/engine.h -eng_fat.o: ../../include/openssl/err.h ../../include/openssl/lhash.h -eng_fat.o: ../../include/openssl/opensslconf.h ../../include/openssl/opensslv.h -eng_fat.o: ../../include/openssl/ossl_typ.h ../../include/openssl/rand.h +eng_fat.o: ../../include/openssl/err.h ../../include/openssl/evp.h +eng_fat.o: ../../include/openssl/lhash.h ../../include/openssl/obj_mac.h +eng_fat.o: ../../include/openssl/objects.h ../../include/openssl/opensslconf.h +eng_fat.o: ../../include/openssl/opensslv.h ../../include/openssl/ossl_typ.h +eng_fat.o: ../../include/openssl/pkcs7.h ../../include/openssl/rand.h eng_fat.o: ../../include/openssl/rsa.h ../../include/openssl/safestack.h -eng_fat.o: ../../include/openssl/stack.h ../../include/openssl/symhacks.h -eng_fat.o: ../../include/openssl/ui.h ../cryptlib.h eng_fat.c eng_int.h +eng_fat.o: ../../include/openssl/sha.h ../../include/openssl/stack.h +eng_fat.o: ../../include/openssl/store.h ../../include/openssl/symhacks.h +eng_fat.o: ../../include/openssl/ui.h ../../include/openssl/x509.h +eng_fat.o: ../../include/openssl/x509_vfy.h ../cryptlib.h eng_fat.c eng_int.h eng_init.o: ../../e_os.h ../../include/openssl/asn1.h eng_init.o: ../../include/openssl/bio.h ../../include/openssl/bn.h eng_init.o: ../../include/openssl/buffer.h ../../include/openssl/crypto.h @@ -183,12 +212,16 @@ eng_init.o: ../../include/openssl/dh.h ../../include/openssl/dsa.h eng_init.o: ../../include/openssl/e_os2.h ../../include/openssl/ec.h eng_init.o: ../../include/openssl/ecdh.h ../../include/openssl/ecdsa.h eng_init.o: ../../include/openssl/engine.h ../../include/openssl/err.h -eng_init.o: ../../include/openssl/lhash.h ../../include/openssl/opensslconf.h +eng_init.o: ../../include/openssl/evp.h ../../include/openssl/lhash.h +eng_init.o: ../../include/openssl/obj_mac.h ../../include/openssl/objects.h +eng_init.o: ../../include/openssl/opensslconf.h eng_init.o: ../../include/openssl/opensslv.h ../../include/openssl/ossl_typ.h -eng_init.o: ../../include/openssl/rand.h ../../include/openssl/rsa.h -eng_init.o: ../../include/openssl/safestack.h ../../include/openssl/stack.h -eng_init.o: ../../include/openssl/symhacks.h ../../include/openssl/ui.h -eng_init.o: ../cryptlib.h eng_init.c eng_int.h +eng_init.o: ../../include/openssl/pkcs7.h ../../include/openssl/rand.h +eng_init.o: ../../include/openssl/rsa.h ../../include/openssl/safestack.h +eng_init.o: ../../include/openssl/sha.h ../../include/openssl/stack.h +eng_init.o: ../../include/openssl/store.h ../../include/openssl/symhacks.h +eng_init.o: ../../include/openssl/ui.h ../../include/openssl/x509.h +eng_init.o: ../../include/openssl/x509_vfy.h ../cryptlib.h eng_init.c eng_int.h eng_lib.o: ../../e_os.h ../../include/openssl/asn1.h eng_lib.o: ../../include/openssl/bio.h ../../include/openssl/bn.h eng_lib.o: ../../include/openssl/buffer.h ../../include/openssl/crypto.h @@ -196,11 +229,15 @@ eng_lib.o: ../../include/openssl/dh.h ../../include/openssl/dsa.h eng_lib.o: ../../include/openssl/e_os2.h ../../include/openssl/ec.h eng_lib.o: ../../include/openssl/ecdh.h ../../include/openssl/ecdsa.h eng_lib.o: ../../include/openssl/engine.h ../../include/openssl/err.h -eng_lib.o: ../../include/openssl/lhash.h ../../include/openssl/opensslconf.h -eng_lib.o: ../../include/openssl/opensslv.h ../../include/openssl/ossl_typ.h +eng_lib.o: ../../include/openssl/evp.h ../../include/openssl/lhash.h +eng_lib.o: ../../include/openssl/obj_mac.h ../../include/openssl/objects.h +eng_lib.o: ../../include/openssl/opensslconf.h ../../include/openssl/opensslv.h +eng_lib.o: ../../include/openssl/ossl_typ.h ../../include/openssl/pkcs7.h eng_lib.o: ../../include/openssl/rand.h ../../include/openssl/rsa.h -eng_lib.o: ../../include/openssl/safestack.h ../../include/openssl/stack.h +eng_lib.o: ../../include/openssl/safestack.h ../../include/openssl/sha.h +eng_lib.o: ../../include/openssl/stack.h ../../include/openssl/store.h eng_lib.o: ../../include/openssl/symhacks.h ../../include/openssl/ui.h +eng_lib.o: ../../include/openssl/x509.h ../../include/openssl/x509_vfy.h eng_lib.o: ../cryptlib.h eng_int.h eng_lib.c eng_list.o: ../../e_os.h ../../include/openssl/asn1.h eng_list.o: ../../include/openssl/bio.h ../../include/openssl/bn.h @@ -209,12 +246,16 @@ eng_list.o: ../../include/openssl/dh.h ../../include/openssl/dsa.h eng_list.o: ../../include/openssl/e_os2.h ../../include/openssl/ec.h eng_list.o: ../../include/openssl/ecdh.h ../../include/openssl/ecdsa.h eng_list.o: ../../include/openssl/engine.h ../../include/openssl/err.h -eng_list.o: ../../include/openssl/lhash.h ../../include/openssl/opensslconf.h +eng_list.o: ../../include/openssl/evp.h ../../include/openssl/lhash.h +eng_list.o: ../../include/openssl/obj_mac.h ../../include/openssl/objects.h +eng_list.o: ../../include/openssl/opensslconf.h eng_list.o: ../../include/openssl/opensslv.h ../../include/openssl/ossl_typ.h -eng_list.o: ../../include/openssl/rand.h ../../include/openssl/rsa.h -eng_list.o: ../../include/openssl/safestack.h ../../include/openssl/stack.h -eng_list.o: ../../include/openssl/symhacks.h ../../include/openssl/ui.h -eng_list.o: ../cryptlib.h eng_int.h eng_list.c +eng_list.o: ../../include/openssl/pkcs7.h ../../include/openssl/rand.h +eng_list.o: ../../include/openssl/rsa.h ../../include/openssl/safestack.h +eng_list.o: ../../include/openssl/sha.h ../../include/openssl/stack.h +eng_list.o: ../../include/openssl/store.h ../../include/openssl/symhacks.h +eng_list.o: ../../include/openssl/ui.h ../../include/openssl/x509.h +eng_list.o: ../../include/openssl/x509_vfy.h ../cryptlib.h eng_int.h eng_list.c eng_openssl.o: ../../e_os.h ../../include/openssl/asn1.h eng_openssl.o: ../../include/openssl/bio.h ../../include/openssl/bn.h eng_openssl.o: ../../include/openssl/buffer.h ../../include/openssl/crypto.h @@ -232,9 +273,9 @@ eng_openssl.o: ../../include/openssl/pem2.h ../../include/openssl/pkcs7.h eng_openssl.o: ../../include/openssl/rand.h ../../include/openssl/rc4.h eng_openssl.o: ../../include/openssl/rsa.h ../../include/openssl/safestack.h eng_openssl.o: ../../include/openssl/sha.h ../../include/openssl/stack.h -eng_openssl.o: ../../include/openssl/symhacks.h ../../include/openssl/ui.h -eng_openssl.o: ../../include/openssl/x509.h ../../include/openssl/x509_vfy.h -eng_openssl.o: ../cryptlib.h eng_openssl.c +eng_openssl.o: ../../include/openssl/store.h ../../include/openssl/symhacks.h +eng_openssl.o: ../../include/openssl/ui.h ../../include/openssl/x509.h +eng_openssl.o: ../../include/openssl/x509_vfy.h ../cryptlib.h eng_openssl.c eng_pkey.o: ../../e_os.h ../../include/openssl/asn1.h eng_pkey.o: ../../include/openssl/bio.h ../../include/openssl/bn.h eng_pkey.o: ../../include/openssl/buffer.h ../../include/openssl/crypto.h @@ -242,130 +283,176 @@ eng_pkey.o: ../../include/openssl/dh.h ../../include/openssl/dsa.h eng_pkey.o: ../../include/openssl/e_os2.h ../../include/openssl/ec.h eng_pkey.o: ../../include/openssl/ecdh.h ../../include/openssl/ecdsa.h eng_pkey.o: ../../include/openssl/engine.h ../../include/openssl/err.h -eng_pkey.o: ../../include/openssl/lhash.h ../../include/openssl/opensslconf.h +eng_pkey.o: ../../include/openssl/evp.h ../../include/openssl/lhash.h +eng_pkey.o: ../../include/openssl/obj_mac.h ../../include/openssl/objects.h +eng_pkey.o: ../../include/openssl/opensslconf.h eng_pkey.o: ../../include/openssl/opensslv.h ../../include/openssl/ossl_typ.h -eng_pkey.o: ../../include/openssl/rand.h ../../include/openssl/rsa.h -eng_pkey.o: ../../include/openssl/safestack.h ../../include/openssl/stack.h -eng_pkey.o: ../../include/openssl/symhacks.h ../../include/openssl/ui.h -eng_pkey.o: ../cryptlib.h eng_int.h eng_pkey.c +eng_pkey.o: ../../include/openssl/pkcs7.h ../../include/openssl/rand.h +eng_pkey.o: ../../include/openssl/rsa.h ../../include/openssl/safestack.h +eng_pkey.o: ../../include/openssl/sha.h ../../include/openssl/stack.h +eng_pkey.o: ../../include/openssl/store.h ../../include/openssl/symhacks.h +eng_pkey.o: ../../include/openssl/ui.h ../../include/openssl/x509.h +eng_pkey.o: ../../include/openssl/x509_vfy.h ../cryptlib.h eng_int.h eng_pkey.c eng_table.o: ../../include/openssl/asn1.h ../../include/openssl/bio.h -eng_table.o: ../../include/openssl/bn.h ../../include/openssl/crypto.h -eng_table.o: ../../include/openssl/dh.h ../../include/openssl/dsa.h -eng_table.o: ../../include/openssl/e_os2.h ../../include/openssl/ec.h -eng_table.o: ../../include/openssl/ecdh.h ../../include/openssl/ecdsa.h -eng_table.o: ../../include/openssl/engine.h ../../include/openssl/err.h -eng_table.o: ../../include/openssl/evp.h ../../include/openssl/lhash.h -eng_table.o: ../../include/openssl/obj_mac.h ../../include/openssl/objects.h +eng_table.o: ../../include/openssl/bn.h ../../include/openssl/buffer.h +eng_table.o: ../../include/openssl/crypto.h ../../include/openssl/dh.h +eng_table.o: ../../include/openssl/dsa.h ../../include/openssl/e_os2.h +eng_table.o: ../../include/openssl/ec.h ../../include/openssl/ecdh.h +eng_table.o: ../../include/openssl/ecdsa.h ../../include/openssl/engine.h +eng_table.o: ../../include/openssl/err.h ../../include/openssl/evp.h +eng_table.o: ../../include/openssl/lhash.h ../../include/openssl/obj_mac.h +eng_table.o: ../../include/openssl/objects.h eng_table.o: ../../include/openssl/opensslconf.h eng_table.o: ../../include/openssl/opensslv.h ../../include/openssl/ossl_typ.h -eng_table.o: ../../include/openssl/rand.h ../../include/openssl/rsa.h -eng_table.o: ../../include/openssl/safestack.h ../../include/openssl/stack.h -eng_table.o: ../../include/openssl/symhacks.h ../../include/openssl/ui.h -eng_table.o: eng_int.h eng_table.c +eng_table.o: ../../include/openssl/pkcs7.h ../../include/openssl/rand.h +eng_table.o: ../../include/openssl/rsa.h ../../include/openssl/safestack.h +eng_table.o: ../../include/openssl/sha.h ../../include/openssl/stack.h +eng_table.o: ../../include/openssl/store.h ../../include/openssl/symhacks.h +eng_table.o: ../../include/openssl/ui.h ../../include/openssl/x509.h +eng_table.o: ../../include/openssl/x509_vfy.h eng_int.h eng_table.c tb_cipher.o: ../../include/openssl/asn1.h ../../include/openssl/bio.h -tb_cipher.o: ../../include/openssl/bn.h ../../include/openssl/crypto.h -tb_cipher.o: ../../include/openssl/dh.h ../../include/openssl/dsa.h -tb_cipher.o: ../../include/openssl/e_os2.h ../../include/openssl/ec.h -tb_cipher.o: ../../include/openssl/ecdh.h ../../include/openssl/ecdsa.h -tb_cipher.o: ../../include/openssl/engine.h ../../include/openssl/err.h -tb_cipher.o: ../../include/openssl/evp.h ../../include/openssl/lhash.h -tb_cipher.o: ../../include/openssl/obj_mac.h ../../include/openssl/objects.h +tb_cipher.o: ../../include/openssl/bn.h ../../include/openssl/buffer.h +tb_cipher.o: ../../include/openssl/crypto.h ../../include/openssl/dh.h +tb_cipher.o: ../../include/openssl/dsa.h ../../include/openssl/e_os2.h +tb_cipher.o: ../../include/openssl/ec.h ../../include/openssl/ecdh.h +tb_cipher.o: ../../include/openssl/ecdsa.h ../../include/openssl/engine.h +tb_cipher.o: ../../include/openssl/err.h ../../include/openssl/evp.h +tb_cipher.o: ../../include/openssl/lhash.h ../../include/openssl/obj_mac.h +tb_cipher.o: ../../include/openssl/objects.h tb_cipher.o: ../../include/openssl/opensslconf.h tb_cipher.o: ../../include/openssl/opensslv.h ../../include/openssl/ossl_typ.h -tb_cipher.o: ../../include/openssl/rand.h ../../include/openssl/rsa.h -tb_cipher.o: ../../include/openssl/safestack.h ../../include/openssl/stack.h -tb_cipher.o: ../../include/openssl/symhacks.h ../../include/openssl/ui.h -tb_cipher.o: eng_int.h tb_cipher.c +tb_cipher.o: ../../include/openssl/pkcs7.h ../../include/openssl/rand.h +tb_cipher.o: ../../include/openssl/rsa.h ../../include/openssl/safestack.h +tb_cipher.o: ../../include/openssl/sha.h ../../include/openssl/stack.h +tb_cipher.o: ../../include/openssl/store.h ../../include/openssl/symhacks.h +tb_cipher.o: ../../include/openssl/ui.h ../../include/openssl/x509.h +tb_cipher.o: ../../include/openssl/x509_vfy.h eng_int.h tb_cipher.c tb_dh.o: ../../include/openssl/asn1.h ../../include/openssl/bio.h -tb_dh.o: ../../include/openssl/bn.h ../../include/openssl/crypto.h -tb_dh.o: ../../include/openssl/dh.h ../../include/openssl/dsa.h -tb_dh.o: ../../include/openssl/e_os2.h ../../include/openssl/ec.h -tb_dh.o: ../../include/openssl/ecdh.h ../../include/openssl/ecdsa.h -tb_dh.o: ../../include/openssl/engine.h ../../include/openssl/err.h -tb_dh.o: ../../include/openssl/evp.h ../../include/openssl/lhash.h -tb_dh.o: ../../include/openssl/obj_mac.h ../../include/openssl/objects.h -tb_dh.o: ../../include/openssl/opensslconf.h ../../include/openssl/opensslv.h -tb_dh.o: ../../include/openssl/ossl_typ.h ../../include/openssl/rand.h +tb_dh.o: ../../include/openssl/bn.h ../../include/openssl/buffer.h +tb_dh.o: ../../include/openssl/crypto.h ../../include/openssl/dh.h +tb_dh.o: ../../include/openssl/dsa.h ../../include/openssl/e_os2.h +tb_dh.o: ../../include/openssl/ec.h ../../include/openssl/ecdh.h +tb_dh.o: ../../include/openssl/ecdsa.h ../../include/openssl/engine.h +tb_dh.o: ../../include/openssl/err.h ../../include/openssl/evp.h +tb_dh.o: ../../include/openssl/lhash.h ../../include/openssl/obj_mac.h +tb_dh.o: ../../include/openssl/objects.h ../../include/openssl/opensslconf.h +tb_dh.o: ../../include/openssl/opensslv.h ../../include/openssl/ossl_typ.h +tb_dh.o: ../../include/openssl/pkcs7.h ../../include/openssl/rand.h tb_dh.o: ../../include/openssl/rsa.h ../../include/openssl/safestack.h -tb_dh.o: ../../include/openssl/stack.h ../../include/openssl/symhacks.h -tb_dh.o: ../../include/openssl/ui.h eng_int.h tb_dh.c +tb_dh.o: ../../include/openssl/sha.h ../../include/openssl/stack.h +tb_dh.o: ../../include/openssl/store.h ../../include/openssl/symhacks.h +tb_dh.o: ../../include/openssl/ui.h ../../include/openssl/x509.h +tb_dh.o: ../../include/openssl/x509_vfy.h eng_int.h tb_dh.c tb_digest.o: ../../include/openssl/asn1.h ../../include/openssl/bio.h -tb_digest.o: ../../include/openssl/bn.h ../../include/openssl/crypto.h -tb_digest.o: ../../include/openssl/dh.h ../../include/openssl/dsa.h -tb_digest.o: ../../include/openssl/e_os2.h ../../include/openssl/ec.h -tb_digest.o: ../../include/openssl/ecdh.h ../../include/openssl/ecdsa.h -tb_digest.o: ../../include/openssl/engine.h ../../include/openssl/err.h -tb_digest.o: ../../include/openssl/evp.h ../../include/openssl/lhash.h -tb_digest.o: ../../include/openssl/obj_mac.h ../../include/openssl/objects.h +tb_digest.o: ../../include/openssl/bn.h ../../include/openssl/buffer.h +tb_digest.o: ../../include/openssl/crypto.h ../../include/openssl/dh.h +tb_digest.o: ../../include/openssl/dsa.h ../../include/openssl/e_os2.h +tb_digest.o: ../../include/openssl/ec.h ../../include/openssl/ecdh.h +tb_digest.o: ../../include/openssl/ecdsa.h ../../include/openssl/engine.h +tb_digest.o: ../../include/openssl/err.h ../../include/openssl/evp.h +tb_digest.o: ../../include/openssl/lhash.h ../../include/openssl/obj_mac.h +tb_digest.o: ../../include/openssl/objects.h tb_digest.o: ../../include/openssl/opensslconf.h tb_digest.o: ../../include/openssl/opensslv.h ../../include/openssl/ossl_typ.h -tb_digest.o: ../../include/openssl/rand.h ../../include/openssl/rsa.h -tb_digest.o: ../../include/openssl/safestack.h ../../include/openssl/stack.h -tb_digest.o: ../../include/openssl/symhacks.h ../../include/openssl/ui.h -tb_digest.o: eng_int.h tb_digest.c +tb_digest.o: ../../include/openssl/pkcs7.h ../../include/openssl/rand.h +tb_digest.o: ../../include/openssl/rsa.h ../../include/openssl/safestack.h +tb_digest.o: ../../include/openssl/sha.h ../../include/openssl/stack.h +tb_digest.o: ../../include/openssl/store.h ../../include/openssl/symhacks.h +tb_digest.o: ../../include/openssl/ui.h ../../include/openssl/x509.h +tb_digest.o: ../../include/openssl/x509_vfy.h eng_int.h tb_digest.c tb_dsa.o: ../../include/openssl/asn1.h ../../include/openssl/bio.h -tb_dsa.o: ../../include/openssl/bn.h ../../include/openssl/crypto.h -tb_dsa.o: ../../include/openssl/dh.h ../../include/openssl/dsa.h -tb_dsa.o: ../../include/openssl/e_os2.h ../../include/openssl/ec.h -tb_dsa.o: ../../include/openssl/ecdh.h ../../include/openssl/ecdsa.h -tb_dsa.o: ../../include/openssl/engine.h ../../include/openssl/err.h -tb_dsa.o: ../../include/openssl/evp.h ../../include/openssl/lhash.h -tb_dsa.o: ../../include/openssl/obj_mac.h ../../include/openssl/objects.h -tb_dsa.o: ../../include/openssl/opensslconf.h ../../include/openssl/opensslv.h -tb_dsa.o: ../../include/openssl/ossl_typ.h ../../include/openssl/rand.h +tb_dsa.o: ../../include/openssl/bn.h ../../include/openssl/buffer.h +tb_dsa.o: ../../include/openssl/crypto.h ../../include/openssl/dh.h +tb_dsa.o: ../../include/openssl/dsa.h ../../include/openssl/e_os2.h +tb_dsa.o: ../../include/openssl/ec.h ../../include/openssl/ecdh.h +tb_dsa.o: ../../include/openssl/ecdsa.h ../../include/openssl/engine.h +tb_dsa.o: ../../include/openssl/err.h ../../include/openssl/evp.h +tb_dsa.o: ../../include/openssl/lhash.h ../../include/openssl/obj_mac.h +tb_dsa.o: ../../include/openssl/objects.h ../../include/openssl/opensslconf.h +tb_dsa.o: ../../include/openssl/opensslv.h ../../include/openssl/ossl_typ.h +tb_dsa.o: ../../include/openssl/pkcs7.h ../../include/openssl/rand.h tb_dsa.o: ../../include/openssl/rsa.h ../../include/openssl/safestack.h -tb_dsa.o: ../../include/openssl/stack.h ../../include/openssl/symhacks.h -tb_dsa.o: ../../include/openssl/ui.h eng_int.h tb_dsa.c +tb_dsa.o: ../../include/openssl/sha.h ../../include/openssl/stack.h +tb_dsa.o: ../../include/openssl/store.h ../../include/openssl/symhacks.h +tb_dsa.o: ../../include/openssl/ui.h ../../include/openssl/x509.h +tb_dsa.o: ../../include/openssl/x509_vfy.h eng_int.h tb_dsa.c tb_ecdh.o: ../../include/openssl/asn1.h ../../include/openssl/bio.h -tb_ecdh.o: ../../include/openssl/bn.h ../../include/openssl/crypto.h -tb_ecdh.o: ../../include/openssl/dh.h ../../include/openssl/dsa.h -tb_ecdh.o: ../../include/openssl/e_os2.h ../../include/openssl/ec.h -tb_ecdh.o: ../../include/openssl/ecdh.h ../../include/openssl/ecdsa.h -tb_ecdh.o: ../../include/openssl/engine.h ../../include/openssl/err.h -tb_ecdh.o: ../../include/openssl/evp.h ../../include/openssl/lhash.h -tb_ecdh.o: ../../include/openssl/obj_mac.h ../../include/openssl/objects.h -tb_ecdh.o: ../../include/openssl/opensslconf.h ../../include/openssl/opensslv.h -tb_ecdh.o: ../../include/openssl/ossl_typ.h ../../include/openssl/rand.h +tb_ecdh.o: ../../include/openssl/bn.h ../../include/openssl/buffer.h +tb_ecdh.o: ../../include/openssl/crypto.h ../../include/openssl/dh.h +tb_ecdh.o: ../../include/openssl/dsa.h ../../include/openssl/e_os2.h +tb_ecdh.o: ../../include/openssl/ec.h ../../include/openssl/ecdh.h +tb_ecdh.o: ../../include/openssl/ecdsa.h ../../include/openssl/engine.h +tb_ecdh.o: ../../include/openssl/err.h ../../include/openssl/evp.h +tb_ecdh.o: ../../include/openssl/lhash.h ../../include/openssl/obj_mac.h +tb_ecdh.o: ../../include/openssl/objects.h ../../include/openssl/opensslconf.h +tb_ecdh.o: ../../include/openssl/opensslv.h ../../include/openssl/ossl_typ.h +tb_ecdh.o: ../../include/openssl/pkcs7.h ../../include/openssl/rand.h tb_ecdh.o: ../../include/openssl/rsa.h ../../include/openssl/safestack.h -tb_ecdh.o: ../../include/openssl/stack.h ../../include/openssl/symhacks.h -tb_ecdh.o: ../../include/openssl/ui.h eng_int.h tb_ecdh.c +tb_ecdh.o: ../../include/openssl/sha.h ../../include/openssl/stack.h +tb_ecdh.o: ../../include/openssl/store.h ../../include/openssl/symhacks.h +tb_ecdh.o: ../../include/openssl/ui.h ../../include/openssl/x509.h +tb_ecdh.o: ../../include/openssl/x509_vfy.h eng_int.h tb_ecdh.c tb_ecdsa.o: ../../include/openssl/asn1.h ../../include/openssl/bio.h -tb_ecdsa.o: ../../include/openssl/bn.h ../../include/openssl/crypto.h -tb_ecdsa.o: ../../include/openssl/dh.h ../../include/openssl/dsa.h -tb_ecdsa.o: ../../include/openssl/e_os2.h ../../include/openssl/ec.h -tb_ecdsa.o: ../../include/openssl/ecdh.h ../../include/openssl/ecdsa.h -tb_ecdsa.o: ../../include/openssl/engine.h ../../include/openssl/err.h -tb_ecdsa.o: ../../include/openssl/evp.h ../../include/openssl/lhash.h -tb_ecdsa.o: ../../include/openssl/obj_mac.h ../../include/openssl/objects.h -tb_ecdsa.o: ../../include/openssl/opensslconf.h +tb_ecdsa.o: ../../include/openssl/bn.h ../../include/openssl/buffer.h +tb_ecdsa.o: ../../include/openssl/crypto.h ../../include/openssl/dh.h +tb_ecdsa.o: ../../include/openssl/dsa.h ../../include/openssl/e_os2.h +tb_ecdsa.o: ../../include/openssl/ec.h ../../include/openssl/ecdh.h +tb_ecdsa.o: ../../include/openssl/ecdsa.h ../../include/openssl/engine.h +tb_ecdsa.o: ../../include/openssl/err.h ../../include/openssl/evp.h +tb_ecdsa.o: ../../include/openssl/lhash.h ../../include/openssl/obj_mac.h +tb_ecdsa.o: ../../include/openssl/objects.h ../../include/openssl/opensslconf.h tb_ecdsa.o: ../../include/openssl/opensslv.h ../../include/openssl/ossl_typ.h -tb_ecdsa.o: ../../include/openssl/rand.h ../../include/openssl/rsa.h -tb_ecdsa.o: ../../include/openssl/safestack.h ../../include/openssl/stack.h -tb_ecdsa.o: ../../include/openssl/symhacks.h ../../include/openssl/ui.h -tb_ecdsa.o: eng_int.h tb_ecdsa.c +tb_ecdsa.o: ../../include/openssl/pkcs7.h ../../include/openssl/rand.h +tb_ecdsa.o: ../../include/openssl/rsa.h ../../include/openssl/safestack.h +tb_ecdsa.o: ../../include/openssl/sha.h ../../include/openssl/stack.h +tb_ecdsa.o: ../../include/openssl/store.h ../../include/openssl/symhacks.h +tb_ecdsa.o: ../../include/openssl/ui.h ../../include/openssl/x509.h +tb_ecdsa.o: ../../include/openssl/x509_vfy.h eng_int.h tb_ecdsa.c tb_rand.o: ../../include/openssl/asn1.h ../../include/openssl/bio.h -tb_rand.o: ../../include/openssl/bn.h ../../include/openssl/crypto.h -tb_rand.o: ../../include/openssl/dh.h ../../include/openssl/dsa.h -tb_rand.o: ../../include/openssl/e_os2.h ../../include/openssl/ec.h -tb_rand.o: ../../include/openssl/ecdh.h ../../include/openssl/ecdsa.h -tb_rand.o: ../../include/openssl/engine.h ../../include/openssl/err.h -tb_rand.o: ../../include/openssl/evp.h ../../include/openssl/lhash.h -tb_rand.o: ../../include/openssl/obj_mac.h ../../include/openssl/objects.h -tb_rand.o: ../../include/openssl/opensslconf.h ../../include/openssl/opensslv.h -tb_rand.o: ../../include/openssl/ossl_typ.h ../../include/openssl/rand.h +tb_rand.o: ../../include/openssl/bn.h ../../include/openssl/buffer.h +tb_rand.o: ../../include/openssl/crypto.h ../../include/openssl/dh.h +tb_rand.o: ../../include/openssl/dsa.h ../../include/openssl/e_os2.h +tb_rand.o: ../../include/openssl/ec.h ../../include/openssl/ecdh.h +tb_rand.o: ../../include/openssl/ecdsa.h ../../include/openssl/engine.h +tb_rand.o: ../../include/openssl/err.h ../../include/openssl/evp.h +tb_rand.o: ../../include/openssl/lhash.h ../../include/openssl/obj_mac.h +tb_rand.o: ../../include/openssl/objects.h ../../include/openssl/opensslconf.h +tb_rand.o: ../../include/openssl/opensslv.h ../../include/openssl/ossl_typ.h +tb_rand.o: ../../include/openssl/pkcs7.h ../../include/openssl/rand.h tb_rand.o: ../../include/openssl/rsa.h ../../include/openssl/safestack.h -tb_rand.o: ../../include/openssl/stack.h ../../include/openssl/symhacks.h -tb_rand.o: ../../include/openssl/ui.h eng_int.h tb_rand.c +tb_rand.o: ../../include/openssl/sha.h ../../include/openssl/stack.h +tb_rand.o: ../../include/openssl/store.h ../../include/openssl/symhacks.h +tb_rand.o: ../../include/openssl/ui.h ../../include/openssl/x509.h +tb_rand.o: ../../include/openssl/x509_vfy.h eng_int.h tb_rand.c tb_rsa.o: ../../include/openssl/asn1.h ../../include/openssl/bio.h -tb_rsa.o: ../../include/openssl/bn.h ../../include/openssl/crypto.h -tb_rsa.o: ../../include/openssl/dh.h ../../include/openssl/dsa.h -tb_rsa.o: ../../include/openssl/e_os2.h ../../include/openssl/ec.h -tb_rsa.o: ../../include/openssl/ecdh.h ../../include/openssl/ecdsa.h -tb_rsa.o: ../../include/openssl/engine.h ../../include/openssl/err.h -tb_rsa.o: ../../include/openssl/evp.h ../../include/openssl/lhash.h -tb_rsa.o: ../../include/openssl/obj_mac.h ../../include/openssl/objects.h -tb_rsa.o: ../../include/openssl/opensslconf.h ../../include/openssl/opensslv.h -tb_rsa.o: ../../include/openssl/ossl_typ.h ../../include/openssl/rand.h +tb_rsa.o: ../../include/openssl/bn.h ../../include/openssl/buffer.h +tb_rsa.o: ../../include/openssl/crypto.h ../../include/openssl/dh.h +tb_rsa.o: ../../include/openssl/dsa.h ../../include/openssl/e_os2.h +tb_rsa.o: ../../include/openssl/ec.h ../../include/openssl/ecdh.h +tb_rsa.o: ../../include/openssl/ecdsa.h ../../include/openssl/engine.h +tb_rsa.o: ../../include/openssl/err.h ../../include/openssl/evp.h +tb_rsa.o: ../../include/openssl/lhash.h ../../include/openssl/obj_mac.h +tb_rsa.o: ../../include/openssl/objects.h ../../include/openssl/opensslconf.h +tb_rsa.o: ../../include/openssl/opensslv.h ../../include/openssl/ossl_typ.h +tb_rsa.o: ../../include/openssl/pkcs7.h ../../include/openssl/rand.h tb_rsa.o: ../../include/openssl/rsa.h ../../include/openssl/safestack.h -tb_rsa.o: ../../include/openssl/stack.h ../../include/openssl/symhacks.h -tb_rsa.o: ../../include/openssl/ui.h eng_int.h tb_rsa.c +tb_rsa.o: ../../include/openssl/sha.h ../../include/openssl/stack.h +tb_rsa.o: ../../include/openssl/store.h ../../include/openssl/symhacks.h +tb_rsa.o: ../../include/openssl/ui.h ../../include/openssl/x509.h +tb_rsa.o: ../../include/openssl/x509_vfy.h eng_int.h tb_rsa.c +tb_store.o: ../../include/openssl/asn1.h ../../include/openssl/bio.h +tb_store.o: ../../include/openssl/bn.h ../../include/openssl/buffer.h +tb_store.o: ../../include/openssl/crypto.h ../../include/openssl/dh.h +tb_store.o: ../../include/openssl/dsa.h ../../include/openssl/e_os2.h +tb_store.o: ../../include/openssl/ec.h ../../include/openssl/ecdh.h +tb_store.o: ../../include/openssl/ecdsa.h ../../include/openssl/engine.h +tb_store.o: ../../include/openssl/err.h ../../include/openssl/evp.h +tb_store.o: ../../include/openssl/lhash.h ../../include/openssl/obj_mac.h +tb_store.o: ../../include/openssl/objects.h ../../include/openssl/opensslconf.h +tb_store.o: ../../include/openssl/opensslv.h ../../include/openssl/ossl_typ.h +tb_store.o: ../../include/openssl/pkcs7.h ../../include/openssl/rand.h +tb_store.o: ../../include/openssl/rsa.h ../../include/openssl/safestack.h +tb_store.o: ../../include/openssl/sha.h ../../include/openssl/stack.h +tb_store.o: ../../include/openssl/store.h ../../include/openssl/symhacks.h +tb_store.o: ../../include/openssl/ui.h ../../include/openssl/x509.h +tb_store.o: ../../include/openssl/x509_vfy.h eng_int.h tb_store.c diff --git a/crypto/engine/eng_int.h b/crypto/engine/eng_int.h index 2c82861ebb..395c7fff1a 100644 --- a/crypto/engine/eng_int.h +++ b/crypto/engine/eng_int.h @@ -154,6 +154,7 @@ struct engine_st const ECDH_METHOD *ecdh_meth; const ECDSA_METHOD *ecdsa_meth; const RAND_METHOD *rand_meth; + const STORE_METHOD *store_meth; /* Cipher handling is via this callback */ ENGINE_CIPHERS_PTR ciphers; /* Digest handling is via this callback */ diff --git a/crypto/engine/eng_lib.c b/crypto/engine/eng_lib.c index 999061a8ed..66ab06de74 100644 --- a/crypto/engine/eng_lib.c +++ b/crypto/engine/eng_lib.c @@ -92,6 +92,7 @@ void engine_set_all_null(ENGINE *e) e->dsa_meth = NULL; e->dh_meth = NULL; e->rand_meth = NULL; + e->store_meth = NULL; e->ciphers = NULL; e->digests = NULL; e->destroy = NULL; diff --git a/crypto/engine/eng_list.c b/crypto/engine/eng_list.c index 55b646da24..f94d593b06 100644 --- a/crypto/engine/eng_list.c +++ b/crypto/engine/eng_list.c @@ -336,6 +336,7 @@ static void engine_cpy(ENGINE *dest, const ENGINE *src) dest->ecdsa_meth = src->ecdsa_meth; #endif dest->rand_meth = src->rand_meth; + dest->store_meth = src->store_meth; dest->ciphers = src->ciphers; dest->digests = src->digests; dest->destroy = src->destroy; diff --git a/crypto/engine/engine.h b/crypto/engine/engine.h index d4d08d9629..3a8753d50f 100644 --- a/crypto/engine/engine.h +++ b/crypto/engine/engine.h @@ -88,6 +88,7 @@ #include #endif #include +#include #include #include #include @@ -123,6 +124,7 @@ typedef void ECDSA_METHOD; #define ENGINE_METHOD_ECDSA (unsigned int)0x0020 #define ENGINE_METHOD_CIPHERS (unsigned int)0x0040 #define ENGINE_METHOD_DIGESTS (unsigned int)0x0080 +#define ENGINE_METHOD_STORE (unsigned int)0x0100 /* Obvious all-or-nothing cases. */ #define ENGINE_METHOD_ALL (unsigned int)0xFFFF #define ENGINE_METHOD_NONE (unsigned int)0x0000 @@ -192,9 +194,15 @@ typedef void ECDSA_METHOD; handles/connections etc. */ #define ENGINE_CTRL_SET_USER_INTERFACE 4 /* Alternative to callback */ #define ENGINE_CTRL_SET_CALLBACK_DATA 5 /* User-specific data, used - when calling the password - callback and the user - interface */ + when calling the password + callback and the user + interface */ +#define ENGINE_CTRL_LOAD_CONFIGURATION 6 /* Load a configuration, given + a string that represents a + file name or so */ +#define ENGINE_CTRL_LOAD_SECTION 7 /* Load data from a given + section in the already loaded + configuration */ /* These control commands allow an application to deal with an arbitrary engine * in a dynamic way. Warn: Negative return values indicate errors FOR THESE @@ -241,7 +249,7 @@ typedef void ECDSA_METHOD; /* ENGINE implementations should start the numbering of their own control * commands from this value. (ie. ENGINE_CMD_BASE, ENGINE_CMD_BASE + 1, etc). */ -#define ENGINE_CMD_BASE 200 +#define ENGINE_CMD_BASE 200 /* NB: These 2 nCipher "chil" control commands are deprecated, and their * functionality is now available through ENGINE-specific control commands @@ -375,6 +383,10 @@ int ENGINE_register_RAND(ENGINE *e); void ENGINE_unregister_RAND(ENGINE *e); void ENGINE_register_all_RAND(void); +int ENGINE_register_STORE(ENGINE *e); +void ENGINE_unregister_STORE(ENGINE *e); +void ENGINE_register_all_STORE(void); + int ENGINE_register_ciphers(ENGINE *e); void ENGINE_unregister_ciphers(ENGINE *e); void ENGINE_register_all_ciphers(void); @@ -451,6 +463,7 @@ int ENGINE_set_ECDH(ENGINE *e, const ECDH_METHOD *ecdh_meth); int ENGINE_set_ECDSA(ENGINE *e, const ECDSA_METHOD *ecdsa_meth); int ENGINE_set_DH(ENGINE *e, const DH_METHOD *dh_meth); int ENGINE_set_RAND(ENGINE *e, const RAND_METHOD *rand_meth); +int ENGINE_set_STORE(ENGINE *e, const STORE_METHOD *store_meth); int ENGINE_set_destroy_function(ENGINE *e, ENGINE_GEN_INT_FUNC_PTR destroy_f); int ENGINE_set_init_function(ENGINE *e, ENGINE_GEN_INT_FUNC_PTR init_f); int ENGINE_set_finish_function(ENGINE *e, ENGINE_GEN_INT_FUNC_PTR finish_f); @@ -485,6 +498,7 @@ const ECDH_METHOD *ENGINE_get_ECDH(const ENGINE *e); const ECDSA_METHOD *ENGINE_get_ECDSA(const ENGINE *e); const DH_METHOD *ENGINE_get_DH(const ENGINE *e); const RAND_METHOD *ENGINE_get_RAND(const ENGINE *e); +const STORE_METHOD *ENGINE_get_STORE(const ENGINE *e); ENGINE_GEN_INT_FUNC_PTR ENGINE_get_destroy_function(const ENGINE *e); ENGINE_GEN_INT_FUNC_PTR ENGINE_get_init_function(const ENGINE *e); ENGINE_GEN_INT_FUNC_PTR ENGINE_get_finish_function(const ENGINE *e); @@ -576,10 +590,10 @@ void ENGINE_add_conf_module(void); /**************************/ /* Binary/behaviour compatibility levels */ -#define OSSL_DYNAMIC_VERSION (unsigned long)0x00010200 +#define OSSL_DYNAMIC_VERSION (unsigned long)0x00020000 /* Binary versions older than this are too old for us (whether we're a loader or * a loadee) */ -#define OSSL_DYNAMIC_OLDEST (unsigned long)0x00010200 +#define OSSL_DYNAMIC_OLDEST (unsigned long)0x00020000 /* When compiling an ENGINE entirely as an external shared library, loadable by * the "dynamic" ENGINE, these types are needed. The 'dynamic_fns' structure diff --git a/crypto/engine/tb_store.c b/crypto/engine/tb_store.c new file mode 100644 index 0000000000..ee89133e45 --- /dev/null +++ b/crypto/engine/tb_store.c @@ -0,0 +1,120 @@ +/* ==================================================================== + * Copyright (c) 2000 The OpenSSL Project. All rights reserved. + * + * Redistribution and use in source and binary forms, with or without + * modification, are permitted provided that the following conditions + * are met: + * + * 1. Redistributions of source code must retain the above copyright + * notice, this list of conditions and the following disclaimer. + * + * 2. Redistributions in binary form must reproduce the above copyright + * notice, this list of conditions and the following disclaimer in + * the documentation and/or other materials provided with the + * distribution. + * + * 3. All advertising materials mentioning features or use of this + * software must display the following acknowledgment: + * "This product includes software developed by the OpenSSL Project + * for use in the OpenSSL Toolkit. (http://www.OpenSSL.org/)" + * + * 4. The names "OpenSSL Toolkit" and "OpenSSL Project" must not be used to + * endorse or promote products derived from this software without + * prior written permission. For written permission, please contact + * licensing@OpenSSL.org. + * + * 5. Products derived from this software may not be called "OpenSSL" + * nor may "OpenSSL" appear in their names without prior written + * permission of the OpenSSL Project. + * + * 6. Redistributions of any form whatsoever must retain the following + * acknowledgment: + * "This product includes software developed by the OpenSSL Project + * for use in the OpenSSL Toolkit (http://www.OpenSSL.org/)" + * + * THIS SOFTWARE IS PROVIDED BY THE OpenSSL PROJECT ``AS IS'' AND ANY + * EXPRESSED OR IMPLIED WARRANTIES, INCLUDING, BUT NOT LIMITED TO, THE + * IMPLIED WARRANTIES OF MERCHANTABILITY AND FITNESS FOR A PARTICULAR + * PURPOSE ARE DISCLAIMED. IN NO EVENT SHALL THE OpenSSL PROJECT OR + * ITS CONTRIBUTORS BE LIABLE FOR ANY DIRECT, INDIRECT, INCIDENTAL, + * SPECIAL, EXEMPLARY, OR CONSEQUENTIAL DAMAGES (INCLUDING, BUT + * NOT LIMITED TO, PROCUREMENT OF SUBSTITUTE GOODS OR SERVICES; + * LOSS OF USE, DATA, OR PROFITS; OR BUSINESS INTERRUPTION) + * HOWEVER CAUSED AND ON ANY THEORY OF LIABILITY, WHETHER IN CONTRACT, + * STRICT LIABILITY, OR TORT (INCLUDING NEGLIGENCE OR OTHERWISE) + * ARISING IN ANY WAY OUT OF THE USE OF THIS SOFTWARE, EVEN IF ADVISED + * OF THE POSSIBILITY OF SUCH DAMAGE. + * ==================================================================== + * + * This product includes cryptographic software written by Eric Young + * (eay@cryptsoft.com). This product includes software written by Tim + * Hudson (tjh@cryptsoft.com). + * + */ + +#include +#include +#include "eng_int.h" + +/* If this symbol is defined then ENGINE_get_default_STORE(), the function that is + * used by STORE to hook in implementation code and cache defaults (etc), will + * display brief debugging summaries to stderr with the 'nid'. */ +/* #define ENGINE_STORE_DEBUG */ + +static ENGINE_TABLE *store_table = NULL; +static const int dummy_nid = 1; + +void ENGINE_unregister_STORE(ENGINE *e) + { + engine_table_unregister(&store_table, e); + } + +static void engine_unregister_all_STORE(void) + { + engine_table_cleanup(&store_table); + } + +int ENGINE_register_STORE(ENGINE *e) + { + if(e->store_meth) + return engine_table_register(&store_table, + engine_unregister_all_STORE, e, &dummy_nid, 1, 0); + return 1; + } + +void ENGINE_register_all_STORE() + { + ENGINE *e; + + for(e=ENGINE_get_first() ; e ; e=ENGINE_get_next(e)) + ENGINE_register_STORE(e); + } + +int ENGINE_set_default_STORE(ENGINE *e) + { + if(e->store_meth) + return engine_table_register(&store_table, + engine_unregister_all_STORE, e, &dummy_nid, 1, 1); + return 1; + } + +/* Exposed API function to get a functional reference from the implementation + * table (ie. try to get a functional reference from the tabled structural + * references). */ +ENGINE *ENGINE_get_default_STORE(void) + { + return engine_table_select(&store_table, dummy_nid); + } + +/* Obtains an STORE implementation from an ENGINE functional reference */ +const STORE_METHOD *ENGINE_get_STORE(const ENGINE *e) + { + return e->store_meth; + } + +/* Sets an STORE implementation in an ENGINE structure */ +int ENGINE_set_STORE(ENGINE *e, const STORE_METHOD *store_meth) + { + e->store_meth = store_meth; + return 1; + } From d1465bac90641251fdd8c4e71ac14aa7b6f14341 Mon Sep 17 00:00:00 2001 From: Richard Levitte Date: Thu, 1 May 2003 04:10:32 +0000 Subject: [PATCH 274/393] make update --- apps/Makefile.ssl | 330 +++++++++++++++++++++----------------- crypto/conf/Makefile.ssl | 12 +- crypto/dh/Makefile.ssl | 14 +- crypto/dsa/Makefile.ssl | 10 +- crypto/ecdh/Makefile.ssl | 48 +++--- crypto/ecdsa/Makefile.ssl | 72 +++++---- crypto/err/Makefile.ssl | 8 +- crypto/evp/Makefile.ssl | 31 ++-- crypto/rand/Makefile.ssl | 14 +- crypto/rsa/Makefile.ssl | 10 +- crypto/stack/safestack.h | 21 +++ crypto/store/Makefile.ssl | 19 +-- crypto/store/store.h | 5 + crypto/store/str_err.c | 7 +- test/Makefile.ssl | 90 ++++++----- util/libeay.num | 113 +++++++++++++ 16 files changed, 517 insertions(+), 287 deletions(-) diff --git a/apps/Makefile.ssl b/apps/Makefile.ssl index 168fb06233..a8a8eb0bdb 100644 --- a/apps/Makefile.ssl +++ b/apps/Makefile.ssl @@ -195,10 +195,10 @@ app_rand.o: ../include/openssl/opensslconf.h ../include/openssl/opensslv.h app_rand.o: ../include/openssl/ossl_typ.h ../include/openssl/pkcs7.h app_rand.o: ../include/openssl/rand.h ../include/openssl/rsa.h app_rand.o: ../include/openssl/safestack.h ../include/openssl/sha.h -app_rand.o: ../include/openssl/stack.h ../include/openssl/symhacks.h -app_rand.o: ../include/openssl/txt_db.h ../include/openssl/ui.h -app_rand.o: ../include/openssl/x509.h ../include/openssl/x509_vfy.h app_rand.c -app_rand.o: apps.h +app_rand.o: ../include/openssl/stack.h ../include/openssl/store.h +app_rand.o: ../include/openssl/symhacks.h ../include/openssl/txt_db.h +app_rand.o: ../include/openssl/ui.h ../include/openssl/x509.h +app_rand.o: ../include/openssl/x509_vfy.h app_rand.c apps.h apps.o: ../e_os.h ../include/openssl/asn1.h ../include/openssl/bio.h apps.o: ../include/openssl/bn.h ../include/openssl/buffer.h apps.o: ../include/openssl/conf.h ../include/openssl/crypto.h @@ -214,9 +214,10 @@ apps.o: ../include/openssl/pem2.h ../include/openssl/pkcs12.h apps.o: ../include/openssl/pkcs7.h ../include/openssl/rand.h apps.o: ../include/openssl/rsa.h ../include/openssl/safestack.h apps.o: ../include/openssl/sha.h ../include/openssl/stack.h -apps.o: ../include/openssl/symhacks.h ../include/openssl/txt_db.h -apps.o: ../include/openssl/ui.h ../include/openssl/x509.h -apps.o: ../include/openssl/x509_vfy.h ../include/openssl/x509v3.h apps.c apps.h +apps.o: ../include/openssl/store.h ../include/openssl/symhacks.h +apps.o: ../include/openssl/txt_db.h ../include/openssl/ui.h +apps.o: ../include/openssl/x509.h ../include/openssl/x509_vfy.h +apps.o: ../include/openssl/x509v3.h apps.c apps.h asn1pars.o: ../e_os.h ../include/openssl/asn1.h ../include/openssl/bio.h asn1pars.o: ../include/openssl/bn.h ../include/openssl/buffer.h asn1pars.o: ../include/openssl/conf.h ../include/openssl/crypto.h @@ -231,10 +232,10 @@ asn1pars.o: ../include/openssl/ossl_typ.h ../include/openssl/pem.h asn1pars.o: ../include/openssl/pem2.h ../include/openssl/pkcs7.h asn1pars.o: ../include/openssl/rand.h ../include/openssl/rsa.h asn1pars.o: ../include/openssl/safestack.h ../include/openssl/sha.h -asn1pars.o: ../include/openssl/stack.h ../include/openssl/symhacks.h -asn1pars.o: ../include/openssl/txt_db.h ../include/openssl/ui.h -asn1pars.o: ../include/openssl/x509.h ../include/openssl/x509_vfy.h apps.h -asn1pars.o: asn1pars.c +asn1pars.o: ../include/openssl/stack.h ../include/openssl/store.h +asn1pars.o: ../include/openssl/symhacks.h ../include/openssl/txt_db.h +asn1pars.o: ../include/openssl/ui.h ../include/openssl/x509.h +asn1pars.o: ../include/openssl/x509_vfy.h apps.h asn1pars.c ca.o: ../e_os.h ../include/openssl/asn1.h ../include/openssl/bio.h ca.o: ../include/openssl/bn.h ../include/openssl/buffer.h ca.o: ../include/openssl/conf.h ../include/openssl/crypto.h @@ -250,9 +251,10 @@ ca.o: ../include/openssl/pem.h ../include/openssl/pem2.h ca.o: ../include/openssl/pkcs7.h ../include/openssl/rand.h ca.o: ../include/openssl/rsa.h ../include/openssl/safestack.h ca.o: ../include/openssl/sha.h ../include/openssl/stack.h -ca.o: ../include/openssl/symhacks.h ../include/openssl/txt_db.h -ca.o: ../include/openssl/ui.h ../include/openssl/x509.h -ca.o: ../include/openssl/x509_vfy.h ../include/openssl/x509v3.h apps.h ca.c +ca.o: ../include/openssl/store.h ../include/openssl/symhacks.h +ca.o: ../include/openssl/txt_db.h ../include/openssl/ui.h +ca.o: ../include/openssl/x509.h ../include/openssl/x509_vfy.h +ca.o: ../include/openssl/x509v3.h apps.h ca.c ciphers.o: ../e_os.h ../include/openssl/asn1.h ../include/openssl/bio.h ciphers.o: ../include/openssl/bn.h ../include/openssl/buffer.h ciphers.o: ../include/openssl/comp.h ../include/openssl/conf.h @@ -270,10 +272,11 @@ ciphers.o: ../include/openssl/rand.h ../include/openssl/rsa.h ciphers.o: ../include/openssl/safestack.h ../include/openssl/sha.h ciphers.o: ../include/openssl/ssl.h ../include/openssl/ssl2.h ciphers.o: ../include/openssl/ssl23.h ../include/openssl/ssl3.h -ciphers.o: ../include/openssl/stack.h ../include/openssl/symhacks.h -ciphers.o: ../include/openssl/tls1.h ../include/openssl/txt_db.h -ciphers.o: ../include/openssl/ui.h ../include/openssl/x509.h -ciphers.o: ../include/openssl/x509_vfy.h apps.h ciphers.c +ciphers.o: ../include/openssl/stack.h ../include/openssl/store.h +ciphers.o: ../include/openssl/symhacks.h ../include/openssl/tls1.h +ciphers.o: ../include/openssl/txt_db.h ../include/openssl/ui.h +ciphers.o: ../include/openssl/x509.h ../include/openssl/x509_vfy.h apps.h +ciphers.o: ciphers.c crl.o: ../e_os.h ../include/openssl/asn1.h ../include/openssl/bio.h crl.o: ../include/openssl/bn.h ../include/openssl/buffer.h crl.o: ../include/openssl/conf.h ../include/openssl/crypto.h @@ -288,10 +291,10 @@ crl.o: ../include/openssl/ossl_typ.h ../include/openssl/pem.h crl.o: ../include/openssl/pem2.h ../include/openssl/pkcs7.h crl.o: ../include/openssl/rand.h ../include/openssl/rsa.h crl.o: ../include/openssl/safestack.h ../include/openssl/sha.h -crl.o: ../include/openssl/stack.h ../include/openssl/symhacks.h -crl.o: ../include/openssl/txt_db.h ../include/openssl/ui.h -crl.o: ../include/openssl/x509.h ../include/openssl/x509_vfy.h -crl.o: ../include/openssl/x509v3.h apps.h crl.c +crl.o: ../include/openssl/stack.h ../include/openssl/store.h +crl.o: ../include/openssl/symhacks.h ../include/openssl/txt_db.h +crl.o: ../include/openssl/ui.h ../include/openssl/x509.h +crl.o: ../include/openssl/x509_vfy.h ../include/openssl/x509v3.h apps.h crl.c crl2p7.o: ../e_os.h ../include/openssl/asn1.h ../include/openssl/bio.h crl2p7.o: ../include/openssl/bn.h ../include/openssl/buffer.h crl2p7.o: ../include/openssl/conf.h ../include/openssl/crypto.h @@ -306,10 +309,10 @@ crl2p7.o: ../include/openssl/ossl_typ.h ../include/openssl/pem.h crl2p7.o: ../include/openssl/pem2.h ../include/openssl/pkcs7.h crl2p7.o: ../include/openssl/rand.h ../include/openssl/rsa.h crl2p7.o: ../include/openssl/safestack.h ../include/openssl/sha.h -crl2p7.o: ../include/openssl/stack.h ../include/openssl/symhacks.h -crl2p7.o: ../include/openssl/txt_db.h ../include/openssl/ui.h -crl2p7.o: ../include/openssl/x509.h ../include/openssl/x509_vfy.h apps.h -crl2p7.o: crl2p7.c +crl2p7.o: ../include/openssl/stack.h ../include/openssl/store.h +crl2p7.o: ../include/openssl/symhacks.h ../include/openssl/txt_db.h +crl2p7.o: ../include/openssl/ui.h ../include/openssl/x509.h +crl2p7.o: ../include/openssl/x509_vfy.h apps.h crl2p7.c dgst.o: ../e_os.h ../include/openssl/asn1.h ../include/openssl/bio.h dgst.o: ../include/openssl/bn.h ../include/openssl/buffer.h dgst.o: ../include/openssl/conf.h ../include/openssl/crypto.h @@ -324,9 +327,10 @@ dgst.o: ../include/openssl/ossl_typ.h ../include/openssl/pem.h dgst.o: ../include/openssl/pem2.h ../include/openssl/pkcs7.h dgst.o: ../include/openssl/rand.h ../include/openssl/rsa.h dgst.o: ../include/openssl/safestack.h ../include/openssl/sha.h -dgst.o: ../include/openssl/stack.h ../include/openssl/symhacks.h -dgst.o: ../include/openssl/txt_db.h ../include/openssl/ui.h -dgst.o: ../include/openssl/x509.h ../include/openssl/x509_vfy.h apps.h dgst.c +dgst.o: ../include/openssl/stack.h ../include/openssl/store.h +dgst.o: ../include/openssl/symhacks.h ../include/openssl/txt_db.h +dgst.o: ../include/openssl/ui.h ../include/openssl/x509.h +dgst.o: ../include/openssl/x509_vfy.h apps.h dgst.c dh.o: ../e_os.h ../include/openssl/asn1.h ../include/openssl/bio.h dh.o: ../include/openssl/bn.h ../include/openssl/buffer.h dh.o: ../include/openssl/conf.h ../include/openssl/crypto.h @@ -341,9 +345,10 @@ dh.o: ../include/openssl/ossl_typ.h ../include/openssl/pem.h dh.o: ../include/openssl/pem2.h ../include/openssl/pkcs7.h dh.o: ../include/openssl/rand.h ../include/openssl/rsa.h dh.o: ../include/openssl/safestack.h ../include/openssl/sha.h -dh.o: ../include/openssl/stack.h ../include/openssl/symhacks.h -dh.o: ../include/openssl/txt_db.h ../include/openssl/ui.h -dh.o: ../include/openssl/x509.h ../include/openssl/x509_vfy.h apps.h dh.c +dh.o: ../include/openssl/stack.h ../include/openssl/store.h +dh.o: ../include/openssl/symhacks.h ../include/openssl/txt_db.h +dh.o: ../include/openssl/ui.h ../include/openssl/x509.h +dh.o: ../include/openssl/x509_vfy.h apps.h dh.c dsa.o: ../e_os.h ../include/openssl/asn1.h ../include/openssl/bio.h dsa.o: ../include/openssl/bn.h ../include/openssl/buffer.h dsa.o: ../include/openssl/conf.h ../include/openssl/crypto.h @@ -358,9 +363,10 @@ dsa.o: ../include/openssl/ossl_typ.h ../include/openssl/pem.h dsa.o: ../include/openssl/pem2.h ../include/openssl/pkcs7.h dsa.o: ../include/openssl/rand.h ../include/openssl/rsa.h dsa.o: ../include/openssl/safestack.h ../include/openssl/sha.h -dsa.o: ../include/openssl/stack.h ../include/openssl/symhacks.h -dsa.o: ../include/openssl/txt_db.h ../include/openssl/ui.h -dsa.o: ../include/openssl/x509.h ../include/openssl/x509_vfy.h apps.h dsa.c +dsa.o: ../include/openssl/stack.h ../include/openssl/store.h +dsa.o: ../include/openssl/symhacks.h ../include/openssl/txt_db.h +dsa.o: ../include/openssl/ui.h ../include/openssl/x509.h +dsa.o: ../include/openssl/x509_vfy.h apps.h dsa.c dsaparam.o: ../e_os.h ../include/openssl/asn1.h ../include/openssl/bio.h dsaparam.o: ../include/openssl/bn.h ../include/openssl/buffer.h dsaparam.o: ../include/openssl/conf.h ../include/openssl/crypto.h @@ -375,10 +381,10 @@ dsaparam.o: ../include/openssl/ossl_typ.h ../include/openssl/pem.h dsaparam.o: ../include/openssl/pem2.h ../include/openssl/pkcs7.h dsaparam.o: ../include/openssl/rand.h ../include/openssl/rsa.h dsaparam.o: ../include/openssl/safestack.h ../include/openssl/sha.h -dsaparam.o: ../include/openssl/stack.h ../include/openssl/symhacks.h -dsaparam.o: ../include/openssl/txt_db.h ../include/openssl/ui.h -dsaparam.o: ../include/openssl/x509.h ../include/openssl/x509_vfy.h apps.h -dsaparam.o: dsaparam.c +dsaparam.o: ../include/openssl/stack.h ../include/openssl/store.h +dsaparam.o: ../include/openssl/symhacks.h ../include/openssl/txt_db.h +dsaparam.o: ../include/openssl/ui.h ../include/openssl/x509.h +dsaparam.o: ../include/openssl/x509_vfy.h apps.h dsaparam.c ec.o: ../e_os.h ../include/openssl/asn1.h ../include/openssl/bio.h ec.o: ../include/openssl/bn.h ../include/openssl/buffer.h ec.o: ../include/openssl/conf.h ../include/openssl/crypto.h @@ -393,9 +399,10 @@ ec.o: ../include/openssl/ossl_typ.h ../include/openssl/pem.h ec.o: ../include/openssl/pem2.h ../include/openssl/pkcs7.h ec.o: ../include/openssl/rand.h ../include/openssl/rsa.h ec.o: ../include/openssl/safestack.h ../include/openssl/sha.h -ec.o: ../include/openssl/stack.h ../include/openssl/symhacks.h -ec.o: ../include/openssl/txt_db.h ../include/openssl/ui.h -ec.o: ../include/openssl/x509.h ../include/openssl/x509_vfy.h apps.h ec.c +ec.o: ../include/openssl/stack.h ../include/openssl/store.h +ec.o: ../include/openssl/symhacks.h ../include/openssl/txt_db.h +ec.o: ../include/openssl/ui.h ../include/openssl/x509.h +ec.o: ../include/openssl/x509_vfy.h apps.h ec.c ecparam.o: ../e_os.h ../include/openssl/asn1.h ../include/openssl/bio.h ecparam.o: ../include/openssl/bn.h ../include/openssl/buffer.h ecparam.o: ../include/openssl/conf.h ../include/openssl/crypto.h @@ -410,10 +417,10 @@ ecparam.o: ../include/openssl/ossl_typ.h ../include/openssl/pem.h ecparam.o: ../include/openssl/pem2.h ../include/openssl/pkcs7.h ecparam.o: ../include/openssl/rand.h ../include/openssl/rsa.h ecparam.o: ../include/openssl/safestack.h ../include/openssl/sha.h -ecparam.o: ../include/openssl/stack.h ../include/openssl/symhacks.h -ecparam.o: ../include/openssl/txt_db.h ../include/openssl/ui.h -ecparam.o: ../include/openssl/x509.h ../include/openssl/x509_vfy.h apps.h -ecparam.o: ecparam.c +ecparam.o: ../include/openssl/stack.h ../include/openssl/store.h +ecparam.o: ../include/openssl/symhacks.h ../include/openssl/txt_db.h +ecparam.o: ../include/openssl/ui.h ../include/openssl/x509.h +ecparam.o: ../include/openssl/x509_vfy.h apps.h ecparam.c enc.o: ../e_os.h ../include/openssl/asn1.h ../include/openssl/bio.h enc.o: ../include/openssl/bn.h ../include/openssl/buffer.h enc.o: ../include/openssl/conf.h ../include/openssl/crypto.h @@ -428,9 +435,10 @@ enc.o: ../include/openssl/ossl_typ.h ../include/openssl/pem.h enc.o: ../include/openssl/pem2.h ../include/openssl/pkcs7.h enc.o: ../include/openssl/rand.h ../include/openssl/rsa.h enc.o: ../include/openssl/safestack.h ../include/openssl/sha.h -enc.o: ../include/openssl/stack.h ../include/openssl/symhacks.h -enc.o: ../include/openssl/txt_db.h ../include/openssl/ui.h -enc.o: ../include/openssl/x509.h ../include/openssl/x509_vfy.h apps.h enc.c +enc.o: ../include/openssl/stack.h ../include/openssl/store.h +enc.o: ../include/openssl/symhacks.h ../include/openssl/txt_db.h +enc.o: ../include/openssl/ui.h ../include/openssl/x509.h +enc.o: ../include/openssl/x509_vfy.h apps.h enc.c engine.o: ../e_os.h ../include/openssl/asn1.h ../include/openssl/bio.h engine.o: ../include/openssl/bn.h ../include/openssl/buffer.h engine.o: ../include/openssl/comp.h ../include/openssl/conf.h @@ -448,10 +456,11 @@ engine.o: ../include/openssl/rand.h ../include/openssl/rsa.h engine.o: ../include/openssl/safestack.h ../include/openssl/sha.h engine.o: ../include/openssl/ssl.h ../include/openssl/ssl2.h engine.o: ../include/openssl/ssl23.h ../include/openssl/ssl3.h -engine.o: ../include/openssl/stack.h ../include/openssl/symhacks.h -engine.o: ../include/openssl/tls1.h ../include/openssl/txt_db.h -engine.o: ../include/openssl/ui.h ../include/openssl/x509.h -engine.o: ../include/openssl/x509_vfy.h apps.h engine.c +engine.o: ../include/openssl/stack.h ../include/openssl/store.h +engine.o: ../include/openssl/symhacks.h ../include/openssl/tls1.h +engine.o: ../include/openssl/txt_db.h ../include/openssl/ui.h +engine.o: ../include/openssl/x509.h ../include/openssl/x509_vfy.h apps.h +engine.o: engine.c errstr.o: ../e_os.h ../include/openssl/asn1.h ../include/openssl/bio.h errstr.o: ../include/openssl/bn.h ../include/openssl/buffer.h errstr.o: ../include/openssl/comp.h ../include/openssl/conf.h @@ -469,10 +478,11 @@ errstr.o: ../include/openssl/rand.h ../include/openssl/rsa.h errstr.o: ../include/openssl/safestack.h ../include/openssl/sha.h errstr.o: ../include/openssl/ssl.h ../include/openssl/ssl2.h errstr.o: ../include/openssl/ssl23.h ../include/openssl/ssl3.h -errstr.o: ../include/openssl/stack.h ../include/openssl/symhacks.h -errstr.o: ../include/openssl/tls1.h ../include/openssl/txt_db.h -errstr.o: ../include/openssl/ui.h ../include/openssl/x509.h -errstr.o: ../include/openssl/x509_vfy.h apps.h errstr.c +errstr.o: ../include/openssl/stack.h ../include/openssl/store.h +errstr.o: ../include/openssl/symhacks.h ../include/openssl/tls1.h +errstr.o: ../include/openssl/txt_db.h ../include/openssl/ui.h +errstr.o: ../include/openssl/x509.h ../include/openssl/x509_vfy.h apps.h +errstr.o: errstr.c gendh.o: ../e_os.h ../include/openssl/asn1.h ../include/openssl/bio.h gendh.o: ../include/openssl/bn.h ../include/openssl/buffer.h gendh.o: ../include/openssl/conf.h ../include/openssl/crypto.h @@ -487,9 +497,10 @@ gendh.o: ../include/openssl/ossl_typ.h ../include/openssl/pem.h gendh.o: ../include/openssl/pem2.h ../include/openssl/pkcs7.h gendh.o: ../include/openssl/rand.h ../include/openssl/rsa.h gendh.o: ../include/openssl/safestack.h ../include/openssl/sha.h -gendh.o: ../include/openssl/stack.h ../include/openssl/symhacks.h -gendh.o: ../include/openssl/txt_db.h ../include/openssl/ui.h -gendh.o: ../include/openssl/x509.h ../include/openssl/x509_vfy.h apps.h gendh.c +gendh.o: ../include/openssl/stack.h ../include/openssl/store.h +gendh.o: ../include/openssl/symhacks.h ../include/openssl/txt_db.h +gendh.o: ../include/openssl/ui.h ../include/openssl/x509.h +gendh.o: ../include/openssl/x509_vfy.h apps.h gendh.c gendsa.o: ../e_os.h ../include/openssl/asn1.h ../include/openssl/bio.h gendsa.o: ../include/openssl/bn.h ../include/openssl/buffer.h gendsa.o: ../include/openssl/conf.h ../include/openssl/crypto.h @@ -504,10 +515,10 @@ gendsa.o: ../include/openssl/ossl_typ.h ../include/openssl/pem.h gendsa.o: ../include/openssl/pem2.h ../include/openssl/pkcs7.h gendsa.o: ../include/openssl/rand.h ../include/openssl/rsa.h gendsa.o: ../include/openssl/safestack.h ../include/openssl/sha.h -gendsa.o: ../include/openssl/stack.h ../include/openssl/symhacks.h -gendsa.o: ../include/openssl/txt_db.h ../include/openssl/ui.h -gendsa.o: ../include/openssl/x509.h ../include/openssl/x509_vfy.h apps.h -gendsa.o: gendsa.c +gendsa.o: ../include/openssl/stack.h ../include/openssl/store.h +gendsa.o: ../include/openssl/symhacks.h ../include/openssl/txt_db.h +gendsa.o: ../include/openssl/ui.h ../include/openssl/x509.h +gendsa.o: ../include/openssl/x509_vfy.h apps.h gendsa.c genrsa.o: ../e_os.h ../include/openssl/asn1.h ../include/openssl/bio.h genrsa.o: ../include/openssl/bn.h ../include/openssl/buffer.h genrsa.o: ../include/openssl/conf.h ../include/openssl/crypto.h @@ -522,10 +533,10 @@ genrsa.o: ../include/openssl/ossl_typ.h ../include/openssl/pem.h genrsa.o: ../include/openssl/pem2.h ../include/openssl/pkcs7.h genrsa.o: ../include/openssl/rand.h ../include/openssl/rsa.h genrsa.o: ../include/openssl/safestack.h ../include/openssl/sha.h -genrsa.o: ../include/openssl/stack.h ../include/openssl/symhacks.h -genrsa.o: ../include/openssl/txt_db.h ../include/openssl/ui.h -genrsa.o: ../include/openssl/x509.h ../include/openssl/x509_vfy.h apps.h -genrsa.o: genrsa.c +genrsa.o: ../include/openssl/stack.h ../include/openssl/store.h +genrsa.o: ../include/openssl/symhacks.h ../include/openssl/txt_db.h +genrsa.o: ../include/openssl/ui.h ../include/openssl/x509.h +genrsa.o: ../include/openssl/x509_vfy.h apps.h genrsa.c nseq.o: ../e_os.h ../include/openssl/asn1.h ../include/openssl/bio.h nseq.o: ../include/openssl/bn.h ../include/openssl/buffer.h nseq.o: ../include/openssl/conf.h ../include/openssl/crypto.h @@ -540,9 +551,10 @@ nseq.o: ../include/openssl/ossl_typ.h ../include/openssl/pem.h nseq.o: ../include/openssl/pem2.h ../include/openssl/pkcs7.h nseq.o: ../include/openssl/rand.h ../include/openssl/rsa.h nseq.o: ../include/openssl/safestack.h ../include/openssl/sha.h -nseq.o: ../include/openssl/stack.h ../include/openssl/symhacks.h -nseq.o: ../include/openssl/txt_db.h ../include/openssl/ui.h -nseq.o: ../include/openssl/x509.h ../include/openssl/x509_vfy.h apps.h nseq.c +nseq.o: ../include/openssl/stack.h ../include/openssl/store.h +nseq.o: ../include/openssl/symhacks.h ../include/openssl/txt_db.h +nseq.o: ../include/openssl/ui.h ../include/openssl/x509.h +nseq.o: ../include/openssl/x509_vfy.h apps.h nseq.c ocsp.o: ../e_os.h ../include/openssl/asn1.h ../include/openssl/bio.h ocsp.o: ../include/openssl/bn.h ../include/openssl/buffer.h ocsp.o: ../include/openssl/comp.h ../include/openssl/conf.h @@ -561,10 +573,10 @@ ocsp.o: ../include/openssl/rsa.h ../include/openssl/safestack.h ocsp.o: ../include/openssl/sha.h ../include/openssl/ssl.h ocsp.o: ../include/openssl/ssl2.h ../include/openssl/ssl23.h ocsp.o: ../include/openssl/ssl3.h ../include/openssl/stack.h -ocsp.o: ../include/openssl/symhacks.h ../include/openssl/tls1.h -ocsp.o: ../include/openssl/txt_db.h ../include/openssl/ui.h -ocsp.o: ../include/openssl/x509.h ../include/openssl/x509_vfy.h -ocsp.o: ../include/openssl/x509v3.h apps.h ocsp.c +ocsp.o: ../include/openssl/store.h ../include/openssl/symhacks.h +ocsp.o: ../include/openssl/tls1.h ../include/openssl/txt_db.h +ocsp.o: ../include/openssl/ui.h ../include/openssl/x509.h +ocsp.o: ../include/openssl/x509_vfy.h ../include/openssl/x509v3.h apps.h ocsp.c openssl.o: ../e_os.h ../include/openssl/asn1.h ../include/openssl/bio.h openssl.o: ../include/openssl/bn.h ../include/openssl/buffer.h openssl.o: ../include/openssl/comp.h ../include/openssl/conf.h @@ -582,10 +594,11 @@ openssl.o: ../include/openssl/rand.h ../include/openssl/rsa.h openssl.o: ../include/openssl/safestack.h ../include/openssl/sha.h openssl.o: ../include/openssl/ssl.h ../include/openssl/ssl2.h openssl.o: ../include/openssl/ssl23.h ../include/openssl/ssl3.h -openssl.o: ../include/openssl/stack.h ../include/openssl/symhacks.h -openssl.o: ../include/openssl/tls1.h ../include/openssl/txt_db.h -openssl.o: ../include/openssl/ui.h ../include/openssl/x509.h -openssl.o: ../include/openssl/x509_vfy.h apps.h openssl.c progs.h s_apps.h +openssl.o: ../include/openssl/stack.h ../include/openssl/store.h +openssl.o: ../include/openssl/symhacks.h ../include/openssl/tls1.h +openssl.o: ../include/openssl/txt_db.h ../include/openssl/ui.h +openssl.o: ../include/openssl/x509.h ../include/openssl/x509_vfy.h apps.h +openssl.o: openssl.c progs.h s_apps.h passwd.o: ../e_os.h ../include/openssl/asn1.h ../include/openssl/bio.h passwd.o: ../include/openssl/bn.h ../include/openssl/buffer.h passwd.o: ../include/openssl/conf.h ../include/openssl/crypto.h @@ -601,10 +614,10 @@ passwd.o: ../include/openssl/opensslv.h ../include/openssl/ossl_typ.h passwd.o: ../include/openssl/pkcs7.h ../include/openssl/rand.h passwd.o: ../include/openssl/rsa.h ../include/openssl/safestack.h passwd.o: ../include/openssl/sha.h ../include/openssl/stack.h -passwd.o: ../include/openssl/symhacks.h ../include/openssl/txt_db.h -passwd.o: ../include/openssl/ui.h ../include/openssl/ui_compat.h -passwd.o: ../include/openssl/x509.h ../include/openssl/x509_vfy.h apps.h -passwd.o: passwd.c +passwd.o: ../include/openssl/store.h ../include/openssl/symhacks.h +passwd.o: ../include/openssl/txt_db.h ../include/openssl/ui.h +passwd.o: ../include/openssl/ui_compat.h ../include/openssl/x509.h +passwd.o: ../include/openssl/x509_vfy.h apps.h passwd.c pkcs12.o: ../e_os.h ../include/openssl/asn1.h ../include/openssl/bio.h pkcs12.o: ../include/openssl/bn.h ../include/openssl/buffer.h pkcs12.o: ../include/openssl/conf.h ../include/openssl/crypto.h @@ -620,9 +633,10 @@ pkcs12.o: ../include/openssl/pem2.h ../include/openssl/pkcs12.h pkcs12.o: ../include/openssl/pkcs7.h ../include/openssl/rand.h pkcs12.o: ../include/openssl/rsa.h ../include/openssl/safestack.h pkcs12.o: ../include/openssl/sha.h ../include/openssl/stack.h -pkcs12.o: ../include/openssl/symhacks.h ../include/openssl/txt_db.h -pkcs12.o: ../include/openssl/ui.h ../include/openssl/x509.h -pkcs12.o: ../include/openssl/x509_vfy.h apps.h pkcs12.c +pkcs12.o: ../include/openssl/store.h ../include/openssl/symhacks.h +pkcs12.o: ../include/openssl/txt_db.h ../include/openssl/ui.h +pkcs12.o: ../include/openssl/x509.h ../include/openssl/x509_vfy.h apps.h +pkcs12.o: pkcs12.c pkcs7.o: ../e_os.h ../include/openssl/asn1.h ../include/openssl/bio.h pkcs7.o: ../include/openssl/bn.h ../include/openssl/buffer.h pkcs7.o: ../include/openssl/conf.h ../include/openssl/crypto.h @@ -637,9 +651,10 @@ pkcs7.o: ../include/openssl/ossl_typ.h ../include/openssl/pem.h pkcs7.o: ../include/openssl/pem2.h ../include/openssl/pkcs7.h pkcs7.o: ../include/openssl/rand.h ../include/openssl/rsa.h pkcs7.o: ../include/openssl/safestack.h ../include/openssl/sha.h -pkcs7.o: ../include/openssl/stack.h ../include/openssl/symhacks.h -pkcs7.o: ../include/openssl/txt_db.h ../include/openssl/ui.h -pkcs7.o: ../include/openssl/x509.h ../include/openssl/x509_vfy.h apps.h pkcs7.c +pkcs7.o: ../include/openssl/stack.h ../include/openssl/store.h +pkcs7.o: ../include/openssl/symhacks.h ../include/openssl/txt_db.h +pkcs7.o: ../include/openssl/ui.h ../include/openssl/x509.h +pkcs7.o: ../include/openssl/x509_vfy.h apps.h pkcs7.c pkcs8.o: ../e_os.h ../include/openssl/asn1.h ../include/openssl/bio.h pkcs8.o: ../include/openssl/bn.h ../include/openssl/buffer.h pkcs8.o: ../include/openssl/conf.h ../include/openssl/crypto.h @@ -655,9 +670,9 @@ pkcs8.o: ../include/openssl/pem2.h ../include/openssl/pkcs12.h pkcs8.o: ../include/openssl/pkcs7.h ../include/openssl/rand.h pkcs8.o: ../include/openssl/rsa.h ../include/openssl/safestack.h pkcs8.o: ../include/openssl/sha.h ../include/openssl/stack.h -pkcs8.o: ../include/openssl/symhacks.h ../include/openssl/txt_db.h -pkcs8.o: ../include/openssl/ui.h ../include/openssl/x509.h -pkcs8.o: ../include/openssl/x509_vfy.h apps.h pkcs8.c +pkcs8.o: ../include/openssl/store.h ../include/openssl/symhacks.h +pkcs8.o: ../include/openssl/txt_db.h ../include/openssl/ui.h +pkcs8.o: ../include/openssl/x509.h ../include/openssl/x509_vfy.h apps.h pkcs8.c rand.o: ../e_os.h ../include/openssl/asn1.h ../include/openssl/bio.h rand.o: ../include/openssl/bn.h ../include/openssl/buffer.h rand.o: ../include/openssl/conf.h ../include/openssl/crypto.h @@ -671,9 +686,10 @@ rand.o: ../include/openssl/opensslconf.h ../include/openssl/opensslv.h rand.o: ../include/openssl/ossl_typ.h ../include/openssl/pkcs7.h rand.o: ../include/openssl/rand.h ../include/openssl/rsa.h rand.o: ../include/openssl/safestack.h ../include/openssl/sha.h -rand.o: ../include/openssl/stack.h ../include/openssl/symhacks.h -rand.o: ../include/openssl/txt_db.h ../include/openssl/ui.h -rand.o: ../include/openssl/x509.h ../include/openssl/x509_vfy.h apps.h rand.c +rand.o: ../include/openssl/stack.h ../include/openssl/store.h +rand.o: ../include/openssl/symhacks.h ../include/openssl/txt_db.h +rand.o: ../include/openssl/ui.h ../include/openssl/x509.h +rand.o: ../include/openssl/x509_vfy.h apps.h rand.c req.o: ../crypto/cryptlib.h ../e_os.h ../include/openssl/asn1.h req.o: ../include/openssl/bio.h ../include/openssl/bn.h req.o: ../include/openssl/buffer.h ../include/openssl/conf.h @@ -689,9 +705,10 @@ req.o: ../include/openssl/pem.h ../include/openssl/pem2.h req.o: ../include/openssl/pkcs7.h ../include/openssl/rand.h req.o: ../include/openssl/rsa.h ../include/openssl/safestack.h req.o: ../include/openssl/sha.h ../include/openssl/stack.h -req.o: ../include/openssl/symhacks.h ../include/openssl/txt_db.h -req.o: ../include/openssl/ui.h ../include/openssl/x509.h -req.o: ../include/openssl/x509_vfy.h ../include/openssl/x509v3.h apps.h req.c +req.o: ../include/openssl/store.h ../include/openssl/symhacks.h +req.o: ../include/openssl/txt_db.h ../include/openssl/ui.h +req.o: ../include/openssl/x509.h ../include/openssl/x509_vfy.h +req.o: ../include/openssl/x509v3.h apps.h req.c rsa.o: ../e_os.h ../include/openssl/asn1.h ../include/openssl/bio.h rsa.o: ../include/openssl/bn.h ../include/openssl/buffer.h rsa.o: ../include/openssl/conf.h ../include/openssl/crypto.h @@ -706,9 +723,10 @@ rsa.o: ../include/openssl/ossl_typ.h ../include/openssl/pem.h rsa.o: ../include/openssl/pem2.h ../include/openssl/pkcs7.h rsa.o: ../include/openssl/rand.h ../include/openssl/rsa.h rsa.o: ../include/openssl/safestack.h ../include/openssl/sha.h -rsa.o: ../include/openssl/stack.h ../include/openssl/symhacks.h -rsa.o: ../include/openssl/txt_db.h ../include/openssl/ui.h -rsa.o: ../include/openssl/x509.h ../include/openssl/x509_vfy.h apps.h rsa.c +rsa.o: ../include/openssl/stack.h ../include/openssl/store.h +rsa.o: ../include/openssl/symhacks.h ../include/openssl/txt_db.h +rsa.o: ../include/openssl/ui.h ../include/openssl/x509.h +rsa.o: ../include/openssl/x509_vfy.h apps.h rsa.c rsautl.o: ../e_os.h ../include/openssl/asn1.h ../include/openssl/bio.h rsautl.o: ../include/openssl/bn.h ../include/openssl/buffer.h rsautl.o: ../include/openssl/conf.h ../include/openssl/crypto.h @@ -723,10 +741,10 @@ rsautl.o: ../include/openssl/ossl_typ.h ../include/openssl/pem.h rsautl.o: ../include/openssl/pem2.h ../include/openssl/pkcs7.h rsautl.o: ../include/openssl/rand.h ../include/openssl/rsa.h rsautl.o: ../include/openssl/safestack.h ../include/openssl/sha.h -rsautl.o: ../include/openssl/stack.h ../include/openssl/symhacks.h -rsautl.o: ../include/openssl/txt_db.h ../include/openssl/ui.h -rsautl.o: ../include/openssl/x509.h ../include/openssl/x509_vfy.h apps.h -rsautl.o: rsautl.c +rsautl.o: ../include/openssl/stack.h ../include/openssl/store.h +rsautl.o: ../include/openssl/symhacks.h ../include/openssl/txt_db.h +rsautl.o: ../include/openssl/ui.h ../include/openssl/x509.h +rsautl.o: ../include/openssl/x509_vfy.h apps.h rsautl.c s_cb.o: ../e_os.h ../include/openssl/asn1.h ../include/openssl/bio.h s_cb.o: ../include/openssl/bn.h ../include/openssl/buffer.h s_cb.o: ../include/openssl/comp.h ../include/openssl/conf.h @@ -744,10 +762,11 @@ s_cb.o: ../include/openssl/rand.h ../include/openssl/rsa.h s_cb.o: ../include/openssl/safestack.h ../include/openssl/sha.h s_cb.o: ../include/openssl/ssl.h ../include/openssl/ssl2.h s_cb.o: ../include/openssl/ssl23.h ../include/openssl/ssl3.h -s_cb.o: ../include/openssl/stack.h ../include/openssl/symhacks.h -s_cb.o: ../include/openssl/tls1.h ../include/openssl/txt_db.h -s_cb.o: ../include/openssl/ui.h ../include/openssl/x509.h -s_cb.o: ../include/openssl/x509_vfy.h apps.h s_apps.h s_cb.c +s_cb.o: ../include/openssl/stack.h ../include/openssl/store.h +s_cb.o: ../include/openssl/symhacks.h ../include/openssl/tls1.h +s_cb.o: ../include/openssl/txt_db.h ../include/openssl/ui.h +s_cb.o: ../include/openssl/x509.h ../include/openssl/x509_vfy.h apps.h s_apps.h +s_cb.o: s_cb.c s_client.o: ../e_os.h ../include/openssl/asn1.h ../include/openssl/bio.h s_client.o: ../include/openssl/bn.h ../include/openssl/buffer.h s_client.o: ../include/openssl/comp.h ../include/openssl/conf.h @@ -765,10 +784,11 @@ s_client.o: ../include/openssl/rand.h ../include/openssl/rsa.h s_client.o: ../include/openssl/safestack.h ../include/openssl/sha.h s_client.o: ../include/openssl/ssl.h ../include/openssl/ssl2.h s_client.o: ../include/openssl/ssl23.h ../include/openssl/ssl3.h -s_client.o: ../include/openssl/stack.h ../include/openssl/symhacks.h -s_client.o: ../include/openssl/tls1.h ../include/openssl/txt_db.h -s_client.o: ../include/openssl/ui.h ../include/openssl/x509.h -s_client.o: ../include/openssl/x509_vfy.h apps.h s_apps.h s_client.c +s_client.o: ../include/openssl/stack.h ../include/openssl/store.h +s_client.o: ../include/openssl/symhacks.h ../include/openssl/tls1.h +s_client.o: ../include/openssl/txt_db.h ../include/openssl/ui.h +s_client.o: ../include/openssl/x509.h ../include/openssl/x509_vfy.h apps.h +s_client.o: s_apps.h s_client.c s_server.o: ../e_os.h ../include/openssl/asn1.h ../include/openssl/bio.h s_server.o: ../include/openssl/bn.h ../include/openssl/buffer.h s_server.o: ../include/openssl/comp.h ../include/openssl/conf.h @@ -786,10 +806,11 @@ s_server.o: ../include/openssl/rand.h ../include/openssl/rsa.h s_server.o: ../include/openssl/safestack.h ../include/openssl/sha.h s_server.o: ../include/openssl/ssl.h ../include/openssl/ssl2.h s_server.o: ../include/openssl/ssl23.h ../include/openssl/ssl3.h -s_server.o: ../include/openssl/stack.h ../include/openssl/symhacks.h -s_server.o: ../include/openssl/tls1.h ../include/openssl/txt_db.h -s_server.o: ../include/openssl/ui.h ../include/openssl/x509.h -s_server.o: ../include/openssl/x509_vfy.h apps.h s_apps.h s_server.c +s_server.o: ../include/openssl/stack.h ../include/openssl/store.h +s_server.o: ../include/openssl/symhacks.h ../include/openssl/tls1.h +s_server.o: ../include/openssl/txt_db.h ../include/openssl/ui.h +s_server.o: ../include/openssl/x509.h ../include/openssl/x509_vfy.h apps.h +s_server.o: s_apps.h s_server.c s_socket.o: ../e_os.h ../include/openssl/asn1.h ../include/openssl/bio.h s_socket.o: ../include/openssl/bn.h ../include/openssl/buffer.h s_socket.o: ../include/openssl/comp.h ../include/openssl/conf.h @@ -807,10 +828,11 @@ s_socket.o: ../include/openssl/rand.h ../include/openssl/rsa.h s_socket.o: ../include/openssl/safestack.h ../include/openssl/sha.h s_socket.o: ../include/openssl/ssl.h ../include/openssl/ssl2.h s_socket.o: ../include/openssl/ssl23.h ../include/openssl/ssl3.h -s_socket.o: ../include/openssl/stack.h ../include/openssl/symhacks.h -s_socket.o: ../include/openssl/tls1.h ../include/openssl/txt_db.h -s_socket.o: ../include/openssl/ui.h ../include/openssl/x509.h -s_socket.o: ../include/openssl/x509_vfy.h apps.h s_apps.h s_socket.c +s_socket.o: ../include/openssl/stack.h ../include/openssl/store.h +s_socket.o: ../include/openssl/symhacks.h ../include/openssl/tls1.h +s_socket.o: ../include/openssl/txt_db.h ../include/openssl/ui.h +s_socket.o: ../include/openssl/x509.h ../include/openssl/x509_vfy.h apps.h +s_socket.o: s_apps.h s_socket.c s_time.o: ../e_os.h ../include/openssl/asn1.h ../include/openssl/bio.h s_time.o: ../include/openssl/bn.h ../include/openssl/buffer.h s_time.o: ../include/openssl/comp.h ../include/openssl/conf.h @@ -828,10 +850,11 @@ s_time.o: ../include/openssl/rand.h ../include/openssl/rsa.h s_time.o: ../include/openssl/safestack.h ../include/openssl/sha.h s_time.o: ../include/openssl/ssl.h ../include/openssl/ssl2.h s_time.o: ../include/openssl/ssl23.h ../include/openssl/ssl3.h -s_time.o: ../include/openssl/stack.h ../include/openssl/symhacks.h -s_time.o: ../include/openssl/tls1.h ../include/openssl/txt_db.h -s_time.o: ../include/openssl/ui.h ../include/openssl/x509.h -s_time.o: ../include/openssl/x509_vfy.h apps.h s_apps.h s_time.c +s_time.o: ../include/openssl/stack.h ../include/openssl/store.h +s_time.o: ../include/openssl/symhacks.h ../include/openssl/tls1.h +s_time.o: ../include/openssl/txt_db.h ../include/openssl/ui.h +s_time.o: ../include/openssl/x509.h ../include/openssl/x509_vfy.h apps.h +s_time.o: s_apps.h s_time.c sess_id.o: ../e_os.h ../include/openssl/asn1.h ../include/openssl/bio.h sess_id.o: ../include/openssl/bn.h ../include/openssl/buffer.h sess_id.o: ../include/openssl/comp.h ../include/openssl/conf.h @@ -849,10 +872,11 @@ sess_id.o: ../include/openssl/rand.h ../include/openssl/rsa.h sess_id.o: ../include/openssl/safestack.h ../include/openssl/sha.h sess_id.o: ../include/openssl/ssl.h ../include/openssl/ssl2.h sess_id.o: ../include/openssl/ssl23.h ../include/openssl/ssl3.h -sess_id.o: ../include/openssl/stack.h ../include/openssl/symhacks.h -sess_id.o: ../include/openssl/tls1.h ../include/openssl/txt_db.h -sess_id.o: ../include/openssl/ui.h ../include/openssl/x509.h -sess_id.o: ../include/openssl/x509_vfy.h apps.h sess_id.c +sess_id.o: ../include/openssl/stack.h ../include/openssl/store.h +sess_id.o: ../include/openssl/symhacks.h ../include/openssl/tls1.h +sess_id.o: ../include/openssl/txt_db.h ../include/openssl/ui.h +sess_id.o: ../include/openssl/x509.h ../include/openssl/x509_vfy.h apps.h +sess_id.o: sess_id.c smime.o: ../e_os.h ../include/openssl/asn1.h ../include/openssl/bio.h smime.o: ../include/openssl/bn.h ../include/openssl/buffer.h smime.o: ../include/openssl/conf.h ../include/openssl/crypto.h @@ -867,9 +891,10 @@ smime.o: ../include/openssl/ossl_typ.h ../include/openssl/pem.h smime.o: ../include/openssl/pem2.h ../include/openssl/pkcs7.h smime.o: ../include/openssl/rand.h ../include/openssl/rsa.h smime.o: ../include/openssl/safestack.h ../include/openssl/sha.h -smime.o: ../include/openssl/stack.h ../include/openssl/symhacks.h -smime.o: ../include/openssl/txt_db.h ../include/openssl/ui.h -smime.o: ../include/openssl/x509.h ../include/openssl/x509_vfy.h apps.h smime.c +smime.o: ../include/openssl/stack.h ../include/openssl/store.h +smime.o: ../include/openssl/symhacks.h ../include/openssl/txt_db.h +smime.o: ../include/openssl/ui.h ../include/openssl/x509.h +smime.o: ../include/openssl/x509_vfy.h apps.h smime.c speed.o: ../e_os.h ../include/openssl/aes.h ../include/openssl/asn1.h speed.o: ../include/openssl/bio.h ../include/openssl/blowfish.h speed.o: ../include/openssl/bn.h ../include/openssl/buffer.h @@ -891,10 +916,10 @@ speed.o: ../include/openssl/rc2.h ../include/openssl/rc4.h speed.o: ../include/openssl/rc5.h ../include/openssl/ripemd.h speed.o: ../include/openssl/rsa.h ../include/openssl/safestack.h speed.o: ../include/openssl/sha.h ../include/openssl/stack.h -speed.o: ../include/openssl/symhacks.h ../include/openssl/txt_db.h -speed.o: ../include/openssl/ui.h ../include/openssl/ui_compat.h -speed.o: ../include/openssl/x509.h ../include/openssl/x509_vfy.h apps.h speed.c -speed.o: testdsa.h testrsa.h +speed.o: ../include/openssl/store.h ../include/openssl/symhacks.h +speed.o: ../include/openssl/txt_db.h ../include/openssl/ui.h +speed.o: ../include/openssl/ui_compat.h ../include/openssl/x509.h +speed.o: ../include/openssl/x509_vfy.h apps.h speed.c testdsa.h testrsa.h spkac.o: ../e_os.h ../include/openssl/asn1.h ../include/openssl/bio.h spkac.o: ../include/openssl/bn.h ../include/openssl/buffer.h spkac.o: ../include/openssl/conf.h ../include/openssl/crypto.h @@ -909,9 +934,10 @@ spkac.o: ../include/openssl/ossl_typ.h ../include/openssl/pem.h spkac.o: ../include/openssl/pem2.h ../include/openssl/pkcs7.h spkac.o: ../include/openssl/rand.h ../include/openssl/rsa.h spkac.o: ../include/openssl/safestack.h ../include/openssl/sha.h -spkac.o: ../include/openssl/stack.h ../include/openssl/symhacks.h -spkac.o: ../include/openssl/txt_db.h ../include/openssl/ui.h -spkac.o: ../include/openssl/x509.h ../include/openssl/x509_vfy.h apps.h spkac.c +spkac.o: ../include/openssl/stack.h ../include/openssl/store.h +spkac.o: ../include/openssl/symhacks.h ../include/openssl/txt_db.h +spkac.o: ../include/openssl/ui.h ../include/openssl/x509.h +spkac.o: ../include/openssl/x509_vfy.h apps.h spkac.c verify.o: ../e_os.h ../include/openssl/asn1.h ../include/openssl/bio.h verify.o: ../include/openssl/bn.h ../include/openssl/buffer.h verify.o: ../include/openssl/conf.h ../include/openssl/crypto.h @@ -926,10 +952,11 @@ verify.o: ../include/openssl/ossl_typ.h ../include/openssl/pem.h verify.o: ../include/openssl/pem2.h ../include/openssl/pkcs7.h verify.o: ../include/openssl/rand.h ../include/openssl/rsa.h verify.o: ../include/openssl/safestack.h ../include/openssl/sha.h -verify.o: ../include/openssl/stack.h ../include/openssl/symhacks.h -verify.o: ../include/openssl/txt_db.h ../include/openssl/ui.h -verify.o: ../include/openssl/x509.h ../include/openssl/x509_vfy.h -verify.o: ../include/openssl/x509v3.h apps.h verify.c +verify.o: ../include/openssl/stack.h ../include/openssl/store.h +verify.o: ../include/openssl/symhacks.h ../include/openssl/txt_db.h +verify.o: ../include/openssl/ui.h ../include/openssl/x509.h +verify.o: ../include/openssl/x509_vfy.h ../include/openssl/x509v3.h apps.h +verify.o: verify.c version.o: ../e_os.h ../include/openssl/asn1.h ../include/openssl/bio.h version.o: ../include/openssl/blowfish.h ../include/openssl/bn.h version.o: ../include/openssl/buffer.h ../include/openssl/conf.h @@ -946,10 +973,11 @@ version.o: ../include/openssl/opensslv.h ../include/openssl/ossl_typ.h version.o: ../include/openssl/pkcs7.h ../include/openssl/rand.h version.o: ../include/openssl/rc4.h ../include/openssl/rsa.h version.o: ../include/openssl/safestack.h ../include/openssl/sha.h -version.o: ../include/openssl/stack.h ../include/openssl/symhacks.h -version.o: ../include/openssl/txt_db.h ../include/openssl/ui.h -version.o: ../include/openssl/ui_compat.h ../include/openssl/x509.h -version.o: ../include/openssl/x509_vfy.h apps.h version.c +version.o: ../include/openssl/stack.h ../include/openssl/store.h +version.o: ../include/openssl/symhacks.h ../include/openssl/txt_db.h +version.o: ../include/openssl/ui.h ../include/openssl/ui_compat.h +version.o: ../include/openssl/x509.h ../include/openssl/x509_vfy.h apps.h +version.o: version.c x509.o: ../e_os.h ../include/openssl/asn1.h ../include/openssl/bio.h x509.o: ../include/openssl/bn.h ../include/openssl/buffer.h x509.o: ../include/openssl/conf.h ../include/openssl/crypto.h @@ -964,7 +992,7 @@ x509.o: ../include/openssl/ossl_typ.h ../include/openssl/pem.h x509.o: ../include/openssl/pem2.h ../include/openssl/pkcs7.h x509.o: ../include/openssl/rand.h ../include/openssl/rsa.h x509.o: ../include/openssl/safestack.h ../include/openssl/sha.h -x509.o: ../include/openssl/stack.h ../include/openssl/symhacks.h -x509.o: ../include/openssl/txt_db.h ../include/openssl/ui.h -x509.o: ../include/openssl/x509.h ../include/openssl/x509_vfy.h -x509.o: ../include/openssl/x509v3.h apps.h x509.c +x509.o: ../include/openssl/stack.h ../include/openssl/store.h +x509.o: ../include/openssl/symhacks.h ../include/openssl/txt_db.h +x509.o: ../include/openssl/ui.h ../include/openssl/x509.h +x509.o: ../include/openssl/x509_vfy.h ../include/openssl/x509v3.h apps.h x509.c diff --git a/crypto/conf/Makefile.ssl b/crypto/conf/Makefile.ssl index e7bcaff740..09c68e6829 100644 --- a/crypto/conf/Makefile.ssl +++ b/crypto/conf/Makefile.ssl @@ -127,9 +127,9 @@ conf_mall.o: ../../include/openssl/opensslv.h ../../include/openssl/ossl_typ.h conf_mall.o: ../../include/openssl/pkcs7.h ../../include/openssl/rand.h conf_mall.o: ../../include/openssl/rsa.h ../../include/openssl/safestack.h conf_mall.o: ../../include/openssl/sha.h ../../include/openssl/stack.h -conf_mall.o: ../../include/openssl/symhacks.h ../../include/openssl/ui.h -conf_mall.o: ../../include/openssl/x509.h ../../include/openssl/x509_vfy.h -conf_mall.o: ../cryptlib.h conf_mall.c +conf_mall.o: ../../include/openssl/store.h ../../include/openssl/symhacks.h +conf_mall.o: ../../include/openssl/ui.h ../../include/openssl/x509.h +conf_mall.o: ../../include/openssl/x509_vfy.h ../cryptlib.h conf_mall.c conf_mod.o: ../../e_os.h ../../include/openssl/asn1.h conf_mod.o: ../../include/openssl/bio.h ../../include/openssl/bn.h conf_mod.o: ../../include/openssl/buffer.h ../../include/openssl/conf.h @@ -161,6 +161,6 @@ conf_sap.o: ../../include/openssl/opensslv.h ../../include/openssl/ossl_typ.h conf_sap.o: ../../include/openssl/pkcs7.h ../../include/openssl/rand.h conf_sap.o: ../../include/openssl/rsa.h ../../include/openssl/safestack.h conf_sap.o: ../../include/openssl/sha.h ../../include/openssl/stack.h -conf_sap.o: ../../include/openssl/symhacks.h ../../include/openssl/ui.h -conf_sap.o: ../../include/openssl/x509.h ../../include/openssl/x509_vfy.h -conf_sap.o: ../cryptlib.h conf_sap.c +conf_sap.o: ../../include/openssl/store.h ../../include/openssl/symhacks.h +conf_sap.o: ../../include/openssl/ui.h ../../include/openssl/x509.h +conf_sap.o: ../../include/openssl/x509_vfy.h ../cryptlib.h conf_sap.c diff --git a/crypto/dh/Makefile.ssl b/crypto/dh/Makefile.ssl index 1f72d521ea..41451917b3 100644 --- a/crypto/dh/Makefile.ssl +++ b/crypto/dh/Makefile.ssl @@ -134,9 +134,13 @@ dh_lib.o: ../../include/openssl/crypto.h ../../include/openssl/dh.h dh_lib.o: ../../include/openssl/dsa.h ../../include/openssl/e_os2.h dh_lib.o: ../../include/openssl/ec.h ../../include/openssl/ecdh.h dh_lib.o: ../../include/openssl/ecdsa.h ../../include/openssl/engine.h -dh_lib.o: ../../include/openssl/err.h ../../include/openssl/lhash.h -dh_lib.o: ../../include/openssl/opensslconf.h ../../include/openssl/opensslv.h -dh_lib.o: ../../include/openssl/ossl_typ.h ../../include/openssl/rand.h +dh_lib.o: ../../include/openssl/err.h ../../include/openssl/evp.h +dh_lib.o: ../../include/openssl/lhash.h ../../include/openssl/obj_mac.h +dh_lib.o: ../../include/openssl/objects.h ../../include/openssl/opensslconf.h +dh_lib.o: ../../include/openssl/opensslv.h ../../include/openssl/ossl_typ.h +dh_lib.o: ../../include/openssl/pkcs7.h ../../include/openssl/rand.h dh_lib.o: ../../include/openssl/rsa.h ../../include/openssl/safestack.h -dh_lib.o: ../../include/openssl/stack.h ../../include/openssl/symhacks.h -dh_lib.o: ../../include/openssl/ui.h ../cryptlib.h dh_lib.c +dh_lib.o: ../../include/openssl/sha.h ../../include/openssl/stack.h +dh_lib.o: ../../include/openssl/store.h ../../include/openssl/symhacks.h +dh_lib.o: ../../include/openssl/ui.h ../../include/openssl/x509.h +dh_lib.o: ../../include/openssl/x509_vfy.h ../cryptlib.h dh_lib.c diff --git a/crypto/dsa/Makefile.ssl b/crypto/dsa/Makefile.ssl index 6a60976f41..c09938e95f 100644 --- a/crypto/dsa/Makefile.ssl +++ b/crypto/dsa/Makefile.ssl @@ -139,11 +139,15 @@ dsa_lib.o: ../../include/openssl/dh.h ../../include/openssl/dsa.h dsa_lib.o: ../../include/openssl/e_os2.h ../../include/openssl/ec.h dsa_lib.o: ../../include/openssl/ecdh.h ../../include/openssl/ecdsa.h dsa_lib.o: ../../include/openssl/engine.h ../../include/openssl/err.h -dsa_lib.o: ../../include/openssl/lhash.h ../../include/openssl/opensslconf.h -dsa_lib.o: ../../include/openssl/opensslv.h ../../include/openssl/ossl_typ.h +dsa_lib.o: ../../include/openssl/evp.h ../../include/openssl/lhash.h +dsa_lib.o: ../../include/openssl/obj_mac.h ../../include/openssl/objects.h +dsa_lib.o: ../../include/openssl/opensslconf.h ../../include/openssl/opensslv.h +dsa_lib.o: ../../include/openssl/ossl_typ.h ../../include/openssl/pkcs7.h dsa_lib.o: ../../include/openssl/rand.h ../../include/openssl/rsa.h -dsa_lib.o: ../../include/openssl/safestack.h ../../include/openssl/stack.h +dsa_lib.o: ../../include/openssl/safestack.h ../../include/openssl/sha.h +dsa_lib.o: ../../include/openssl/stack.h ../../include/openssl/store.h dsa_lib.o: ../../include/openssl/symhacks.h ../../include/openssl/ui.h +dsa_lib.o: ../../include/openssl/x509.h ../../include/openssl/x509_vfy.h dsa_lib.o: ../cryptlib.h dsa_lib.c dsa_ossl.o: ../../e_os.h ../../include/openssl/asn1.h dsa_ossl.o: ../../include/openssl/bio.h ../../include/openssl/bn.h diff --git a/crypto/ecdh/Makefile.ssl b/crypto/ecdh/Makefile.ssl index 8a0e43852a..ff46ca041d 100644 --- a/crypto/ecdh/Makefile.ssl +++ b/crypto/ecdh/Makefile.ssl @@ -89,29 +89,37 @@ ech_err.o: ../../include/openssl/opensslv.h ../../include/openssl/ossl_typ.h ech_err.o: ../../include/openssl/safestack.h ../../include/openssl/stack.h ech_err.o: ../../include/openssl/symhacks.h ech_err.c ech_key.o: ../../include/openssl/asn1.h ../../include/openssl/bio.h -ech_key.o: ../../include/openssl/bn.h ../../include/openssl/crypto.h -ech_key.o: ../../include/openssl/dh.h ../../include/openssl/dsa.h -ech_key.o: ../../include/openssl/e_os2.h ../../include/openssl/ec.h -ech_key.o: ../../include/openssl/ecdh.h ../../include/openssl/ecdsa.h -ech_key.o: ../../include/openssl/engine.h ../../include/openssl/err.h -ech_key.o: ../../include/openssl/lhash.h ../../include/openssl/opensslconf.h +ech_key.o: ../../include/openssl/bn.h ../../include/openssl/buffer.h +ech_key.o: ../../include/openssl/crypto.h ../../include/openssl/dh.h +ech_key.o: ../../include/openssl/dsa.h ../../include/openssl/e_os2.h +ech_key.o: ../../include/openssl/ec.h ../../include/openssl/ecdh.h +ech_key.o: ../../include/openssl/ecdsa.h ../../include/openssl/engine.h +ech_key.o: ../../include/openssl/err.h ../../include/openssl/evp.h +ech_key.o: ../../include/openssl/lhash.h ../../include/openssl/obj_mac.h +ech_key.o: ../../include/openssl/objects.h ../../include/openssl/opensslconf.h ech_key.o: ../../include/openssl/opensslv.h ../../include/openssl/ossl_typ.h -ech_key.o: ../../include/openssl/rand.h ../../include/openssl/rsa.h -ech_key.o: ../../include/openssl/safestack.h ../../include/openssl/stack.h -ech_key.o: ../../include/openssl/symhacks.h ../../include/openssl/ui.h ecdh.h -ech_key.o: ech_key.c +ech_key.o: ../../include/openssl/pkcs7.h ../../include/openssl/rand.h +ech_key.o: ../../include/openssl/rsa.h ../../include/openssl/safestack.h +ech_key.o: ../../include/openssl/sha.h ../../include/openssl/stack.h +ech_key.o: ../../include/openssl/store.h ../../include/openssl/symhacks.h +ech_key.o: ../../include/openssl/ui.h ../../include/openssl/x509.h +ech_key.o: ../../include/openssl/x509_vfy.h ecdh.h ech_key.c ech_lib.o: ../../include/openssl/asn1.h ../../include/openssl/bio.h -ech_lib.o: ../../include/openssl/bn.h ../../include/openssl/crypto.h -ech_lib.o: ../../include/openssl/dh.h ../../include/openssl/dsa.h -ech_lib.o: ../../include/openssl/e_os2.h ../../include/openssl/ec.h -ech_lib.o: ../../include/openssl/ecdh.h ../../include/openssl/ecdsa.h -ech_lib.o: ../../include/openssl/engine.h ../../include/openssl/err.h -ech_lib.o: ../../include/openssl/lhash.h ../../include/openssl/opensslconf.h +ech_lib.o: ../../include/openssl/bn.h ../../include/openssl/buffer.h +ech_lib.o: ../../include/openssl/crypto.h ../../include/openssl/dh.h +ech_lib.o: ../../include/openssl/dsa.h ../../include/openssl/e_os2.h +ech_lib.o: ../../include/openssl/ec.h ../../include/openssl/ecdh.h +ech_lib.o: ../../include/openssl/ecdsa.h ../../include/openssl/engine.h +ech_lib.o: ../../include/openssl/err.h ../../include/openssl/evp.h +ech_lib.o: ../../include/openssl/lhash.h ../../include/openssl/obj_mac.h +ech_lib.o: ../../include/openssl/objects.h ../../include/openssl/opensslconf.h ech_lib.o: ../../include/openssl/opensslv.h ../../include/openssl/ossl_typ.h -ech_lib.o: ../../include/openssl/rand.h ../../include/openssl/rsa.h -ech_lib.o: ../../include/openssl/safestack.h ../../include/openssl/stack.h -ech_lib.o: ../../include/openssl/symhacks.h ../../include/openssl/ui.h ecdh.h -ech_lib.o: ech_lib.c +ech_lib.o: ../../include/openssl/pkcs7.h ../../include/openssl/rand.h +ech_lib.o: ../../include/openssl/rsa.h ../../include/openssl/safestack.h +ech_lib.o: ../../include/openssl/sha.h ../../include/openssl/stack.h +ech_lib.o: ../../include/openssl/store.h ../../include/openssl/symhacks.h +ech_lib.o: ../../include/openssl/ui.h ../../include/openssl/x509.h +ech_lib.o: ../../include/openssl/x509_vfy.h ecdh.h ech_lib.c ech_ossl.o: ../../e_os.h ../../include/openssl/asn1.h ech_ossl.o: ../../include/openssl/bio.h ../../include/openssl/bn.h ech_ossl.o: ../../include/openssl/buffer.h ../../include/openssl/crypto.h diff --git a/crypto/ecdsa/Makefile.ssl b/crypto/ecdsa/Makefile.ssl index 3bdc55efb5..935ea7a44f 100644 --- a/crypto/ecdsa/Makefile.ssl +++ b/crypto/ecdsa/Makefile.ssl @@ -97,17 +97,21 @@ ecs_err.o: ../../include/openssl/opensslv.h ../../include/openssl/ossl_typ.h ecs_err.o: ../../include/openssl/safestack.h ../../include/openssl/stack.h ecs_err.o: ../../include/openssl/symhacks.h ecs_err.c ecs_lib.o: ../../include/openssl/asn1.h ../../include/openssl/bio.h -ecs_lib.o: ../../include/openssl/bn.h ../../include/openssl/crypto.h -ecs_lib.o: ../../include/openssl/dh.h ../../include/openssl/dsa.h -ecs_lib.o: ../../include/openssl/e_os2.h ../../include/openssl/ec.h -ecs_lib.o: ../../include/openssl/ecdh.h ../../include/openssl/ecdsa.h -ecs_lib.o: ../../include/openssl/engine.h ../../include/openssl/err.h -ecs_lib.o: ../../include/openssl/lhash.h ../../include/openssl/opensslconf.h +ecs_lib.o: ../../include/openssl/bn.h ../../include/openssl/buffer.h +ecs_lib.o: ../../include/openssl/crypto.h ../../include/openssl/dh.h +ecs_lib.o: ../../include/openssl/dsa.h ../../include/openssl/e_os2.h +ecs_lib.o: ../../include/openssl/ec.h ../../include/openssl/ecdh.h +ecs_lib.o: ../../include/openssl/ecdsa.h ../../include/openssl/engine.h +ecs_lib.o: ../../include/openssl/err.h ../../include/openssl/evp.h +ecs_lib.o: ../../include/openssl/lhash.h ../../include/openssl/obj_mac.h +ecs_lib.o: ../../include/openssl/objects.h ../../include/openssl/opensslconf.h ecs_lib.o: ../../include/openssl/opensslv.h ../../include/openssl/ossl_typ.h -ecs_lib.o: ../../include/openssl/rand.h ../../include/openssl/rsa.h -ecs_lib.o: ../../include/openssl/safestack.h ../../include/openssl/stack.h -ecs_lib.o: ../../include/openssl/symhacks.h ../../include/openssl/ui.h ecdsa.h -ecs_lib.o: ecs_lib.c +ecs_lib.o: ../../include/openssl/pkcs7.h ../../include/openssl/rand.h +ecs_lib.o: ../../include/openssl/rsa.h ../../include/openssl/safestack.h +ecs_lib.o: ../../include/openssl/sha.h ../../include/openssl/stack.h +ecs_lib.o: ../../include/openssl/store.h ../../include/openssl/symhacks.h +ecs_lib.o: ../../include/openssl/ui.h ../../include/openssl/x509.h +ecs_lib.o: ../../include/openssl/x509_vfy.h ecdsa.h ecs_lib.c ecs_ossl.o: ../../include/openssl/asn1.h ../../include/openssl/bio.h ecs_ossl.o: ../../include/openssl/bn.h ../../include/openssl/crypto.h ecs_ossl.o: ../../include/openssl/e_os2.h ../../include/openssl/ec.h @@ -117,26 +121,34 @@ ecs_ossl.o: ../../include/openssl/opensslv.h ../../include/openssl/ossl_typ.h ecs_ossl.o: ../../include/openssl/safestack.h ../../include/openssl/stack.h ecs_ossl.o: ../../include/openssl/symhacks.h ecdsa.h ecs_ossl.c ecs_sign.o: ../../include/openssl/asn1.h ../../include/openssl/bio.h -ecs_sign.o: ../../include/openssl/bn.h ../../include/openssl/crypto.h -ecs_sign.o: ../../include/openssl/dh.h ../../include/openssl/dsa.h -ecs_sign.o: ../../include/openssl/e_os2.h ../../include/openssl/ec.h -ecs_sign.o: ../../include/openssl/ecdh.h ../../include/openssl/ecdsa.h -ecs_sign.o: ../../include/openssl/engine.h ../../include/openssl/err.h -ecs_sign.o: ../../include/openssl/lhash.h ../../include/openssl/opensslconf.h +ecs_sign.o: ../../include/openssl/bn.h ../../include/openssl/buffer.h +ecs_sign.o: ../../include/openssl/crypto.h ../../include/openssl/dh.h +ecs_sign.o: ../../include/openssl/dsa.h ../../include/openssl/e_os2.h +ecs_sign.o: ../../include/openssl/ec.h ../../include/openssl/ecdh.h +ecs_sign.o: ../../include/openssl/ecdsa.h ../../include/openssl/engine.h +ecs_sign.o: ../../include/openssl/err.h ../../include/openssl/evp.h +ecs_sign.o: ../../include/openssl/lhash.h ../../include/openssl/obj_mac.h +ecs_sign.o: ../../include/openssl/objects.h ../../include/openssl/opensslconf.h ecs_sign.o: ../../include/openssl/opensslv.h ../../include/openssl/ossl_typ.h -ecs_sign.o: ../../include/openssl/rand.h ../../include/openssl/rsa.h -ecs_sign.o: ../../include/openssl/safestack.h ../../include/openssl/stack.h -ecs_sign.o: ../../include/openssl/symhacks.h ../../include/openssl/ui.h ecdsa.h -ecs_sign.o: ecs_sign.c +ecs_sign.o: ../../include/openssl/pkcs7.h ../../include/openssl/rand.h +ecs_sign.o: ../../include/openssl/rsa.h ../../include/openssl/safestack.h +ecs_sign.o: ../../include/openssl/sha.h ../../include/openssl/stack.h +ecs_sign.o: ../../include/openssl/store.h ../../include/openssl/symhacks.h +ecs_sign.o: ../../include/openssl/ui.h ../../include/openssl/x509.h +ecs_sign.o: ../../include/openssl/x509_vfy.h ecdsa.h ecs_sign.c ecs_vrf.o: ../../include/openssl/asn1.h ../../include/openssl/bio.h -ecs_vrf.o: ../../include/openssl/bn.h ../../include/openssl/crypto.h -ecs_vrf.o: ../../include/openssl/dh.h ../../include/openssl/dsa.h -ecs_vrf.o: ../../include/openssl/e_os2.h ../../include/openssl/ec.h -ecs_vrf.o: ../../include/openssl/ecdh.h ../../include/openssl/ecdsa.h -ecs_vrf.o: ../../include/openssl/engine.h ../../include/openssl/err.h -ecs_vrf.o: ../../include/openssl/lhash.h ../../include/openssl/opensslconf.h +ecs_vrf.o: ../../include/openssl/bn.h ../../include/openssl/buffer.h +ecs_vrf.o: ../../include/openssl/crypto.h ../../include/openssl/dh.h +ecs_vrf.o: ../../include/openssl/dsa.h ../../include/openssl/e_os2.h +ecs_vrf.o: ../../include/openssl/ec.h ../../include/openssl/ecdh.h +ecs_vrf.o: ../../include/openssl/ecdsa.h ../../include/openssl/engine.h +ecs_vrf.o: ../../include/openssl/err.h ../../include/openssl/evp.h +ecs_vrf.o: ../../include/openssl/lhash.h ../../include/openssl/obj_mac.h +ecs_vrf.o: ../../include/openssl/objects.h ../../include/openssl/opensslconf.h ecs_vrf.o: ../../include/openssl/opensslv.h ../../include/openssl/ossl_typ.h -ecs_vrf.o: ../../include/openssl/rand.h ../../include/openssl/rsa.h -ecs_vrf.o: ../../include/openssl/safestack.h ../../include/openssl/stack.h -ecs_vrf.o: ../../include/openssl/symhacks.h ../../include/openssl/ui.h ecdsa.h -ecs_vrf.o: ecs_vrf.c +ecs_vrf.o: ../../include/openssl/pkcs7.h ../../include/openssl/rand.h +ecs_vrf.o: ../../include/openssl/rsa.h ../../include/openssl/safestack.h +ecs_vrf.o: ../../include/openssl/sha.h ../../include/openssl/stack.h +ecs_vrf.o: ../../include/openssl/store.h ../../include/openssl/symhacks.h +ecs_vrf.o: ../../include/openssl/ui.h ../../include/openssl/x509.h +ecs_vrf.o: ../../include/openssl/x509_vfy.h ecdsa.h ecs_vrf.c diff --git a/crypto/err/Makefile.ssl b/crypto/err/Makefile.ssl index 69ee692cfb..77a87e16f0 100644 --- a/crypto/err/Makefile.ssl +++ b/crypto/err/Makefile.ssl @@ -100,10 +100,10 @@ err_all.o: ../../include/openssl/ossl_typ.h ../../include/openssl/pem2.h err_all.o: ../../include/openssl/pkcs12.h ../../include/openssl/pkcs7.h err_all.o: ../../include/openssl/rand.h ../../include/openssl/rsa.h err_all.o: ../../include/openssl/safestack.h ../../include/openssl/sha.h -err_all.o: ../../include/openssl/stack.h ../../include/openssl/symhacks.h -err_all.o: ../../include/openssl/ui.h ../../include/openssl/x509.h -err_all.o: ../../include/openssl/x509_vfy.h ../../include/openssl/x509v3.h -err_all.o: err_all.c +err_all.o: ../../include/openssl/stack.h ../../include/openssl/store.h +err_all.o: ../../include/openssl/symhacks.h ../../include/openssl/ui.h +err_all.o: ../../include/openssl/x509.h ../../include/openssl/x509_vfy.h +err_all.o: ../../include/openssl/x509v3.h err_all.c err_prn.o: ../../e_os.h ../../include/openssl/bio.h err_prn.o: ../../include/openssl/buffer.h ../../include/openssl/crypto.h err_prn.o: ../../include/openssl/e_os2.h ../../include/openssl/err.h diff --git a/crypto/evp/Makefile.ssl b/crypto/evp/Makefile.ssl index 2d51730d2d..3151dc8dd5 100644 --- a/crypto/evp/Makefile.ssl +++ b/crypto/evp/Makefile.ssl @@ -149,10 +149,12 @@ c_all.o: ../../include/openssl/err.h ../../include/openssl/evp.h c_all.o: ../../include/openssl/lhash.h ../../include/openssl/obj_mac.h c_all.o: ../../include/openssl/objects.h ../../include/openssl/opensslconf.h c_all.o: ../../include/openssl/opensslv.h ../../include/openssl/ossl_typ.h -c_all.o: ../../include/openssl/rand.h ../../include/openssl/rsa.h -c_all.o: ../../include/openssl/safestack.h ../../include/openssl/stack.h -c_all.o: ../../include/openssl/symhacks.h ../../include/openssl/ui.h -c_all.o: ../cryptlib.h c_all.c +c_all.o: ../../include/openssl/pkcs7.h ../../include/openssl/rand.h +c_all.o: ../../include/openssl/rsa.h ../../include/openssl/safestack.h +c_all.o: ../../include/openssl/sha.h ../../include/openssl/stack.h +c_all.o: ../../include/openssl/store.h ../../include/openssl/symhacks.h +c_all.o: ../../include/openssl/ui.h ../../include/openssl/x509.h +c_all.o: ../../include/openssl/x509_vfy.h ../cryptlib.h c_all.c c_allc.o: ../../e_os.h ../../include/openssl/asn1.h ../../include/openssl/bio.h c_allc.o: ../../include/openssl/bn.h ../../include/openssl/buffer.h c_allc.o: ../../include/openssl/crypto.h ../../include/openssl/dh.h @@ -193,10 +195,12 @@ digest.o: ../../include/openssl/err.h ../../include/openssl/evp.h digest.o: ../../include/openssl/lhash.h ../../include/openssl/obj_mac.h digest.o: ../../include/openssl/objects.h ../../include/openssl/opensslconf.h digest.o: ../../include/openssl/opensslv.h ../../include/openssl/ossl_typ.h -digest.o: ../../include/openssl/rand.h ../../include/openssl/rsa.h -digest.o: ../../include/openssl/safestack.h ../../include/openssl/stack.h -digest.o: ../../include/openssl/symhacks.h ../../include/openssl/ui.h -digest.o: ../cryptlib.h digest.c +digest.o: ../../include/openssl/pkcs7.h ../../include/openssl/rand.h +digest.o: ../../include/openssl/rsa.h ../../include/openssl/safestack.h +digest.o: ../../include/openssl/sha.h ../../include/openssl/stack.h +digest.o: ../../include/openssl/store.h ../../include/openssl/symhacks.h +digest.o: ../../include/openssl/ui.h ../../include/openssl/x509.h +digest.o: ../../include/openssl/x509_vfy.h ../cryptlib.h digest.c e_aes.o: ../../include/openssl/aes.h ../../include/openssl/asn1.h e_aes.o: ../../include/openssl/bio.h ../../include/openssl/bn.h e_aes.o: ../../include/openssl/crypto.h ../../include/openssl/e_os2.h @@ -338,10 +342,13 @@ evp_enc.o: ../../include/openssl/engine.h ../../include/openssl/err.h evp_enc.o: ../../include/openssl/evp.h ../../include/openssl/lhash.h evp_enc.o: ../../include/openssl/obj_mac.h ../../include/openssl/objects.h evp_enc.o: ../../include/openssl/opensslconf.h ../../include/openssl/opensslv.h -evp_enc.o: ../../include/openssl/ossl_typ.h ../../include/openssl/rand.h -evp_enc.o: ../../include/openssl/rsa.h ../../include/openssl/safestack.h -evp_enc.o: ../../include/openssl/stack.h ../../include/openssl/symhacks.h -evp_enc.o: ../../include/openssl/ui.h ../cryptlib.h evp_enc.c evp_locl.h +evp_enc.o: ../../include/openssl/ossl_typ.h ../../include/openssl/pkcs7.h +evp_enc.o: ../../include/openssl/rand.h ../../include/openssl/rsa.h +evp_enc.o: ../../include/openssl/safestack.h ../../include/openssl/sha.h +evp_enc.o: ../../include/openssl/stack.h ../../include/openssl/store.h +evp_enc.o: ../../include/openssl/symhacks.h ../../include/openssl/ui.h +evp_enc.o: ../../include/openssl/x509.h ../../include/openssl/x509_vfy.h +evp_enc.o: ../cryptlib.h evp_enc.c evp_locl.h evp_err.o: ../../include/openssl/asn1.h ../../include/openssl/bio.h evp_err.o: ../../include/openssl/bn.h ../../include/openssl/crypto.h evp_err.o: ../../include/openssl/e_os2.h ../../include/openssl/err.h diff --git a/crypto/rand/Makefile.ssl b/crypto/rand/Makefile.ssl index 0c5bde3811..3065234e21 100644 --- a/crypto/rand/Makefile.ssl +++ b/crypto/rand/Makefile.ssl @@ -108,12 +108,16 @@ rand_lib.o: ../../include/openssl/dh.h ../../include/openssl/dsa.h rand_lib.o: ../../include/openssl/e_os2.h ../../include/openssl/ec.h rand_lib.o: ../../include/openssl/ecdh.h ../../include/openssl/ecdsa.h rand_lib.o: ../../include/openssl/engine.h ../../include/openssl/err.h -rand_lib.o: ../../include/openssl/lhash.h ../../include/openssl/opensslconf.h +rand_lib.o: ../../include/openssl/evp.h ../../include/openssl/lhash.h +rand_lib.o: ../../include/openssl/obj_mac.h ../../include/openssl/objects.h +rand_lib.o: ../../include/openssl/opensslconf.h rand_lib.o: ../../include/openssl/opensslv.h ../../include/openssl/ossl_typ.h -rand_lib.o: ../../include/openssl/rand.h ../../include/openssl/rsa.h -rand_lib.o: ../../include/openssl/safestack.h ../../include/openssl/stack.h -rand_lib.o: ../../include/openssl/symhacks.h ../../include/openssl/ui.h -rand_lib.o: ../cryptlib.h rand_lib.c +rand_lib.o: ../../include/openssl/pkcs7.h ../../include/openssl/rand.h +rand_lib.o: ../../include/openssl/rsa.h ../../include/openssl/safestack.h +rand_lib.o: ../../include/openssl/sha.h ../../include/openssl/stack.h +rand_lib.o: ../../include/openssl/store.h ../../include/openssl/symhacks.h +rand_lib.o: ../../include/openssl/ui.h ../../include/openssl/x509.h +rand_lib.o: ../../include/openssl/x509_vfy.h ../cryptlib.h rand_lib.c rand_os2.o: ../../e_os.h ../../include/openssl/asn1.h rand_os2.o: ../../include/openssl/bio.h ../../include/openssl/bn.h rand_os2.o: ../../include/openssl/buffer.h ../../include/openssl/crypto.h diff --git a/crypto/rsa/Makefile.ssl b/crypto/rsa/Makefile.ssl index cd7f94deb8..da7c98cec7 100644 --- a/crypto/rsa/Makefile.ssl +++ b/crypto/rsa/Makefile.ssl @@ -143,11 +143,15 @@ rsa_lib.o: ../../include/openssl/dh.h ../../include/openssl/dsa.h rsa_lib.o: ../../include/openssl/e_os2.h ../../include/openssl/ec.h rsa_lib.o: ../../include/openssl/ecdh.h ../../include/openssl/ecdsa.h rsa_lib.o: ../../include/openssl/engine.h ../../include/openssl/err.h -rsa_lib.o: ../../include/openssl/lhash.h ../../include/openssl/opensslconf.h -rsa_lib.o: ../../include/openssl/opensslv.h ../../include/openssl/ossl_typ.h +rsa_lib.o: ../../include/openssl/evp.h ../../include/openssl/lhash.h +rsa_lib.o: ../../include/openssl/obj_mac.h ../../include/openssl/objects.h +rsa_lib.o: ../../include/openssl/opensslconf.h ../../include/openssl/opensslv.h +rsa_lib.o: ../../include/openssl/ossl_typ.h ../../include/openssl/pkcs7.h rsa_lib.o: ../../include/openssl/rand.h ../../include/openssl/rsa.h -rsa_lib.o: ../../include/openssl/safestack.h ../../include/openssl/stack.h +rsa_lib.o: ../../include/openssl/safestack.h ../../include/openssl/sha.h +rsa_lib.o: ../../include/openssl/stack.h ../../include/openssl/store.h rsa_lib.o: ../../include/openssl/symhacks.h ../../include/openssl/ui.h +rsa_lib.o: ../../include/openssl/x509.h ../../include/openssl/x509_vfy.h rsa_lib.o: ../cryptlib.h rsa_lib.c rsa_none.o: ../../e_os.h ../../include/openssl/asn1.h rsa_none.o: ../../include/openssl/bio.h ../../include/openssl/bn.h diff --git a/crypto/stack/safestack.h b/crypto/stack/safestack.h index ce4bf35389..3110e50a84 100644 --- a/crypto/stack/safestack.h +++ b/crypto/stack/safestack.h @@ -1065,6 +1065,27 @@ STACK_OF(type) \ #define sk_SSL_COMP_pop(st) SKM_sk_pop(SSL_COMP, (st)) #define sk_SSL_COMP_sort(st) SKM_sk_sort(SSL_COMP, (st)) +#define sk_STORE_OBJECT_new(st) SKM_sk_new(STORE_OBJECT, (st)) +#define sk_STORE_OBJECT_new_null() SKM_sk_new_null(STORE_OBJECT) +#define sk_STORE_OBJECT_free(st) SKM_sk_free(STORE_OBJECT, (st)) +#define sk_STORE_OBJECT_num(st) SKM_sk_num(STORE_OBJECT, (st)) +#define sk_STORE_OBJECT_value(st, i) SKM_sk_value(STORE_OBJECT, (st), (i)) +#define sk_STORE_OBJECT_set(st, i, val) SKM_sk_set(STORE_OBJECT, (st), (i), (val)) +#define sk_STORE_OBJECT_zero(st) SKM_sk_zero(STORE_OBJECT, (st)) +#define sk_STORE_OBJECT_push(st, val) SKM_sk_push(STORE_OBJECT, (st), (val)) +#define sk_STORE_OBJECT_unshift(st, val) SKM_sk_unshift(STORE_OBJECT, (st), (val)) +#define sk_STORE_OBJECT_find(st, val) SKM_sk_find(STORE_OBJECT, (st), (val)) +#define sk_STORE_OBJECT_find_ex(st, val) SKM_sk_find_ex(STORE_OBJECT, (st), (val)) +#define sk_STORE_OBJECT_delete(st, i) SKM_sk_delete(STORE_OBJECT, (st), (i)) +#define sk_STORE_OBJECT_delete_ptr(st, ptr) SKM_sk_delete_ptr(STORE_OBJECT, (st), (ptr)) +#define sk_STORE_OBJECT_insert(st, val, i) SKM_sk_insert(STORE_OBJECT, (st), (val), (i)) +#define sk_STORE_OBJECT_set_cmp_func(st, cmp) SKM_sk_set_cmp_func(STORE_OBJECT, (st), (cmp)) +#define sk_STORE_OBJECT_dup(st) SKM_sk_dup(STORE_OBJECT, st) +#define sk_STORE_OBJECT_pop_free(st, free_func) SKM_sk_pop_free(STORE_OBJECT, (st), (free_func)) +#define sk_STORE_OBJECT_shift(st) SKM_sk_shift(STORE_OBJECT, (st)) +#define sk_STORE_OBJECT_pop(st) SKM_sk_pop(STORE_OBJECT, (st)) +#define sk_STORE_OBJECT_sort(st) SKM_sk_sort(STORE_OBJECT, (st)) + #define sk_SXNETID_new(st) SKM_sk_new(SXNETID, (st)) #define sk_SXNETID_new_null() SKM_sk_new_null(SXNETID) #define sk_SXNETID_free(st) SKM_sk_free(SXNETID, (st)) diff --git a/crypto/store/Makefile.ssl b/crypto/store/Makefile.ssl index 2d81355049..3bfb2a619d 100644 --- a/crypto/store/Makefile.ssl +++ b/crypto/store/Makefile.ssl @@ -116,15 +116,16 @@ str_mem.o: ../../include/openssl/bn.h ../../include/openssl/buffer.h str_mem.o: ../../include/openssl/crypto.h ../../include/openssl/dh.h str_mem.o: ../../include/openssl/dsa.h ../../include/openssl/e_os2.h str_mem.o: ../../include/openssl/ec.h ../../include/openssl/ecdh.h -str_mem.o: ../../include/openssl/ecdsa.h ../../include/openssl/evp.h -str_mem.o: ../../include/openssl/lhash.h ../../include/openssl/obj_mac.h -str_mem.o: ../../include/openssl/objects.h ../../include/openssl/opensslconf.h -str_mem.o: ../../include/openssl/opensslv.h ../../include/openssl/ossl_typ.h -str_mem.o: ../../include/openssl/pkcs7.h ../../include/openssl/rsa.h -str_mem.o: ../../include/openssl/safestack.h ../../include/openssl/sha.h -str_mem.o: ../../include/openssl/stack.h ../../include/openssl/store.h -str_mem.o: ../../include/openssl/symhacks.h ../../include/openssl/x509.h -str_mem.o: ../../include/openssl/x509_vfy.h str_locl.h str_mem.c +str_mem.o: ../../include/openssl/ecdsa.h ../../include/openssl/err.h +str_mem.o: ../../include/openssl/evp.h ../../include/openssl/lhash.h +str_mem.o: ../../include/openssl/obj_mac.h ../../include/openssl/objects.h +str_mem.o: ../../include/openssl/opensslconf.h ../../include/openssl/opensslv.h +str_mem.o: ../../include/openssl/ossl_typ.h ../../include/openssl/pkcs7.h +str_mem.o: ../../include/openssl/rsa.h ../../include/openssl/safestack.h +str_mem.o: ../../include/openssl/sha.h ../../include/openssl/stack.h +str_mem.o: ../../include/openssl/store.h ../../include/openssl/symhacks.h +str_mem.o: ../../include/openssl/x509.h ../../include/openssl/x509_vfy.h +str_mem.o: str_locl.h str_mem.c str_meth.o: ../../include/openssl/asn1.h ../../include/openssl/bio.h str_meth.o: ../../include/openssl/bn.h ../../include/openssl/buffer.h str_meth.o: ../../include/openssl/crypto.h ../../include/openssl/dh.h diff --git a/crypto/store/store.h b/crypto/store/store.h index f99a26414d..3a334b0de2 100644 --- a/crypto/store/store.h +++ b/crypto/store/store.h @@ -421,15 +421,19 @@ void ERR_load_STORE_strings(void); #define STORE_F_STORE_GET_PRIVATE_KEY 112 #define STORE_F_STORE_GET_PUBLIC_KEY 113 #define STORE_F_STORE_LIST_CERTIFICATE_END 114 +#define STORE_F_STORE_LIST_CERTIFICATE_ENDP 153 #define STORE_F_STORE_LIST_CERTIFICATE_NEXT 115 #define STORE_F_STORE_LIST_CERTIFICATE_START 116 #define STORE_F_STORE_LIST_CRL_END 117 +#define STORE_F_STORE_LIST_CRL_ENDP 154 #define STORE_F_STORE_LIST_CRL_NEXT 118 #define STORE_F_STORE_LIST_CRL_START 119 #define STORE_F_STORE_LIST_PRIVATE_KEY_END 120 +#define STORE_F_STORE_LIST_PRIVATE_KEY_ENDP 155 #define STORE_F_STORE_LIST_PRIVATE_KEY_NEXT 121 #define STORE_F_STORE_LIST_PRIVATE_KEY_START 122 #define STORE_F_STORE_LIST_PUBLIC_KEY_END 123 +#define STORE_F_STORE_LIST_PUBLIC_KEY_ENDP 156 #define STORE_F_STORE_LIST_PUBLIC_KEY_NEXT 124 #define STORE_F_STORE_LIST_PUBLIC_KEY_START 125 #define STORE_F_STORE_NEW_ENGINE 133 @@ -467,6 +471,7 @@ void ERR_load_STORE_strings(void); #define STORE_R_NO_GENERATE_OBJECT_FUNCTION 118 #define STORE_R_NO_GET_OBJECT_FUNCTION 119 #define STORE_R_NO_GET_OBJECT_NUMBER_FUNCTION 120 +#define STORE_R_NO_LIST_OBJECT_ENDP_FUNCTION 131 #define STORE_R_NO_LIST_OBJECT_END_FUNCTION 121 #define STORE_R_NO_LIST_OBJECT_NEXT_FUNCTION 122 #define STORE_R_NO_LIST_OBJECT_START_FUNCTION 123 diff --git a/crypto/store/str_err.c b/crypto/store/str_err.c index ac88dff0e1..2ef7f9277c 100644 --- a/crypto/store/str_err.c +++ b/crypto/store/str_err.c @@ -98,21 +98,25 @@ static ERR_STRING_DATA STORE_str_functs[]= {ERR_PACK(0,STORE_F_STORE_GET_PRIVATE_KEY,0), "STORE_get_private_key"}, {ERR_PACK(0,STORE_F_STORE_GET_PUBLIC_KEY,0), "STORE_get_public_key"}, {ERR_PACK(0,STORE_F_STORE_LIST_CERTIFICATE_END,0), "STORE_list_certificate_end"}, +{ERR_PACK(0,STORE_F_STORE_LIST_CERTIFICATE_ENDP,0), "STORE_list_certificate_endp"}, {ERR_PACK(0,STORE_F_STORE_LIST_CERTIFICATE_NEXT,0), "STORE_list_certificate_next"}, {ERR_PACK(0,STORE_F_STORE_LIST_CERTIFICATE_START,0), "STORE_list_certificate_start"}, {ERR_PACK(0,STORE_F_STORE_LIST_CRL_END,0), "STORE_list_crl_end"}, +{ERR_PACK(0,STORE_F_STORE_LIST_CRL_ENDP,0), "STORE_list_crl_endp"}, {ERR_PACK(0,STORE_F_STORE_LIST_CRL_NEXT,0), "STORE_list_crl_next"}, {ERR_PACK(0,STORE_F_STORE_LIST_CRL_START,0), "STORE_list_crl_start"}, {ERR_PACK(0,STORE_F_STORE_LIST_PRIVATE_KEY_END,0), "STORE_list_private_key_end"}, +{ERR_PACK(0,STORE_F_STORE_LIST_PRIVATE_KEY_ENDP,0), "STORE_list_private_key_endp"}, {ERR_PACK(0,STORE_F_STORE_LIST_PRIVATE_KEY_NEXT,0), "STORE_list_private_key_next"}, {ERR_PACK(0,STORE_F_STORE_LIST_PRIVATE_KEY_START,0), "STORE_list_private_key_start"}, {ERR_PACK(0,STORE_F_STORE_LIST_PUBLIC_KEY_END,0), "STORE_list_public_key_end"}, +{ERR_PACK(0,STORE_F_STORE_LIST_PUBLIC_KEY_ENDP,0), "STORE_list_public_key_endp"}, {ERR_PACK(0,STORE_F_STORE_LIST_PUBLIC_KEY_NEXT,0), "STORE_list_public_key_next"}, {ERR_PACK(0,STORE_F_STORE_LIST_PUBLIC_KEY_START,0), "STORE_list_public_key_start"}, {ERR_PACK(0,STORE_F_STORE_NEW_ENGINE,0), "STORE_NEW_ENGINE"}, {ERR_PACK(0,STORE_F_STORE_NEW_METHOD,0), "STORE_new_method"}, {ERR_PACK(0,STORE_F_STORE_NUMBER,0), "STORE_NUMBER"}, -{ERR_PACK(0,STORE_F_STORE_PARSE_ATTRS_END,0), "STORE_PARSE_ATTRS_END"}, +{ERR_PACK(0,STORE_F_STORE_PARSE_ATTRS_END,0), "STORE_parse_attrs_end"}, {ERR_PACK(0,STORE_F_STORE_PARSE_ATTRS_NEXT,0), "STORE_parse_attrs_next"}, {ERR_PACK(0,STORE_F_STORE_PRIVATE_KEY,0), "STORE_PRIVATE_KEY"}, {ERR_PACK(0,STORE_F_STORE_PUBLIC_KEY,0), "STORE_PUBLIC_KEY"}, @@ -147,6 +151,7 @@ static ERR_STRING_DATA STORE_str_reasons[]= {STORE_R_NO_GENERATE_OBJECT_FUNCTION ,"no generate object function"}, {STORE_R_NO_GET_OBJECT_FUNCTION ,"no get object function"}, {STORE_R_NO_GET_OBJECT_NUMBER_FUNCTION ,"no get object number function"}, +{STORE_R_NO_LIST_OBJECT_ENDP_FUNCTION ,"no list object endp function"}, {STORE_R_NO_LIST_OBJECT_END_FUNCTION ,"no list object end function"}, {STORE_R_NO_LIST_OBJECT_NEXT_FUNCTION ,"no list object next function"}, {STORE_R_NO_LIST_OBJECT_START_FUNCTION ,"no list object start function"}, diff --git a/test/Makefile.ssl b/test/Makefile.ssl index 15247879c2..b2cb08b477 100644 --- a/test/Makefile.ssl +++ b/test/Makefile.ssl @@ -830,55 +830,69 @@ ecdhtest.o: ../include/openssl/rand.h ../include/openssl/safestack.h ecdhtest.o: ../include/openssl/sha.h ../include/openssl/stack.h ecdhtest.o: ../include/openssl/symhacks.h ecdhtest.c ecdsatest.o: ../include/openssl/asn1.h ../include/openssl/bio.h -ecdsatest.o: ../include/openssl/bn.h ../include/openssl/crypto.h -ecdsatest.o: ../include/openssl/dh.h ../include/openssl/dsa.h -ecdsatest.o: ../include/openssl/e_os2.h ../include/openssl/ec.h -ecdsatest.o: ../include/openssl/ecdh.h ../include/openssl/ecdsa.h -ecdsatest.o: ../include/openssl/engine.h ../include/openssl/err.h -ecdsatest.o: ../include/openssl/evp.h ../include/openssl/lhash.h -ecdsatest.o: ../include/openssl/obj_mac.h ../include/openssl/objects.h -ecdsatest.o: ../include/openssl/opensslconf.h ../include/openssl/opensslv.h -ecdsatest.o: ../include/openssl/ossl_typ.h ../include/openssl/rand.h +ecdsatest.o: ../include/openssl/bn.h ../include/openssl/buffer.h +ecdsatest.o: ../include/openssl/crypto.h ../include/openssl/dh.h +ecdsatest.o: ../include/openssl/dsa.h ../include/openssl/e_os2.h +ecdsatest.o: ../include/openssl/ec.h ../include/openssl/ecdh.h +ecdsatest.o: ../include/openssl/ecdsa.h ../include/openssl/engine.h +ecdsatest.o: ../include/openssl/err.h ../include/openssl/evp.h +ecdsatest.o: ../include/openssl/lhash.h ../include/openssl/obj_mac.h +ecdsatest.o: ../include/openssl/objects.h ../include/openssl/opensslconf.h +ecdsatest.o: ../include/openssl/opensslv.h ../include/openssl/ossl_typ.h +ecdsatest.o: ../include/openssl/pkcs7.h ../include/openssl/rand.h ecdsatest.o: ../include/openssl/rsa.h ../include/openssl/safestack.h -ecdsatest.o: ../include/openssl/stack.h ../include/openssl/symhacks.h -ecdsatest.o: ../include/openssl/ui.h ecdsatest.c +ecdsatest.o: ../include/openssl/sha.h ../include/openssl/stack.h +ecdsatest.o: ../include/openssl/store.h ../include/openssl/symhacks.h +ecdsatest.o: ../include/openssl/ui.h ../include/openssl/x509.h +ecdsatest.o: ../include/openssl/x509_vfy.h ecdsatest.c ectest.o: ../e_os.h ../include/openssl/asn1.h ../include/openssl/bio.h -ectest.o: ../include/openssl/bn.h ../include/openssl/crypto.h -ectest.o: ../include/openssl/dh.h ../include/openssl/dsa.h -ectest.o: ../include/openssl/e_os2.h ../include/openssl/ec.h -ectest.o: ../include/openssl/ecdh.h ../include/openssl/ecdsa.h -ectest.o: ../include/openssl/engine.h ../include/openssl/err.h +ectest.o: ../include/openssl/bn.h ../include/openssl/buffer.h +ectest.o: ../include/openssl/crypto.h ../include/openssl/dh.h +ectest.o: ../include/openssl/dsa.h ../include/openssl/e_os2.h +ectest.o: ../include/openssl/ec.h ../include/openssl/ecdh.h +ectest.o: ../include/openssl/ecdsa.h ../include/openssl/engine.h +ectest.o: ../include/openssl/err.h ../include/openssl/evp.h ectest.o: ../include/openssl/lhash.h ../include/openssl/obj_mac.h ectest.o: ../include/openssl/objects.h ../include/openssl/opensslconf.h ectest.o: ../include/openssl/opensslv.h ../include/openssl/ossl_typ.h -ectest.o: ../include/openssl/rand.h ../include/openssl/rsa.h -ectest.o: ../include/openssl/safestack.h ../include/openssl/stack.h -ectest.o: ../include/openssl/symhacks.h ../include/openssl/ui.h ectest.c +ectest.o: ../include/openssl/pkcs7.h ../include/openssl/rand.h +ectest.o: ../include/openssl/rsa.h ../include/openssl/safestack.h +ectest.o: ../include/openssl/sha.h ../include/openssl/stack.h +ectest.o: ../include/openssl/store.h ../include/openssl/symhacks.h +ectest.o: ../include/openssl/ui.h ../include/openssl/x509.h +ectest.o: ../include/openssl/x509_vfy.h ectest.c enginetest.o: ../include/openssl/asn1.h ../include/openssl/bio.h enginetest.o: ../include/openssl/bn.h ../include/openssl/buffer.h enginetest.o: ../include/openssl/crypto.h ../include/openssl/dh.h enginetest.o: ../include/openssl/dsa.h ../include/openssl/e_os2.h enginetest.o: ../include/openssl/ec.h ../include/openssl/ecdh.h enginetest.o: ../include/openssl/ecdsa.h ../include/openssl/engine.h -enginetest.o: ../include/openssl/err.h ../include/openssl/lhash.h -enginetest.o: ../include/openssl/opensslconf.h ../include/openssl/opensslv.h -enginetest.o: ../include/openssl/ossl_typ.h ../include/openssl/rand.h +enginetest.o: ../include/openssl/err.h ../include/openssl/evp.h +enginetest.o: ../include/openssl/lhash.h ../include/openssl/obj_mac.h +enginetest.o: ../include/openssl/objects.h ../include/openssl/opensslconf.h +enginetest.o: ../include/openssl/opensslv.h ../include/openssl/ossl_typ.h +enginetest.o: ../include/openssl/pkcs7.h ../include/openssl/rand.h enginetest.o: ../include/openssl/rsa.h ../include/openssl/safestack.h -enginetest.o: ../include/openssl/stack.h ../include/openssl/symhacks.h -enginetest.o: ../include/openssl/ui.h enginetest.c +enginetest.o: ../include/openssl/sha.h ../include/openssl/stack.h +enginetest.o: ../include/openssl/store.h ../include/openssl/symhacks.h +enginetest.o: ../include/openssl/ui.h ../include/openssl/x509.h +enginetest.o: ../include/openssl/x509_vfy.h enginetest.c evp_test.o: ../e_os.h ../include/openssl/asn1.h ../include/openssl/bio.h -evp_test.o: ../include/openssl/bn.h ../include/openssl/conf.h -evp_test.o: ../include/openssl/crypto.h ../include/openssl/dh.h -evp_test.o: ../include/openssl/dsa.h ../include/openssl/e_os2.h -evp_test.o: ../include/openssl/ec.h ../include/openssl/ecdh.h -evp_test.o: ../include/openssl/ecdsa.h ../include/openssl/engine.h -evp_test.o: ../include/openssl/err.h ../include/openssl/evp.h -evp_test.o: ../include/openssl/lhash.h ../include/openssl/obj_mac.h -evp_test.o: ../include/openssl/objects.h ../include/openssl/opensslconf.h -evp_test.o: ../include/openssl/opensslv.h ../include/openssl/ossl_typ.h +evp_test.o: ../include/openssl/bn.h ../include/openssl/buffer.h +evp_test.o: ../include/openssl/conf.h ../include/openssl/crypto.h +evp_test.o: ../include/openssl/dh.h ../include/openssl/dsa.h +evp_test.o: ../include/openssl/e_os2.h ../include/openssl/ec.h +evp_test.o: ../include/openssl/ecdh.h ../include/openssl/ecdsa.h +evp_test.o: ../include/openssl/engine.h ../include/openssl/err.h +evp_test.o: ../include/openssl/evp.h ../include/openssl/lhash.h +evp_test.o: ../include/openssl/obj_mac.h ../include/openssl/objects.h +evp_test.o: ../include/openssl/opensslconf.h ../include/openssl/opensslv.h +evp_test.o: ../include/openssl/ossl_typ.h ../include/openssl/pkcs7.h evp_test.o: ../include/openssl/rand.h ../include/openssl/rsa.h -evp_test.o: ../include/openssl/safestack.h ../include/openssl/stack.h -evp_test.o: ../include/openssl/symhacks.h ../include/openssl/ui.h evp_test.c +evp_test.o: ../include/openssl/safestack.h ../include/openssl/sha.h +evp_test.o: ../include/openssl/stack.h ../include/openssl/store.h +evp_test.o: ../include/openssl/symhacks.h ../include/openssl/ui.h +evp_test.o: ../include/openssl/x509.h ../include/openssl/x509_vfy.h evp_test.c exptest.o: ../e_os.h ../include/openssl/bio.h ../include/openssl/bn.h exptest.o: ../include/openssl/crypto.h ../include/openssl/e_os2.h exptest.o: ../include/openssl/err.h ../include/openssl/lhash.h @@ -988,6 +1002,6 @@ ssltest.o: ../include/openssl/rsa.h ../include/openssl/safestack.h ssltest.o: ../include/openssl/sha.h ../include/openssl/ssl.h ssltest.o: ../include/openssl/ssl2.h ../include/openssl/ssl23.h ssltest.o: ../include/openssl/ssl3.h ../include/openssl/stack.h -ssltest.o: ../include/openssl/symhacks.h ../include/openssl/tls1.h -ssltest.o: ../include/openssl/ui.h ../include/openssl/x509.h -ssltest.o: ../include/openssl/x509_vfy.h ssltest.c +ssltest.o: ../include/openssl/store.h ../include/openssl/symhacks.h +ssltest.o: ../include/openssl/tls1.h ../include/openssl/ui.h +ssltest.o: ../include/openssl/x509.h ../include/openssl/x509_vfy.h ssltest.c diff --git a/util/libeay.num b/util/libeay.num index 32389b6241..a95a12a461 100755 --- a/util/libeay.num +++ b/util/libeay.num @@ -3026,3 +3026,116 @@ sk_find_ex 3455 EXIST::FUNCTION: OBJ_bsearch_ex 3456 EXIST::FUNCTION: BUF_memdup 3457 EXIST::FUNCTION: BUF_strndup 3458 EXIST::FUNCTION: +ENGINE_set_STORE 3459 EXIST::FUNCTION:ENGINE +STORE_method_set_list_start_function 3460 EXIST::FUNCTION: +STORE_ATTR_INFO_set_number 3461 EXIST::FUNCTION: +STORE_parse_attrs_start 3462 EXIST::FUNCTION: +STORE_set_method 3463 EXIST::FUNCTION: +STORE_method_get_update_store_function 3464 EXIST::FUNCTION: +STORE_modify_certificate 3465 EXIST::FUNCTION: +STORE_ATTR_INFO_modify_number 3466 EXIST::FUNCTION: +STORE_list_public_key_endp 3467 EXIST::FUNCTION: +STORE_method_set_initialise_function 3468 EXIST::FUNCTION: +STORE_ATTR_INFO_set_dn 3469 EXIST::FUNCTION: +STORE_destroy_method 3470 EXIST::FUNCTION: +ENGINE_unregister_STORE 3471 EXIST::FUNCTION:ENGINE +STORE_ATTR_INFO_get0_number 3472 EXIST::FUNCTION: +STORE_delete_public_key 3473 EXIST::FUNCTION: +STORE_get_public_key 3474 EXIST::FUNCTION: +STORE_get_method 3475 EXIST::FUNCTION: +STORE_parse_attrs_end 3476 EXIST::FUNCTION: +STORE_method_set_store_function 3477 EXIST::FUNCTION: +STORE_ATTR_INFO_in 3478 EXIST::FUNCTION: +STORE_get_number 3479 EXIST::FUNCTION: +STORE_method_set_list_next_function 3480 EXIST::FUNCTION: +STORE_method_get_generate_function 3481 EXIST::FUNCTION: +STORE_method_set_list_end_function 3482 EXIST::FUNCTION: +STORE_list_public_key_start 3483 EXIST::FUNCTION: +STORE_list_crl_endp 3484 EXIST::FUNCTION: +STORE_list_crl_end 3485 EXIST::FUNCTION: +STORE_method_set_ctrl_function 3486 EXIST::FUNCTION: +STORE_list_public_key_end 3487 EXIST::FUNCTION: +STORE_store_crl 3488 EXIST::FUNCTION: +STORE_ctrl 3489 EXIST::FUNCTION: +STORE_ATTR_INFO_compare 3490 EXIST::FUNCTION: +STORE_method_set_generate_function 3491 EXIST::FUNCTION: +STORE_ATTR_INFO_set_cstr 3492 EXIST::FUNCTION: +STORE_list_crl_next 3493 EXIST::FUNCTION: +STORE_method_set_delete_function 3494 EXIST::FUNCTION: +STORE_list_certificate_next 3495 EXIST::FUNCTION: +STORE_method_get_list_next_function 3496 EXIST::FUNCTION: +STORE_ATTR_INFO_get0_dn 3497 EXIST::FUNCTION: +STORE_list_private_key_next 3498 EXIST::FUNCTION: +STORE_ATTR_INFO_free 3499 EXIST::FUNCTION: +STORE_get_private_key 3500 EXIST::FUNCTION: +STORE_ATTR_INFO_new 3501 EXIST::FUNCTION: +STORE_method_set_revoke_function 3502 EXIST::FUNCTION: +STORE_store_number 3503 EXIST::FUNCTION: +STORE_revoke_public_key 3504 EXIST::FUNCTION: +STORE_list_certificate_start 3505 EXIST::FUNCTION: +ERR_load_STORE_strings 3506 EXIST::FUNCTION: +STORE_list_private_key_end 3507 EXIST::FUNCTION: +STORE_modify_private_key 3508 EXIST::FUNCTION: +STORE_method_set_modify_function 3509 EXIST::FUNCTION: +STORE_parse_attrs_next 3510 EXIST::FUNCTION: +STORE_method_get_revoke_function 3511 EXIST::FUNCTION: +STORE_method_set_get_function 3512 EXIST::FUNCTION: +STORE_modify_number 3513 EXIST::FUNCTION: +STORE_method_get_store_function 3514 EXIST::FUNCTION: +STORE_store_private_key 3515 EXIST::FUNCTION: +STORE_Memory 3516 EXIST::FUNCTION: +STORE_method_get_get_function 3517 EXIST::FUNCTION: +STORE_method_set_cleanup_function 3518 EXIST::FUNCTION: +STORE_method_get_lock_store_function 3519 EXIST::FUNCTION: +STORE_method_set_update_store_function 3520 EXIST::FUNCTION: +STORE_delete_private_key 3521 EXIST::FUNCTION: +ENGINE_register_all_STORE 3522 EXIST::FUNCTION:ENGINE +STORE_ATTR_INFO_modify_cstr 3523 EXIST::FUNCTION: +STORE_generate_crl 3524 EXIST::FUNCTION: +STORE_store_public_key 3525 EXIST::FUNCTION: +STORE_Directory 3526 EXIST::FUNCTION: +STORE_revoke_private_key 3527 EXIST::FUNCTION: +STORE_ATTR_INFO_modify_dn 3528 EXIST::FUNCTION: +STORE_method_get_initialise_function 3529 EXIST::FUNCTION: +STORE_delete_number 3530 EXIST::FUNCTION: +STORE_ATTR_INFO_in_ex 3531 EXIST::FUNCTION: +STORE_list_crl_start 3532 EXIST::FUNCTION: +STORE_method_get_modify_function 3533 EXIST::FUNCTION: +STORE_store_certificate 3534 EXIST::FUNCTION: +STORE_ATTR_INFO_set_sha1str 3535 EXIST::FUNCTION: +STORE_modify_public_key 3536 EXIST::FUNCTION: +STORE_method_get_list_start_function 3537 EXIST::FUNCTION: +STORE_method_set_unlock_store_function 3538 EXIST::FUNCTION: +STORE_create_method 3539 EXIST::FUNCTION: +STORE_generate_key 3540 EXIST::FUNCTION: +STORE_delete_crl 3541 EXIST::FUNCTION: +STORE_revoke_certificate 3542 EXIST::FUNCTION: +STORE_method_get_delete_function 3543 EXIST::FUNCTION: +STORE_parse_attrs_endp 3544 EXIST::FUNCTION: +STORE_list_public_key_next 3545 EXIST::FUNCTION: +STORE_OBJECT_free 3546 EXIST::FUNCTION: +STORE_ATTR_INFO_get0_sha1str 3547 EXIST::FUNCTION: +STORE_ATTR_INFO_get0_cstr 3548 EXIST::FUNCTION: +STORE_get_ex_new_index 3549 EXIST::FUNCTION: +STORE_File 3550 EXIST::FUNCTION: +ENGINE_get_STORE 3551 EXIST::FUNCTION:ENGINE +STORE_get_certificate 3552 EXIST::FUNCTION: +STORE_delete_certificate 3553 EXIST::FUNCTION: +STORE_method_get_ctrl_function 3554 EXIST::FUNCTION: +STORE_free 3555 EXIST::FUNCTION: +STORE_method_get_unlock_store_function 3556 EXIST::FUNCTION: +STORE_get_ex_data 3557 EXIST::FUNCTION: +ENGINE_register_STORE 3558 EXIST::FUNCTION:ENGINE +STORE_modify_crl 3559 EXIST::FUNCTION: +STORE_list_private_key_start 3560 EXIST::FUNCTION: +STORE_list_private_key_endp 3561 EXIST::FUNCTION: +STORE_ATTR_INFO_modify_sha1str 3562 EXIST::FUNCTION: +STORE_method_get_cleanup_function 3563 EXIST::FUNCTION: +STORE_set_ex_data 3564 EXIST::FUNCTION: +STORE_OBJECT_new 3565 EXIST::FUNCTION: +STORE_list_certificate_end 3566 EXIST::FUNCTION: +STORE_get_crl 3567 EXIST::FUNCTION: +STORE_method_set_lock_store_function 3568 EXIST::FUNCTION: +STORE_list_certificate_endp 3569 EXIST::FUNCTION: +STORE_method_get_list_end_function 3570 EXIST::FUNCTION: +STORE_new_method 3571 EXIST::FUNCTION: From 42b2b6a2d584635a5554042aee64583f5cfd169f Mon Sep 17 00:00:00 2001 From: Richard Levitte Date: Thu, 1 May 2003 04:31:12 +0000 Subject: [PATCH 275/393] Provide some extra comments about the STORE_Memory STORE method. --- crypto/store/str_mem.c | 27 +++++++++++++++++++++++++-- 1 file changed, 25 insertions(+), 2 deletions(-) diff --git a/crypto/store/str_mem.c b/crypto/store/str_mem.c index a6ca31d66b..595f40397d 100644 --- a/crypto/store/str_mem.c +++ b/crypto/store/str_mem.c @@ -60,6 +60,22 @@ #include #include "str_locl.h" +/* The memory store is currently highly experimental. It's meant to become + a base store used by other stores for internal caching (for full caching + support, aging needs to be added). + + The database use is meant to support as much attribute association as + possible, while providing for as small search ranges as possible. + This is currently provided for by sorting the entries by numbers that + are composed of bits set at the positions indicated by attribute type + codes. This provides for ranges determined by the highest attribute + type code value. A better idea might be to sort by values computed + from the range of attributes associated with the object (basically, + the difference between the highest and lowest attribute type code) + and it's distance from a base (basically, the lowest associated + attribute type code). +*/ + struct mem_object_data_st { STORE_OBJECT *object; @@ -70,8 +86,7 @@ struct mem_object_data_st struct mem_data_st { STACK *data; /* A stack of mem_object_data_st, - potentially sorted with a wrapper - around STORE_ATTR_INFO_cmp(). */ + sorted with STORE_ATTR_INFO_compare(). */ unsigned int compute_components : 1; /* Currently unused, but can be used to add attributes from parts of the data. */ @@ -184,6 +199,14 @@ static int mem_delete(STORE *s, STORE_OBJECT_TYPES type, STOREerr(STORE_F_MEM_DELETE, STORE_R_NOT_IMPLEMENTED); return 0; } + +/* The list functions may be the hardest to nuderstand. Basically, + mem_list_start compiles a stack of attribute info elements, and + puts that stack into the context to be returned. mem_list_next + will then find the first matching element in the store, and then + walk all the way to the end of the store (since any combination + of attribute bits above the starting point may match the searched + for bit pattern...). */ static void *mem_list_start(STORE *s, STORE_OBJECT_TYPES type, OPENSSL_ITEM attributes[]) { From 7f6af7d9db1a5e5f13dc0a0b03bea166ff24c3cb Mon Sep 17 00:00:00 2001 From: Richard Levitte Date: Thu, 1 May 2003 20:15:35 +0000 Subject: [PATCH 276/393] Get the year right... --- crypto/engine/tb_store.c | 2 +- 1 file changed, 1 insertion(+), 1 deletion(-) diff --git a/crypto/engine/tb_store.c b/crypto/engine/tb_store.c index ee89133e45..1466d85a41 100644 --- a/crypto/engine/tb_store.c +++ b/crypto/engine/tb_store.c @@ -1,5 +1,5 @@ /* ==================================================================== - * Copyright (c) 2000 The OpenSSL Project. All rights reserved. + * Copyright (c) 2003 The OpenSSL Project. All rights reserved. * * Redistribution and use in source and binary forms, with or without * modification, are permitted provided that the following conditions From 5b194dfbd5bae8f3d034b712f50d824952f58ba8 Mon Sep 17 00:00:00 2001 From: Richard Levitte Date: Thu, 1 May 2003 20:44:20 +0000 Subject: [PATCH 277/393] STORE was created 2003, darnit! --- crypto/store/store.h | 2 +- crypto/store/str_locl.h | 2 +- 2 files changed, 2 insertions(+), 2 deletions(-) diff --git a/crypto/store/store.h b/crypto/store/store.h index 3a334b0de2..164165e7b0 100644 --- a/crypto/store/store.h +++ b/crypto/store/store.h @@ -1,6 +1,6 @@ /* crypto/store/store.h -*- mode:C; c-file-style: "eay" -*- */ /* Written by Richard Levitte (richard@levitte.org) for the OpenSSL - * project 2001. + * project 2003. */ /* ==================================================================== * Copyright (c) 2003 The OpenSSL Project. All rights reserved. diff --git a/crypto/store/str_locl.h b/crypto/store/str_locl.h index fac0f44b05..c8decfa87d 100644 --- a/crypto/store/str_locl.h +++ b/crypto/store/str_locl.h @@ -1,6 +1,6 @@ /* crypto/store/str_locl.h -*- mode:C; c-file-style: "eay" -*- */ /* Written by Richard Levitte (richard@levitte.org) for the OpenSSL - * project 2001. + * project 2003. */ /* ==================================================================== * Copyright (c) 2003 The OpenSSL Project. All rights reserved. From b9d7ca974892a9ee380e380f2956c747e100c614 Mon Sep 17 00:00:00 2001 From: Richard Levitte Date: Fri, 2 May 2003 07:25:54 +0000 Subject: [PATCH 278/393] It's usually best if the function name matches everywhere... --- crypto/store/str_lib.c | 2 +- 1 file changed, 1 insertion(+), 1 deletion(-) diff --git a/crypto/store/str_lib.c b/crypto/store/str_lib.c index 8383a30e19..cdba3dd115 100644 --- a/crypto/store/str_lib.c +++ b/crypto/store/str_lib.c @@ -1425,7 +1425,7 @@ int STORE_parse_attrs_endp(void *handle) return 0; } -int STORE_ATTR_INFO_cmp(STORE_ATTR_INFO *a, STORE_ATTR_INFO *b) +int STORE_ATTR_INFO_compare(STORE_ATTR_INFO *a, STORE_ATTR_INFO *b) { unsigned char *abits, *bbits; int i; From b9d2d20086c0ba7631412618974e5122af6fcb2d Mon Sep 17 00:00:00 2001 From: "Dr. Stephen Henson" Date: Fri, 2 May 2003 11:41:40 +0000 Subject: [PATCH 279/393] Make DER option work again. Fix typo. --- crypto/x509v3/v3_conf.c | 4 ++-- 1 file changed, 2 insertions(+), 2 deletions(-) diff --git a/crypto/x509v3/v3_conf.c b/crypto/x509v3/v3_conf.c index 7e813db0d7..9a89e43330 100644 --- a/crypto/x509v3/v3_conf.c +++ b/crypto/x509v3/v3_conf.c @@ -238,12 +238,12 @@ static int v3_check_generic(char **value) { int gen_type = 0; char *p = *value; - if ((strlen(p) >= 4) && !strncmp(p, "DER:,", 4)) + if ((strlen(p) >= 4) && !strncmp(p, "DER:", 4)) { p+=4; gen_type = 1; } - if ((strlen(p) >= 5) && !strncmp(p, "ASN1:,", 5)) + else if ((strlen(p) >= 5) && !strncmp(p, "ASN1:", 5)) { p+=5; gen_type = 2; From 9ee789e6c35ca51adbc44d2b7254f45d8ddaf4e2 Mon Sep 17 00:00:00 2001 From: Richard Levitte Date: Sat, 3 May 2003 06:58:08 +0000 Subject: [PATCH 280/393] Yeah, right, an object file ending with .c, that'll work! --- crypto/engine/Makefile.ssl | 2 +- 1 file changed, 1 insertion(+), 1 deletion(-) diff --git a/crypto/engine/Makefile.ssl b/crypto/engine/Makefile.ssl index 1530399328..5c1b0cf53c 100644 --- a/crypto/engine/Makefile.ssl +++ b/crypto/engine/Makefile.ssl @@ -30,7 +30,7 @@ LIBSRC= eng_err.c eng_lib.c eng_list.c eng_init.c eng_ctrl.c \ eng_openssl.c eng_cnf.c eng_dyn.c eng_cryptodev.c LIBOBJ= eng_err.o eng_lib.o eng_list.o eng_init.o eng_ctrl.o \ eng_table.o eng_pkey.o eng_fat.o eng_all.o \ - tb_rsa.o tb_dsa.o tb_ecdsa.o tb_dh.o tb_ecdh.o tb_rand.o tb_store.c \ + tb_rsa.o tb_dsa.o tb_ecdsa.o tb_dh.o tb_ecdh.o tb_rand.o tb_store.o \ tb_cipher.o tb_digest.o \ eng_openssl.o eng_cnf.o eng_dyn.o eng_cryptodev.o From 3b30121bd989bc79b8cb4a5440f55acf7442b3d2 Mon Sep 17 00:00:00 2001 From: Richard Levitte Date: Mon, 5 May 2003 13:55:18 +0000 Subject: [PATCH 281/393] Constify RSA_sign() and RSA_verify(). PR: 602 --- crypto/rsa/rsa.h | 4 ++-- crypto/rsa/rsa_sign.c | 4 ++-- 2 files changed, 4 insertions(+), 4 deletions(-) diff --git a/crypto/rsa/rsa.h b/crypto/rsa/rsa.h index 12689fc22d..84cc779d1c 100644 --- a/crypto/rsa/rsa.h +++ b/crypto/rsa/rsa.h @@ -252,9 +252,9 @@ RSA *d2i_Netscape_RSA(RSA **a, const unsigned char **pp, long length, int (*cb)( /* The following 2 functions sign and verify a X509_SIG ASN1 object * inside PKCS#1 padded RSA encryption */ int RSA_sign(int type, const unsigned char *m, unsigned int m_length, - unsigned char *sigret, unsigned int *siglen, RSA *rsa); + unsigned char *sigret, unsigned int *siglen, const RSA *rsa); int RSA_verify(int type, const unsigned char *m, unsigned int m_length, - unsigned char *sigbuf, unsigned int siglen, RSA *rsa); + unsigned char *sigbuf, unsigned int siglen, const RSA *rsa); /* The following 2 function sign and verify a ASN1_OCTET_STRING * object inside PKCS#1 padded RSA encryption */ diff --git a/crypto/rsa/rsa_sign.c b/crypto/rsa/rsa_sign.c index 02eb8136b0..1d47a3139c 100644 --- a/crypto/rsa/rsa_sign.c +++ b/crypto/rsa/rsa_sign.c @@ -67,7 +67,7 @@ #define SSL_SIG_LENGTH 36 int RSA_sign(int type, const unsigned char *m, unsigned int m_len, - unsigned char *sigret, unsigned int *siglen, RSA *rsa) + unsigned char *sigret, unsigned int *siglen, const RSA *rsa) { X509_SIG sig; ASN1_TYPE parameter; @@ -143,7 +143,7 @@ int RSA_sign(int type, const unsigned char *m, unsigned int m_len, } int RSA_verify(int dtype, const unsigned char *m, unsigned int m_len, - unsigned char *sigbuf, unsigned int siglen, RSA *rsa) + unsigned char *sigbuf, unsigned int siglen, const RSA *rsa) { int i,ret=0,sigtype; unsigned char *p,*s; From 742b139f543db9d469dca1b8679492a80c22021f Mon Sep 17 00:00:00 2001 From: Richard Levitte Date: Tue, 6 May 2003 08:02:14 +0000 Subject: [PATCH 282/393] =?UTF-8?q?Add=20the=20possibility=20to=20store=20?= =?UTF-8?q?arbitrary=20data=20in=20a=20STORE.=20Suggested=20by=20G=C3=B6tz?= =?UTF-8?q?=20Babin-Ebell=20.?= MIME-Version: 1.0 Content-Type: text/plain; charset=UTF-8 Content-Transfer-Encoding: 8bit --- crypto/store/store.h | 33 +++++++++++++++----- crypto/store/str_err.c | 9 ++++++ crypto/store/str_lib.c | 70 +++++++++++++++++++++++++++++++++++++++++- 3 files changed, 103 insertions(+), 9 deletions(-) diff --git a/crypto/store/store.h b/crypto/store/store.h index 164165e7b0..d1e3862801 100644 --- a/crypto/store/store.h +++ b/crypto/store/store.h @@ -135,12 +135,13 @@ const STORE_METHOD *STORE_File(void); or fetch */ typedef enum STORE_object_types { - STORE_OBJECT_TYPE_X509_CERTIFICATE= 0x01, - STORE_OBJECT_TYPE_X509_CRL= 0x02, - STORE_OBJECT_TYPE_PRIVATE_KEY= 0x03, - STORE_OBJECT_TYPE_PUBLIC_KEY= 0x04, - STORE_OBJECT_TYPE_NUMBER= 0x05, - STORE_OBJECT_TYPE_NUM= 0x05 /* The amount of known + STORE_OBJECT_TYPE_X509_CERTIFICATE= 0x01, /* X509 * */ + STORE_OBJECT_TYPE_X509_CRL= 0x02, /* X509_CRL * */ + STORE_OBJECT_TYPE_PRIVATE_KEY= 0x03, /* EVP_PKEY * */ + STORE_OBJECT_TYPE_PUBLIC_KEY= 0x04, /* EVP_PKEY * */ + STORE_OBJECT_TYPE_NUMBER= 0x05, /* BIGNUM * */ + STORE_OBJECT_TYPE_ARBITRARY= 0x06, /* BUF_MEM * */ + STORE_OBJECT_TYPE_NUM= 0x06 /* The amount of known object types */ } STORE_OBJECT_TYPES; /* List of text strings corresponding to the object types. */ @@ -154,7 +155,7 @@ typedef enum STORE_params STORE_PARAM_EVP_TYPE= 0x01, /* int */ STORE_PARAM_BITS= 0x02, /* size_t */ STORE_PARAM_KEY_PARAMETERS= 0x03, /* ??? */ - STORE_PARAM_KEY_NO_PARAMETERS= 0x04, /* N/A */ + STORE_PARAM_KEY_NO_PARAMETERS= 0x04, /* N/A */ STORE_PARAM_TYPE_NUM= 0x04 /* The amount of known parameter types */ } STORE_PARAM_TYPES; @@ -214,6 +215,7 @@ typedef struct STORE_OBJECT_st X509_CRL *crl; EVP_PKEY *key; BIGNUM *number; + BUF_MEM *arbitrary; } data; } STORE_OBJECT; DECLARE_STACK_OF(STORE_OBJECT); @@ -275,7 +277,13 @@ int STORE_modify_number(STORE *e, OPENSSL_ITEM search_attributes[], OPENSSL_ITEM add_sttributes[], OPENSSL_ITEM modify_attributes[], OPENSSL_ITEM delete_attributes[]); BIGNUM *STORE_get_number(STORE *e, OPENSSL_ITEM attributes[]); -int STORE_delete_number(STORE *e, BIGNUM *data, OPENSSL_ITEM attributes[]); +int STORE_delete_number(STORE *e, OPENSSL_ITEM attributes[]); +int STORE_store_arbitrary(STORE *e, BUF_MEM *data, OPENSSL_ITEM attributes[]); +int STORE_modify_arbitrary(STORE *e, OPENSSL_ITEM search_attributes[], + OPENSSL_ITEM add_sttributes[], OPENSSL_ITEM modify_attributes[], + OPENSSL_ITEM delete_attributes[]); +BUF_MEM *STORE_get_arbitrary(STORE *e, OPENSSL_ITEM attributes[]); +int STORE_delete_arbitrary(STORE *e, OPENSSL_ITEM attributes[]); /* Create and manipulate methods */ @@ -394,6 +402,7 @@ void ERR_load_STORE_strings(void); #define STORE_F_MEM_LIST_NEXT 136 #define STORE_F_MEM_LIST_START 137 #define STORE_F_MEM_STORE 138 +#define STORE_F_STORE_ARBITRARY 157 #define STORE_F_STORE_ATTR_INFO_GET0_CSTR 139 #define STORE_F_STORE_ATTR_INFO_GET0_DN 140 #define STORE_F_STORE_ATTR_INFO_GET0_NUMBER 141 @@ -408,6 +417,7 @@ void ERR_load_STORE_strings(void); #define STORE_F_STORE_ATTR_INFO_SET_SHA1STR 150 #define STORE_F_STORE_CERTIFICATE 100 #define STORE_F_STORE_CRL 101 +#define STORE_F_STORE_DELETE_ARBITRARY 158 #define STORE_F_STORE_DELETE_CERTIFICATE 102 #define STORE_F_STORE_DELETE_CRL 103 #define STORE_F_STORE_DELETE_NUMBER 104 @@ -415,6 +425,7 @@ void ERR_load_STORE_strings(void); #define STORE_F_STORE_DELETE_PUBLIC_KEY 106 #define STORE_F_STORE_GENERATE_CRL 107 #define STORE_F_STORE_GENERATE_KEY 108 +#define STORE_F_STORE_GET_ARBITRARY 159 #define STORE_F_STORE_GET_CERTIFICATE 109 #define STORE_F_STORE_GET_CRL 110 #define STORE_F_STORE_GET_NUMBER 111 @@ -449,11 +460,13 @@ void ERR_load_STORE_strings(void); /* Reason codes. */ #define STORE_R_ALREADY_HAS_A_VALUE 127 +#define STORE_R_FAILED_DELETING_ARBITRARY 132 #define STORE_R_FAILED_DELETING_CERTIFICATE 100 #define STORE_R_FAILED_DELETING_KEY 101 #define STORE_R_FAILED_DELETING_NUMBER 102 #define STORE_R_FAILED_GENERATING_CRL 103 #define STORE_R_FAILED_GENERATING_KEY 104 +#define STORE_R_FAILED_GETTING_ARBITRARY 133 #define STORE_R_FAILED_GETTING_CERTIFICATE 105 #define STORE_R_FAILED_GETTING_KEY 106 #define STORE_R_FAILED_GETTING_NUMBER 107 @@ -461,14 +474,17 @@ void ERR_load_STORE_strings(void); #define STORE_R_FAILED_LISTING_KEYS 109 #define STORE_R_FAILED_REVOKING_CERTIFICATE 110 #define STORE_R_FAILED_REVOKING_KEY 111 +#define STORE_R_FAILED_STORING_ARBITRARY 134 #define STORE_R_FAILED_STORING_CERTIFICATE 112 #define STORE_R_FAILED_STORING_KEY 113 #define STORE_R_FAILED_STORING_NUMBER 114 #define STORE_R_NOT_IMPLEMENTED 128 +#define STORE_R_NO_DELETE_ARBITRARY_FUNCTION 135 #define STORE_R_NO_DELETE_NUMBER_FUNCTION 115 #define STORE_R_NO_DELETE_OBJECT_FUNCTION 116 #define STORE_R_NO_GENERATE_CRL_FUNCTION 117 #define STORE_R_NO_GENERATE_OBJECT_FUNCTION 118 +#define STORE_R_NO_GET_OBJECT_ARBITRARY_FUNCTION 136 #define STORE_R_NO_GET_OBJECT_FUNCTION 119 #define STORE_R_NO_GET_OBJECT_NUMBER_FUNCTION 120 #define STORE_R_NO_LIST_OBJECT_ENDP_FUNCTION 131 @@ -477,6 +493,7 @@ void ERR_load_STORE_strings(void); #define STORE_R_NO_LIST_OBJECT_START_FUNCTION 123 #define STORE_R_NO_REVOKE_OBJECT_FUNCTION 124 #define STORE_R_NO_STORE 129 +#define STORE_R_NO_STORE_OBJECT_ARBITRARY_FUNCTION 137 #define STORE_R_NO_STORE_OBJECT_FUNCTION 125 #define STORE_R_NO_STORE_OBJECT_NUMBER_FUNCTION 126 #define STORE_R_NO_VALUE 130 diff --git a/crypto/store/str_err.c b/crypto/store/str_err.c index 2ef7f9277c..2c2779bd7f 100644 --- a/crypto/store/str_err.c +++ b/crypto/store/str_err.c @@ -71,6 +71,7 @@ static ERR_STRING_DATA STORE_str_functs[]= {ERR_PACK(0,STORE_F_MEM_LIST_NEXT,0), "MEM_LIST_NEXT"}, {ERR_PACK(0,STORE_F_MEM_LIST_START,0), "MEM_LIST_START"}, {ERR_PACK(0,STORE_F_MEM_STORE,0), "MEM_STORE"}, +{ERR_PACK(0,STORE_F_STORE_ARBITRARY,0), "STORE_ARBITRARY"}, {ERR_PACK(0,STORE_F_STORE_ATTR_INFO_GET0_CSTR,0), "STORE_ATTR_INFO_get0_cstr"}, {ERR_PACK(0,STORE_F_STORE_ATTR_INFO_GET0_DN,0), "STORE_ATTR_INFO_get0_dn"}, {ERR_PACK(0,STORE_F_STORE_ATTR_INFO_GET0_NUMBER,0), "STORE_ATTR_INFO_get0_number"}, @@ -85,6 +86,7 @@ static ERR_STRING_DATA STORE_str_functs[]= {ERR_PACK(0,STORE_F_STORE_ATTR_INFO_SET_SHA1STR,0), "STORE_ATTR_INFO_set_sha1str"}, {ERR_PACK(0,STORE_F_STORE_CERTIFICATE,0), "STORE_CERTIFICATE"}, {ERR_PACK(0,STORE_F_STORE_CRL,0), "STORE_CRL"}, +{ERR_PACK(0,STORE_F_STORE_DELETE_ARBITRARY,0), "STORE_delete_arbitrary"}, {ERR_PACK(0,STORE_F_STORE_DELETE_CERTIFICATE,0), "STORE_delete_certificate"}, {ERR_PACK(0,STORE_F_STORE_DELETE_CRL,0), "STORE_delete_crl"}, {ERR_PACK(0,STORE_F_STORE_DELETE_NUMBER,0), "STORE_delete_number"}, @@ -92,6 +94,7 @@ static ERR_STRING_DATA STORE_str_functs[]= {ERR_PACK(0,STORE_F_STORE_DELETE_PUBLIC_KEY,0), "STORE_delete_public_key"}, {ERR_PACK(0,STORE_F_STORE_GENERATE_CRL,0), "STORE_generate_crl"}, {ERR_PACK(0,STORE_F_STORE_GENERATE_KEY,0), "STORE_generate_key"}, +{ERR_PACK(0,STORE_F_STORE_GET_ARBITRARY,0), "STORE_get_arbitrary"}, {ERR_PACK(0,STORE_F_STORE_GET_CERTIFICATE,0), "STORE_get_certificate"}, {ERR_PACK(0,STORE_F_STORE_GET_CRL,0), "STORE_get_crl"}, {ERR_PACK(0,STORE_F_STORE_GET_NUMBER,0), "STORE_get_number"}, @@ -129,11 +132,13 @@ static ERR_STRING_DATA STORE_str_functs[]= static ERR_STRING_DATA STORE_str_reasons[]= { {STORE_R_ALREADY_HAS_A_VALUE ,"already has a value"}, +{STORE_R_FAILED_DELETING_ARBITRARY ,"failed deleting arbitrary"}, {STORE_R_FAILED_DELETING_CERTIFICATE ,"failed deleting certificate"}, {STORE_R_FAILED_DELETING_KEY ,"failed deleting key"}, {STORE_R_FAILED_DELETING_NUMBER ,"failed deleting number"}, {STORE_R_FAILED_GENERATING_CRL ,"failed generating crl"}, {STORE_R_FAILED_GENERATING_KEY ,"failed generating key"}, +{STORE_R_FAILED_GETTING_ARBITRARY ,"failed getting arbitrary"}, {STORE_R_FAILED_GETTING_CERTIFICATE ,"failed getting certificate"}, {STORE_R_FAILED_GETTING_KEY ,"failed getting key"}, {STORE_R_FAILED_GETTING_NUMBER ,"failed getting number"}, @@ -141,14 +146,17 @@ static ERR_STRING_DATA STORE_str_reasons[]= {STORE_R_FAILED_LISTING_KEYS ,"failed listing keys"}, {STORE_R_FAILED_REVOKING_CERTIFICATE ,"failed revoking certificate"}, {STORE_R_FAILED_REVOKING_KEY ,"failed revoking key"}, +{STORE_R_FAILED_STORING_ARBITRARY ,"failed storing arbitrary"}, {STORE_R_FAILED_STORING_CERTIFICATE ,"failed storing certificate"}, {STORE_R_FAILED_STORING_KEY ,"failed storing key"}, {STORE_R_FAILED_STORING_NUMBER ,"failed storing number"}, {STORE_R_NOT_IMPLEMENTED ,"not implemented"}, +{STORE_R_NO_DELETE_ARBITRARY_FUNCTION ,"no delete arbitrary function"}, {STORE_R_NO_DELETE_NUMBER_FUNCTION ,"no delete number function"}, {STORE_R_NO_DELETE_OBJECT_FUNCTION ,"no delete object function"}, {STORE_R_NO_GENERATE_CRL_FUNCTION ,"no generate crl function"}, {STORE_R_NO_GENERATE_OBJECT_FUNCTION ,"no generate object function"}, +{STORE_R_NO_GET_OBJECT_ARBITRARY_FUNCTION,"no get object arbitrary function"}, {STORE_R_NO_GET_OBJECT_FUNCTION ,"no get object function"}, {STORE_R_NO_GET_OBJECT_NUMBER_FUNCTION ,"no get object number function"}, {STORE_R_NO_LIST_OBJECT_ENDP_FUNCTION ,"no list object endp function"}, @@ -157,6 +165,7 @@ static ERR_STRING_DATA STORE_str_reasons[]= {STORE_R_NO_LIST_OBJECT_START_FUNCTION ,"no list object start function"}, {STORE_R_NO_REVOKE_OBJECT_FUNCTION ,"no revoke object function"}, {STORE_R_NO_STORE ,"no store"}, +{STORE_R_NO_STORE_OBJECT_ARBITRARY_FUNCTION,"no store object arbitrary function"}, {STORE_R_NO_STORE_OBJECT_FUNCTION ,"no store object function"}, {STORE_R_NO_STORE_OBJECT_NUMBER_FUNCTION ,"no store object number function"}, {STORE_R_NO_VALUE ,"no value"}, diff --git a/crypto/store/str_lib.c b/crypto/store/str_lib.c index cdba3dd115..3528ebec94 100644 --- a/crypto/store/str_lib.c +++ b/crypto/store/str_lib.c @@ -970,7 +970,7 @@ BIGNUM *STORE_get_number(STORE *s, OPENSSL_ITEM attributes[]) return n; } -int STORE_delete_number(STORE *s, BIGNUM *data, OPENSSL_ITEM attributes[]) +int STORE_delete_number(STORE *s, OPENSSL_ITEM attributes[]) { check_store(s,STORE_F_STORE_DELETE_NUMBER, delete_object,STORE_R_NO_DELETE_NUMBER_FUNCTION); @@ -984,6 +984,71 @@ int STORE_delete_number(STORE *s, BIGNUM *data, OPENSSL_ITEM attributes[]) return 1; } +int store_arbitrary(STORE *s, BUF_MEM *data, OPENSSL_ITEM attributes[]) + { + STORE_OBJECT *object = STORE_OBJECT_new(); + int i; + + check_store(s,STORE_F_STORE_ARBITRARY, + store_object,STORE_R_NO_STORE_OBJECT_ARBITRARY_FUNCTION); + + if (!object) + { + STOREerr(STORE_F_STORE_ARBITRARY, + ERR_R_MALLOC_FAILURE); + return 0; + } + + object->data.arbitrary = data; + + i = s->meth->store_object(s, STORE_OBJECT_TYPE_ARBITRARY, object, attributes); + + STORE_OBJECT_free(object); + + if (!i) + { + STOREerr(STORE_F_STORE_ARBITRARY, + STORE_R_FAILED_STORING_ARBITRARY); + return 0; + } + return 1; + } + +BUF_MEM *STORE_get_arbitrary(STORE *s, OPENSSL_ITEM attributes[]) + { + STORE_OBJECT *object; + BUF_MEM *b; + + check_store(s,STORE_F_STORE_GET_ARBITRARY, + get_object,STORE_R_NO_GET_OBJECT_ARBITRARY_FUNCTION); + + object = s->meth->get_object(s, STORE_OBJECT_TYPE_ARBITRARY, attributes); + if (!object || !object->data.arbitrary) + { + STOREerr(STORE_F_STORE_GET_ARBITRARY, + STORE_R_FAILED_GETTING_ARBITRARY); + return 0; + } + b = object->data.arbitrary; + object->data.arbitrary = NULL; + STORE_OBJECT_free(object); + return b; + } + +int STORE_delete_arbitrary(STORE *s, OPENSSL_ITEM attributes[]) + { + check_store(s,STORE_F_STORE_DELETE_ARBITRARY, + delete_object,STORE_R_NO_DELETE_ARBITRARY_FUNCTION); + + if (!s->meth->delete_object(s, STORE_OBJECT_TYPE_ARBITRARY, attributes)) + { + STOREerr(STORE_F_STORE_DELETE_ARBITRARY, + STORE_R_FAILED_DELETING_ARBITRARY); + return 0; + } + return 1; + } + STORE_OBJECT *STORE_OBJECT_new(void) { STORE_OBJECT *object = OPENSSL_malloc(sizeof(STORE_OBJECT)); @@ -1008,6 +1073,9 @@ void STORE_OBJECT_free(STORE_OBJECT *data) case STORE_OBJECT_TYPE_NUMBER: BN_free(data->data.number); break; + case STORE_OBJECT_TYPE_ARBITRARY: + BUF_MEM_free(data->data.arbitrary); + break; } OPENSSL_free(data); } From 816d78572188d76dc9f08fa00a93d0c65f64e02a Mon Sep 17 00:00:00 2001 From: Richard Levitte Date: Wed, 7 May 2003 11:38:10 +0000 Subject: [PATCH 283/393] DO NOT constify RSA* in RSA_sign() and RSA_verify(), since there are function called downstream that need it to be non-const. The fact that the RSA_METHOD functions take the RSA* as a const doesn't matter, it just expresses that *they* won't touch it. PR: 602 --- crypto/rsa/rsa.h | 4 ++-- crypto/rsa/rsa_sign.c | 4 ++-- 2 files changed, 4 insertions(+), 4 deletions(-) diff --git a/crypto/rsa/rsa.h b/crypto/rsa/rsa.h index 84cc779d1c..12689fc22d 100644 --- a/crypto/rsa/rsa.h +++ b/crypto/rsa/rsa.h @@ -252,9 +252,9 @@ RSA *d2i_Netscape_RSA(RSA **a, const unsigned char **pp, long length, int (*cb)( /* The following 2 functions sign and verify a X509_SIG ASN1 object * inside PKCS#1 padded RSA encryption */ int RSA_sign(int type, const unsigned char *m, unsigned int m_length, - unsigned char *sigret, unsigned int *siglen, const RSA *rsa); + unsigned char *sigret, unsigned int *siglen, RSA *rsa); int RSA_verify(int type, const unsigned char *m, unsigned int m_length, - unsigned char *sigbuf, unsigned int siglen, const RSA *rsa); + unsigned char *sigbuf, unsigned int siglen, RSA *rsa); /* The following 2 function sign and verify a ASN1_OCTET_STRING * object inside PKCS#1 padded RSA encryption */ diff --git a/crypto/rsa/rsa_sign.c b/crypto/rsa/rsa_sign.c index 1d47a3139c..02eb8136b0 100644 --- a/crypto/rsa/rsa_sign.c +++ b/crypto/rsa/rsa_sign.c @@ -67,7 +67,7 @@ #define SSL_SIG_LENGTH 36 int RSA_sign(int type, const unsigned char *m, unsigned int m_len, - unsigned char *sigret, unsigned int *siglen, const RSA *rsa) + unsigned char *sigret, unsigned int *siglen, RSA *rsa) { X509_SIG sig; ASN1_TYPE parameter; @@ -143,7 +143,7 @@ int RSA_sign(int type, const unsigned char *m, unsigned int m_len, } int RSA_verify(int dtype, const unsigned char *m, unsigned int m_len, - unsigned char *sigbuf, unsigned int siglen, const RSA *rsa) + unsigned char *sigbuf, unsigned int siglen, RSA *rsa) { int i,ret=0,sigtype; unsigned char *p,*s; From 9b2042fac37a217ac50c27dd3a56abd290dff103 Mon Sep 17 00:00:00 2001 From: Richard Levitte Date: Wed, 7 May 2003 12:02:31 +0000 Subject: [PATCH 284/393] /usr/lib/pkgconfig/openssl.pc was never installed in the RPM. Notified by Bennett Todd . --- openssl.spec | 11 +++++++---- 1 file changed, 7 insertions(+), 4 deletions(-) diff --git a/openssl.spec b/openssl.spec index 27b74934a2..3979cb85a8 100644 --- a/openssl.spec +++ b/openssl.spec @@ -83,18 +83,18 @@ documentation and POD files from which the man pages were produced. %build -%define CONFIG_FLAGS -DSSL_ALLOW_ADH --prefix=/usr +%define CONFIG_FLAGS -DSSL_ALLOW_ADH --prefix=/usr --openssldir=%{openssldir} perl util/perlpath.pl /usr/bin/perl %ifarch i386 i486 i586 i686 -./Configure %{CONFIG_FLAGS} --openssldir=%{openssldir} linux-elf shared +./Configure %{CONFIG_FLAGS} linux-elf shared %endif %ifarch ppc -./Configure %{CONFIG_FLAGS} --openssldir=%{openssldir} linux-ppc shared +./Configure %{CONFIG_FLAGS} linux-ppc shared %endif %ifarch alpha -./Configure %{CONFIG_FLAGS} --openssldir=%{openssldir} linux-alpha shared +./Configure %{CONFIG_FLAGS} linux-alpha shared %endif LD_LIBRARY_PATH=`pwd` make LD_LIBRARY_PATH=`pwd` make rehash @@ -130,6 +130,7 @@ rm -rf $RPM_BUILD_ROOT %doc CHANGES CHANGES.SSLeay LICENSE NEWS README %attr(0644,root,root) /usr/lib/*.a +%attr(0644,root,root) /usr/lib/pkgconfig/openssl.pc %attr(0644,root,root) /usr/include/openssl/* %attr(0644,root,root) /usr/man/man[3]/* @@ -145,6 +146,8 @@ ldconfig ldconfig %changelog +* Wed May 7 2003 Richard Levitte +- Add /usr/lib/pkgconfig/openssl.pc to the development section. * Thu Mar 22 2001 Richard Levitte - Removed redundant subsection that re-installed libcrypto.a and libssl.a as well. Also remove RSAref stuff completely, since it's not needed From 48c36fdb2a0dc64de750369dd8bdf4dd9c54ef18 Mon Sep 17 00:00:00 2001 From: Richard Levitte Date: Wed, 7 May 2003 21:06:15 +0000 Subject: [PATCH 285/393] =?UTF-8?q?Add=20the=20possibility=20to=20hand=20e?= =?UTF-8?q?xecution=20parameters=20(for=20example=20authentication=20mater?= =?UTF-8?q?ial)=20to=20the=20STORE=20functions.=20Suggested=20by=20G=C3=B6?= =?UTF-8?q?tz=20Babin-Ebell=20.?= MIME-Version: 1.0 Content-Type: text/plain; charset=UTF-8 Content-Transfer-Encoding: 8bit --- crypto/store/store.h | 108 ++++++++++++++++---------- crypto/store/str_lib.c | 171 ++++++++++++++++++++++++++--------------- crypto/store/str_mem.c | 42 ++++++---- 3 files changed, 199 insertions(+), 122 deletions(-) diff --git a/crypto/store/store.h b/crypto/store/store.h index d1e3862801..64a3f3dae6 100644 --- a/crypto/store/store.h +++ b/crypto/store/store.h @@ -226,64 +226,90 @@ void STORE_OBJECT_free(STORE_OBJECT *data); /* The following functions handle the storage. They return 0, a negative number or NULL on error, anything else on success. */ -X509 *STORE_get_certificate(STORE *e, OPENSSL_ITEM attributes[]); -int STORE_store_certificate(STORE *e, X509 *data, OPENSSL_ITEM attributes[]); +X509 *STORE_get_certificate(STORE *e, OPENSSL_ITEM attributes[], + OPENSSL_ITEM parameters[]); +int STORE_store_certificate(STORE *e, X509 *data, OPENSSL_ITEM attributes[], + OPENSSL_ITEM parameters[]); int STORE_modify_certificate(STORE *e, OPENSSL_ITEM search_attributes[], OPENSSL_ITEM add_attributes[], OPENSSL_ITEM modify_attributes[], - OPENSSL_ITEM delete_attributes[]); -int STORE_revoke_certificate(STORE *e, OPENSSL_ITEM attributes[]); -int STORE_delete_certificate(STORE *e, OPENSSL_ITEM attributes[]); -void *STORE_list_certificate_start(STORE *e, OPENSSL_ITEM attributes[]); + OPENSSL_ITEM delete_attributes[], OPENSSL_ITEM parameters[]); +int STORE_revoke_certificate(STORE *e, OPENSSL_ITEM attributes[], + OPENSSL_ITEM parameters[]); +int STORE_delete_certificate(STORE *e, OPENSSL_ITEM attributes[], + OPENSSL_ITEM parameters[]); +void *STORE_list_certificate_start(STORE *e, OPENSSL_ITEM attributes[], + OPENSSL_ITEM parameters[]); X509 *STORE_list_certificate_next(STORE *e, void *handle); int STORE_list_certificate_end(STORE *e, void *handle); int STORE_list_certificate_endp(STORE *e, void *handle); -EVP_PKEY *STORE_generate_key(STORE *e, - int evp_type, size_t bits, OPENSSL_ITEM attributes[]); -EVP_PKEY *STORE_get_private_key(STORE *e, OPENSSL_ITEM attributes[]); -int STORE_store_private_key(STORE *e, EVP_PKEY *data, OPENSSL_ITEM attributes[]); +EVP_PKEY *STORE_generate_key(STORE *e, OPENSSL_ITEM attributes[], + OPENSSL_ITEM parameters[]); +EVP_PKEY *STORE_get_private_key(STORE *e, OPENSSL_ITEM attributes[], + OPENSSL_ITEM parameters[]); +int STORE_store_private_key(STORE *e, EVP_PKEY *data, + OPENSSL_ITEM attributes[], OPENSSL_ITEM parameters[]); int STORE_modify_private_key(STORE *e, OPENSSL_ITEM search_attributes[], OPENSSL_ITEM add_sttributes[], OPENSSL_ITEM modify_attributes[], - OPENSSL_ITEM delete_attributes[]); -int STORE_revoke_private_key(STORE *e, OPENSSL_ITEM attributes[]); -int STORE_delete_private_key(STORE *e, OPENSSL_ITEM attributes[]); -void *STORE_list_private_key_start(STORE *e, OPENSSL_ITEM attributes[]); + OPENSSL_ITEM delete_attributes[], OPENSSL_ITEM parameters[]); +int STORE_revoke_private_key(STORE *e, OPENSSL_ITEM attributes[], + OPENSSL_ITEM parameters[]); +int STORE_delete_private_key(STORE *e, OPENSSL_ITEM attributes[], + OPENSSL_ITEM parameters[]); +void *STORE_list_private_key_start(STORE *e, OPENSSL_ITEM attributes[], + OPENSSL_ITEM parameters[]); EVP_PKEY *STORE_list_private_key_next(STORE *e, void *handle); int STORE_list_private_key_end(STORE *e, void *handle); int STORE_list_private_key_endp(STORE *e, void *handle); -EVP_PKEY *STORE_get_public_key(STORE *e, OPENSSL_ITEM attributes[]); -int STORE_store_public_key(STORE *e, EVP_PKEY *data, OPENSSL_ITEM attributes[]); +EVP_PKEY *STORE_get_public_key(STORE *e, OPENSSL_ITEM attributes[], + OPENSSL_ITEM parameters[]); +int STORE_store_public_key(STORE *e, EVP_PKEY *data, OPENSSL_ITEM attributes[], + OPENSSL_ITEM parameters[]); int STORE_modify_public_key(STORE *e, OPENSSL_ITEM search_attributes[], OPENSSL_ITEM add_sttributes[], OPENSSL_ITEM modify_attributes[], - OPENSSL_ITEM delete_attributes[]); -int STORE_revoke_public_key(STORE *e, OPENSSL_ITEM attributes[]); -int STORE_delete_public_key(STORE *e, OPENSSL_ITEM attributes[]); -void *STORE_list_public_key_start(STORE *e, OPENSSL_ITEM attributes[]); + OPENSSL_ITEM delete_attributes[], OPENSSL_ITEM parameters[]); +int STORE_revoke_public_key(STORE *e, OPENSSL_ITEM attributes[], + OPENSSL_ITEM parameters[]); +int STORE_delete_public_key(STORE *e, OPENSSL_ITEM attributes[], + OPENSSL_ITEM parameters[]); +void *STORE_list_public_key_start(STORE *e, OPENSSL_ITEM attributes[], + OPENSSL_ITEM parameters[]); EVP_PKEY *STORE_list_public_key_next(STORE *e, void *handle); int STORE_list_public_key_end(STORE *e, void *handle); int STORE_list_public_key_endp(STORE *e, void *handle); -X509_CRL *STORE_generate_crl(STORE *e, OPENSSL_ITEM attributes[]); -X509_CRL *STORE_get_crl(STORE *e, OPENSSL_ITEM attributes[]); -int STORE_store_crl(STORE *e, X509_CRL *data, OPENSSL_ITEM attributes[]); +X509_CRL *STORE_generate_crl(STORE *e, OPENSSL_ITEM attributes[], + OPENSSL_ITEM parameters[]); +X509_CRL *STORE_get_crl(STORE *e, OPENSSL_ITEM attributes[], + OPENSSL_ITEM parameters[]); +int STORE_store_crl(STORE *e, X509_CRL *data, OPENSSL_ITEM attributes[], + OPENSSL_ITEM parameters[]); int STORE_modify_crl(STORE *e, OPENSSL_ITEM search_attributes[], OPENSSL_ITEM add_sttributes[], OPENSSL_ITEM modify_attributes[], - OPENSSL_ITEM delete_attributes[]); -int STORE_delete_crl(STORE *e, OPENSSL_ITEM attributes[]); -void *STORE_list_crl_start(STORE *e, OPENSSL_ITEM attributes[]); + OPENSSL_ITEM delete_attributes[], OPENSSL_ITEM parameters[]); +int STORE_delete_crl(STORE *e, OPENSSL_ITEM attributes[], + OPENSSL_ITEM parameters[]); +void *STORE_list_crl_start(STORE *e, OPENSSL_ITEM attributes[], + OPENSSL_ITEM parameters[]); X509_CRL *STORE_list_crl_next(STORE *e, void *handle); int STORE_list_crl_end(STORE *e, void *handle); int STORE_list_crl_endp(STORE *e, void *handle); -int STORE_store_number(STORE *e, BIGNUM *data, OPENSSL_ITEM attributes[]); +int STORE_store_number(STORE *e, BIGNUM *data, OPENSSL_ITEM attributes[], + OPENSSL_ITEM parameters[]); int STORE_modify_number(STORE *e, OPENSSL_ITEM search_attributes[], OPENSSL_ITEM add_sttributes[], OPENSSL_ITEM modify_attributes[], - OPENSSL_ITEM delete_attributes[]); -BIGNUM *STORE_get_number(STORE *e, OPENSSL_ITEM attributes[]); -int STORE_delete_number(STORE *e, OPENSSL_ITEM attributes[]); -int STORE_store_arbitrary(STORE *e, BUF_MEM *data, OPENSSL_ITEM attributes[]); + OPENSSL_ITEM delete_attributes[], OPENSSL_ITEM parameters[]); +BIGNUM *STORE_get_number(STORE *e, OPENSSL_ITEM attributes[], + OPENSSL_ITEM parameters[]); +int STORE_delete_number(STORE *e, OPENSSL_ITEM attributes[], + OPENSSL_ITEM parameters[]); +int STORE_store_arbitrary(STORE *e, BUF_MEM *data, OPENSSL_ITEM attributes[], + OPENSSL_ITEM parameters[]); int STORE_modify_arbitrary(STORE *e, OPENSSL_ITEM search_attributes[], OPENSSL_ITEM add_sttributes[], OPENSSL_ITEM modify_attributes[], - OPENSSL_ITEM delete_attributes[]); -BUF_MEM *STORE_get_arbitrary(STORE *e, OPENSSL_ITEM attributes[]); -int STORE_delete_arbitrary(STORE *e, OPENSSL_ITEM attributes[]); + OPENSSL_ITEM delete_attributes[], OPENSSL_ITEM parameters[]); +BUF_MEM *STORE_get_arbitrary(STORE *e, OPENSSL_ITEM attributes[], + OPENSSL_ITEM parameters[]); +int STORE_delete_arbitrary(STORE *e, OPENSSL_ITEM attributes[], + OPENSSL_ITEM parameters[]); /* Create and manipulate methods */ @@ -293,15 +319,15 @@ void STORE_destroy_method(STORE_METHOD *store_method); /* These callback types are use for store handlers */ typedef int (*STORE_INITIALISE_FUNC_PTR)(STORE *); typedef void (*STORE_CLEANUP_FUNC_PTR)(STORE *); -typedef STORE_OBJECT *(*STORE_GENERATE_OBJECT_FUNC_PTR)(STORE *, STORE_OBJECT_TYPES type, OPENSSL_ITEM parameters[], OPENSSL_ITEM attributes[]); -typedef STORE_OBJECT *(*STORE_GET_OBJECT_FUNC_PTR)(STORE *, STORE_OBJECT_TYPES type, OPENSSL_ITEM attributes[]); -typedef void *(*STORE_START_OBJECT_FUNC_PTR)(STORE *, STORE_OBJECT_TYPES type, OPENSSL_ITEM attributes[]); +typedef STORE_OBJECT *(*STORE_GENERATE_OBJECT_FUNC_PTR)(STORE *, STORE_OBJECT_TYPES type, OPENSSL_ITEM attributes[], OPENSSL_ITEM parameters[]); +typedef STORE_OBJECT *(*STORE_GET_OBJECT_FUNC_PTR)(STORE *, STORE_OBJECT_TYPES type, OPENSSL_ITEM attributes[], OPENSSL_ITEM parameters[]); +typedef void *(*STORE_START_OBJECT_FUNC_PTR)(STORE *, STORE_OBJECT_TYPES type, OPENSSL_ITEM attributes[], OPENSSL_ITEM parameters[]); typedef STORE_OBJECT *(*STORE_NEXT_OBJECT_FUNC_PTR)(STORE *, void *handle); typedef int (*STORE_END_OBJECT_FUNC_PTR)(STORE *, void *handle); -typedef int (*STORE_HANDLE_OBJECT_FUNC_PTR)(STORE *, STORE_OBJECT_TYPES type, OPENSSL_ITEM attributes[]); -typedef int (*STORE_STORE_OBJECT_FUNC_PTR)(STORE *, STORE_OBJECT_TYPES type, STORE_OBJECT *data, OPENSSL_ITEM attributes[]); -typedef int (*STORE_MODIFY_OBJECT_FUNC_PTR)(STORE *, STORE_OBJECT_TYPES type, OPENSSL_ITEM search_attributes[], OPENSSL_ITEM add_attributes[], OPENSSL_ITEM modify_attributes[], OPENSSL_ITEM delete_attributes[]); -typedef int (*STORE_GENERIC_FUNC_PTR)(STORE *, OPENSSL_ITEM attributes[]); +typedef int (*STORE_HANDLE_OBJECT_FUNC_PTR)(STORE *, STORE_OBJECT_TYPES type, OPENSSL_ITEM attributes[], OPENSSL_ITEM parameters[]); +typedef int (*STORE_STORE_OBJECT_FUNC_PTR)(STORE *, STORE_OBJECT_TYPES type, STORE_OBJECT *data, OPENSSL_ITEM attributes[], OPENSSL_ITEM parameters[]); +typedef int (*STORE_MODIFY_OBJECT_FUNC_PTR)(STORE *, STORE_OBJECT_TYPES type, OPENSSL_ITEM search_attributes[], OPENSSL_ITEM add_attributes[], OPENSSL_ITEM modify_attributes[], OPENSSL_ITEM delete_attributes[], OPENSSL_ITEM parameters[]); +typedef int (*STORE_GENERIC_FUNC_PTR)(STORE *, OPENSSL_ITEM attributes[], OPENSSL_ITEM parameters[]); typedef int (*STORE_CTRL_FUNC_PTR)(STORE *, int cmd, long l, void *p, void (*f)()); int STORE_method_set_initialise_function(STORE_METHOD *sm, STORE_INITIALISE_FUNC_PTR gen_f); diff --git a/crypto/store/str_lib.c b/crypto/store/str_lib.c index 3528ebec94..dbcf3a07bd 100644 --- a/crypto/store/str_lib.c +++ b/crypto/store/str_lib.c @@ -232,7 +232,8 @@ const STORE_METHOD *STORE_set_method(STORE *store, const STORE_METHOD *meth) /* API functions */ -X509 *STORE_get_certificate(STORE *s, OPENSSL_ITEM attributes[]) +X509 *STORE_get_certificate(STORE *s, OPENSSL_ITEM attributes[], + OPENSSL_ITEM parameters[]) { STORE_OBJECT *object; X509 *x; @@ -240,7 +241,8 @@ X509 *STORE_get_certificate(STORE *s, OPENSSL_ITEM attributes[]) check_store(s,STORE_F_STORE_GET_CERTIFICATE, get_object,STORE_R_NO_GET_OBJECT_FUNCTION); - object = s->meth->get_object(s, STORE_OBJECT_TYPE_X509_CERTIFICATE, attributes); + object = s->meth->get_object(s, STORE_OBJECT_TYPE_X509_CERTIFICATE, + attributes, parameters); if (!object || !object->data.x509.certificate) { STOREerr(STORE_F_STORE_GET_CERTIFICATE, @@ -256,7 +258,8 @@ X509 *STORE_get_certificate(STORE *s, OPENSSL_ITEM attributes[]) return x; } -int store_certificate(STORE *s, X509 *data, OPENSSL_ITEM attributes[]) +int store_certificate(STORE *s, X509 *data, OPENSSL_ITEM attributes[], + OPENSSL_ITEM parameters[]) { STORE_OBJECT *object = STORE_OBJECT_new(); int i; @@ -277,7 +280,8 @@ int store_certificate(STORE *s, X509 *data, OPENSSL_ITEM attributes[]) #endif object->data.x509.certificate = data; - i = s->meth->store_object(s, STORE_OBJECT_TYPE_X509_CERTIFICATE, object, attributes); + i = s->meth->store_object(s, STORE_OBJECT_TYPE_X509_CERTIFICATE, + object, attributes, parameters); STORE_OBJECT_free(object); @@ -290,12 +294,14 @@ int store_certificate(STORE *s, X509 *data, OPENSSL_ITEM attributes[]) return 1; } -int STORE_revoke_certificate(STORE *s, OPENSSL_ITEM attributes[]) +int STORE_revoke_certificate(STORE *s, OPENSSL_ITEM attributes[], + OPENSSL_ITEM parameters[]) { check_store(s,STORE_F_STORE_REVOKE_CERTIFICATE, revoke_object,STORE_R_NO_REVOKE_OBJECT_FUNCTION); - if (!s->meth->revoke_object(s, STORE_OBJECT_TYPE_X509_CERTIFICATE, attributes)) + if (!s->meth->revoke_object(s, STORE_OBJECT_TYPE_X509_CERTIFICATE, + attributes, parameters)) { STOREerr(STORE_F_STORE_REVOKE_CERTIFICATE, STORE_R_FAILED_REVOKING_CERTIFICATE); @@ -304,12 +310,14 @@ int STORE_revoke_certificate(STORE *s, OPENSSL_ITEM attributes[]) return 1; } -int STORE_delete_certificate(STORE *s, OPENSSL_ITEM attributes[]) +int STORE_delete_certificate(STORE *s, OPENSSL_ITEM attributes[], + OPENSSL_ITEM parameters[]) { check_store(s,STORE_F_STORE_DELETE_CERTIFICATE, delete_object,STORE_R_NO_DELETE_OBJECT_FUNCTION); - if (!s->meth->delete_object(s, STORE_OBJECT_TYPE_X509_CERTIFICATE, attributes)) + if (!s->meth->delete_object(s, STORE_OBJECT_TYPE_X509_CERTIFICATE, + attributes, parameters)) { STOREerr(STORE_F_STORE_DELETE_CERTIFICATE, STORE_R_FAILED_DELETING_CERTIFICATE); @@ -318,14 +326,16 @@ int STORE_delete_certificate(STORE *s, OPENSSL_ITEM attributes[]) return 1; } -void *STORE_list_certificate_start(STORE *s, OPENSSL_ITEM attributes[]) +void *STORE_list_certificate_start(STORE *s, OPENSSL_ITEM attributes[], + OPENSSL_ITEM parameters[]) { void *handle; check_store(s,STORE_F_STORE_LIST_CERTIFICATE_START, list_object_start,STORE_R_NO_LIST_OBJECT_START_FUNCTION); - handle = s->meth->list_object_start(s, STORE_OBJECT_TYPE_X509_CERTIFICATE, attributes); + handle = s->meth->list_object_start(s, + STORE_OBJECT_TYPE_X509_CERTIFICATE, attributes, parameters); if (!handle) { STOREerr(STORE_F_STORE_LIST_CERTIFICATE_START, @@ -387,26 +397,17 @@ int STORE_list_certificate_endp(STORE *s, void *handle) return 1; } -EVP_PKEY *STORE_generate_key(STORE *s, - int evp_type, size_t bits, OPENSSL_ITEM attributes[]) +EVP_PKEY *STORE_generate_key(STORE *s, OPENSSL_ITEM attributes[], + OPENSSL_ITEM parameters[]) { STORE_OBJECT *object; EVP_PKEY *pkey; - OPENSSL_ITEM params[3]; - - params[0].code = STORE_PARAM_EVP_TYPE; - params[0].value = &evp_type; - params[0].value_size = sizeof(evp_type); - params[1].code = STORE_PARAM_BITS; - params[1].value = &bits; - params[1].value_size = sizeof(bits); - params[2].code = 0; check_store(s,STORE_F_STORE_GENERATE_KEY, generate_object,STORE_R_NO_GENERATE_OBJECT_FUNCTION); object = s->meth->generate_object(s, STORE_OBJECT_TYPE_PRIVATE_KEY, - params, attributes); + attributes, parameters); if (!object || !object->data.key) { STOREerr(STORE_F_STORE_GENERATE_KEY, @@ -422,7 +423,8 @@ EVP_PKEY *STORE_generate_key(STORE *s, return pkey; } -EVP_PKEY *STORE_get_private_key(STORE *s, OPENSSL_ITEM attributes[]) +EVP_PKEY *STORE_get_private_key(STORE *s, OPENSSL_ITEM attributes[], + OPENSSL_ITEM parameters[]) { STORE_OBJECT *object; EVP_PKEY *pkey; @@ -430,7 +432,8 @@ EVP_PKEY *STORE_get_private_key(STORE *s, OPENSSL_ITEM attributes[]) check_store(s,STORE_F_STORE_GET_PRIVATE_KEY, get_object,STORE_R_NO_GET_OBJECT_FUNCTION); - object = s->meth->get_object(s, STORE_OBJECT_TYPE_PRIVATE_KEY, attributes); + object = s->meth->get_object(s, STORE_OBJECT_TYPE_PRIVATE_KEY, + attributes, parameters); if (!object || !object->data.key || !object->data.key) { STOREerr(STORE_F_STORE_GET_PRIVATE_KEY, @@ -446,7 +449,8 @@ EVP_PKEY *STORE_get_private_key(STORE *s, OPENSSL_ITEM attributes[]) return pkey; } -int store_private_key(STORE *s, EVP_PKEY *data, OPENSSL_ITEM attributes[]) +int store_private_key(STORE *s, EVP_PKEY *data, OPENSSL_ITEM attributes[], + OPENSSL_ITEM parameters[]) { STORE_OBJECT *object = STORE_OBJECT_new(); int i; @@ -474,7 +478,8 @@ int store_private_key(STORE *s, EVP_PKEY *data, OPENSSL_ITEM attributes[]) #endif object->data.key = data; - i = s->meth->store_object(s, STORE_OBJECT_TYPE_PRIVATE_KEY, object, attributes); + i = s->meth->store_object(s, STORE_OBJECT_TYPE_PRIVATE_KEY, object, + attributes, parameters); STORE_OBJECT_free(object); @@ -487,14 +492,16 @@ int store_private_key(STORE *s, EVP_PKEY *data, OPENSSL_ITEM attributes[]) return i; } -int STORE_revoke_private_key(STORE *s, OPENSSL_ITEM attributes[]) +int STORE_revoke_private_key(STORE *s, OPENSSL_ITEM attributes[], + OPENSSL_ITEM parameters[]) { int i; check_store(s,STORE_F_STORE_REVOKE_PRIVATE_KEY, revoke_object,STORE_R_NO_REVOKE_OBJECT_FUNCTION); - i = s->meth->revoke_object(s, STORE_OBJECT_TYPE_PRIVATE_KEY, attributes); + i = s->meth->revoke_object(s, STORE_OBJECT_TYPE_PRIVATE_KEY, + attributes, parameters); if (!i) { @@ -505,12 +512,14 @@ int STORE_revoke_private_key(STORE *s, OPENSSL_ITEM attributes[]) return i; } -int STORE_delete_private_key(STORE *s, OPENSSL_ITEM attributes[]) +int STORE_delete_private_key(STORE *s, OPENSSL_ITEM attributes[], + OPENSSL_ITEM parameters[]) { check_store(s,STORE_F_STORE_DELETE_PRIVATE_KEY, delete_object,STORE_R_NO_DELETE_OBJECT_FUNCTION); - if (!s->meth->delete_object(s, STORE_OBJECT_TYPE_PRIVATE_KEY, attributes)) + if (!s->meth->delete_object(s, STORE_OBJECT_TYPE_PRIVATE_KEY, + attributes, parameters)) { STOREerr(STORE_F_STORE_DELETE_PRIVATE_KEY, STORE_R_FAILED_DELETING_KEY); @@ -519,14 +528,16 @@ int STORE_delete_private_key(STORE *s, OPENSSL_ITEM attributes[]) return 1; } -void *STORE_list_private_key_start(STORE *s, OPENSSL_ITEM attributes[]) +void *STORE_list_private_key_start(STORE *s, OPENSSL_ITEM attributes[], + OPENSSL_ITEM parameters[]) { void *handle; check_store(s,STORE_F_STORE_LIST_PRIVATE_KEY_START, list_object_start,STORE_R_NO_LIST_OBJECT_START_FUNCTION); - handle = s->meth->list_object_start(s, STORE_OBJECT_TYPE_PRIVATE_KEY, attributes); + handle = s->meth->list_object_start(s, STORE_OBJECT_TYPE_PRIVATE_KEY, + attributes, parameters); if (!handle) { STOREerr(STORE_F_STORE_LIST_PRIVATE_KEY_START, @@ -588,7 +599,8 @@ int STORE_list_private_key_endp(STORE *s, void *handle) return 1; } -EVP_PKEY *STORE_get_public_key(STORE *s, OPENSSL_ITEM attributes[]) +EVP_PKEY *STORE_get_public_key(STORE *s, OPENSSL_ITEM attributes[], + OPENSSL_ITEM parameters[]) { STORE_OBJECT *object; EVP_PKEY *pkey; @@ -596,7 +608,8 @@ EVP_PKEY *STORE_get_public_key(STORE *s, OPENSSL_ITEM attributes[]) check_store(s,STORE_F_STORE_GET_PUBLIC_KEY, get_object,STORE_R_NO_GET_OBJECT_FUNCTION); - object = s->meth->get_object(s, STORE_OBJECT_TYPE_PUBLIC_KEY, attributes); + object = s->meth->get_object(s, STORE_OBJECT_TYPE_PUBLIC_KEY, + attributes, parameters); if (!object || !object->data.key || !object->data.key) { STOREerr(STORE_F_STORE_GET_PUBLIC_KEY, @@ -612,7 +625,8 @@ EVP_PKEY *STORE_get_public_key(STORE *s, OPENSSL_ITEM attributes[]) return pkey; } -int store_public_key(STORE *s, EVP_PKEY *data, OPENSSL_ITEM attributes[]) +int store_public_key(STORE *s, EVP_PKEY *data, OPENSSL_ITEM attributes[], + OPENSSL_ITEM parameters[]) { STORE_OBJECT *object = STORE_OBJECT_new(); int i; @@ -640,7 +654,8 @@ int store_public_key(STORE *s, EVP_PKEY *data, OPENSSL_ITEM attributes[]) #endif object->data.key = data; - i = s->meth->store_object(s, STORE_OBJECT_TYPE_PUBLIC_KEY, object, attributes); + i = s->meth->store_object(s, STORE_OBJECT_TYPE_PUBLIC_KEY, object, + attributes, parameters); STORE_OBJECT_free(object); @@ -653,14 +668,16 @@ int store_public_key(STORE *s, EVP_PKEY *data, OPENSSL_ITEM attributes[]) return i; } -int STORE_revoke_public_key(STORE *s, OPENSSL_ITEM attributes[]) +int STORE_revoke_public_key(STORE *s, OPENSSL_ITEM attributes[], + OPENSSL_ITEM parameters[]) { int i; check_store(s,STORE_F_STORE_REVOKE_PUBLIC_KEY, revoke_object,STORE_R_NO_REVOKE_OBJECT_FUNCTION); - i = s->meth->revoke_object(s, STORE_OBJECT_TYPE_PUBLIC_KEY, attributes); + i = s->meth->revoke_object(s, STORE_OBJECT_TYPE_PUBLIC_KEY, + attributes, parameters); if (!i) { @@ -671,12 +688,14 @@ int STORE_revoke_public_key(STORE *s, OPENSSL_ITEM attributes[]) return i; } -int STORE_delete_public_key(STORE *s, OPENSSL_ITEM attributes[]) +int STORE_delete_public_key(STORE *s, OPENSSL_ITEM attributes[], + OPENSSL_ITEM parameters[]) { check_store(s,STORE_F_STORE_DELETE_PUBLIC_KEY, delete_object,STORE_R_NO_DELETE_OBJECT_FUNCTION); - if (!s->meth->delete_object(s, STORE_OBJECT_TYPE_PUBLIC_KEY, attributes)) + if (!s->meth->delete_object(s, STORE_OBJECT_TYPE_PUBLIC_KEY, + attributes, parameters)) { STOREerr(STORE_F_STORE_DELETE_PUBLIC_KEY, STORE_R_FAILED_DELETING_KEY); @@ -685,14 +704,16 @@ int STORE_delete_public_key(STORE *s, OPENSSL_ITEM attributes[]) return 1; } -void *STORE_list_public_key_start(STORE *s, OPENSSL_ITEM attributes[]) +void *STORE_list_public_key_start(STORE *s, OPENSSL_ITEM attributes[], + OPENSSL_ITEM parameters[]) { void *handle; check_store(s,STORE_F_STORE_LIST_PUBLIC_KEY_START, list_object_start,STORE_R_NO_LIST_OBJECT_START_FUNCTION); - handle = s->meth->list_object_start(s, STORE_OBJECT_TYPE_PUBLIC_KEY, attributes); + handle = s->meth->list_object_start(s, STORE_OBJECT_TYPE_PUBLIC_KEY, + attributes, parameters); if (!handle) { STOREerr(STORE_F_STORE_LIST_PUBLIC_KEY_START, @@ -754,7 +775,8 @@ int STORE_list_public_key_endp(STORE *s, void *handle) return 1; } -X509_CRL *STORE_generate_crl(STORE *s, OPENSSL_ITEM attributes[]) +X509_CRL *STORE_generate_crl(STORE *s, OPENSSL_ITEM attributes[], + OPENSSL_ITEM parameters[]) { STORE_OBJECT *object; X509_CRL *crl; @@ -762,7 +784,8 @@ X509_CRL *STORE_generate_crl(STORE *s, OPENSSL_ITEM attributes[]) check_store(s,STORE_F_STORE_GENERATE_CRL, generate_object,STORE_R_NO_GENERATE_CRL_FUNCTION); - object = s->meth->generate_object(s, STORE_OBJECT_TYPE_X509_CRL, 0, attributes); + object = s->meth->generate_object(s, STORE_OBJECT_TYPE_X509_CRL, + attributes, parameters); if (!object || !object->data.crl) { STOREerr(STORE_F_STORE_GENERATE_CRL, @@ -778,7 +801,8 @@ X509_CRL *STORE_generate_crl(STORE *s, OPENSSL_ITEM attributes[]) return crl; } -X509_CRL *STORE_get_crl(STORE *s, OPENSSL_ITEM attributes[]) +X509_CRL *STORE_get_crl(STORE *s, OPENSSL_ITEM attributes[], + OPENSSL_ITEM parameters[]) { STORE_OBJECT *object; X509_CRL *crl; @@ -786,7 +810,8 @@ X509_CRL *STORE_get_crl(STORE *s, OPENSSL_ITEM attributes[]) check_store(s,STORE_F_STORE_GET_CRL, get_object,STORE_R_NO_GET_OBJECT_FUNCTION); - object = s->meth->get_object(s, STORE_OBJECT_TYPE_X509_CRL, attributes); + object = s->meth->get_object(s, STORE_OBJECT_TYPE_X509_CRL, + attributes, parameters); if (!object || !object->data.crl) { STOREerr(STORE_F_STORE_GET_CRL, @@ -802,7 +827,8 @@ X509_CRL *STORE_get_crl(STORE *s, OPENSSL_ITEM attributes[]) return crl; } -int store_crl(STORE *s, X509_CRL *data, OPENSSL_ITEM attributes[]) +int store_crl(STORE *s, X509_CRL *data, OPENSSL_ITEM attributes[], + OPENSSL_ITEM parameters[]) { STORE_OBJECT *object = STORE_OBJECT_new(); int i; @@ -823,7 +849,8 @@ int store_crl(STORE *s, X509_CRL *data, OPENSSL_ITEM attributes[]) #endif object->data.crl = data; - i = s->meth->store_object(s, STORE_OBJECT_TYPE_X509_CRL, object, attributes); + i = s->meth->store_object(s, STORE_OBJECT_TYPE_X509_CRL, object, + attributes, parameters); STORE_OBJECT_free(object); @@ -836,12 +863,14 @@ int store_crl(STORE *s, X509_CRL *data, OPENSSL_ITEM attributes[]) return i; } -int STORE_delete_crl(STORE *s, OPENSSL_ITEM attributes[]) +int STORE_delete_crl(STORE *s, OPENSSL_ITEM attributes[], + OPENSSL_ITEM parameters[]) { check_store(s,STORE_F_STORE_DELETE_CRL, delete_object,STORE_R_NO_DELETE_OBJECT_FUNCTION); - if (!s->meth->delete_object(s, STORE_OBJECT_TYPE_X509_CRL, attributes)) + if (!s->meth->delete_object(s, STORE_OBJECT_TYPE_X509_CRL, + attributes, parameters)) { STOREerr(STORE_F_STORE_DELETE_CRL, STORE_R_FAILED_DELETING_KEY); @@ -850,14 +879,16 @@ int STORE_delete_crl(STORE *s, OPENSSL_ITEM attributes[]) return 1; } -void *STORE_list_crl_start(STORE *s, OPENSSL_ITEM attributes[]) +void *STORE_list_crl_start(STORE *s, OPENSSL_ITEM attributes[], + OPENSSL_ITEM parameters[]) { void *handle; check_store(s,STORE_F_STORE_LIST_CRL_START, list_object_start,STORE_R_NO_LIST_OBJECT_START_FUNCTION); - handle = s->meth->list_object_start(s, STORE_OBJECT_TYPE_X509_CRL, attributes); + handle = s->meth->list_object_start(s, STORE_OBJECT_TYPE_X509_CRL, + attributes, parameters); if (!handle) { STOREerr(STORE_F_STORE_LIST_CRL_START, @@ -919,7 +950,8 @@ int STORE_list_crl_endp(STORE *s, void *handle) return 1; } -int store_number(STORE *s, BIGNUM *data, OPENSSL_ITEM attributes[]) +int store_number(STORE *s, BIGNUM *data, OPENSSL_ITEM attributes[], + OPENSSL_ITEM parameters[]) { STORE_OBJECT *object = STORE_OBJECT_new(); int i; @@ -936,7 +968,8 @@ int store_number(STORE *s, BIGNUM *data, OPENSSL_ITEM attributes[]) object->data.number = data; - i = s->meth->store_object(s, STORE_OBJECT_TYPE_NUMBER, object, attributes); + i = s->meth->store_object(s, STORE_OBJECT_TYPE_NUMBER, object, + attributes, parameters); STORE_OBJECT_free(object); @@ -949,7 +982,8 @@ int store_number(STORE *s, BIGNUM *data, OPENSSL_ITEM attributes[]) return 1; } -BIGNUM *STORE_get_number(STORE *s, OPENSSL_ITEM attributes[]) +BIGNUM *STORE_get_number(STORE *s, OPENSSL_ITEM attributes[], + OPENSSL_ITEM parameters[]) { STORE_OBJECT *object; BIGNUM *n; @@ -957,7 +991,8 @@ BIGNUM *STORE_get_number(STORE *s, OPENSSL_ITEM attributes[]) check_store(s,STORE_F_STORE_GET_NUMBER, get_object,STORE_R_NO_GET_OBJECT_NUMBER_FUNCTION); - object = s->meth->get_object(s, STORE_OBJECT_TYPE_NUMBER, attributes); + object = s->meth->get_object(s, STORE_OBJECT_TYPE_NUMBER, attributes, + parameters); if (!object || !object->data.number) { STOREerr(STORE_F_STORE_GET_NUMBER, @@ -970,12 +1005,14 @@ BIGNUM *STORE_get_number(STORE *s, OPENSSL_ITEM attributes[]) return n; } -int STORE_delete_number(STORE *s, OPENSSL_ITEM attributes[]) +int STORE_delete_number(STORE *s, OPENSSL_ITEM attributes[], + OPENSSL_ITEM parameters[]) { check_store(s,STORE_F_STORE_DELETE_NUMBER, delete_object,STORE_R_NO_DELETE_NUMBER_FUNCTION); - if (!s->meth->delete_object(s, STORE_OBJECT_TYPE_NUMBER, attributes)) + if (!s->meth->delete_object(s, STORE_OBJECT_TYPE_NUMBER, attributes, + parameters)) { STOREerr(STORE_F_STORE_DELETE_NUMBER, STORE_R_FAILED_DELETING_NUMBER); @@ -984,7 +1021,8 @@ int STORE_delete_number(STORE *s, OPENSSL_ITEM attributes[]) return 1; } -int store_arbitrary(STORE *s, BUF_MEM *data, OPENSSL_ITEM attributes[]) +int store_arbitrary(STORE *s, BUF_MEM *data, OPENSSL_ITEM attributes[], + OPENSSL_ITEM parameters[]) { STORE_OBJECT *object = STORE_OBJECT_new(); int i; @@ -1001,7 +1039,8 @@ int store_arbitrary(STORE *s, BUF_MEM *data, OPENSSL_ITEM attributes[]) object->data.arbitrary = data; - i = s->meth->store_object(s, STORE_OBJECT_TYPE_ARBITRARY, object, attributes); + i = s->meth->store_object(s, STORE_OBJECT_TYPE_ARBITRARY, object, + attributes, parameters); STORE_OBJECT_free(object); @@ -1014,7 +1053,8 @@ int store_arbitrary(STORE *s, BUF_MEM *data, OPENSSL_ITEM attributes[]) return 1; } -BUF_MEM *STORE_get_arbitrary(STORE *s, OPENSSL_ITEM attributes[]) +BUF_MEM *STORE_get_arbitrary(STORE *s, OPENSSL_ITEM attributes[], + OPENSSL_ITEM parameters[]) { STORE_OBJECT *object; BUF_MEM *b; @@ -1022,7 +1062,8 @@ BUF_MEM *STORE_get_arbitrary(STORE *s, OPENSSL_ITEM attributes[]) check_store(s,STORE_F_STORE_GET_ARBITRARY, get_object,STORE_R_NO_GET_OBJECT_ARBITRARY_FUNCTION); - object = s->meth->get_object(s, STORE_OBJECT_TYPE_ARBITRARY, attributes); + object = s->meth->get_object(s, STORE_OBJECT_TYPE_ARBITRARY, + attributes, parameters); if (!object || !object->data.arbitrary) { STOREerr(STORE_F_STORE_GET_ARBITRARY, @@ -1035,12 +1076,14 @@ BUF_MEM *STORE_get_arbitrary(STORE *s, OPENSSL_ITEM attributes[]) return b; } -int STORE_delete_arbitrary(STORE *s, OPENSSL_ITEM attributes[]) +int STORE_delete_arbitrary(STORE *s, OPENSSL_ITEM attributes[], + OPENSSL_ITEM parameters[]) { check_store(s,STORE_F_STORE_DELETE_ARBITRARY, delete_object,STORE_R_NO_DELETE_ARBITRARY_FUNCTION); - if (!s->meth->delete_object(s, STORE_OBJECT_TYPE_ARBITRARY, attributes)) + if (!s->meth->delete_object(s, STORE_OBJECT_TYPE_ARBITRARY, attributes, + parameters)) { STOREerr(STORE_F_STORE_DELETE_ARBITRARY, STORE_R_FAILED_DELETING_ARBITRARY); diff --git a/crypto/store/str_mem.c b/crypto/store/str_mem.c index 595f40397d..7480de0029 100644 --- a/crypto/store/str_mem.c +++ b/crypto/store/str_mem.c @@ -105,23 +105,27 @@ struct mem_ctx_st static int mem_init(STORE *s); static void mem_clean(STORE *s); static STORE_OBJECT *mem_generate(STORE *s, STORE_OBJECT_TYPES type, - OPENSSL_ITEM parameters[], OPENSSL_ITEM attributes[]); + OPENSSL_ITEM attributes[], OPENSSL_ITEM parameters[]); static STORE_OBJECT *mem_get(STORE *s, STORE_OBJECT_TYPES type, - OPENSSL_ITEM attributes[]); + OPENSSL_ITEM attributes[], OPENSSL_ITEM parameters[]); static int mem_store(STORE *s, STORE_OBJECT_TYPES type, - STORE_OBJECT *data, OPENSSL_ITEM attributes[]); + STORE_OBJECT *data, OPENSSL_ITEM attributes[], + OPENSSL_ITEM parameters[]); static int mem_modify(STORE *s, STORE_OBJECT_TYPES type, OPENSSL_ITEM search_attributes[], OPENSSL_ITEM add_attributes[], - OPENSSL_ITEM modify_attributes[], OPENSSL_ITEM delete_attributes[]); + OPENSSL_ITEM modify_attributes[], OPENSSL_ITEM delete_attributes[], + OPENSSL_ITEM parameters[]); static int mem_delete(STORE *s, STORE_OBJECT_TYPES type, - OPENSSL_ITEM attributes[]); + OPENSSL_ITEM attributes[], OPENSSL_ITEM parameters[]); static void *mem_list_start(STORE *s, STORE_OBJECT_TYPES type, - OPENSSL_ITEM attributes[]); + OPENSSL_ITEM attributes[], OPENSSL_ITEM parameters[]); static STORE_OBJECT *mem_list_next(STORE *s, void *handle); static int mem_list_end(STORE *s, void *handle); static int mem_list_endp(STORE *s, void *handle); -static int mem_lock(STORE *s, OPENSSL_ITEM attributes[]); -static int mem_unlock(STORE *s, OPENSSL_ITEM attributes[]); +static int mem_lock(STORE *s, OPENSSL_ITEM attributes[], + OPENSSL_ITEM parameters[]); +static int mem_unlock(STORE *s, OPENSSL_ITEM attributes[], + OPENSSL_ITEM parameters[]); static int mem_ctrl(STORE *s, int cmd, long l, void *p, void (*f)()); static STORE_METHOD store_memory = @@ -161,15 +165,15 @@ static void mem_clean(STORE *s) } static STORE_OBJECT *mem_generate(STORE *s, STORE_OBJECT_TYPES type, - OPENSSL_ITEM parameters[], OPENSSL_ITEM attributes[]) + OPENSSL_ITEM attributes[], OPENSSL_ITEM parameters[]) { STOREerr(STORE_F_MEM_GENERATE, STORE_R_NOT_IMPLEMENTED); return 0; } static STORE_OBJECT *mem_get(STORE *s, STORE_OBJECT_TYPES type, - OPENSSL_ITEM attributes[]) + OPENSSL_ITEM attributes[], OPENSSL_ITEM parameters[]) { - void *context = mem_list_start(s, type, attributes); + void *context = mem_list_start(s, type, attributes, parameters); if (context) { @@ -181,20 +185,22 @@ static STORE_OBJECT *mem_get(STORE *s, STORE_OBJECT_TYPES type, return NULL; } static int mem_store(STORE *s, STORE_OBJECT_TYPES type, - STORE_OBJECT *data, OPENSSL_ITEM attributes[]) + STORE_OBJECT *data, OPENSSL_ITEM attributes[], + OPENSSL_ITEM parameters[]) { STOREerr(STORE_F_MEM_STORE, STORE_R_NOT_IMPLEMENTED); return 0; } static int mem_modify(STORE *s, STORE_OBJECT_TYPES type, OPENSSL_ITEM search_attributes[], OPENSSL_ITEM add_attributes[], - OPENSSL_ITEM modify_attributes[], OPENSSL_ITEM delete_attributes[]) + OPENSSL_ITEM modify_attributes[], OPENSSL_ITEM delete_attributes[], + OPENSSL_ITEM parameters[]) { STOREerr(STORE_F_MEM_STORE, STORE_R_NOT_IMPLEMENTED); return 0; } static int mem_delete(STORE *s, STORE_OBJECT_TYPES type, - OPENSSL_ITEM attributes[]) + OPENSSL_ITEM attributes[], OPENSSL_ITEM parameters[]) { STOREerr(STORE_F_MEM_DELETE, STORE_R_NOT_IMPLEMENTED); return 0; @@ -208,7 +214,7 @@ static int mem_delete(STORE *s, STORE_OBJECT_TYPES type, of attribute bits above the starting point may match the searched for bit pattern...). */ static void *mem_list_start(STORE *s, STORE_OBJECT_TYPES type, - OPENSSL_ITEM attributes[]) + OPENSSL_ITEM attributes[], OPENSSL_ITEM parameters[]) { struct mem_ctx_st *context = (struct mem_ctx_st *)OPENSSL_malloc(sizeof(struct mem_ctx_st)); @@ -333,11 +339,13 @@ static int mem_list_endp(STORE *s, void *handle) return 1; return 0; } -static int mem_lock(STORE *s, OPENSSL_ITEM attributes[]) +static int mem_lock(STORE *s, OPENSSL_ITEM attributes[], + OPENSSL_ITEM parameters[]) { return 1; } -static int mem_unlock(STORE *s, OPENSSL_ITEM attributes[]) +static int mem_unlock(STORE *s, OPENSSL_ITEM attributes[], + OPENSSL_ITEM parameters[]) { return 1; } From bca52f7d4e3a7883594b253d085ed9034234c43a Mon Sep 17 00:00:00 2001 From: Richard Levitte Date: Wed, 7 May 2003 21:17:30 +0000 Subject: [PATCH 286/393] Define the two authentication parameter types for passphrase and Kerberos 5 authentications. --- crypto/store/store.h | 4 +++- 1 file changed, 3 insertions(+), 1 deletion(-) diff --git a/crypto/store/store.h b/crypto/store/store.h index 64a3f3dae6..5dba567c57 100644 --- a/crypto/store/store.h +++ b/crypto/store/store.h @@ -156,7 +156,9 @@ typedef enum STORE_params STORE_PARAM_BITS= 0x02, /* size_t */ STORE_PARAM_KEY_PARAMETERS= 0x03, /* ??? */ STORE_PARAM_KEY_NO_PARAMETERS= 0x04, /* N/A */ - STORE_PARAM_TYPE_NUM= 0x04 /* The amount of known + STORE_PARAM_AUTH_PASSPHRASE= 0x05, /* char * */ + STORE_PARAM_AUTH_KRB5_TICKET= 0x06, /* void * */ + STORE_PARAM_TYPE_NUM= 0x06 /* The amount of known parameter types */ } STORE_PARAM_TYPES; /* Parameter value sizes. -1 means unknown, anything else is the required size. */ From 727ef76ebde1283bbf18936e494b029f4fd59d48 Mon Sep 17 00:00:00 2001 From: "Dr. Stephen Henson" Date: Wed, 7 May 2003 23:20:58 +0000 Subject: [PATCH 287/393] Add correct DN entry for serialNumber. --- crypto/asn1/a_strnid.c | 5 ++++- 1 file changed, 4 insertions(+), 1 deletion(-) diff --git a/crypto/asn1/a_strnid.c b/crypto/asn1/a_strnid.c index aa49e9d7d0..613bbc4a7d 100644 --- a/crypto/asn1/a_strnid.c +++ b/crypto/asn1/a_strnid.c @@ -143,7 +143,7 @@ ASN1_STRING *ASN1_STRING_set_by_NID(ASN1_STRING **out, const unsigned char *in, /* Now the tables and helper functions for the string table: */ -/* size limits: this stuff is taken straight from RFC2459 */ +/* size limits: this stuff is taken straight from RFC3280 */ #define ub_name 32768 #define ub_common_name 64 @@ -153,6 +153,8 @@ ASN1_STRING *ASN1_STRING_set_by_NID(ASN1_STRING **out, const unsigned char *in, #define ub_organization_unit_name 64 #define ub_title 64 #define ub_email_address 128 +#define ub_serial_number 64 + /* This table must be kept in NID order */ @@ -170,6 +172,7 @@ static ASN1_STRING_TABLE tbl_standard[] = { {NID_givenName, 1, ub_name, DIRSTRING_TYPE, 0}, {NID_surname, 1, ub_name, DIRSTRING_TYPE, 0}, {NID_initials, 1, ub_name, DIRSTRING_TYPE, 0}, +{NID_serialNumber, 1, ub_serial_number, B_ASN1_PRINTABLESTRING, STABLE_NO_MASK}, {NID_friendlyName, -1, -1, B_ASN1_BMPSTRING, STABLE_NO_MASK}, {NID_name, 1, ub_name, DIRSTRING_TYPE, 0}, {NID_dnQualifier, -1, -1, B_ASN1_PRINTABLESTRING, STABLE_NO_MASK}, From c2dac35a02e47010b3dc501f07e31287cc3e252e Mon Sep 17 00:00:00 2001 From: "Dr. Stephen Henson" Date: Sun, 18 May 2003 23:10:46 +0000 Subject: [PATCH 288/393] Fix docs. --- doc/crypto/BIO_f_base64.pod | 5 ++--- 1 file changed, 2 insertions(+), 3 deletions(-) diff --git a/doc/crypto/BIO_f_base64.pod b/doc/crypto/BIO_f_base64.pod index fdb603b38e..929557d22f 100644 --- a/doc/crypto/BIO_f_base64.pod +++ b/doc/crypto/BIO_f_base64.pod @@ -55,16 +55,15 @@ to standard output: Read Base64 encoded data from standard input and write the decoded data to standard output: - BIO *bio, *b64, bio_out; + BIO *bio, *b64, *bio_out; char inbuf[512]; int inlen; - char message[] = "Hello World \n"; b64 = BIO_new(BIO_f_base64()); bio = BIO_new_fp(stdin, BIO_NOCLOSE); bio_out = BIO_new_fp(stdout, BIO_NOCLOSE); bio = BIO_push(b64, bio); - while((inlen = BIO_read(bio, inbuf, strlen(message))) > 0) + while((inlen = BIO_read(bio, inbuf, 512) > 0) BIO_write(bio_out, inbuf, inlen); BIO_free_all(bio); From 93c929e411e40bc8224e1a97a1656694940b1d64 Mon Sep 17 00:00:00 2001 From: "Dr. Stephen Henson" Date: Mon, 19 May 2003 21:28:49 +0000 Subject: [PATCH 289/393] The square brackets in BIO_s_bio.pod for some reason cause wml to bomb out with the error message: ** Slice:Error: Some slices were not closed: ** WML:Break: Error in Pass 9 (rc=1). ** WMK:Error: Error in WML (rc=256) As a workaround delete them for now. --- doc/crypto/BIO_s_bio.pod | 2 +- 1 file changed, 1 insertion(+), 1 deletion(-) diff --git a/doc/crypto/BIO_s_bio.pod b/doc/crypto/BIO_s_bio.pod index 8d0a55a025..592cab4bed 100644 --- a/doc/crypto/BIO_s_bio.pod +++ b/doc/crypto/BIO_s_bio.pod @@ -126,7 +126,7 @@ BIO_new_bio_pair() returns 1 on success, with the new BIOs available in B and B, or 0 on failure, with NULL pointers stored into the locations for B and B. Check the error stack for more information. -[XXXXX: More return values need to be added here] +XXXXX: More return values need to be added here =head1 EXAMPLE From 0239876511cccc827a1f662b5b4fdfc5d1864996 Mon Sep 17 00:00:00 2001 From: Richard Levitte Date: Mon, 19 May 2003 23:03:43 +0000 Subject: [PATCH 290/393] Remove certain functions --- crypto/engine/tb_store.c | 5 +++++ 1 file changed, 5 insertions(+) diff --git a/crypto/engine/tb_store.c b/crypto/engine/tb_store.c index 1466d85a41..6cc6d759d9 100644 --- a/crypto/engine/tb_store.c +++ b/crypto/engine/tb_store.c @@ -90,6 +90,8 @@ void ENGINE_register_all_STORE() ENGINE_register_STORE(e); } +/* The following two functions are removed because they're useless. */ +#if 0 int ENGINE_set_default_STORE(ENGINE *e) { if(e->store_meth) @@ -97,7 +99,9 @@ int ENGINE_set_default_STORE(ENGINE *e) engine_unregister_all_STORE, e, &dummy_nid, 1, 1); return 1; } +#endif +#if 0 /* Exposed API function to get a functional reference from the implementation * table (ie. try to get a functional reference from the tabled structural * references). */ @@ -105,6 +109,7 @@ ENGINE *ENGINE_get_default_STORE(void) { return engine_table_select(&store_table, dummy_nid); } +#endif /* Obtains an STORE implementation from an ENGINE functional reference */ const STORE_METHOD *ENGINE_get_STORE(const ENGINE *e) From f59c9419502287b12a7ae00c5df4113959bd4acf Mon Sep 17 00:00:00 2001 From: Richard Levitte Date: Mon, 19 May 2003 23:06:09 +0000 Subject: [PATCH 291/393] Make the function STORE_new_engine() public. --- crypto/store/store.h | 1 + 1 file changed, 1 insertion(+) diff --git a/crypto/store/store.h b/crypto/store/store.h index 5dba567c57..958252a634 100644 --- a/crypto/store/store.h +++ b/crypto/store/store.h @@ -84,6 +84,7 @@ typedef struct store_method_st STORE_METHOD; /* Creators and destructor. */ STORE *STORE_new_method(const STORE_METHOD *method); +STORE *STORE_new_engine(ENGINE *engine); void STORE_free(STORE *ui); From 164bc7dae8277221564a4f0161eb86e736541220 Mon Sep 17 00:00:00 2001 From: Richard Levitte Date: Tue, 20 May 2003 08:49:12 +0000 Subject: [PATCH 292/393] Some misspelled function names. --- crypto/store/str_lib.c | 16 ++++++---------- 1 file changed, 6 insertions(+), 10 deletions(-) diff --git a/crypto/store/str_lib.c b/crypto/store/str_lib.c index dbcf3a07bd..9f59398a68 100644 --- a/crypto/store/str_lib.c +++ b/crypto/store/str_lib.c @@ -258,7 +258,7 @@ X509 *STORE_get_certificate(STORE *s, OPENSSL_ITEM attributes[], return x; } -int store_certificate(STORE *s, X509 *data, OPENSSL_ITEM attributes[], +int STORE_store_certificate(STORE *s, X509 *data, OPENSSL_ITEM attributes[], OPENSSL_ITEM parameters[]) { STORE_OBJECT *object = STORE_OBJECT_new(); @@ -445,11 +445,7 @@ EVP_PKEY *STORE_get_private_key(STORE *s, OPENSSL_ITEM attributes[], REF_PRINT("EVP_PKEY",data); #endif pkey = object->data.key; - STORE_OBJECT_free(object); - return pkey; - } - -int store_private_key(STORE *s, EVP_PKEY *data, OPENSSL_ITEM attributes[], + STORE_OBJECT_free(object);TORE *s, EVP_PKEY *data, OPENSSL_ITEM attributes[], OPENSSL_ITEM parameters[]) { STORE_OBJECT *object = STORE_OBJECT_new(); @@ -625,7 +621,7 @@ EVP_PKEY *STORE_get_public_key(STORE *s, OPENSSL_ITEM attributes[], return pkey; } -int store_public_key(STORE *s, EVP_PKEY *data, OPENSSL_ITEM attributes[], +int STORE_store_public_key(STORE *s, EVP_PKEY *data, OPENSSL_ITEM attributes[], OPENSSL_ITEM parameters[]) { STORE_OBJECT *object = STORE_OBJECT_new(); @@ -827,7 +823,7 @@ X509_CRL *STORE_get_crl(STORE *s, OPENSSL_ITEM attributes[], return crl; } -int store_crl(STORE *s, X509_CRL *data, OPENSSL_ITEM attributes[], +int STORE_store_crl(STORE *s, X509_CRL *data, OPENSSL_ITEM attributes[], OPENSSL_ITEM parameters[]) { STORE_OBJECT *object = STORE_OBJECT_new(); @@ -950,7 +946,7 @@ int STORE_list_crl_endp(STORE *s, void *handle) return 1; } -int store_number(STORE *s, BIGNUM *data, OPENSSL_ITEM attributes[], +int STORE_store_number(STORE *s, BIGNUM *data, OPENSSL_ITEM attributes[], OPENSSL_ITEM parameters[]) { STORE_OBJECT *object = STORE_OBJECT_new(); @@ -1021,7 +1017,7 @@ int STORE_delete_number(STORE *s, OPENSSL_ITEM attributes[], return 1; } -int store_arbitrary(STORE *s, BUF_MEM *data, OPENSSL_ITEM attributes[], +int STORE_store_arbitrary(STORE *s, BUF_MEM *data, OPENSSL_ITEM attributes[], OPENSSL_ITEM parameters[]) { STORE_OBJECT *object = STORE_OBJECT_new(); From 9acef3bbd73090731487ea0011db17f3982779d5 Mon Sep 17 00:00:00 2001 From: Richard Levitte Date: Tue, 20 May 2003 08:50:18 +0000 Subject: [PATCH 293/393] Misspelled functions. --- crypto/store/str_meth.c | 12 ++++++------ 1 file changed, 6 insertions(+), 6 deletions(-) diff --git a/crypto/store/str_meth.c b/crypto/store/str_meth.c index ad6708a12f..e1c39bf06a 100644 --- a/crypto/store/str_meth.c +++ b/crypto/store/str_meth.c @@ -129,19 +129,19 @@ int STORE_method_set_list_end_function(STORE_METHOD *sm, STORE_END_OBJECT_FUNC_P return 1; } -int STORE_method_set_update_function(STORE_METHOD *sm, STORE_GENERIC_FUNC_PTR update_f) +int STORE_method_set_update_store_function(STORE_METHOD *sm, STORE_GENERIC_FUNC_PTR update_f) { sm->update_store = update_f; return 1; } -int STORE_method_set_lock_function(STORE_METHOD *sm, STORE_GENERIC_FUNC_PTR lock_f) +int STORE_method_set_lock_store_function(STORE_METHOD *sm, STORE_GENERIC_FUNC_PTR lock_f) { sm->lock_store = lock_f; return 1; } -int STORE_method_set_unlock_function(STORE_METHOD *sm, STORE_GENERIC_FUNC_PTR unlock_f) +int STORE_method_set_unlock_store_function(STORE_METHOD *sm, STORE_GENERIC_FUNC_PTR unlock_f) { sm->unlock_store = unlock_f; return 1; @@ -193,17 +193,17 @@ STORE_END_OBJECT_FUNC_PTR STORE_method_get_list_end_function(STORE_METHOD *sm) return sm->list_object_end; } -STORE_GENERIC_FUNC_PTR STORE_method_get_update_function(STORE_METHOD *sm) +STORE_GENERIC_FUNC_PTR STORE_method_get_update_store_function(STORE_METHOD *sm) { return sm->update_store; } -STORE_GENERIC_FUNC_PTR STORE_method_get_lock_function(STORE_METHOD *sm) +STORE_GENERIC_FUNC_PTR STORE_method_get_lock_store_function(STORE_METHOD *sm) { return sm->lock_store; } -STORE_GENERIC_FUNC_PTR STORE_method_get_unlock_function(STORE_METHOD *sm) +STORE_GENERIC_FUNC_PTR STORE_method_get_unlock_store_function(STORE_METHOD *sm) { return sm->unlock_store; } From 11ce33a71d24841b5f9fd780dd4c30797c7166c3 Mon Sep 17 00:00:00 2001 From: Richard Levitte Date: Tue, 20 May 2003 08:59:37 +0000 Subject: [PATCH 294/393] make update --- util/libeay.num | 5 +++++ 1 file changed, 5 insertions(+) diff --git a/util/libeay.num b/util/libeay.num index a95a12a461..495b8bc6b9 100755 --- a/util/libeay.num +++ b/util/libeay.num @@ -3139,3 +3139,8 @@ STORE_method_set_lock_store_function 3568 EXIST::FUNCTION: STORE_list_certificate_endp 3569 EXIST::FUNCTION: STORE_method_get_list_end_function 3570 EXIST::FUNCTION: STORE_new_method 3571 EXIST::FUNCTION: +STORE_modify_arbitrary 3572 EXIST::FUNCTION: +STORE_get_arbitrary 3573 EXIST::FUNCTION: +STORE_delete_arbitrary 3574 EXIST::FUNCTION: +STORE_store_arbitrary 3575 EXIST::FUNCTION: +STORE_new_engine 3576 EXIST::FUNCTION: From 31939f154484b9dab8a2700b1f9ea0f1213d9db0 Mon Sep 17 00:00:00 2001 From: Richard Levitte Date: Tue, 20 May 2003 09:00:59 +0000 Subject: [PATCH 295/393] I don't remember what my thinking was with str_compat.h. Maybe it'll come back to me... --- crypto/store/Makefile.ssl | 3 ++- 1 file changed, 2 insertions(+), 1 deletion(-) diff --git a/crypto/store/Makefile.ssl b/crypto/store/Makefile.ssl index 3bfb2a619d..8c73403ccb 100644 --- a/crypto/store/Makefile.ssl +++ b/crypto/store/Makefile.ssl @@ -29,7 +29,8 @@ LIBOBJ= str_err.o str_lib.o str_meth.o str_mem.o SRC= $(LIBSRC) -EXHEADER= store.h str_compat.h +#EXHEADER= store.h str_compat.h +EXHEADER= store.h HEADER= $(EXHEADER) str_locl.h ALL= $(GENERAL) $(SRC) $(HEADER) From d9a2a89a17869cba4446b6d5437005871e325a10 Mon Sep 17 00:00:00 2001 From: Richard Levitte Date: Wed, 21 May 2003 06:50:51 +0000 Subject: [PATCH 296/393] I have no idea how I cut away that piece of text... --- crypto/store/str_lib.c | 6 +++++- 1 file changed, 5 insertions(+), 1 deletion(-) diff --git a/crypto/store/str_lib.c b/crypto/store/str_lib.c index 9f59398a68..a9f302b2c0 100644 --- a/crypto/store/str_lib.c +++ b/crypto/store/str_lib.c @@ -445,7 +445,11 @@ EVP_PKEY *STORE_get_private_key(STORE *s, OPENSSL_ITEM attributes[], REF_PRINT("EVP_PKEY",data); #endif pkey = object->data.key; - STORE_OBJECT_free(object);TORE *s, EVP_PKEY *data, OPENSSL_ITEM attributes[], + STORE_OBJECT_free(object); + return pkey; + } + +int STORE_store_private_key(STORE *s, EVP_PKEY *data, OPENSSL_ITEM attributes[], OPENSSL_ITEM parameters[]) { STORE_OBJECT *object = STORE_OBJECT_new(); From 513c01a591d2c55e61006c1e8f26c16e9dc55307 Mon Sep 17 00:00:00 2001 From: Richard Levitte Date: Wed, 21 May 2003 08:40:06 +0000 Subject: [PATCH 297/393] Make sure EC_window_bits_for_scalar_size() returns a size_t --- crypto/ec/ec_mult.c | 13 +++++++------ 1 file changed, 7 insertions(+), 6 deletions(-) diff --git a/crypto/ec/ec_mult.c b/crypto/ec/ec_mult.c index c71a69ac0d..236b66c18a 100644 --- a/crypto/ec/ec_mult.c +++ b/crypto/ec/ec_mult.c @@ -307,12 +307,13 @@ static signed char *compute_wNAF(const BIGNUM *scalar, int w, size_t *ret_len) * (thus the boundaries should be increased) */ #define EC_window_bits_for_scalar_size(b) \ - ((b) >= 2000 ? 6 : \ - (b) >= 800 ? 5 : \ - (b) >= 300 ? 4 : \ - (b) >= 70 ? 3 : \ - (b) >= 20 ? 2 : \ - 1) + ((size_t) \ + ((b) >= 2000 ? 6 : \ + (b) >= 800 ? 5 : \ + (b) >= 300 ? 4 : \ + (b) >= 70 ? 3 : \ + (b) >= 20 ? 2 : \ + 1)) /* Compute * \sum scalars[i]*points[i], From 163f5b236ca1161ad08d9820bebb25290720613c Mon Sep 17 00:00:00 2001 From: Richard Levitte Date: Wed, 21 May 2003 14:21:26 +0000 Subject: [PATCH 298/393] Correct signedness --- crypto/ec/ec2_mult.c | 3 ++- 1 file changed, 2 insertions(+), 1 deletion(-) diff --git a/crypto/ec/ec2_mult.c b/crypto/ec/ec2_mult.c index a0effa95ad..a0ee7c152f 100644 --- a/crypto/ec/ec2_mult.c +++ b/crypto/ec/ec2_mult.c @@ -315,7 +315,8 @@ int ec_GF2m_simple_mul(const EC_GROUP *group, EC_POINT *r, const BIGNUM *scalar, size_t num, const EC_POINT *points[], const BIGNUM *scalars[], BN_CTX *ctx) { BN_CTX *new_ctx = NULL; - int ret = 0, i; + int ret = 0; + size_t i; EC_POINT *p=NULL; if (ctx == NULL) From 83743ad039abfd599595aad161054b072b8609bd Mon Sep 17 00:00:00 2001 From: Richard Levitte Date: Wed, 21 May 2003 14:29:13 +0000 Subject: [PATCH 299/393] Fix sign bugs. PR: 621 --- crypto/asn1/a_strex.c | 2 +- crypto/bio/b_print.c | 2 +- crypto/bn/bn_mul.c | 2 +- 3 files changed, 3 insertions(+), 3 deletions(-) diff --git a/crypto/asn1/a_strex.c b/crypto/asn1/a_strex.c index 1def6c6549..8abfdfe598 100644 --- a/crypto/asn1/a_strex.c +++ b/crypto/asn1/a_strex.c @@ -279,7 +279,7 @@ static int do_dump(unsigned long lflags, char_io *io_ch, void *arg, ASN1_STRING * otherwise it is the number of bytes per character */ -const static char tag2nbyte[] = { +const static signed char tag2nbyte[] = { -1, -1, -1, -1, -1, /* 0-4 */ -1, -1, -1, -1, -1, /* 5-9 */ -1, -1, 0, -1, /* 10-13 */ diff --git a/crypto/bio/b_print.c b/crypto/bio/b_print.c index a9e552f245..2cfc689dd6 100644 --- a/crypto/bio/b_print.c +++ b/crypto/bio/b_print.c @@ -836,5 +836,5 @@ int BIO_vsnprintf(char *buf, size_t n, const char *format, va_list args) * had the buffer been large enough.) */ return -1; else - return (retlen <= INT_MAX) ? retlen : -1; + return (retlen <= INT_MAX) ? (int)retlen : -1; } diff --git a/crypto/bn/bn_mul.c b/crypto/bn/bn_mul.c index bfd7f680c9..4c413b3a52 100644 --- a/crypto/bn/bn_mul.c +++ b/crypto/bn/bn_mul.c @@ -549,7 +549,7 @@ void bn_mul_part_recursive(BN_ULONG *r, BN_ULONG *a, BN_ULONG *b, int n, int tna, int tnb, BN_ULONG *t) { int i,j,n2=n*2; - unsigned int c1,c2,neg,zero; + int c1,c2,neg,zero; BN_ULONG ln,lo,*p; # ifdef BN_COUNT From edd55d08f5e018e04a24fba7723aec8619a3c581 Mon Sep 17 00:00:00 2001 From: Richard Levitte Date: Fri, 23 May 2003 09:08:59 +0000 Subject: [PATCH 300/393] Brackets are now allowed, after a small hack in the processing of the docs-on-web. --- doc/crypto/BIO_s_bio.pod | 2 +- 1 file changed, 1 insertion(+), 1 deletion(-) diff --git a/doc/crypto/BIO_s_bio.pod b/doc/crypto/BIO_s_bio.pod index 592cab4bed..8d0a55a025 100644 --- a/doc/crypto/BIO_s_bio.pod +++ b/doc/crypto/BIO_s_bio.pod @@ -126,7 +126,7 @@ BIO_new_bio_pair() returns 1 on success, with the new BIOs available in B and B, or 0 on failure, with NULL pointers stored into the locations for B and B. Check the error stack for more information. -XXXXX: More return values need to be added here +[XXXXX: More return values need to be added here] =head1 EXAMPLE From f5f7dffdd11389a58aa18ff00ae9de0189d307de Mon Sep 17 00:00:00 2001 From: Richard Levitte Date: Wed, 28 May 2003 10:34:29 +0000 Subject: [PATCH 301/393] Make sure to compare unsigned against unsigned. --- crypto/bn/bn_mul.c | 2 +- 1 file changed, 1 insertion(+), 1 deletion(-) diff --git a/crypto/bn/bn_mul.c b/crypto/bn/bn_mul.c index 4c413b3a52..6b633b90b0 100644 --- a/crypto/bn/bn_mul.c +++ b/crypto/bn/bn_mul.c @@ -706,7 +706,7 @@ void bn_mul_part_recursive(BN_ULONG *r, BN_ULONG *a, BN_ULONG *b, int n, /* The overflow will stop before we over write * words we should not overwrite */ - if (ln < c1) + if (ln < (BN_ULONG)c1) { do { p++; From e19d0ef068ab6f7bb9ae36aba61f9384bec21b07 Mon Sep 17 00:00:00 2001 From: "Dr. Stephen Henson" Date: Wed, 28 May 2003 16:57:08 +0000 Subject: [PATCH 302/393] PR: 631 Submitted by: Doug Sauder Fix bug in X509V3_get_d2i() when idx in not NULL. --- crypto/x509v3/v3_lib.c | 1 + 1 file changed, 1 insertion(+) diff --git a/crypto/x509v3/v3_lib.c b/crypto/x509v3/v3_lib.c index 482ca8ccf5..ca5a4a4a57 100644 --- a/crypto/x509v3/v3_lib.c +++ b/crypto/x509v3/v3_lib.c @@ -202,6 +202,7 @@ void *X509V3_get_d2i(STACK_OF(X509_EXTENSION) *x, int nid, int *crit, int *idx) if(OBJ_obj2nid(ex->object) == nid) { if(idx) { *idx = i; + found_ex = ex; break; } else if(found_ex) { /* Found more than one */ From 60790aff6fc085b76e671ef63d31d6d6dd02355d Mon Sep 17 00:00:00 2001 From: "Dr. Stephen Henson" Date: Wed, 28 May 2003 17:28:11 +0000 Subject: [PATCH 303/393] PR: 627 Allocate certificatePolicies correctly if CPS field is absent. Fix various memory leaks in certificatePolicies. --- crypto/x509v3/v3_cpols.c | 24 ++++++++++++------------ 1 file changed, 12 insertions(+), 12 deletions(-) diff --git a/crypto/x509v3/v3_cpols.c b/crypto/x509v3/v3_cpols.c index 0d4ab1f680..0d554f3a2c 100644 --- a/crypto/x509v3/v3_cpols.c +++ b/crypto/x509v3/v3_cpols.c @@ -73,7 +73,7 @@ static POLICYINFO *policy_section(X509V3_CTX *ctx, STACK_OF(CONF_VALUE) *polstrs, int ia5org); static POLICYQUALINFO *notice_section(X509V3_CTX *ctx, STACK_OF(CONF_VALUE) *unot, int ia5org); -static STACK_OF(ASN1_INTEGER) *nref_nos(STACK_OF(CONF_VALUE) *nos); +static int nref_nos(STACK_OF(ASN1_INTEGER) *nnums, STACK_OF(CONF_VALUE) *nos); X509V3_EXT_METHOD v3_cpols = { NID_certificate_policies, 0,ASN1_ITEM_ref(CERTIFICATEPOLICIES), @@ -226,6 +226,8 @@ static POLICYINFO *policy_section(X509V3_CTX *ctx, qual = notice_section(ctx, unot, ia5org); X509V3_section_free(ctx, unot); if(!qual) goto err; + if(!pol->qualifiers) pol->qualifiers = + sk_POLICYQUALINFO_new_null(); if(!sk_POLICYQUALINFO_push(pol->qualifiers, qual)) goto merr; } else { @@ -255,7 +257,7 @@ static POLICYINFO *policy_section(X509V3_CTX *ctx, static POLICYQUALINFO *notice_section(X509V3_CTX *ctx, STACK_OF(CONF_VALUE) *unot, int ia5org) { - int i; + int i, ret; CONF_VALUE *cnf; USERNOTICE *not; POLICYQUALINFO *qual; @@ -275,8 +277,8 @@ static POLICYQUALINFO *notice_section(X509V3_CTX *ctx, if(!(nref = NOTICEREF_new())) goto merr; not->noticeref = nref; } else nref = not->noticeref; - if(ia5org) nref->organization = M_ASN1_IA5STRING_new(); - else nref->organization = M_ASN1_VISIBLESTRING_new(); + if(ia5org) nref->organization->type = V_ASN1_IA5STRING; + else nref->organization->type = V_ASN1_VISIBLESTRING; if(!ASN1_STRING_set(nref->organization, cnf->value, strlen(cnf->value))) goto merr; } else if(!strcmp(cnf->name, "noticeNumbers")) { @@ -292,12 +294,12 @@ static POLICYQUALINFO *notice_section(X509V3_CTX *ctx, X509V3_conf_err(cnf); goto err; } - nref->noticenos = nref_nos(nos); + ret = nref_nos(nref->noticenos, nos); sk_CONF_VALUE_pop_free(nos, X509V3_conf_free); - if(!nref->noticenos) goto err; + if (!ret) + goto err; } else { X509V3err(X509V3_F_NOTICE_SECTION,X509V3_R_INVALID_OPTION); - X509V3_conf_err(cnf); goto err; } @@ -319,15 +321,13 @@ static POLICYQUALINFO *notice_section(X509V3_CTX *ctx, return NULL; } -static STACK_OF(ASN1_INTEGER) *nref_nos(STACK_OF(CONF_VALUE) *nos) +static int nref_nos(STACK_OF(ASN1_INTEGER) *nnums, STACK_OF(CONF_VALUE) *nos) { - STACK_OF(ASN1_INTEGER) *nnums; CONF_VALUE *cnf; ASN1_INTEGER *aint; int i; - if(!(nnums = sk_ASN1_INTEGER_new_null())) goto merr; for(i = 0; i < sk_CONF_VALUE_num(nos); i++) { cnf = sk_CONF_VALUE_value(nos, i); if(!(aint = s2i_ASN1_INTEGER(NULL, cnf->name))) { @@ -336,14 +336,14 @@ static STACK_OF(ASN1_INTEGER) *nref_nos(STACK_OF(CONF_VALUE) *nos) } if(!sk_ASN1_INTEGER_push(nnums, aint)) goto merr; } - return nnums; + return 1; merr: X509V3err(X509V3_F_NOTICE_SECTION,ERR_R_MALLOC_FAILURE); err: sk_ASN1_INTEGER_pop_free(nnums, ASN1_STRING_free); - return NULL; + return 0; } From 83b4f49c0a96ac43e8554b32fc1a6850041032f2 Mon Sep 17 00:00:00 2001 From: =?UTF-8?q?Lutz=20J=C3=A4nicke?= Date: Wed, 28 May 2003 19:56:46 +0000 Subject: [PATCH 304/393] Move header file inclusion to prevent irritation of users forgetting to call "make depend" after enabling or disabling ciphers... Submitted by: Tal Mozes PR: #628 --- crypto/md2/md2test.c | 2 +- 1 file changed, 1 insertion(+), 1 deletion(-) diff --git a/crypto/md2/md2test.c b/crypto/md2/md2test.c index 901d0a7d8e..9c1e28b6ce 100644 --- a/crypto/md2/md2test.c +++ b/crypto/md2/md2test.c @@ -59,7 +59,6 @@ #include #include #include -#include #include "../e_os.h" @@ -71,6 +70,7 @@ int main(int argc, char *argv[]) } #else #include +#include #ifdef CHARSET_EBCDIC #include From 4f17dfcd752221fc7515d55642cacd9aa6d1d0af Mon Sep 17 00:00:00 2001 From: =?UTF-8?q?Lutz=20J=C3=A4nicke?= Date: Wed, 28 May 2003 20:24:57 +0000 Subject: [PATCH 305/393] Add minimum POP3 STLS hack to s_client.c (as was provided for STARTTLS before) Submitted by: dg@sunet.ru (Daniel Ginsburg) PR: #613 --- apps/s_client.c | 20 ++++++++++++++------ doc/apps/s_client.pod | 2 +- 2 files changed, 15 insertions(+), 7 deletions(-) diff --git a/apps/s_client.c b/apps/s_client.c index 2e73f34676..74d578d6be 100644 --- a/apps/s_client.c +++ b/apps/s_client.c @@ -221,7 +221,7 @@ static void sc_usage(void) BIO_printf(bio_err," -starttls prot - use the STARTTLS command before starting TLS\n"); BIO_printf(bio_err," for those protocols that support it, where\n"); BIO_printf(bio_err," 'prot' defines which one to assume. Currently,\n"); - BIO_printf(bio_err," only \"smtp\" is supported.\n"); + BIO_printf(bio_err," only \"smtp\" and \"pop3\" are supported.\n"); #ifndef OPENSSL_NO_ENGINE BIO_printf(bio_err," -engine id - Initialise and use the specified engine\n"); #endif @@ -251,7 +251,7 @@ int MAIN(int argc, char **argv) int write_tty,read_tty,write_ssl,read_ssl,tty_on,ssl_pending; SSL_CTX *ctx=NULL; int ret=1,in_init=1,i,nbio_test=0; - int smtp_starttls = 0; + int starttls_proto = 0; int prexit = 0, vflags = 0; SSL_METHOD *meth=NULL; BIO *sbio; @@ -415,7 +415,9 @@ int MAIN(int argc, char **argv) if (--argc < 1) goto bad; ++argv; if (strcmp(*argv,"smtp") == 0) - smtp_starttls = 1; + starttls_proto = 1; + else if (strcmp(*argv,"pop3") == 0) + starttls_proto = 2; else goto bad; } @@ -587,12 +589,18 @@ re_start: sbuf_off=0; /* This is an ugly hack that does a lot of assumptions */ - if (smtp_starttls) + if (starttls_proto == 1) { BIO_read(sbio,mbuf,BUFSIZZ); BIO_printf(sbio,"STARTTLS\r\n"); BIO_read(sbio,sbuf,BUFSIZZ); } + if (starttls_proto == 2) + { + BIO_read(sbio,mbuf,BUFSIZZ); + BIO_printf(sbio,"STLS\r\n"); + BIO_read(sbio,sbuf,BUFSIZZ); + } for (;;) { @@ -613,11 +621,11 @@ re_start: print_stuff(bio_c_out,con,full_log); if (full_log > 0) full_log--; - if (smtp_starttls) + if (starttls_proto) { BIO_printf(bio_err,"%s",mbuf); /* We don't need to know any more */ - smtp_starttls = 0; + starttls_proto = 0; } if (reconnect) diff --git a/doc/apps/s_client.pod b/doc/apps/s_client.pod index 47dc93cb3f..d061326c1f 100644 --- a/doc/apps/s_client.pod +++ b/doc/apps/s_client.pod @@ -168,7 +168,7 @@ command for more information. send the protocol-specific message(s) to switch to TLS for communication. B is a keyword for the intended protocol. Currently, the only -supported keyword is "smtp". +supported keywords are "smtp" and "pop3". =item B<-engine id> From f7f8d82aaa4403d429064ab0bb1ae5ed4e0e617b Mon Sep 17 00:00:00 2001 From: Richard Levitte Date: Thu, 29 May 2003 20:59:38 +0000 Subject: [PATCH 306/393] PR: 630 Avoid looking outside the key_data array. --- crypto/des/destest.c | 2 +- 1 file changed, 1 insertion(+), 1 deletion(-) diff --git a/crypto/des/destest.c b/crypto/des/destest.c index 687c00c792..3983ac8e5f 100644 --- a/crypto/des/destest.c +++ b/crypto/des/destest.c @@ -431,7 +431,7 @@ int main(int argc, char *argv[]) #ifndef LIBDES_LIT printf("Doing ede ecb\n"); - for (i=0; i<(NUM_TESTS-1); i++) + for (i=0; i<(NUM_TESTS-2); i++) { DES_set_key_unchecked(&key_data[i],&ks); DES_set_key_unchecked(&key_data[i+1],&ks2); From 01fc834bc953d4ca127af3accea02fc0bc26b86a Mon Sep 17 00:00:00 2001 From: Richard Levitte Date: Thu, 29 May 2003 22:20:47 +0000 Subject: [PATCH 307/393] Have ASFLAGS be defined the same way as CFLAGS --- Makefile.org | 4 ++-- crypto/bn/Makefile.ssl | 1 + crypto/md5/Makefile.ssl | 3 ++- 3 files changed, 5 insertions(+), 3 deletions(-) diff --git a/Makefile.org b/Makefile.org index 02cad4dfac..141956adf5 100644 --- a/Makefile.org +++ b/Makefile.org @@ -78,7 +78,7 @@ MAKEDEPPROG=makedepend # gcc, then the driver will automatically translate it to -xarch=v8plus # and pass it down to assembler. AS=$(CC) -c -ASFLAGS=$(CFLAG) +ASFLAG=$(CFLAG) # Set BN_ASM to bn_asm.o if you want to use the C version BN_ASM= bn_asm.o @@ -219,7 +219,7 @@ all: Makefile.ssl build_all openssl.pc BUILD_CMD=if echo " $(DIRS) " | grep " $$i " >/dev/null 2>/dev/null; then \ if [ -d "$$i" ]; then \ (cd $$i && echo "making all in $$i..." && \ - $(MAKE) CC='${CC}' PLATFORM='${PLATFORM}' CFLAG='${CFLAG}' AS='${AS}' ASFLAGS='${ASFLAGS}' SDIRS='$(SDIRS)' INSTALLTOP='${INSTALLTOP}' PEX_LIBS='${PEX_LIBS}' EX_LIBS='${EX_LIBS}' BN_ASM='${BN_ASM}' DES_ENC='${DES_ENC}' BF_ENC='${BF_ENC}' CAST_ENC='${CAST_ENC}' RC4_ENC='${RC4_ENC}' RC5_ENC='${RC5_ENC}' SHA1_ASM_OBJ='${SHA1_ASM_OBJ}' MD5_ASM_OBJ='${MD5_ASM_OBJ}' RMD160_ASM_OBJ='${RMD160_ASM_OBJ}' AR='${AR}' PROCESSOR='${PROCESSOR}' PERL='${PERL}' RANLIB='${RANLIB}' KRB5_INCLUDES='${KRB5_INCLUDES}' LIBKRB5='${LIBKRB5}' EXE_EXT='${EXE_EXT}' SHARED_LIBS='${SHARED_LIBS}' SHLIB_EXT='${SHLIB_EXT}' SHLIB_TARGET='${SHLIB_TARGET}' all ) || exit 1; \ + $(MAKE) CC='${CC}' PLATFORM='${PLATFORM}' CFLAG='${CFLAG}' AS='${AS}' ASFLAG='${ASFLAG}' SDIRS='$(SDIRS)' INSTALLTOP='${INSTALLTOP}' PEX_LIBS='${PEX_LIBS}' EX_LIBS='${EX_LIBS}' BN_ASM='${BN_ASM}' DES_ENC='${DES_ENC}' BF_ENC='${BF_ENC}' CAST_ENC='${CAST_ENC}' RC4_ENC='${RC4_ENC}' RC5_ENC='${RC5_ENC}' SHA1_ASM_OBJ='${SHA1_ASM_OBJ}' MD5_ASM_OBJ='${MD5_ASM_OBJ}' RMD160_ASM_OBJ='${RMD160_ASM_OBJ}' AR='${AR}' PROCESSOR='${PROCESSOR}' PERL='${PERL}' RANLIB='${RANLIB}' KRB5_INCLUDES='${KRB5_INCLUDES}' LIBKRB5='${LIBKRB5}' EXE_EXT='${EXE_EXT}' SHARED_LIBS='${SHARED_LIBS}' SHLIB_EXT='${SHLIB_EXT}' SHLIB_TARGET='${SHLIB_TARGET}' all ) || exit 1; \ else \ $(MAKE) $$i; \ fi; fi diff --git a/crypto/bn/Makefile.ssl b/crypto/bn/Makefile.ssl index c109411d4b..d762ae7b4f 100644 --- a/crypto/bn/Makefile.ssl +++ b/crypto/bn/Makefile.ssl @@ -22,6 +22,7 @@ BN_ASM= bn_asm.o #BN_ASM= bn86-elf.o CFLAGS= $(INCLUDES) $(CFLAG) +ASFLAGS= $(INCLUDES) $(ASFLAG) GENERAL=Makefile TEST=bntest.c exptest.c diff --git a/crypto/md5/Makefile.ssl b/crypto/md5/Makefile.ssl index 56cab5d882..2d4df972ff 100644 --- a/crypto/md5/Makefile.ssl +++ b/crypto/md5/Makefile.ssl @@ -6,7 +6,7 @@ DIR= md5 TOP= ../.. CC= cc CPP= $(CC) -E -INCLUDES= +INCLUDES=-I.. -I$(TOP) -I../../include CFLAG=-g INSTALL_PREFIX= OPENSSLDIR= /usr/local/ssl @@ -20,6 +20,7 @@ AR= ar r MD5_ASM_OBJ= CFLAGS= $(INCLUDES) $(CFLAG) +ASFLAGS= $(INCLUDES) $(ASFLAG) GENERAL=Makefile TEST=md5test.c From c4d471552f6292ea783833c2340c7fe2eb858f9e Mon Sep 17 00:00:00 2001 From: Richard Levitte Date: Thu, 29 May 2003 22:22:30 +0000 Subject: [PATCH 308/393] Include openssl/e_os.h so OPENSSL_SYSNAME_ULTRASPARC and other configuration macros get properly defined. --- crypto/md5/asm/md5-sparcv9.S | 4 +++- 1 file changed, 3 insertions(+), 1 deletion(-) diff --git a/crypto/md5/asm/md5-sparcv9.S b/crypto/md5/asm/md5-sparcv9.S index a599ed5660..db45aa4c97 100644 --- a/crypto/md5/asm/md5-sparcv9.S +++ b/crypto/md5/asm/md5-sparcv9.S @@ -34,10 +34,12 @@ * * or if above fails (it does if you have gas): * - * gcc -E -DULTRASPARC -DMD5_BLOCK_DATA_ORDER md5_block.sparc.S | \ + * gcc -E -DOPENSSL_SYSNAMEULTRASPARC -DMD5_BLOCK_DATA_ORDER md5_block.sparc.S | \ * as -xarch=v8plus /dev/fd/0 -o md5-sparcv9.o */ +#include + #define A %o0 #define B %o1 #define C %o2 From 02b95b7499f29f1c0118afce26b25f15c6720318 Mon Sep 17 00:00:00 2001 From: =?UTF-8?q?Lutz=20J=C3=A4nicke?= Date: Fri, 30 May 2003 07:45:07 +0000 Subject: [PATCH 309/393] Clarify ordering of certificates when using certificate chains --- doc/ssl/SSL_CTX_use_certificate.pod | 4 +++- 1 file changed, 3 insertions(+), 1 deletion(-) diff --git a/doc/ssl/SSL_CTX_use_certificate.pod b/doc/ssl/SSL_CTX_use_certificate.pod index b8868f18bf..ea2faba3ec 100644 --- a/doc/ssl/SSL_CTX_use_certificate.pod +++ b/doc/ssl/SSL_CTX_use_certificate.pod @@ -68,7 +68,9 @@ should be preferred. SSL_CTX_use_certificate_chain_file() loads a certificate chain from B into B. The certificates must be in PEM format and must -be sorted starting with the certificate to the highest level (root CA). +be sorted starting with the subject's certificate (actual client or server +certificate), followed by intermediate CA certificates if applicable, and +ending at the highest level (root) CA. There is no corresponding function working on a single SSL object. SSL_CTX_use_PrivateKey() adds B as private key to B. From beab098d5385850baa600d5788b2b8549f962c5e Mon Sep 17 00:00:00 2001 From: "Dr. Stephen Henson" Date: Sun, 1 Jun 2003 20:51:58 +0000 Subject: [PATCH 310/393] Various S/MIME bug and compatibility fixes. --- CHANGES | 14 +++++++++-- apps/smime.c | 4 ++++ crypto/pkcs7/pk7_doit.c | 5 ++++ crypto/pkcs7/pk7_mime.c | 51 +++++++++++++++++++++++++++-------------- crypto/pkcs7/pkcs7.h | 4 +++- 5 files changed, 58 insertions(+), 20 deletions(-) diff --git a/CHANGES b/CHANGES index a840284622..1d279103dc 100644 --- a/CHANGES +++ b/CHANGES @@ -2,7 +2,7 @@ OpenSSL CHANGES _______________ - Changes between 0.9.7a and 0.9.8 [xx XXX xxxx] + Changes between 0.9.7c and 0.9.8 [xx XXX xxxx] *) Add support for STORE in ENGINE. [Richard Levitte] @@ -533,7 +533,17 @@ differing sizes. [Richard Levitte] - Changes between 0.9.7a and 0.9.7b [xx XXX 2003] + Changes between 0.9.7b and 0.9.7c [xx XXX 2003] + + *) Various S/MIME bugfixes and compatibility changes: + output correct application/pkcs7 MIME type if + PKCS7_NOOLDMIMETYPE is set. Tolerate some broken signatures. + Output CR+LF for EOL if PKCS7_CRLFEOL is set (this makes opening + of files as .eml work). Correctly handle very long lines in MIME + parser. + [Steve Henson] + + Changes between 0.9.7a and 0.9.7b [10 Apr 2003] *) Countermeasure against the Klima-Pokorny-Rosa extension of Bleichbacher's attack on PKCS #1 v1.5 padding: treat diff --git a/apps/smime.c b/apps/smime.c index 1d7d828e01..418e03cd66 100644 --- a/apps/smime.c +++ b/apps/smime.c @@ -168,6 +168,10 @@ int MAIN(int argc, char **argv) flags |= PKCS7_BINARY; else if (!strcmp (*args, "-nosigs")) flags |= PKCS7_NOSIGS; + else if (!strcmp (*args, "-nooldmime")) + flags |= PKCS7_NOOLDMIMETYPE; + else if (!strcmp (*args, "-crlfeol")) + flags |= PKCS7_CRLFEOL; else if (!strcmp (*args, "-crl_check")) store_flags |= X509_V_FLAG_CRL_CHECK; else if (!strcmp (*args, "-crl_check_all")) diff --git a/crypto/pkcs7/pk7_doit.c b/crypto/pkcs7/pk7_doit.c index 123671b43e..9382f47767 100644 --- a/crypto/pkcs7/pk7_doit.c +++ b/crypto/pkcs7/pk7_doit.c @@ -771,6 +771,11 @@ int PKCS7_signatureVerify(BIO *bio, PKCS7 *p7, PKCS7_SIGNER_INFO *si, } if (EVP_MD_CTX_type(mdc) == md_type) break; + /* Workaround for some broken clients that put the signature + * OID instead of the digest OID in digest_alg->algorithm + */ + if (EVP_MD_pkey_type(EVP_MD_CTX_md(mdc)) == md_type) + break; btmp=BIO_next(btmp); } diff --git a/crypto/pkcs7/pk7_mime.c b/crypto/pkcs7/pk7_mime.c index 431aff94f0..16daf9ecdb 100644 --- a/crypto/pkcs7/pk7_mime.c +++ b/crypto/pkcs7/pk7_mime.c @@ -153,6 +153,15 @@ int SMIME_write_PKCS7(BIO *bio, PKCS7 *p7, BIO *data, int flags) { char bound[33], c; int i; + char *mime_prefix, *mime_eol; + if (flags & PKCS7_NOOLDMIMETYPE) + mime_prefix = "application/pkcs7-"; + else + mime_prefix = "application/x-pkcs7-"; + if (flags & PKCS7_CRLFEOL) + mime_eol = "\r\n"; + else + mime_eol = "\n"; if((flags & PKCS7_DETACHED) && data) { /* We want multipart/signed */ /* Generate a random boundary */ @@ -164,34 +173,42 @@ int SMIME_write_PKCS7(BIO *bio, PKCS7 *p7, BIO *data, int flags) bound[i] = c; } bound[32] = 0; - BIO_printf(bio, "MIME-Version: 1.0\n"); + BIO_printf(bio, "MIME-Version: 1.0%s", mime_eol); BIO_printf(bio, "Content-Type: multipart/signed;"); - BIO_printf(bio, " protocol=\"application/x-pkcs7-signature\";"); - BIO_printf(bio, " micalg=sha1; boundary=\"----%s\"\n\n", bound); - BIO_printf(bio, "This is an S/MIME signed message\n\n"); + BIO_printf(bio, " protocol=\"%ssignature\";", mime_prefix); + BIO_printf(bio, " micalg=sha1; boundary=\"----%s\"%s%s", + bound, mime_eol, mime_eol); + BIO_printf(bio, "This is an S/MIME signed message%s%s", + mime_eol, mime_eol); /* Now write out the first part */ - BIO_printf(bio, "------%s\r\n", bound); - + BIO_printf(bio, "------%s%s", bound, mime_eol); pkcs7_output_data(bio, data, p7, flags); - - BIO_printf(bio, "\n------%s\n", bound); + BIO_printf(bio, "%s------%s%s", mime_eol, bound, mime_eol); /* Headers for signature */ - BIO_printf(bio, "Content-Type: application/x-pkcs7-signature; name=\"smime.p7s\"\n"); - BIO_printf(bio, "Content-Transfer-Encoding: base64\n"); - BIO_printf(bio, "Content-Disposition: attachment; filename=\"smime.p7s\"\n\n"); + BIO_printf(bio, "Content-Type: %ssignature;", mime_prefix); + BIO_printf(bio, " name=\"smime.p7s\"%s", mime_eol); + BIO_printf(bio, "Content-Transfer-Encoding: base64%s", + mime_eol); + BIO_printf(bio, "Content-Disposition: attachment;"); + BIO_printf(bio, " filename=\"smime.p7s\"%s%s", + mime_eol, mime_eol); B64_write_PKCS7(bio, p7); - BIO_printf(bio,"\n------%s--\n\n", bound); + BIO_printf(bio,"%s------%s--%s%s", mime_eol, bound, + mime_eol, mime_eol); return 1; } /* MIME headers */ - BIO_printf(bio, "MIME-Version: 1.0\n"); - BIO_printf(bio, "Content-Disposition: attachment; filename=\"smime.p7m\"\n"); - BIO_printf(bio, "Content-Type: application/x-pkcs7-mime; name=\"smime.p7m\"\n"); - BIO_printf(bio, "Content-Transfer-Encoding: base64\n\n"); + BIO_printf(bio, "MIME-Version: 1.0%s", mime_eol); + BIO_printf(bio, "Content-Disposition: attachment;"); + BIO_printf(bio, " filename=\"smime.p7m\"%s", mime_eol); + BIO_printf(bio, "Content-Type: %smime;", mime_prefix); + BIO_printf(bio, " name=\"smime.p7m\"%s", mime_eol); + BIO_printf(bio, "Content-Transfer-Encoding: base64%s%s", + mime_eol, mime_eol); B64_write_PKCS7(bio, p7); - BIO_printf(bio, "\n"); + BIO_printf(bio, "%s", mime_eol); return 1; } diff --git a/crypto/pkcs7/pkcs7.h b/crypto/pkcs7/pkcs7.h index e6f6572666..ab04d352ab 100644 --- a/crypto/pkcs7/pkcs7.h +++ b/crypto/pkcs7/pkcs7.h @@ -260,7 +260,9 @@ DECLARE_PKCS12_STACK_OF(PKCS7) #define PKCS7_BINARY 0x80 #define PKCS7_NOATTR 0x100 #define PKCS7_NOSMIMECAP 0x200 -#define PKCS7_STREAM 0x400 +#define PKCS7_NOOLDMIMETYPE 0x400 +#define PKCS7_CRLFEOL 0x800 +#define PKCS7_STREAM 0x1000 /* Flags: for compatibility with older code */ From aff0542844173a9b7fc66b121bdf93316d9e801d Mon Sep 17 00:00:00 2001 From: "Dr. Stephen Henson" Date: Mon, 2 Jun 2003 01:12:01 +0000 Subject: [PATCH 311/393] Stop checking for CRLF when start of buffer is reached. Add rest of long line fix which got missed before --- crypto/pkcs7/pk7_mime.c | 24 ++++++++++++++++-------- 1 file changed, 16 insertions(+), 8 deletions(-) diff --git a/crypto/pkcs7/pk7_mime.c b/crypto/pkcs7/pk7_mime.c index 16daf9ecdb..4630e3180d 100644 --- a/crypto/pkcs7/pk7_mime.c +++ b/crypto/pkcs7/pk7_mime.c @@ -376,11 +376,12 @@ int SMIME_crlf_copy(BIO *in, BIO *out, int flags) BIO_printf(out, "Content-Type: text/plain\r\n\r\n"); while ((len = BIO_gets(in, linebuf, MAX_SMLEN)) > 0) { eol = 0; - while(iscrlf(linebuf[len - 1])) { + while(len && iscrlf(linebuf[len - 1])) { len--; eol = 1; - } - BIO_write(out, linebuf, len); + } + if (len) + BIO_write(out, linebuf, len); if(eol) BIO_write(out, "\r\n", 2); } return 1; @@ -423,6 +424,7 @@ static int multi_split(BIO *bio, char *bound, STACK_OF(BIO) **ret) { char linebuf[MAX_SMLEN]; int len, blen; + int eol = 0, next_eol = 0; BIO *bpart = NULL; STACK_OF(BIO) *parts; char state, part, first; @@ -442,15 +444,21 @@ static int multi_split(BIO *bio, char *bound, STACK_OF(BIO) **ret) sk_BIO_push(parts, bpart); return 1; } else if(part) { + /* Strip CR+LF from linebuf */ + next_eol = 0; + while(len && iscrlf(linebuf[len - 1])) { + next_eol = 1; + len--; + } if(first) { first = 0; if(bpart) sk_BIO_push(parts, bpart); bpart = BIO_new(BIO_s_mem()); - - } else BIO_write(bpart, "\r\n", 2); - /* Strip CR+LF from linebuf */ - while(iscrlf(linebuf[len - 1])) len--; - BIO_write(bpart, linebuf, len); + } else if (eol) + BIO_write(bpart, "\r\n", 2); + eol = next_eol; + if (len) + BIO_write(bpart, linebuf, len); } } return 0; From ca82ac1feebc042662325b7879d39773183d85c6 Mon Sep 17 00:00:00 2001 From: "Dr. Stephen Henson" Date: Mon, 2 Jun 2003 17:53:42 +0000 Subject: [PATCH 312/393] Only count 'LF' as EOL in pk7_mime.c, this avoids incorrect results if CR+LF straddles the line buffer. --- crypto/pkcs7/pk7_mime.c | 38 +++++++++++++++++++++----------------- 1 file changed, 21 insertions(+), 17 deletions(-) diff --git a/crypto/pkcs7/pk7_mime.c b/crypto/pkcs7/pk7_mime.c index 4630e3180d..0480db219f 100644 --- a/crypto/pkcs7/pk7_mime.c +++ b/crypto/pkcs7/pk7_mime.c @@ -102,7 +102,7 @@ static int mime_param_cmp(const MIME_PARAM * const *a, static void mime_param_free(MIME_PARAM *param); static int mime_bound_check(char *line, int linelen, char *bound, int blen); static int multi_split(BIO *bio, char *bound, STACK_OF(BIO) **ret); -static int iscrlf(char c); +static int strip_eol(char *linebuf, int *plen); static MIME_HEADER *mime_hdr_find(STACK_OF(MIME_HEADER) *hdrs, char *name); static MIME_PARAM *mime_param_find(MIME_HEADER *hdr, char *name); static void mime_hdr_free(MIME_HEADER *hdr); @@ -375,11 +375,7 @@ int SMIME_crlf_copy(BIO *in, BIO *out, int flags) if(flags & PKCS7_TEXT) BIO_printf(out, "Content-Type: text/plain\r\n\r\n"); while ((len = BIO_gets(in, linebuf, MAX_SMLEN)) > 0) { - eol = 0; - while(len && iscrlf(linebuf[len - 1])) { - len--; - eol = 1; - } + eol = strip_eol(linebuf, &len); if (len) BIO_write(out, linebuf, len); if(eol) BIO_write(out, "\r\n", 2); @@ -445,11 +441,7 @@ static int multi_split(BIO *bio, char *bound, STACK_OF(BIO) **ret) return 1; } else if(part) { /* Strip CR+LF from linebuf */ - next_eol = 0; - while(len && iscrlf(linebuf[len - 1])) { - next_eol = 1; - len--; - } + next_eol = strip_eol(linebuf, &len); if(first) { first = 0; if(bpart) sk_BIO_push(parts, bpart); @@ -464,12 +456,6 @@ static int multi_split(BIO *bio, char *bound, STACK_OF(BIO) **ret) return 0; } -static int iscrlf(char c) -{ - if(c == '\r' || c == '\n') return 1; - return 0; -} - /* This is the big one: parse MIME header lines up to message body */ #define MIME_INVALID 0 @@ -750,3 +736,21 @@ static int mime_bound_check(char *line, int linelen, char *bound, int blen) } return 0; } + +static int strip_eol(char *linebuf, int *plen) + { + int len = *plen; + char *p, c; + int is_eol = 0; + p = linebuf + len - 1; + for (p = linebuf + len - 1; len > 0; len--, p--) + { + c = *p; + if (c == '\n') + is_eol = 1; + else if (c != '\r') + break; + } + *plen = len; + return is_eol; + } From 63b815583b467b8ca49ded29776f50a2f7906f00 Mon Sep 17 00:00:00 2001 From: "Dr. Stephen Henson" Date: Tue, 3 Jun 2003 00:16:47 +0000 Subject: [PATCH 313/393] Update CHANGES to reflect base64 fix added to 0.9.7 --- CHANGES | 12 +++++++----- 1 file changed, 7 insertions(+), 5 deletions(-) diff --git a/CHANGES b/CHANGES index 1d279103dc..f74bc98da4 100644 --- a/CHANGES +++ b/CHANGES @@ -100,11 +100,6 @@ Make that possible even when linking against static libraries! [Richard Levitte] - *) Various fixes to base64 BIO and non blocking I/O. On write - flushes were not handled properly if the BIO retried. On read - data was not being buffered properly and had various logic bugs. - [Steve Henson] - *) Support for single pass processing for S/MIME signing. This now means that S/MIME signing can be done from a pipe, in addition cleartext signing (multipart/signed type) is effectively streaming @@ -535,6 +530,13 @@ Changes between 0.9.7b and 0.9.7c [xx XXX 2003] + *) Various fixes to base64 BIO and non blocking I/O. On write + flushes were not handled properly if the BIO retried. On read + data was not being buffered properly and had various logic bugs. + This also affects blocking I/O when the data being decoded is a + certain size. + [Steve Henson] + *) Various S/MIME bugfixes and compatibility changes: output correct application/pkcs7 MIME type if PKCS7_NOOLDMIMETYPE is set. Tolerate some broken signatures. From db01746978cbc383a55b58e8f9441452a0cb5964 Mon Sep 17 00:00:00 2001 From: =?UTF-8?q?Lutz=20J=C3=A4nicke?= Date: Tue, 3 Jun 2003 09:59:44 +0000 Subject: [PATCH 314/393] Clarify return value of SSL_connect() and SSL_accept() in case of the WANT_READ and WANT_WRITE conditions. --- doc/ssl/SSL_accept.pod | 3 ++- doc/ssl/SSL_connect.pod | 3 ++- 2 files changed, 4 insertions(+), 2 deletions(-) diff --git a/doc/ssl/SSL_accept.pod b/doc/ssl/SSL_accept.pod index a673edba85..cc724c0d56 100644 --- a/doc/ssl/SSL_accept.pod +++ b/doc/ssl/SSL_accept.pod @@ -28,7 +28,8 @@ should be called again. If the underlying BIO is B, SSL_accept() will also return when the underlying BIO could not satisfy the needs of SSL_accept() -to continue the handshake. In this case a call to SSL_get_error() with the +to continue the handshake, indicating the problem by the return value -1. +In this case a call to SSL_get_error() with the return value of SSL_accept() will yield B or B. The calling process then must repeat the call after taking appropriate action to satisfy the needs of SSL_accept(). diff --git a/doc/ssl/SSL_connect.pod b/doc/ssl/SSL_connect.pod index 8426310c0d..cc56ebb75f 100644 --- a/doc/ssl/SSL_connect.pod +++ b/doc/ssl/SSL_connect.pod @@ -25,7 +25,8 @@ handshake has been finished or an error occurred. If the underlying BIO is B, SSL_connect() will also return when the underlying BIO could not satisfy the needs of SSL_connect() -to continue the handshake. In this case a call to SSL_get_error() with the +to continue the handshake, indicating the problem by the return value -1. +In this case a call to SSL_get_error() with the return value of SSL_connect() will yield B or B. The calling process then must repeat the call after taking appropriate action to satisfy the needs of SSL_connect(). From 50078051bd1c63b04ff4842965081eb65db0421e Mon Sep 17 00:00:00 2001 From: "Dr. Stephen Henson" Date: Wed, 4 Jun 2003 00:40:05 +0000 Subject: [PATCH 315/393] Really get X509_CRL_CHECK_ALL right this time... --- crypto/x509/x509_vfy.c | 4 ++-- 1 file changed, 2 insertions(+), 2 deletions(-) diff --git a/crypto/x509/x509_vfy.c b/crypto/x509/x509_vfy.c index 552d1e7251..f60054bd39 100644 --- a/crypto/x509/x509_vfy.c +++ b/crypto/x509/x509_vfy.c @@ -453,9 +453,9 @@ static int check_revocation(X509_STORE_CTX *ctx) if (!(ctx->flags & X509_V_FLAG_CRL_CHECK)) return 1; if (ctx->flags & X509_V_FLAG_CRL_CHECK_ALL) - last = 0; - else last = sk_X509_num(ctx->chain) - 1; + else + last = 0; for(i = 0; i <= last; i++) { ctx->error_depth = i; From f796dc5c06137b18ce2ebba5617d4777428005b7 Mon Sep 17 00:00:00 2001 From: Richard Levitte Date: Wed, 4 Jun 2003 09:10:11 +0000 Subject: [PATCH 316/393] Make sure debug-solaris-sparcv9-gcc is consistent with solaris-sparcv9-gcc. --- Configure | 2 +- 1 file changed, 1 insertion(+), 1 deletion(-) diff --git a/Configure b/Configure index b829d66322..77b57e2905 100755 --- a/Configure +++ b/Configure @@ -178,7 +178,7 @@ my %table=( #### "debug-solaris-sparcv8-gcc","gcc:-DBN_DEBUG -DREF_CHECK -DCONF_DEBUG -DBN_CTX_DEBUG -DCRYPTO_MDEBUG_ALL -O -g -mv8 -Wall -DB_ENDIAN::-D_REENTRANT::-lsocket -lnsl -ldl:BN_LLONG RC4_CHAR RC4_CHUNK DES_UNROLL BF_PTR:asm/sparcv8.o:::::::::dlfcn:solaris-shared:-fPIC:-shared:.so.\$(SHLIB_MAJOR).\$(SHLIB_MINOR)", -"debug-solaris-sparcv9-gcc","gcc:-DBN_DEBUG -DREF_CHECK -DCONF_DEBUG -DBN_CTX_DEBUG -DCRYPTO_MDEBUG_ALL -O -g -mcpu=ultrasparc -Wall -DB_ENDIAN::-D_REENTRANT::-lsocket -lnsl -ldl:BN_LLONG RC4_CHAR RC4_CHUNK DES_UNROLL BF_PTR:asm/sparcv8plus.o:::::::::dlfcn:solaris-shared:-fPIC:-shared:.so.\$(SHLIB_MAJOR).\$(SHLIB_MINOR)", +"debug-solaris-sparcv9-gcc","gcc:-DBN_DEBUG -DREF_CHECK -DCONF_DEBUG -DBN_CTX_DEBUG -DCRYPTO_MDEBUG_ALL -O -g -mcpu=ultrasparc -pedantic -ansi -Wall -Wshadow -Wno-long-long -D__EXTENSIONS__ -DB_ENDIAN -DBN_DIV2W::-D_REENTRANT:ULTRASPARC:-lsocket -lnsl -ldl:BN_LLONG RC4_CHAR RC4_CHUNK DES_UNROLL BF_PTR:asm/sparcv8plus.o:asm/des_enc-sparc.o fcrypt_b.o::asm/md5-sparcv8plus.o::::::dlfcn:solaris-shared:-fPIC:-shared:.so.\$(SHLIB_MAJOR).\$(SHLIB_MINOR)", #### SPARC Solaris with Sun C setups # DO NOT use /xO[34] on sparc with SC3.0. It is broken, and will not pass the tests From f6eba601b098a7a7762e53dafea55da7a176e36c Mon Sep 17 00:00:00 2001 From: Richard Levitte Date: Wed, 4 Jun 2003 09:10:43 +0000 Subject: [PATCH 317/393] Make sure that size_t matches size_t. --- crypto/ecdh/ech_ossl.c | 3 ++- 1 file changed, 2 insertions(+), 1 deletion(-) diff --git a/crypto/ecdh/ech_ossl.c b/crypto/ecdh/ech_ossl.c index b3cff5ad90..6a8ed84644 100644 --- a/crypto/ecdh/ech_ossl.c +++ b/crypto/ecdh/ech_ossl.c @@ -109,7 +109,8 @@ static int ecdh_compute_key(void *out, size_t outlen, const EC_POINT *pub_key, E BN_CTX *ctx; EC_POINT *tmp=NULL; BIGNUM *x=NULL, *y=NULL; - int ret= -1, buflen, len; + int ret= -1; + size_t buflen, len; unsigned char *buf=NULL; if (outlen > INT_MAX) From e31047744aa6dd583c3aec226d764990aebfcd64 Mon Sep 17 00:00:00 2001 From: Richard Levitte Date: Wed, 4 Jun 2003 09:11:15 +0000 Subject: [PATCH 318/393] Make sure the function definitions match their declaration. --- crypto/engine/eng_ctrl.c | 4 ++-- 1 file changed, 2 insertions(+), 2 deletions(-) diff --git a/crypto/engine/eng_ctrl.c b/crypto/engine/eng_ctrl.c index ad3858395b..d9104d3b0a 100644 --- a/crypto/engine/eng_ctrl.c +++ b/crypto/engine/eng_ctrl.c @@ -177,7 +177,7 @@ static int int_ctrl_helper(ENGINE *e, int cmd, long i, void *p, void (*f)()) return -1; } -int ENGINE_ctrl(ENGINE *e, int cmd, long i, void *p, void (*f)()) +int ENGINE_ctrl(ENGINE *e, int cmd, long i, void *p, void (*f)(void)) { int ctrl_exists, ref_exists; if(e == NULL) @@ -247,7 +247,7 @@ int ENGINE_cmd_is_executable(ENGINE *e, int cmd) } int ENGINE_ctrl_cmd(ENGINE *e, const char *cmd_name, - long i, void *p, void (*f)(), int cmd_optional) + long i, void *p, void (*f)(void), int cmd_optional) { int num; From 4af31846621aec07ab167dbec2d025deb00fcf75 Mon Sep 17 00:00:00 2001 From: Richard Levitte Date: Wed, 4 Jun 2003 09:11:44 +0000 Subject: [PATCH 319/393] Remove extra ; --- crypto/store/store.h | 2 +- crypto/store/str_lib.c | 2 +- 2 files changed, 2 insertions(+), 2 deletions(-) diff --git a/crypto/store/store.h b/crypto/store/store.h index 958252a634..c1cbb399f9 100644 --- a/crypto/store/store.h +++ b/crypto/store/store.h @@ -221,7 +221,7 @@ typedef struct STORE_OBJECT_st BUF_MEM *arbitrary; } data; } STORE_OBJECT; -DECLARE_STACK_OF(STORE_OBJECT); +DECLARE_STACK_OF(STORE_OBJECT) STORE_OBJECT *STORE_OBJECT_new(void); void STORE_OBJECT_free(STORE_OBJECT *data); diff --git a/crypto/store/str_lib.c b/crypto/store/str_lib.c index a9f302b2c0..2d419bcd43 100644 --- a/crypto/store/str_lib.c +++ b/crypto/store/str_lib.c @@ -1123,7 +1123,7 @@ void STORE_OBJECT_free(STORE_OBJECT *data) OPENSSL_free(data); } -IMPLEMENT_STACK_OF(STORE_OBJECT*); +IMPLEMENT_STACK_OF(STORE_OBJECT*) struct STORE_attr_info_st From 2ee67f1dad9b2c8e6a097ba1fdd2ea2b0eb69719 Mon Sep 17 00:00:00 2001 From: Richard Levitte Date: Wed, 4 Jun 2003 09:13:19 +0000 Subject: [PATCH 320/393] Make sure the sigaction structure and fileno function are properly declared with an ANSI compiler on Solaris (and possibly others). --- crypto/ui/ui_openssl.c | 13 ++++++++----- 1 file changed, 8 insertions(+), 5 deletions(-) diff --git a/crypto/ui/ui_openssl.c b/crypto/ui/ui_openssl.c index 75318d48a1..ce1cb1dfcd 100644 --- a/crypto/ui/ui_openssl.c +++ b/crypto/ui/ui_openssl.c @@ -117,6 +117,13 @@ #include +#define _POSIX_C_SOURCE 1 +#include +#include +#undef _POSIX_C_SOURCE +#include +#include + #if !defined(OPENSSL_SYS_MSDOS) && !defined(OPENSSL_SYS_VMS) # ifdef OPENSSL_UNISTD # include OPENSSL_UNISTD @@ -145,10 +152,6 @@ /* 06-Apr-92 Luke Brennan Support for VMS */ #include "ui_locl.h" #include "cryptlib.h" -#include -#include -#include -#include #ifdef OPENSSL_SYS_VMS /* prototypes for sys$whatever */ # include @@ -476,7 +479,7 @@ static int open_console(UI *ui) #endif #if defined(TTY_get) && !defined(OPENSSL_SYS_VMS) - if (TTY_get(fileno(tty_in),&tty_orig) == -1) + if (TTY_get(fileno(tty_in),&tty_orig) == -1) { #ifdef ENOTTY if (errno == ENOTTY) From dcfb57c736c2591c80b40d40e5f3a664882fb738 Mon Sep 17 00:00:00 2001 From: Geoff Thorpe Date: Fri, 6 Jun 2003 17:51:34 +0000 Subject: [PATCH 321/393] This memset() in the ubsec ENGINE is a bug. Zeroing out the result array should not be necessary in any case, but more importantly the result and input BIGNUMs could be the same, in which case this is clearly a problem. Submitted by: Jonathan Hersch Reviewed by: Joe Orton Approved by: Geoff Thorpe --- engines/e_ubsec.c | 1 - 1 file changed, 1 deletion(-) diff --git a/engines/e_ubsec.c b/engines/e_ubsec.c index 02927d7b38..b019714a56 100644 --- a/engines/e_ubsec.c +++ b/engines/e_ubsec.c @@ -566,7 +566,6 @@ static int ubsec_mod_exp(BIGNUM *r, const BIGNUM *a, const BIGNUM *p, UBSECerr(UBSEC_F_UBSEC_MOD_EXP, UBSEC_R_BN_EXPAND_FAIL); return 0; } - memset(r->d, 0, BN_num_bytes(m)); if ((fd = p_UBSEC_ubsec_open(UBSEC_KEY_DEVICE_NAME)) <= 0) { fd = 0; From 40e5b9abeb5993e5411b35e2e473f9f8c36ebc3e Mon Sep 17 00:00:00 2001 From: Richard Levitte Date: Mon, 9 Jun 2003 07:56:18 +0000 Subject: [PATCH 322/393] Typo --- doc/crypto/d2i_X509.pod | 4 ++-- 1 file changed, 2 insertions(+), 2 deletions(-) diff --git a/doc/crypto/d2i_X509.pod b/doc/crypto/d2i_X509.pod index 5e3c3d0985..e8e946e18a 100644 --- a/doc/crypto/d2i_X509.pod +++ b/doc/crypto/d2i_X509.pod @@ -23,13 +23,13 @@ i2d_X509_fp - X509 encode and decode functions The X509 encode and decode routines encode and parse an B structure, which represents an X509 certificate. -d2i_X509() attempts to decode B bytes at B<*out>. If +d2i_X509() attempts to decode B bytes at B<*in>. If successful a pointer to the B structure is returned. If an error occurred then B is returned. If B is not B then the returned structure is written to B<*px>. If B<*px> is not B then it is assumed that B<*px> contains a valid B structure and an attempt is made to reuse it. If the call is -successful B<*out> is incremented to the byte following the +successful B<*in> is incremented to the byte following the parsed data. i2d_X509() encodes the structure pointed to by B into DER format. From 55b12f864137e11e5a5d6c79646d2d99f8eee8a4 Mon Sep 17 00:00:00 2001 From: Richard Levitte Date: Tue, 10 Jun 2003 04:11:42 +0000 Subject: [PATCH 323/393] The output from AES_cbc_encrypt() should be exact multiple blocks when encrypting --- crypto/aes/aes_cbc.c | 2 +- 1 file changed, 1 insertion(+), 1 deletion(-) diff --git a/crypto/aes/aes_cbc.c b/crypto/aes/aes_cbc.c index 01e965a532..86b27b10d6 100644 --- a/crypto/aes/aes_cbc.c +++ b/crypto/aes/aes_cbc.c @@ -86,7 +86,7 @@ void AES_cbc_encrypt(const unsigned char *in, unsigned char *out, for(n=len; n < AES_BLOCK_SIZE; ++n) tmp[n] = ivec[n]; AES_encrypt(tmp, tmp, key); - memcpy(out, tmp, len); + memcpy(out, tmp, AES_BLOCK_SIZE); memcpy(ivec, tmp, AES_BLOCK_SIZE); } } else { From a069460015e249c523c53dfc0b992d290bbcd3fb Mon Sep 17 00:00:00 2001 From: Richard Levitte Date: Tue, 10 Jun 2003 04:42:38 +0000 Subject: [PATCH 324/393] Document the AES_cbc_encrypt() change --- CHANGES | 4 ++++ 1 file changed, 4 insertions(+) diff --git a/CHANGES b/CHANGES index f74bc98da4..9c05ac611b 100644 --- a/CHANGES +++ b/CHANGES @@ -530,6 +530,10 @@ Changes between 0.9.7b and 0.9.7c [xx XXX 2003] + *) Change AES_cbc_encrypt() so it outputs exact multiple of + blocks during encryption. + [Richard Levitte] + *) Various fixes to base64 BIO and non blocking I/O. On write flushes were not handled properly if the BIO retried. On read data was not being buffered properly and had various logic bugs. From e66d863cd0f0b09a375c2fc9bff7bfd1e9c3a2a2 Mon Sep 17 00:00:00 2001 From: Richard Levitte Date: Wed, 11 Jun 2003 04:46:08 +0000 Subject: [PATCH 325/393] Add crypto/store to the directories to look through. --- util/mkfiles.pl | 1 + 1 file changed, 1 insertion(+) diff --git a/util/mkfiles.pl b/util/mkfiles.pl index 70d1348a34..a95d14cc6a 100755 --- a/util/mkfiles.pl +++ b/util/mkfiles.pl @@ -53,6 +53,7 @@ my @dirs = ( "crypto/ocsp", "crypto/ui", "crypto/krb5", +"crypto/store", "ssl", "apps", "test", From 606c8048a08d424663ff69045ba3f657a3e38d72 Mon Sep 17 00:00:00 2001 From: Richard Levitte Date: Wed, 11 Jun 2003 18:43:45 +0000 Subject: [PATCH 326/393] Make sure to NUL-terminate the string on end-of-file (and error) PR: 643 --- crypto/bio/bf_buff.c | 1 + 1 file changed, 1 insertion(+) diff --git a/crypto/bio/bf_buff.c b/crypto/bio/bf_buff.c index 1cecd70579..c1fd75aaad 100644 --- a/crypto/bio/bf_buff.c +++ b/crypto/bio/bf_buff.c @@ -494,6 +494,7 @@ static int buffer_gets(BIO *b, char *buf, int size) if (i <= 0) { BIO_copy_next_retry(b); + *buf='\0'; if (i < 0) return((num > 0)?num:i); if (i == 0) return(num); } From 490967195a57553c2a8f6606d2a34f86d80b0257 Mon Sep 17 00:00:00 2001 From: Richard Levitte Date: Wed, 11 Jun 2003 19:44:37 +0000 Subject: [PATCH 327/393] Handle des_modes.pod properly. PR: 634 --- Makefile.org | 4 ++-- util/extract-names.pl | 4 ++-- util/point.sh | 6 +++--- 3 files changed, 7 insertions(+), 7 deletions(-) diff --git a/Makefile.org b/Makefile.org index 141956adf5..2b9e5f8922 100644 --- a/Makefile.org +++ b/Makefile.org @@ -580,7 +580,7 @@ install_docs: grep -v $$filecase "^$$fn\$$" | \ (cd $(INSTALL_PREFIX)$(MANDIR)/man$$sec/; \ while read n; do \ - $$here/util/point.sh $$fn.$${sec}$(MANSUFFIX) $$n.$${sec}$(MANSUFFIX); \ + $$here/util/point.sh $$fn.$${sec}$(MANSUFFIX) "$$n".$${sec}$(MANSUFFIX); \ done); \ done; \ for i in doc/crypto/*.pod doc/ssl/*.pod; do \ @@ -596,7 +596,7 @@ install_docs: grep -v $$filecase "^$$fn\$$" | \ (cd $(INSTALL_PREFIX)$(MANDIR)/man$$sec/; \ while read n; do \ - $$here/util/point.sh $$fn.$${sec}$(MANSUFFIX) $$n.$${sec}$(MANSUFFIX); \ + $$here/util/point.sh $$fn.$${sec}$(MANSUFFIX) "$$n".$${sec}$(MANSUFFIX); \ done); \ done diff --git a/util/extract-names.pl b/util/extract-names.pl index d413a045cc..9f2ad5ef16 100644 --- a/util/extract-names.pl +++ b/util/extract-names.pl @@ -9,8 +9,8 @@ while() { } elsif ($name) { if (/ - /) { s/ - .*//; - s/[ \t,]+/ /g; - push @words, split ' '; + s/,[ \t]+/,/g; + push @words, split ','; } } if (/^=head1 *NAME *$/) { diff --git a/util/point.sh b/util/point.sh index ce7dcc56df..4790e08f8a 100755 --- a/util/point.sh +++ b/util/point.sh @@ -1,10 +1,10 @@ #!/bin/sh -rm -f $2 +rm -f "$2" if test "$OSTYPE" = msdosdjgpp; then - cp $1 $2 + cp "$1" "$2" else - ln -s $1 $2 + ln -s "$1" "$2" fi echo "$2 => $1" From 54f64516703cb090758369351a84e3df76868799 Mon Sep 17 00:00:00 2001 From: Richard Levitte Date: Wed, 11 Jun 2003 20:49:58 +0000 Subject: [PATCH 328/393] Add functionality to set marks on the error stack and to pop all errors to the next mark. --- CHANGES | 6 +++++- crypto/err/err.c | 51 +++++++++++++++++++++++++++++++++++++++++++----- crypto/err/err.h | 6 ++++++ 3 files changed, 57 insertions(+), 6 deletions(-) diff --git a/CHANGES b/CHANGES index 9c05ac611b..7c9c59c5c5 100644 --- a/CHANGES +++ b/CHANGES @@ -4,6 +4,10 @@ Changes between 0.9.7c and 0.9.8 [xx XXX xxxx] + *) Add the functions ERR_set_mark() and ERR_pop_to_mark() for better + control of the error stack. + [Richard Levitte] + *) Add support for STORE in ENGINE. [Richard Levitte] @@ -662,7 +666,7 @@ yet to be integrated into this CVS branch: the config script, much like the NetBSD support. [Richard Levitte & Kris Kennaway ] - Changes between 0.9.6h and 0.9.7 [31 Dec 2002] + Changes between 0.9.6j and 0.9.7 [31 Dec 2002] *) Fix session ID handling in SSLv2 client code: the SERVER FINISHED code (06) was taken as the first octet of the session ID and the last diff --git a/crypto/err/err.c b/crypto/err/err.c index 1f943c82a0..2da71c01b7 100644 --- a/crypto/err/err.c +++ b/crypto/err/err.c @@ -548,13 +548,24 @@ static void build_SYS_str_reasons() #endif #define err_clear_data(p,i) \ + do { \ if (((p)->err_data[i] != NULL) && \ (p)->err_data_flags[i] & ERR_TXT_MALLOCED) \ { \ OPENSSL_free((p)->err_data[i]); \ (p)->err_data[i]=NULL; \ } \ - (p)->err_data_flags[i]=0; + (p)->err_data_flags[i]=0; \ + } while(0) + +#define err_clear(p,i) \ + do { \ + es->err_flags[i]=0; \ + es->err_buffer[i]=0; \ + err_clear_data(p,i); \ + es->err_file[i]=NULL; \ + es->err_line[i]= -1; \ + } while(0) static void ERR_STATE_free(ERR_STATE *s) { @@ -645,6 +656,7 @@ void ERR_put_error(int lib, int func, int reason, const char *file, es->top=(es->top+1)%ERR_NUM_ERRORS; if (es->top == es->bottom) es->bottom=(es->bottom+1)%ERR_NUM_ERRORS; + es->err_flags[es->top]=0; es->err_buffer[es->top]=ERR_PACK(lib,func,reason); es->err_file[es->top]=file; es->err_line[es->top]=line; @@ -660,10 +672,7 @@ void ERR_clear_error(void) for (i=0; ierr_buffer[i]=0; - err_clear_data(es,i); - es->err_file[i]=NULL; - es->err_line[i]= -1; + err_clear(es,i); } es->top=es->bottom=0; } @@ -1034,3 +1043,35 @@ void ERR_add_error_data(int num, ...) err: va_end(args); } + +int ERR_set_mark(void) + { + int i=0; + ERR_STATE *es; + + es=ERR_get_state(); + + if (es->bottom == es->top) return 0; + es->err_flags[es->top]|=ERR_FLAG_MARK; + return 1; + } + +int ERR_pop_to_mark(void) + { + int i=0; + ERR_STATE *es; + + es=ERR_get_state(); + + while(es->bottom != es->top + && (es->err_flags[es->top] & ERR_FLAG_MARK) == 0) + { + err_clear(es,es->top); + es->top-=1; + if (es->top == -1) es->top=ERR_NUM_ERRORS; + } + + if (es->bottom == es->top) return 0; + es->err_flags[es->top]&=~ERR_FLAG_MARK; + return 1; + } diff --git a/crypto/err/err.h b/crypto/err/err.h index 08838190fd..1228acfe5c 100644 --- a/crypto/err/err.h +++ b/crypto/err/err.h @@ -88,10 +88,13 @@ extern "C" { #define ERR_TXT_MALLOCED 0x01 #define ERR_TXT_STRING 0x02 +#define ERR_FLAG_MARK 0x01 + #define ERR_NUM_ERRORS 16 typedef struct err_state_st { unsigned long pid; + int err_flags[ERR_NUM_ERRORS]; unsigned long err_buffer[ERR_NUM_ERRORS]; char *err_data[ERR_NUM_ERRORS]; int err_data_flags[ERR_NUM_ERRORS]; @@ -294,6 +297,9 @@ LHASH *ERR_get_err_state_table(void); int ERR_get_next_error_library(void); +int ERR_set_mark(void); +int ERR_pop_to_mark(void); + /* This opaque type encapsulates the low-level error-state functions */ typedef struct st_ERR_FNS ERR_FNS; /* An application can use this function and provide the return value to loaded From 36bad5cdfd702c2d183c52527766c882f19ab471 Mon Sep 17 00:00:00 2001 From: Richard Levitte Date: Wed, 11 Jun 2003 20:51:49 +0000 Subject: [PATCH 329/393] Add documentation for ERR_set_mark() and ERR_pop_to_mark(). --- doc/crypto/ERR_set_mark.pod | 38 +++++++++++++++++++++++++++++++++++++ 1 file changed, 38 insertions(+) create mode 100644 doc/crypto/ERR_set_mark.pod diff --git a/doc/crypto/ERR_set_mark.pod b/doc/crypto/ERR_set_mark.pod new file mode 100644 index 0000000000..d3ca4f2e77 --- /dev/null +++ b/doc/crypto/ERR_set_mark.pod @@ -0,0 +1,38 @@ +=pod + +=head1 NAME + +ERR_set_mark, ERR_pop_to_mark - set marks and pop errors until mark + +=head1 SYNOPSIS + + #include + + int ERR_set_mark(void); + + int ERR_pop_to_mark(void); + +=head1 DESCRIPTION + +ERR_set_mark() sets a mark on the current topmost error record if there +is one. + +ERR_pop_to_mark() will pop the top of the error stack until a mark is found. +The mark is then removed. If there is no mark, the whole stack is removed. + +=head1 RETURN VALUES + +ERR_set_mark() returns 0 if the error stack is empty, otherwise 1. + +ERR_pop_to_mark() returns 0 if there was no mark in the error stack, which +implies that the stack became empty, otherwise 1. + +=head1 SEE ALSO + +L + +=head1 HISTORY + +ERR_set_mark() and ERR_pop_to_mark() were added in OpenSSL 0.9.8. + +=cut From 33862b90bb97316806532c4e1b95514066d7d02d Mon Sep 17 00:00:00 2001 From: Richard Levitte Date: Wed, 11 Jun 2003 21:22:30 +0000 Subject: [PATCH 330/393] Add an entry for X509_TRUST_OBJECT_SIGN in trstandard[]. PR: 617 --- crypto/x509/x509_trs.c | 1 + 1 file changed, 1 insertion(+) diff --git a/crypto/x509/x509_trs.c b/crypto/x509/x509_trs.c index 17d69ac005..881252608d 100644 --- a/crypto/x509/x509_trs.c +++ b/crypto/x509/x509_trs.c @@ -82,6 +82,7 @@ static X509_TRUST trstandard[] = { {X509_TRUST_SSL_CLIENT, 0, trust_1oidany, "SSL Client", NID_client_auth, NULL}, {X509_TRUST_SSL_SERVER, 0, trust_1oidany, "SSL Server", NID_server_auth, NULL}, {X509_TRUST_EMAIL, 0, trust_1oidany, "S/MIME email", NID_email_protect, NULL}, +{X509_TRUST_OBJECT_SIGN, 0, trust_1oidany, "Object Signer", NID_code_sign, NULL}, {X509_TRUST_OCSP_SIGN, 0, trust_1oid, "OCSP responder", NID_OCSP_sign, NULL}, {X509_TRUST_OCSP_REQUEST, 0, trust_1oid, "OCSP request", NID_ad_OCSP, NULL} }; From c78b4f1d3db20da258bb5504b22ad9ec871bb631 Mon Sep 17 00:00:00 2001 From: Richard Levitte Date: Wed, 11 Jun 2003 21:47:21 +0000 Subject: [PATCH 331/393] Remove unused variable --- crypto/err/err.c | 2 -- 1 file changed, 2 deletions(-) diff --git a/crypto/err/err.c b/crypto/err/err.c index 2da71c01b7..9b9bec6850 100644 --- a/crypto/err/err.c +++ b/crypto/err/err.c @@ -1046,7 +1046,6 @@ err: int ERR_set_mark(void) { - int i=0; ERR_STATE *es; es=ERR_get_state(); @@ -1058,7 +1057,6 @@ int ERR_set_mark(void) int ERR_pop_to_mark(void) { - int i=0; ERR_STATE *es; es=ERR_get_state(); From fadd2246a030154efc8f47c98606bcd30ecb64b5 Mon Sep 17 00:00:00 2001 From: Richard Levitte Date: Wed, 11 Jun 2003 22:26:02 +0000 Subject: [PATCH 332/393] Avoid warnings saying that the format takes a void*. --- apps/s_cb.c | 4 ++-- 1 file changed, 2 insertions(+), 2 deletions(-) diff --git a/apps/s_cb.c b/apps/s_cb.c index 1410178d65..28f8acc1e3 100644 --- a/apps/s_cb.c +++ b/apps/s_cb.c @@ -240,14 +240,14 @@ long MS_CALLBACK bio_dump_cb(BIO *bio, int cmd, const char *argp, int argi, if (cmd == (BIO_CB_READ|BIO_CB_RETURN)) { BIO_printf(out,"read from %p [%p] (%d bytes => %ld (0x%lX))\n", - bio,argp,argi,ret,ret); + (void *)bio,argp,argi,ret,ret); BIO_dump(out,argp,(int)ret); return(ret); } else if (cmd == (BIO_CB_WRITE|BIO_CB_RETURN)) { BIO_printf(out,"write to %p [%p] (%d bytes => %ld (0x%lX))\n", - bio,argp,argi,ret,ret); + (void *)bio,argp,argi,ret,ret); BIO_dump(out,argp,(int)ret); } return(ret); From 98cec7fc7b9058aa7a43c3b27591be9a841cead5 Mon Sep 17 00:00:00 2001 From: Richard Levitte Date: Wed, 11 Jun 2003 22:27:19 +0000 Subject: [PATCH 333/393] make update --- TABLE | 8 ++-- engines/Makefile.ssl | 101 +++++++++++++++++++++++++++---------------- util/libeay.num | 2 + 3 files changed, 70 insertions(+), 41 deletions(-) diff --git a/TABLE b/TABLE index d8fd63c06a..5d098118ff 100644 --- a/TABLE +++ b/TABLE @@ -1952,16 +1952,16 @@ $arflags = *** debug-solaris-sparcv9-gcc $cc = gcc -$cflags = -DBN_DEBUG -DREF_CHECK -DCONF_DEBUG -DBN_CTX_DEBUG -DCRYPTO_MDEBUG_ALL -O -g -mcpu=ultrasparc -Wall -DB_ENDIAN +$cflags = -DBN_DEBUG -DREF_CHECK -DCONF_DEBUG -DBN_CTX_DEBUG -DCRYPTO_MDEBUG_ALL -O -g -mcpu=ultrasparc -pedantic -ansi -Wall -Wshadow -Wno-long-long -D__EXTENSIONS__ -DB_ENDIAN -DBN_DIV2W $unistd = $thread_cflag = -D_REENTRANT -$sys_id = +$sys_id = ULTRASPARC $lflags = -lsocket -lnsl -ldl $bn_ops = BN_LLONG RC4_CHAR RC4_CHUNK DES_UNROLL BF_PTR $bn_obj = asm/sparcv8plus.o -$des_obj = +$des_obj = asm/des_enc-sparc.o fcrypt_b.o $bf_obj = -$md5_obj = +$md5_obj = asm/md5-sparcv8plus.o $sha1_obj = $cast_obj = $rc4_obj = diff --git a/engines/Makefile.ssl b/engines/Makefile.ssl index 6a010e05d6..24787ab758 100644 --- a/engines/Makefile.ssl +++ b/engines/Makefile.ssl @@ -141,10 +141,11 @@ e_4758_cca.o: ../include/openssl/opensslconf.h ../include/openssl/opensslv.h e_4758_cca.o: ../include/openssl/ossl_typ.h ../include/openssl/pkcs7.h e_4758_cca.o: ../include/openssl/rand.h ../include/openssl/rsa.h e_4758_cca.o: ../include/openssl/safestack.h ../include/openssl/sha.h -e_4758_cca.o: ../include/openssl/stack.h ../include/openssl/symhacks.h -e_4758_cca.o: ../include/openssl/ui.h ../include/openssl/x509.h -e_4758_cca.o: ../include/openssl/x509_vfy.h e_4758_cca.c e_4758_cca_err.c -e_4758_cca.o: e_4758_cca_err.h vendor_defns/hw_4758_cca.h +e_4758_cca.o: ../include/openssl/stack.h ../include/openssl/store.h +e_4758_cca.o: ../include/openssl/symhacks.h ../include/openssl/ui.h +e_4758_cca.o: ../include/openssl/x509.h ../include/openssl/x509_vfy.h +e_4758_cca.o: e_4758_cca.c e_4758_cca_err.c e_4758_cca_err.h +e_4758_cca.o: vendor_defns/hw_4758_cca.h e_aep.o: ../include/openssl/asn1.h ../include/openssl/bio.h e_aep.o: ../include/openssl/bn.h ../include/openssl/buffer.h e_aep.o: ../include/openssl/crypto.h ../include/openssl/dh.h @@ -152,11 +153,15 @@ e_aep.o: ../include/openssl/dsa.h ../include/openssl/dso.h e_aep.o: ../include/openssl/e_os2.h ../include/openssl/ec.h e_aep.o: ../include/openssl/ecdh.h ../include/openssl/ecdsa.h e_aep.o: ../include/openssl/engine.h ../include/openssl/err.h -e_aep.o: ../include/openssl/lhash.h ../include/openssl/opensslconf.h -e_aep.o: ../include/openssl/opensslv.h ../include/openssl/ossl_typ.h +e_aep.o: ../include/openssl/evp.h ../include/openssl/lhash.h +e_aep.o: ../include/openssl/obj_mac.h ../include/openssl/objects.h +e_aep.o: ../include/openssl/opensslconf.h ../include/openssl/opensslv.h +e_aep.o: ../include/openssl/ossl_typ.h ../include/openssl/pkcs7.h e_aep.o: ../include/openssl/rand.h ../include/openssl/rsa.h -e_aep.o: ../include/openssl/safestack.h ../include/openssl/stack.h -e_aep.o: ../include/openssl/symhacks.h ../include/openssl/ui.h e_aep.c +e_aep.o: ../include/openssl/safestack.h ../include/openssl/sha.h +e_aep.o: ../include/openssl/stack.h ../include/openssl/store.h +e_aep.o: ../include/openssl/symhacks.h ../include/openssl/ui.h +e_aep.o: ../include/openssl/x509.h ../include/openssl/x509_vfy.h e_aep.c e_aep.o: e_aep_err.c e_aep_err.h vendor_defns/aep.h e_atalla.o: ../include/openssl/asn1.h ../include/openssl/bio.h e_atalla.o: ../include/openssl/bn.h ../include/openssl/buffer.h @@ -165,11 +170,15 @@ e_atalla.o: ../include/openssl/dsa.h ../include/openssl/dso.h e_atalla.o: ../include/openssl/e_os2.h ../include/openssl/ec.h e_atalla.o: ../include/openssl/ecdh.h ../include/openssl/ecdsa.h e_atalla.o: ../include/openssl/engine.h ../include/openssl/err.h -e_atalla.o: ../include/openssl/lhash.h ../include/openssl/opensslconf.h -e_atalla.o: ../include/openssl/opensslv.h ../include/openssl/ossl_typ.h +e_atalla.o: ../include/openssl/evp.h ../include/openssl/lhash.h +e_atalla.o: ../include/openssl/obj_mac.h ../include/openssl/objects.h +e_atalla.o: ../include/openssl/opensslconf.h ../include/openssl/opensslv.h +e_atalla.o: ../include/openssl/ossl_typ.h ../include/openssl/pkcs7.h e_atalla.o: ../include/openssl/rand.h ../include/openssl/rsa.h -e_atalla.o: ../include/openssl/safestack.h ../include/openssl/stack.h -e_atalla.o: ../include/openssl/symhacks.h ../include/openssl/ui.h e_atalla.c +e_atalla.o: ../include/openssl/safestack.h ../include/openssl/sha.h +e_atalla.o: ../include/openssl/stack.h ../include/openssl/store.h +e_atalla.o: ../include/openssl/symhacks.h ../include/openssl/ui.h +e_atalla.o: ../include/openssl/x509.h ../include/openssl/x509_vfy.h e_atalla.c e_atalla.o: e_atalla_err.c e_atalla_err.h vendor_defns/atalla.h e_cswift.o: ../include/openssl/asn1.h ../include/openssl/bio.h e_cswift.o: ../include/openssl/bn.h ../include/openssl/buffer.h @@ -178,11 +187,15 @@ e_cswift.o: ../include/openssl/dsa.h ../include/openssl/dso.h e_cswift.o: ../include/openssl/e_os2.h ../include/openssl/ec.h e_cswift.o: ../include/openssl/ecdh.h ../include/openssl/ecdsa.h e_cswift.o: ../include/openssl/engine.h ../include/openssl/err.h -e_cswift.o: ../include/openssl/lhash.h ../include/openssl/opensslconf.h -e_cswift.o: ../include/openssl/opensslv.h ../include/openssl/ossl_typ.h +e_cswift.o: ../include/openssl/evp.h ../include/openssl/lhash.h +e_cswift.o: ../include/openssl/obj_mac.h ../include/openssl/objects.h +e_cswift.o: ../include/openssl/opensslconf.h ../include/openssl/opensslv.h +e_cswift.o: ../include/openssl/ossl_typ.h ../include/openssl/pkcs7.h e_cswift.o: ../include/openssl/rand.h ../include/openssl/rsa.h -e_cswift.o: ../include/openssl/safestack.h ../include/openssl/stack.h -e_cswift.o: ../include/openssl/symhacks.h ../include/openssl/ui.h e_cswift.c +e_cswift.o: ../include/openssl/safestack.h ../include/openssl/sha.h +e_cswift.o: ../include/openssl/stack.h ../include/openssl/store.h +e_cswift.o: ../include/openssl/symhacks.h ../include/openssl/ui.h +e_cswift.o: ../include/openssl/x509.h ../include/openssl/x509_vfy.h e_cswift.c e_cswift.o: e_cswift_err.c e_cswift_err.h vendor_defns/cswift.h e_gmp.o: ../include/openssl/asn1.h ../include/openssl/bio.h e_gmp.o: ../include/openssl/bn.h ../include/openssl/buffer.h @@ -190,12 +203,16 @@ e_gmp.o: ../include/openssl/crypto.h ../include/openssl/dh.h e_gmp.o: ../include/openssl/dsa.h ../include/openssl/e_os2.h e_gmp.o: ../include/openssl/ec.h ../include/openssl/ecdh.h e_gmp.o: ../include/openssl/ecdsa.h ../include/openssl/engine.h -e_gmp.o: ../include/openssl/err.h ../include/openssl/lhash.h -e_gmp.o: ../include/openssl/opensslconf.h ../include/openssl/opensslv.h -e_gmp.o: ../include/openssl/ossl_typ.h ../include/openssl/rand.h +e_gmp.o: ../include/openssl/err.h ../include/openssl/evp.h +e_gmp.o: ../include/openssl/lhash.h ../include/openssl/obj_mac.h +e_gmp.o: ../include/openssl/objects.h ../include/openssl/opensslconf.h +e_gmp.o: ../include/openssl/opensslv.h ../include/openssl/ossl_typ.h +e_gmp.o: ../include/openssl/pkcs7.h ../include/openssl/rand.h e_gmp.o: ../include/openssl/rsa.h ../include/openssl/safestack.h -e_gmp.o: ../include/openssl/stack.h ../include/openssl/symhacks.h -e_gmp.o: ../include/openssl/ui.h e_gmp.c +e_gmp.o: ../include/openssl/sha.h ../include/openssl/stack.h +e_gmp.o: ../include/openssl/store.h ../include/openssl/symhacks.h +e_gmp.o: ../include/openssl/ui.h ../include/openssl/x509.h +e_gmp.o: ../include/openssl/x509_vfy.h e_gmp.c e_ncipher.o: ../include/openssl/asn1.h ../include/openssl/bio.h e_ncipher.o: ../include/openssl/bn.h ../include/openssl/buffer.h e_ncipher.o: ../include/openssl/crypto.h ../include/openssl/dh.h @@ -210,10 +227,11 @@ e_ncipher.o: ../include/openssl/ossl_typ.h ../include/openssl/pem.h e_ncipher.o: ../include/openssl/pem2.h ../include/openssl/pkcs7.h e_ncipher.o: ../include/openssl/rand.h ../include/openssl/rsa.h e_ncipher.o: ../include/openssl/safestack.h ../include/openssl/sha.h -e_ncipher.o: ../include/openssl/stack.h ../include/openssl/symhacks.h -e_ncipher.o: ../include/openssl/ui.h ../include/openssl/x509.h -e_ncipher.o: ../include/openssl/x509_vfy.h e_ncipher.c e_ncipher_err.c -e_ncipher.o: e_ncipher_err.h vendor_defns/hwcryptohook.h +e_ncipher.o: ../include/openssl/stack.h ../include/openssl/store.h +e_ncipher.o: ../include/openssl/symhacks.h ../include/openssl/ui.h +e_ncipher.o: ../include/openssl/x509.h ../include/openssl/x509_vfy.h +e_ncipher.o: e_ncipher.c e_ncipher_err.c e_ncipher_err.h +e_ncipher.o: vendor_defns/hwcryptohook.h e_nuron.o: ../include/openssl/asn1.h ../include/openssl/bio.h e_nuron.o: ../include/openssl/bn.h ../include/openssl/buffer.h e_nuron.o: ../include/openssl/crypto.h ../include/openssl/dh.h @@ -221,11 +239,15 @@ e_nuron.o: ../include/openssl/dsa.h ../include/openssl/dso.h e_nuron.o: ../include/openssl/e_os2.h ../include/openssl/ec.h e_nuron.o: ../include/openssl/ecdh.h ../include/openssl/ecdsa.h e_nuron.o: ../include/openssl/engine.h ../include/openssl/err.h -e_nuron.o: ../include/openssl/lhash.h ../include/openssl/opensslconf.h -e_nuron.o: ../include/openssl/opensslv.h ../include/openssl/ossl_typ.h +e_nuron.o: ../include/openssl/evp.h ../include/openssl/lhash.h +e_nuron.o: ../include/openssl/obj_mac.h ../include/openssl/objects.h +e_nuron.o: ../include/openssl/opensslconf.h ../include/openssl/opensslv.h +e_nuron.o: ../include/openssl/ossl_typ.h ../include/openssl/pkcs7.h e_nuron.o: ../include/openssl/rand.h ../include/openssl/rsa.h -e_nuron.o: ../include/openssl/safestack.h ../include/openssl/stack.h -e_nuron.o: ../include/openssl/symhacks.h ../include/openssl/ui.h e_nuron.c +e_nuron.o: ../include/openssl/safestack.h ../include/openssl/sha.h +e_nuron.o: ../include/openssl/stack.h ../include/openssl/store.h +e_nuron.o: ../include/openssl/symhacks.h ../include/openssl/ui.h +e_nuron.o: ../include/openssl/x509.h ../include/openssl/x509_vfy.h e_nuron.c e_nuron.o: e_nuron_err.c e_nuron_err.h e_sureware.o: ../include/openssl/asn1.h ../include/openssl/bio.h e_sureware.o: ../include/openssl/bn.h ../include/openssl/buffer.h @@ -241,10 +263,11 @@ e_sureware.o: ../include/openssl/ossl_typ.h ../include/openssl/pem.h e_sureware.o: ../include/openssl/pem2.h ../include/openssl/pkcs7.h e_sureware.o: ../include/openssl/rand.h ../include/openssl/rsa.h e_sureware.o: ../include/openssl/safestack.h ../include/openssl/sha.h -e_sureware.o: ../include/openssl/stack.h ../include/openssl/symhacks.h -e_sureware.o: ../include/openssl/ui.h ../include/openssl/x509.h -e_sureware.o: ../include/openssl/x509_vfy.h e_sureware.c e_sureware_err.c -e_sureware.o: e_sureware_err.h vendor_defns/sureware.h +e_sureware.o: ../include/openssl/stack.h ../include/openssl/store.h +e_sureware.o: ../include/openssl/symhacks.h ../include/openssl/ui.h +e_sureware.o: ../include/openssl/x509.h ../include/openssl/x509_vfy.h +e_sureware.o: e_sureware.c e_sureware_err.c e_sureware_err.h +e_sureware.o: vendor_defns/sureware.h e_ubsec.o: ../include/openssl/asn1.h ../include/openssl/bio.h e_ubsec.o: ../include/openssl/bn.h ../include/openssl/buffer.h e_ubsec.o: ../include/openssl/crypto.h ../include/openssl/dh.h @@ -252,9 +275,13 @@ e_ubsec.o: ../include/openssl/dsa.h ../include/openssl/dso.h e_ubsec.o: ../include/openssl/e_os2.h ../include/openssl/ec.h e_ubsec.o: ../include/openssl/ecdh.h ../include/openssl/ecdsa.h e_ubsec.o: ../include/openssl/engine.h ../include/openssl/err.h -e_ubsec.o: ../include/openssl/lhash.h ../include/openssl/opensslconf.h -e_ubsec.o: ../include/openssl/opensslv.h ../include/openssl/ossl_typ.h +e_ubsec.o: ../include/openssl/evp.h ../include/openssl/lhash.h +e_ubsec.o: ../include/openssl/obj_mac.h ../include/openssl/objects.h +e_ubsec.o: ../include/openssl/opensslconf.h ../include/openssl/opensslv.h +e_ubsec.o: ../include/openssl/ossl_typ.h ../include/openssl/pkcs7.h e_ubsec.o: ../include/openssl/rand.h ../include/openssl/rsa.h -e_ubsec.o: ../include/openssl/safestack.h ../include/openssl/stack.h -e_ubsec.o: ../include/openssl/symhacks.h ../include/openssl/ui.h e_ubsec.c +e_ubsec.o: ../include/openssl/safestack.h ../include/openssl/sha.h +e_ubsec.o: ../include/openssl/stack.h ../include/openssl/store.h +e_ubsec.o: ../include/openssl/symhacks.h ../include/openssl/ui.h +e_ubsec.o: ../include/openssl/x509.h ../include/openssl/x509_vfy.h e_ubsec.c e_ubsec.o: e_ubsec_err.c e_ubsec_err.h vendor_defns/hw_ubsec.h diff --git a/util/libeay.num b/util/libeay.num index 495b8bc6b9..97082f053f 100755 --- a/util/libeay.num +++ b/util/libeay.num @@ -3144,3 +3144,5 @@ STORE_get_arbitrary 3573 EXIST::FUNCTION: STORE_delete_arbitrary 3574 EXIST::FUNCTION: STORE_store_arbitrary 3575 EXIST::FUNCTION: STORE_new_engine 3576 EXIST::FUNCTION: +ERR_set_mark 3577 EXIST::FUNCTION: +ERR_pop_to_mark 3578 EXIST::FUNCTION: From e666c4599f017c244873a0184807ee22058a70b3 Mon Sep 17 00:00:00 2001 From: Richard Levitte Date: Wed, 11 Jun 2003 22:42:28 +0000 Subject: [PATCH 334/393] Add the possibility to have symbols loaded globally with DSO. --- CHANGES | 3 +++ crypto/dso/dso.h | 7 +++++++ crypto/dso/dso_dlfcn.c | 8 +++++++- 3 files changed, 17 insertions(+), 1 deletion(-) diff --git a/CHANGES b/CHANGES index 7c9c59c5c5..84bba6b68f 100644 --- a/CHANGES +++ b/CHANGES @@ -4,6 +4,9 @@ Changes between 0.9.7c and 0.9.8 [xx XXX xxxx] + *) Add the possibility to load symbols globally with DSO. + [Götz Babin-Ebell via Richard Levitte] + *) Add the functions ERR_set_mark() and ERR_pop_to_mark() for better control of the error stack. [Richard Levitte] diff --git a/crypto/dso/dso.h b/crypto/dso/dso.h index 9a1cdabf39..fccf54f960 100644 --- a/crypto/dso/dso.h +++ b/crypto/dso/dso.h @@ -95,6 +95,13 @@ extern "C" { */ #define DSO_FLAG_UPCASE_SYMBOL 0x10 +/* This flag loads the library with public symbols. + * Meaning: The exported symbols of this library are public + * to all libraries loaded after this library. + * At the moment only implemented in unix. + */ +#define DSO_FLAG_GLOBAL_SYMBOLS 0x20 + typedef void (*DSO_FUNC_TYPE)(void); diff --git a/crypto/dso/dso_dlfcn.c b/crypto/dso/dso_dlfcn.c index de88b2fd16..259aee83e7 100644 --- a/crypto/dso/dso_dlfcn.c +++ b/crypto/dso/dso_dlfcn.c @@ -140,13 +140,19 @@ static int dlfcn_load(DSO *dso) void *ptr = NULL; /* See applicable comments in dso_dl.c */ char *filename = DSO_convert_filename(dso, NULL); + int flags = DLOPEN_FLAG; if(filename == NULL) { DSOerr(DSO_F_DLFCN_LOAD,DSO_R_NO_FILENAME); goto err; } - ptr = dlopen(filename, DLOPEN_FLAG); + +#ifdef RTLD_GLOBAL + if (dso->flags & DSO_FLAG_GLOBAL_SYMBOLS) + flags |= RTLD_GLOBAL; +#endif + ptr = dlopen(filename, flags); if(ptr == NULL) { DSOerr(DSO_F_DLFCN_LOAD,DSO_R_LOAD_FAILED); From c14b337570516d417736bfc1e694706a6f5679e5 Mon Sep 17 00:00:00 2001 From: Richard Levitte Date: Wed, 11 Jun 2003 22:45:53 +0000 Subject: [PATCH 335/393] Typo. PR: 593 --- demos/engines/zencod/hw_zencod.h | 2 +- 1 file changed, 1 insertion(+), 1 deletion(-) diff --git a/demos/engines/zencod/hw_zencod.h b/demos/engines/zencod/hw_zencod.h index 195345d8c6..415c9a6be8 100644 --- a/demos/engines/zencod/hw_zencod.h +++ b/demos/engines/zencod/hw_zencod.h @@ -46,7 +46,7 @@ typedef int t_zencod_dump_key (FILE *stream, char *msg, KEY *key); /* - * Key managment tools + * Key management tools */ typedef KEY *t_zencod_new_number (unsigned long len, unsigned char *data); typedef int t_zencod_init_number (KEY *n, unsigned long len, unsigned char *data); From 54bbde3c3fb5ba9596245bbd8f7490136b6cc10d Mon Sep 17 00:00:00 2001 From: Richard Levitte Date: Thu, 12 Jun 2003 00:51:54 +0000 Subject: [PATCH 336/393] Make sure DSO-dlfcn works properly on SunOS4. PR: 585 --- crypto/dso/dso_dlfcn.c | 6 +++++- 1 file changed, 5 insertions(+), 1 deletion(-) diff --git a/crypto/dso/dso_dlfcn.c b/crypto/dso/dso_dlfcn.c index 259aee83e7..2d7534afac 100644 --- a/crypto/dso/dso_dlfcn.c +++ b/crypto/dso/dso_dlfcn.c @@ -128,7 +128,11 @@ DSO_METHOD *DSO_METHOD_dlfcn(void) # endif # endif #else -# define DLOPEN_FLAG RTLD_NOW /* Hope this works everywhere else */ +# ifdef OPENSSL_SYS_SUNOS +# define DLOPEN_FLAG 1 +# else +# define DLOPEN_FLAG RTLD_NOW /* Hope this works everywhere else */ +# endif #endif /* For this DSO_METHOD, our meth_data STACK will contain; From 700d86ea18b5c4f3fc0402ca5b4e9bc35f11d85c Mon Sep 17 00:00:00 2001 From: Richard Levitte Date: Thu, 12 Jun 2003 00:56:27 +0000 Subject: [PATCH 337/393] Make sure ssize_t is defined on SunOS4. PR: 585 --- e_os.h | 2 ++ 1 file changed, 2 insertions(+) diff --git a/e_os.h b/e_os.h index f70958df87..9eb6c1ed5e 100644 --- a/e_os.h +++ b/e_os.h @@ -331,6 +331,8 @@ extern "C" { # define pid_t int /* pid_t is missing on NEXTSTEP/OPENSTEP * (unless when compiling with -D_POSIX_SOURCE, * which doesn't work for us) */ +# endif +# if defined(NeXT) || defined(OPENSSL_SYS_NEWS4) || defined(OPENSSL_SYS_SUNOS) # define ssize_t int /* ditto */ # endif # ifdef OPENSSL_SYS_NEWS4 /* setvbuf is missing on mips-sony-bsd */ From 8645c415cf2cbb6ca1256cd3286c03f37aa88742 Mon Sep 17 00:00:00 2001 From: Richard Levitte Date: Thu, 12 Jun 2003 00:57:25 +0000 Subject: [PATCH 338/393] Do not try to use non-existent gmtime_r() on SunOS4. PR: 585 --- crypto/o_time.c | 2 +- 1 file changed, 1 insertion(+), 1 deletion(-) diff --git a/crypto/o_time.c b/crypto/o_time.c index 723eb1b5af..785468131e 100644 --- a/crypto/o_time.c +++ b/crypto/o_time.c @@ -73,7 +73,7 @@ struct tm *OPENSSL_gmtime(const time_t *timer, struct tm *result) { struct tm *ts = NULL; -#if defined(OPENSSL_THREADS) && !defined(OPENSSL_SYS_WIN32) && !defined(OPENSSL_SYS_OS2) && !defined(__CYGWIN32__) && (!defined(OPENSSL_SYS_VMS) || defined(gmtime_r)) && !defined(OPENSSL_SYS_MACOSX) +#if defined(OPENSSL_THREADS) && !defined(OPENSSL_SYS_WIN32) && !defined(OPENSSL_SYS_OS2) && !defined(__CYGWIN32__) && (!defined(OPENSSL_SYS_VMS) || defined(gmtime_r)) && !defined(OPENSSL_SYS_MACOSX) && !defined(OPENSSL_SYS_SUNOS) /* should return &data, but doesn't on some systems, so we don't even look at the return value */ gmtime_r(timer,result); From 5a1fd87ec1080a11ca120f8380b0eb59740a09f2 Mon Sep 17 00:00:00 2001 From: Richard Levitte Date: Thu, 12 Jun 2003 01:04:05 +0000 Subject: [PATCH 339/393] Typo. PR: 584 --- bugs/SSLv3 | 2 +- 1 file changed, 1 insertion(+), 1 deletion(-) diff --git a/bugs/SSLv3 b/bugs/SSLv3 index db53e1343a..a75a1652d9 100644 --- a/bugs/SSLv3 +++ b/bugs/SSLv3 @@ -29,7 +29,7 @@ RC4-MD5, but a re-connect tries to use DES-CBC-SHA. So netscape, when doing a re-connect, always takes the first cipher in the cipher list. If we accept a netscape connection, demand a client cert, have a -non-self-sighed CA which does not have it's CA in netscape, and the +non-self-signed CA which does not have it's CA in netscape, and the browser has a cert, it will crash/hang. Works for 3.x and 4.xbeta Netscape browsers do not really notice the server sending a From a3a2ff4cd9ada10effaa514af90c7638ab0e9824 Mon Sep 17 00:00:00 2001 From: Richard Levitte Date: Thu, 12 Jun 2003 18:13:27 +0000 Subject: [PATCH 340/393] Beautify --- crypto/store/str_lib.c | 4 ++-- 1 file changed, 2 insertions(+), 2 deletions(-) diff --git a/crypto/store/str_lib.c b/crypto/store/str_lib.c index 2d419bcd43..ab3fd423b7 100644 --- a/crypto/store/str_lib.c +++ b/crypto/store/str_lib.c @@ -84,10 +84,10 @@ const int STORE_param_sizes[STORE_PARAM_TYPE_NUM+1] = const int STORE_attr_sizes[STORE_ATTR_TYPE_NUM+1] = { 0, - -1, /* FRIENDLYNAME: C string */ + -1, /* FRIENDLYNAME: C string */ SHA_DIGEST_LENGTH, /* KEYID: SHA1 digest, 160 bits */ SHA_DIGEST_LENGTH, /* ISSUERKEYID: SHA1 digest, 160 bits */ - SHA_DIGEST_LENGTH, /* SUBJECTKEYID: SHA1 digest, 160 bits */ + SHA_DIGEST_LENGTH, /* SUBJECTKEYID: SHA1 digest, 160 bits */ SHA_DIGEST_LENGTH, /* ISSUERSERIALHASH: SHA1 digest, 160 bits */ sizeof(X509_NAME *), /* ISSUER: X509_NAME * */ sizeof(BIGNUM *), /* SERIAL: BIGNUM * */ From b52d512dfa04ec44cb58ec1efa6a230a4693b0b0 Mon Sep 17 00:00:00 2001 From: Richard Levitte Date: Thu, 12 Jun 2003 21:32:54 +0000 Subject: [PATCH 341/393] Slightly better check of attributes. Now, mem_list_next can actually stop when the searched for key doesn't have it's attributes within the range of the checked key. --- crypto/store/store.h | 3 ++ crypto/store/str_lib.c | 95 +++++++++++++++++++++++++++++++++++++----- crypto/store/str_mem.c | 4 +- 3 files changed, 90 insertions(+), 12 deletions(-) diff --git a/crypto/store/store.h b/crypto/store/store.h index c1cbb399f9..e82aa3edd8 100644 --- a/crypto/store/store.h +++ b/crypto/store/store.h @@ -411,6 +411,9 @@ int STORE_ATTR_INFO_modify_number(STORE_ATTR_INFO *attrs, STORE_ATTR_TYPES code, /* Compare on basis of a bit pattern formed by the STORE_ATTR_TYPES values in each contained attribute. */ int STORE_ATTR_INFO_compare(STORE_ATTR_INFO *a, STORE_ATTR_INFO *b); +/* Check if the set of attributes in a is within the range of attributes + set in b. */ +int STORE_ATTR_INFO_in_range(STORE_ATTR_INFO *a, STORE_ATTR_INFO *b); /* Check if the set of attributes in a are also set in b. */ int STORE_ATTR_INFO_in(STORE_ATTR_INFO *a, STORE_ATTR_INFO *b); /* Same as STORE_ATTR_INFO_in(), but also checks the attribute values. */ diff --git a/crypto/store/str_lib.c b/crypto/store/str_lib.c index ab3fd423b7..a8bd531325 100644 --- a/crypto/store/str_lib.c +++ b/crypto/store/str_lib.c @@ -1536,21 +1536,94 @@ int STORE_parse_attrs_endp(void *handle) return 0; } +static int attr_info_compare_compute_range( + unsigned char *abits, unsigned char *bbits, + unsigned int *alowp, unsigned int *ahighp, + unsigned int *blowp, unsigned int *bhighp) + { + unsigned int alow = (unsigned int)-1, ahigh = 0; + unsigned int blow = (unsigned int)-1, bhigh = 0; + int i, res = 0; + + for (i = 0; i < (STORE_ATTR_TYPE_NUM + 8) / 8; i++, abits++, bbits++) + { + if (res == 0) + { + if (*abits < *bbits) res = -1; + if (*abits > *bbits) res = 1; + } + if (*abits) + { + if (alow == (unsigned int)-1) + { + alow = i * 8; + if (!(*abits & 0x01)) alow++; + if (!(*abits & 0x02)) alow++; + if (!(*abits & 0x04)) alow++; + if (!(*abits & 0x08)) alow++; + if (!(*abits & 0x10)) alow++; + if (!(*abits & 0x20)) alow++; + if (!(*abits & 0x40)) alow++; + } + ahigh = i * 8 + 7; + if (!(*abits & 0x80)) ahigh++; + if (!(*abits & 0x40)) ahigh++; + if (!(*abits & 0x20)) ahigh++; + if (!(*abits & 0x10)) ahigh++; + if (!(*abits & 0x08)) ahigh++; + if (!(*abits & 0x04)) ahigh++; + if (!(*abits & 0x02)) ahigh++; + } + if (*bbits) + { + if (blow == (unsigned int)-1) + { + blow = i * 8; + if (!(*bbits & 0x01)) blow++; + if (!(*bbits & 0x02)) blow++; + if (!(*bbits & 0x04)) blow++; + if (!(*bbits & 0x08)) blow++; + if (!(*bbits & 0x10)) blow++; + if (!(*bbits & 0x20)) blow++; + if (!(*bbits & 0x40)) blow++; + } + bhigh = i * 8 + 7; + if (!(*bbits & 0x80)) bhigh++; + if (!(*bbits & 0x40)) bhigh++; + if (!(*bbits & 0x20)) bhigh++; + if (!(*bbits & 0x10)) bhigh++; + if (!(*bbits & 0x08)) bhigh++; + if (!(*bbits & 0x04)) bhigh++; + if (!(*bbits & 0x02)) bhigh++; + } + } + if (ahigh + alow < bhigh + blow) res = -1; + if (ahigh + alow > bhigh + blow) res = 1; + if (alowp) *alowp = alow; + if (ahighp) *ahighp = ahigh; + if (blowp) *blowp = blow; + if (bhighp) *bhighp = bhigh; + return res; + } + int STORE_ATTR_INFO_compare(STORE_ATTR_INFO *a, STORE_ATTR_INFO *b) { - unsigned char *abits, *bbits; - int i; - if (a == b) return 0; if (!a) return -1; if (!b) return 1; - abits = a->set; - bbits = b->set; - for (i = 0; i < (STORE_ATTR_TYPE_NUM + 8) / 8; i++, abits++, bbits++) - { - if (*abits < *bbits) return -1; - if (*abits > *bbits) return 1; - } + return attr_info_compare_compute_range(a->set, b->set, 0, 0, 0, 0); + } +int STORE_ATTR_INFO_in_range(STORE_ATTR_INFO *a, STORE_ATTR_INFO *b) + { + unsigned int alow, ahigh, blow, bhigh; + + if (a == b) return 1; + if (!a) return 0; + if (!b) return 0; + attr_info_compare_compute_range(a->set, b->set, + &alow, &ahigh, &blow, &bhigh); + if (alow >= blow && ahigh <= bhigh) + return 1; return 0; } int STORE_ATTR_INFO_in(STORE_ATTR_INFO *a, STORE_ATTR_INFO *b) @@ -1565,7 +1638,7 @@ int STORE_ATTR_INFO_in(STORE_ATTR_INFO *a, STORE_ATTR_INFO *b) bbits = b->set; for (i = 0; i < (STORE_ATTR_TYPE_NUM + 8) / 8; i++, abits++, bbits++) { - if (*abits && *bbits != *abits) + if (*abits && (*bbits & *abits) != *abits) return 0; } return 1; diff --git a/crypto/store/str_mem.c b/crypto/store/str_mem.c index 7480de0029..25d789a068 100644 --- a/crypto/store/str_mem.c +++ b/crypto/store/str_mem.c @@ -206,7 +206,7 @@ static int mem_delete(STORE *s, STORE_OBJECT_TYPES type, return 0; } -/* The list functions may be the hardest to nuderstand. Basically, +/* The list functions may be the hardest to understand. Basically, mem_list_start compiles a stack of attribute info elements, and puts that stack into the context to be returned. mem_list_next will then find the first matching element in the store, and then @@ -305,6 +305,8 @@ static STORE_OBJECT *mem_list_next(STORE *s, void *handle) context->search_index); for(srch = context->search_index; srch < sk_num(store->data) + && STORE_ATTR_INFO_in_range(key.attr_info, + (STORE_ATTR_INFO *)sk_value(store->data, srch)) && !(cres = STORE_ATTR_INFO_in_ex(key.attr_info, (STORE_ATTR_INFO *)sk_value(store->data, srch))); srch++) From d97322f0e6583d72f18ccdef6ebb3d8942a63c19 Mon Sep 17 00:00:00 2001 From: Richard Levitte Date: Wed, 18 Jun 2003 07:12:28 +0000 Subject: [PATCH 342/393] Missing string and potential memory leaks. Notified by Goetz Babin-Ebell --- crypto/store/str_lib.c | 36 ++++++++++++++++++++++-------------- 1 file changed, 22 insertions(+), 14 deletions(-) diff --git a/crypto/store/str_lib.c b/crypto/store/str_lib.c index a8bd531325..5e6e424ba3 100644 --- a/crypto/store/str_lib.c +++ b/crypto/store/str_lib.c @@ -69,7 +69,8 @@ const char * const STORE_object_type_string[STORE_OBJECT_TYPE_NUM+1] = "X.509 CRL", "Private Key", "Public Key", - "Number" + "Number", + "Arbitrary Data" }; const int STORE_param_sizes[STORE_PARAM_TYPE_NUM+1] = @@ -101,19 +102,20 @@ STORE *STORE_new_method(const STORE_METHOD *method) { STORE *ret; + if (method == NULL) + { + STOREerr(STORE_F_STORE_NEW_METHOD,ERR_R_PASSED_NULL_PARAMETER); + return NULL; + } + ret=(STORE *)OPENSSL_malloc(sizeof(STORE)); if (ret == NULL) { STOREerr(STORE_F_STORE_NEW_METHOD,ERR_R_MALLOC_FAILURE); return NULL; } - if (method == NULL) - { - STOREerr(STORE_F_STORE_NEW_METHOD,ERR_R_PASSED_NULL_PARAMETER); - return NULL; - } - else - ret->meth=method; + + ret->meth=method; CRYPTO_new_ex_data(CRYPTO_EX_INDEX_STORE, ret, &ret->ex_data); if (ret->meth->init && !ret->meth->init(ret)) @@ -261,12 +263,13 @@ X509 *STORE_get_certificate(STORE *s, OPENSSL_ITEM attributes[], int STORE_store_certificate(STORE *s, X509 *data, OPENSSL_ITEM attributes[], OPENSSL_ITEM parameters[]) { - STORE_OBJECT *object = STORE_OBJECT_new(); + STORE_OBJECT *object; int i; check_store(s,STORE_F_STORE_CERTIFICATE, store_object,STORE_R_NO_STORE_OBJECT_FUNCTION); + object = STORE_OBJECT_new(); if (!object) { STOREerr(STORE_F_STORE_CERTIFICATE, @@ -452,12 +455,13 @@ EVP_PKEY *STORE_get_private_key(STORE *s, OPENSSL_ITEM attributes[], int STORE_store_private_key(STORE *s, EVP_PKEY *data, OPENSSL_ITEM attributes[], OPENSSL_ITEM parameters[]) { - STORE_OBJECT *object = STORE_OBJECT_new(); + STORE_OBJECT *object; int i; check_store(s,STORE_F_STORE_PRIVATE_KEY, store_object,STORE_R_NO_STORE_OBJECT_FUNCTION); + object = STORE_OBJECT_new(); if (!object) { STOREerr(STORE_F_STORE_PRIVATE_KEY, @@ -628,12 +632,13 @@ EVP_PKEY *STORE_get_public_key(STORE *s, OPENSSL_ITEM attributes[], int STORE_store_public_key(STORE *s, EVP_PKEY *data, OPENSSL_ITEM attributes[], OPENSSL_ITEM parameters[]) { - STORE_OBJECT *object = STORE_OBJECT_new(); + STORE_OBJECT *object; int i; check_store(s,STORE_F_STORE_PUBLIC_KEY, store_object,STORE_R_NO_STORE_OBJECT_FUNCTION); + object = STORE_OBJECT_new(); if (!object) { STOREerr(STORE_F_STORE_PUBLIC_KEY, @@ -830,12 +835,13 @@ X509_CRL *STORE_get_crl(STORE *s, OPENSSL_ITEM attributes[], int STORE_store_crl(STORE *s, X509_CRL *data, OPENSSL_ITEM attributes[], OPENSSL_ITEM parameters[]) { - STORE_OBJECT *object = STORE_OBJECT_new(); + STORE_OBJECT *object; int i; check_store(s,STORE_F_STORE_CRL, store_object,STORE_R_NO_STORE_OBJECT_FUNCTION); + object = STORE_OBJECT_new(); if (!object) { STOREerr(STORE_F_STORE_CRL, @@ -953,12 +959,13 @@ int STORE_list_crl_endp(STORE *s, void *handle) int STORE_store_number(STORE *s, BIGNUM *data, OPENSSL_ITEM attributes[], OPENSSL_ITEM parameters[]) { - STORE_OBJECT *object = STORE_OBJECT_new(); + STORE_OBJECT *object; int i; check_store(s,STORE_F_STORE_NUMBER, store_object,STORE_R_NO_STORE_OBJECT_NUMBER_FUNCTION); + object = STORE_OBJECT_new(); if (!object) { STOREerr(STORE_F_STORE_NUMBER, @@ -1024,12 +1031,13 @@ int STORE_delete_number(STORE *s, OPENSSL_ITEM attributes[], int STORE_store_arbitrary(STORE *s, BUF_MEM *data, OPENSSL_ITEM attributes[], OPENSSL_ITEM parameters[]) { - STORE_OBJECT *object = STORE_OBJECT_new(); + STORE_OBJECT *object; int i; check_store(s,STORE_F_STORE_ARBITRARY, store_object,STORE_R_NO_STORE_OBJECT_ARBITRARY_FUNCTION); + object = STORE_OBJECT_new(); if (!object) { STOREerr(STORE_F_STORE_ARBITRARY, From 0bd71d3b7ebcfe583b91b3939d807d4dd6758f05 Mon Sep 17 00:00:00 2001 From: Richard Levitte Date: Wed, 18 Jun 2003 07:14:52 +0000 Subject: [PATCH 343/393] Add the application data type to the README. --- crypto/store/README | 1 + 1 file changed, 1 insertion(+) diff --git a/crypto/store/README b/crypto/store/README index a5a494899d..966168f6a5 100644 --- a/crypto/store/README +++ b/crypto/store/README @@ -18,6 +18,7 @@ X.509 CRL private key public key number +arbitrary (application) data The intention is that a STORE should be able to store everything needed by an application that wants a cert/key store, as well as From d3a28e8b8da8ecde549e842249ff12a53390d51c Mon Sep 17 00:00:00 2001 From: Richard Levitte Date: Thu, 19 Jun 2003 16:56:19 +0000 Subject: [PATCH 344/393] EXIT() should mainly be exit(n), not return(n). OPENSSL_EXIT() will take care of returning if necessary. --- e_os.h | 2 +- 1 file changed, 1 insertion(+), 1 deletion(-) diff --git a/e_os.h b/e_os.h index 9eb6c1ed5e..3800bfd75f 100644 --- a/e_os.h +++ b/e_os.h @@ -250,7 +250,7 @@ extern "C" { # define EXIT(n) _wsetexit(_WINEXITNOPERSIST) # define OPENSSL_EXIT(n) do { if (n == 0) EXIT(n); return(n); } while(0) # else -# define EXIT(n) return(n) +# define EXIT(n) exit(n) # endif # define LIST_SEPARATOR_CHAR ';' # ifndef X_OK From 4e9023f4d23a13387f490e83dae82e97d7d8a7a0 Mon Sep 17 00:00:00 2001 From: Richard Levitte Date: Thu, 19 Jun 2003 16:56:48 +0000 Subject: [PATCH 345/393] Unsigned vs. signed fixed. --- crypto/ecdh/ech_ossl.c | 2 +- 1 file changed, 1 insertion(+), 1 deletion(-) diff --git a/crypto/ecdh/ech_ossl.c b/crypto/ecdh/ech_ossl.c index 6a8ed84644..c7633bac7f 100644 --- a/crypto/ecdh/ech_ossl.c +++ b/crypto/ecdh/ech_ossl.c @@ -173,7 +173,7 @@ static int ecdh_compute_key(void *out, size_t outlen, const EC_POINT *pub_key, E } memset(buf, 0, buflen - len); - if (len != BN_bn2bin(x, buf + buflen - len)) + if (len != (size_t)BN_bn2bin(x, buf + buflen - len)) { ECDHerr(ECDH_F_ECDH_COMPUTE_KEY,ERR_R_BN_LIB); goto err; From 834ac33a3778bf5aa2c972d60e833bc6f83169df Mon Sep 17 00:00:00 2001 From: Richard Levitte Date: Thu, 19 Jun 2003 16:57:38 +0000 Subject: [PATCH 346/393] dynamic_ctrl() didn't have exactly the same prototype as defined by ENGINE_CTRL_FUNC_PTR. --- crypto/engine/eng_dyn.c | 2 +- 1 file changed, 1 insertion(+), 1 deletion(-) diff --git a/crypto/engine/eng_dyn.c b/crypto/engine/eng_dyn.c index 61ae230570..3a1c200ce4 100644 --- a/crypto/engine/eng_dyn.c +++ b/crypto/engine/eng_dyn.c @@ -70,7 +70,7 @@ /* Our ENGINE handlers */ static int dynamic_init(ENGINE *e); static int dynamic_finish(ENGINE *e); -static int dynamic_ctrl(ENGINE *e, int cmd, long i, void *p, void (*f)()); +static int dynamic_ctrl(ENGINE *e, int cmd, long i, void *p, void (*f)(void)); /* Predeclare our context type */ typedef struct st_dynamic_data_ctx dynamic_data_ctx; /* The implementation for the important control command */ From fd4ef699133e445e8224f68d39cc155ea4a26c1a Mon Sep 17 00:00:00 2001 From: Richard Levitte Date: Thu, 19 Jun 2003 17:40:16 +0000 Subject: [PATCH 347/393] Implement CRL numbers. Contributed in whole by Laurent Genier PR: 644 --- apps/ca.c | 36 ++++++++++++++++++++++++++++++++---- apps/openssl.cnf | 3 +++ 2 files changed, 35 insertions(+), 4 deletions(-) diff --git a/apps/ca.c b/apps/ca.c index 618d88b2d0..2c7e91aabb 100644 --- a/apps/ca.c +++ b/apps/ca.c @@ -122,6 +122,7 @@ #define ENV_NEW_CERTS_DIR "new_certs_dir" #define ENV_CERTIFICATE "certificate" #define ENV_SERIAL "serial" +#define ENV_CRLNUMBER "crlnumber" #define ENV_CRL "crl" #define ENV_PRIVATE_KEY "private_key" #define ENV_RANDFILE "RANDFILE" @@ -277,6 +278,7 @@ int MAIN(int argc, char **argv) char *outfile=NULL; char *outdir=NULL; char *serialfile=NULL; + char *crlnumberfile=NULL; char *extensions=NULL; char *extfile=NULL; char *subj=NULL; @@ -285,6 +287,7 @@ int MAIN(int argc, char **argv) int rev_type = REV_NONE; char *rev_arg = NULL; BIGNUM *serial=NULL; + BIGNUM *crlnumber=NULL; char *startdate=NULL; char *enddate=NULL; long days=0; @@ -1337,6 +1340,14 @@ bad: } } + if ((crlnumberfile=NCONF_get_string(conf,section,ENV_CRLNUMBER)) + != NULL) + if ((crlnumber=load_serial(crlnumberfile,0,NULL)) == NULL) + { + BIO_printf(bio_err,"error while loading CRL number\n"); + goto err; + } + if (!crldays && !crlhours) { if (!NCONF_get_number(conf,section, @@ -1418,14 +1429,24 @@ bad: /* Add any extensions asked for */ - if (crl_ext) + if (crl_ext || crlnumberfile != NULL) { X509V3_CTX crlctx; X509V3_set_ctx(&crlctx, x509, NULL, NULL, crl, 0); X509V3_set_nconf(&crlctx, conf); - if (!X509V3_EXT_CRL_add_nconf(conf, &crlctx, - crl_ext, crl)) goto err; + if (crl_ext) + if (!X509V3_EXT_CRL_add_nconf(conf, &crlctx, + crl_ext, crl)) goto err; + if (crlnumberfile != NULL) + { + tmpser = BN_to_ASN1_INTEGER(crlnumber, NULL); + if (!tmpser) goto err; + X509_CRL_add1_ext_i2d(crl,NID_crl_number,tmpser,0,0); + ASN1_INTEGER_free(tmpser); + crl_v2 = 1; + if (!BN_add_word(crlnumber,1)) goto err; + } } if (crl_ext || crl_v2) { @@ -1433,9 +1454,17 @@ bad: goto err; /* version 2 CRL */ } + + if (crlnumberfile != NULL) /* we have a CRL number that need updating */ + if (!save_serial(crlnumberfile,"new",crlnumber,NULL)) goto err; + if (!X509_CRL_sign(crl,pkey,dgst)) goto err; PEM_write_bio_X509_CRL(Sout,crl); + + if (crlnumberfile != NULL) /* Rename the crlnumber file */ + if (!rotate_serial(crlnumberfile,"new","old")) goto err; + } /*****************************************************************/ if (dorevoke) @@ -3086,4 +3115,3 @@ int unpack_revinfo(ASN1_TIME **prevtm, int *preason, ASN1_OBJECT **phold, ASN1_G return ret; } - diff --git a/apps/openssl.cnf b/apps/openssl.cnf index 2696044cf1..8941f454f8 100644 --- a/apps/openssl.cnf +++ b/apps/openssl.cnf @@ -44,6 +44,8 @@ new_certs_dir = $dir/newcerts # default place for new certs. certificate = $dir/cacert.pem # The CA certificate serial = $dir/serial # The current serial number +crlnumber = $dir/crlnumber # the current crl number + # must be commented out to leave a V1 CRL crl = $dir/crl.pem # The current CRL private_key = $dir/private/cakey.pem# The private key RANDFILE = $dir/private/.rand # private random number file @@ -60,6 +62,7 @@ cert_opt = ca_default # Certificate field options # Extensions to add to a CRL. Note: Netscape communicator chokes on V2 CRLs # so this is commented out by default to leave a V1 CRL. +# crlnumber must also be commented out to leave a V1 CRL. # crl_extensions = crl_ext default_days = 365 # how long to certify for From c5aba56c5bb20872888c33288f51d9f92a25ef9d Mon Sep 17 00:00:00 2001 From: Richard Levitte Date: Thu, 19 Jun 2003 17:50:37 +0000 Subject: [PATCH 348/393] Typo. --- doc/apps/ca.pod | 2 +- 1 file changed, 1 insertion(+), 1 deletion(-) diff --git a/doc/apps/ca.pod b/doc/apps/ca.pod index 6d010216e7..7cc9c5c5f4 100644 --- a/doc/apps/ca.pod +++ b/doc/apps/ca.pod @@ -384,7 +384,7 @@ versions of OpenSSL. However, to make CA certificate roll-over easier, it's recommended to use the value B, especially if combined with the B<-selfsign> command line option. -=item B +=item B a text file containing the next serial number to use in hex. Mandatory. This file must be present and contain a valid serial number. From 8fbb2af3921fa1b0b12976055e29a93055caca78 Mon Sep 17 00:00:00 2001 From: Richard Levitte Date: Thu, 19 Jun 2003 17:52:57 +0000 Subject: [PATCH 349/393] Add documentation for the new crlnumber configuration option. --- doc/apps/ca.pod | 6 ++++++ 1 file changed, 6 insertions(+) diff --git a/doc/apps/ca.pod b/doc/apps/ca.pod index 7cc9c5c5f4..e2a4591a14 100644 --- a/doc/apps/ca.pod +++ b/doc/apps/ca.pod @@ -389,6 +389,12 @@ the B<-selfsign> command line option. a text file containing the next serial number to use in hex. Mandatory. This file must be present and contain a valid serial number. +=item B + +a text file containing the next CRL number to use in hex. The crl number +will be inserted in the CRLs only if this file exists. If this file is +present, it must contain a valid CRL number. + =item B the same as B<-extensions>. From f6b9cd7f8224f8f1b7191d36a9bf1f55abeb3555 Mon Sep 17 00:00:00 2001 From: Richard Levitte Date: Thu, 19 Jun 2003 18:55:50 +0000 Subject: [PATCH 350/393] We set the export flag for 512 *bit* keys, not 512 *byte* ones. PR: 587 --- crypto/x509/x509type.c | 3 ++- 1 file changed, 2 insertions(+), 1 deletion(-) diff --git a/crypto/x509/x509type.c b/crypto/x509/x509type.c index 4af98214a8..8fe1c54583 100644 --- a/crypto/x509/x509type.c +++ b/crypto/x509/x509type.c @@ -112,7 +112,8 @@ int X509_certificate_type(X509 *x, EVP_PKEY *pkey) break; } - if (EVP_PKEY_size(pk) <= 512) + if (EVP_PKEY_size(pk) <= 512/8) /* /8 because it's 512 bits we look + for, not bytes */ ret|=EVP_PKT_EXP; if(pkey==NULL) EVP_PKEY_free(pk); return(ret); From ed7f1d0bc61d06cb4455401d530214e1c38291a3 Mon Sep 17 00:00:00 2001 From: Richard Levitte Date: Thu, 19 Jun 2003 18:59:27 +0000 Subject: [PATCH 351/393] Prepare for changes in the 0.9.6 branch --- CHANGES | 4 ++++ 1 file changed, 4 insertions(+) diff --git a/CHANGES b/CHANGES index 84bba6b68f..c6163a0639 100644 --- a/CHANGES +++ b/CHANGES @@ -2489,6 +2489,10 @@ des-cbc 3624.96k 5258.21k 5530.91k 5624.30k 5628.26k *) Clean old EAY MD5 hack from e_os.h. [Richard Levitte] + Changes between 0.9.6j and 0.9.6k [xx XXX 2003] + + *) + Changes between 0.9.6i and 0.9.6j [10 Apr 2003] *) Countermeasure against the Klima-Pokorny-Rosa extension of From 4f1cd8324ca63d72bfb90bc2cb5dd32538935ac4 Mon Sep 17 00:00:00 2001 From: Richard Levitte Date: Thu, 19 Jun 2003 19:01:05 +0000 Subject: [PATCH 352/393] Prepare for changes in the 0.9.6 branch --- CHANGES | 2 +- 1 file changed, 1 insertion(+), 1 deletion(-) diff --git a/CHANGES b/CHANGES index c6163a0639..78260c51ef 100644 --- a/CHANGES +++ b/CHANGES @@ -669,7 +669,7 @@ yet to be integrated into this CVS branch: the config script, much like the NetBSD support. [Richard Levitte & Kris Kennaway ] - Changes between 0.9.6j and 0.9.7 [31 Dec 2002] + Changes between 0.9.6k and 0.9.7 [31 Dec 2002] *) Fix session ID handling in SSLv2 client code: the SERVER FINISHED code (06) was taken as the first octet of the session ID and the last From cf9a88cad759a8b3c93b808cfb0dd368143a8027 Mon Sep 17 00:00:00 2001 From: Richard Levitte Date: Thu, 19 Jun 2003 19:04:13 +0000 Subject: [PATCH 353/393] Document the last change. PR: 587 --- CHANGES | 4 +++- 1 file changed, 3 insertions(+), 1 deletion(-) diff --git a/CHANGES b/CHANGES index 78260c51ef..f81d555a06 100644 --- a/CHANGES +++ b/CHANGES @@ -2491,7 +2491,9 @@ des-cbc 3624.96k 5258.21k 5530.91k 5624.30k 5628.26k Changes between 0.9.6j and 0.9.6k [xx XXX 2003] - *) + *) Change X509_cretificate_type() to mark the key as exported/exportable + when it's 512 *bits* long, not 512 bytes. + [Richard Levitte] Changes between 0.9.6i and 0.9.6j [10 Apr 2003] From 37fcd48f8634ff5ce356e84711c756e06adbcd41 Mon Sep 17 00:00:00 2001 From: Richard Levitte Date: Thu, 19 Jun 2003 23:00:50 +0000 Subject: [PATCH 354/393] make update --- TABLE | 58 ++++++++++++++++++++++++------------------------- util/libeay.num | 1 + 2 files changed, 30 insertions(+), 29 deletions(-) diff --git a/TABLE b/TABLE index 5d098118ff..0ad0fcaf91 100644 --- a/TABLE +++ b/TABLE @@ -1652,7 +1652,7 @@ $arflags = *** debug-levitte-linux-elf $cc = gcc -$cflags = -DLEVITTE_DEBUG -DREF_CHECK -DCONF_DEBUG -DBN_CTX_DEBUG -DCRYPTO_MDEBUG -DL_ENDIAN -DTERMIO -D_POSIX_SOURCE -DPEDANTIC -ggdb -g3 -mcpu=i486 -pedantic -ansi -Wall -Wshadow -Wcast-align -Wstrict-prototypes -Wmissing-prototypes -Wno-long-long -pipe +$cflags = -DLEVITTE_DEBUG -DREF_CHECK -DCONF_DEBUG -DBN_CTX_DEBUG -DCRYPTO_MDEBUG -DL_ENDIAN -D_POSIX_SOURCE -DPEDANTIC -ggdb -g3 -mcpu=i486 -pedantic -ansi -Wall -Wshadow -Wcast-align -Wstrict-prototypes -Wmissing-prototypes -Wno-long-long -pipe $unistd = $thread_cflag = -D_REENTRANT $sys_id = @@ -1677,7 +1677,7 @@ $arflags = *** debug-levitte-linux-elf-extreme $cc = gcc -$cflags = -DLEVITTE_DEBUG -DREF_CHECK -DCONF_DEBUG -DBN_CTX_DEBUG -DCRYPTO_MDEBUG -DL_ENDIAN -DTERMIO -D_POSIX_SOURCE -DPEDANTIC -ggdb -g3 -mcpu=i486 -pedantic -ansi -Wall -W -Wundef -Wshadow -Wcast-align -Wstrict-prototypes -Wmissing-prototypes -Wconversion -Wno-long-long -pipe +$cflags = -DLEVITTE_DEBUG -DREF_CHECK -DCONF_DEBUG -DBN_CTX_DEBUG -DCRYPTO_MDEBUG -DL_ENDIAN -D_POSIX_SOURCE -DPEDANTIC -ggdb -g3 -mcpu=i486 -pedantic -ansi -Wall -W -Wundef -Wshadow -Wcast-align -Wstrict-prototypes -Wmissing-prototypes -Wconversion -Wno-long-long -pipe $unistd = $thread_cflag = -D_REENTRANT $sys_id = @@ -1702,7 +1702,7 @@ $arflags = *** debug-levitte-linux-noasm $cc = gcc -$cflags = -DLEVITTE_DEBUG -DREF_CHECK -DCONF_DEBUG -DBN_CTX_DEBUG -DCRYPTO_MDEBUG -DOPENSSL_NO_ASM -DL_ENDIAN -DTERMIO -D_POSIX_SOURCE -DPEDANTIC -ggdb -g3 -mcpu=i486 -pedantic -ansi -Wall -Wshadow -Wcast-align -Wstrict-prototypes -Wmissing-prototypes -Wno-long-long -pipe +$cflags = -DLEVITTE_DEBUG -DREF_CHECK -DCONF_DEBUG -DBN_CTX_DEBUG -DCRYPTO_MDEBUG -DOPENSSL_NO_ASM -DL_ENDIAN -D_POSIX_SOURCE -DPEDANTIC -ggdb -g3 -mcpu=i486 -pedantic -ansi -Wall -Wshadow -Wcast-align -Wstrict-prototypes -Wmissing-prototypes -Wno-long-long -pipe $unistd = $thread_cflag = -D_REENTRANT $sys_id = @@ -1727,7 +1727,7 @@ $arflags = *** debug-levitte-linux-noasm-extreme $cc = gcc -$cflags = -DLEVITTE_DEBUG -DREF_CHECK -DCONF_DEBUG -DBN_CTX_DEBUG -DCRYPTO_MDEBUG -DOPENSSL_NO_ASM -DL_ENDIAN -DTERMIO -D_POSIX_SOURCE -DPEDANTIC -ggdb -g3 -mcpu=i486 -pedantic -ansi -Wall -W -Wundef -Wshadow -Wcast-align -Wstrict-prototypes -Wmissing-prototypes -Wconversion -Wno-long-long -pipe +$cflags = -DLEVITTE_DEBUG -DREF_CHECK -DCONF_DEBUG -DBN_CTX_DEBUG -DCRYPTO_MDEBUG -DOPENSSL_NO_ASM -DL_ENDIAN -D_POSIX_SOURCE -DPEDANTIC -ggdb -g3 -mcpu=i486 -pedantic -ansi -Wall -W -Wundef -Wshadow -Wcast-align -Wstrict-prototypes -Wmissing-prototypes -Wconversion -Wno-long-long -pipe $unistd = $thread_cflag = -D_REENTRANT $sys_id = @@ -1752,7 +1752,7 @@ $arflags = *** debug-linux-elf $cc = gcc -$cflags = -DBN_DEBUG -DREF_CHECK -DCONF_DEBUG -DBN_CTX_DEBUG -DCRYPTO_MDEBUG -DL_ENDIAN -DTERMIO -g -m486 -Wall +$cflags = -DBN_DEBUG -DREF_CHECK -DCONF_DEBUG -DBN_CTX_DEBUG -DCRYPTO_MDEBUG -DL_ENDIAN -g -m486 -Wall $unistd = $thread_cflag = -D_REENTRANT $sys_id = @@ -1777,7 +1777,7 @@ $arflags = *** debug-linux-elf-noefence $cc = gcc -$cflags = -DBN_DEBUG -DREF_CHECK -DCONF_DEBUG -DBN_CTX_DEBUG -DCRYPTO_MDEBUG -DL_ENDIAN -DTERMIO -g -m486 -Wall +$cflags = -DBN_DEBUG -DREF_CHECK -DCONF_DEBUG -DBN_CTX_DEBUG -DCRYPTO_MDEBUG -DL_ENDIAN -g -m486 -Wall $unistd = $thread_cflag = -D_REENTRANT $sys_id = @@ -1802,7 +1802,7 @@ $arflags = *** debug-linux-pentium $cc = gcc -$cflags = -DBN_DEBUG -DREF_CHECK -DCONF_DEBUG -DBN_CTX_DEBUG -DCRYPTO_MDEBUG -DL_ENDIAN -DTERMIO -g -mcpu=pentium -Wall +$cflags = -DBN_DEBUG -DREF_CHECK -DCONF_DEBUG -DBN_CTX_DEBUG -DCRYPTO_MDEBUG -DL_ENDIAN -g -mcpu=pentium -Wall $unistd = $thread_cflag = -D_REENTRANT $sys_id = @@ -1827,7 +1827,7 @@ $arflags = *** debug-linux-ppro $cc = gcc -$cflags = -DBN_DEBUG -DREF_CHECK -DCONF_DEBUG -DBN_CTX_DEBUG -DCRYPTO_MDEBUG -DL_ENDIAN -DTERMIO -g -mcpu=pentiumpro -Wall +$cflags = -DBN_DEBUG -DREF_CHECK -DCONF_DEBUG -DBN_CTX_DEBUG -DCRYPTO_MDEBUG -DL_ENDIAN -g -mcpu=pentiumpro -Wall $unistd = $thread_cflag = -D_REENTRANT $sys_id = @@ -2927,7 +2927,7 @@ $arflags = *** linux-aout $cc = gcc -$cflags = -DL_ENDIAN -DTERMIO -O3 -fomit-frame-pointer -m486 -Wall +$cflags = -DL_ENDIAN -O3 -fomit-frame-pointer -m486 -Wall $unistd = $thread_cflag = (unknown) $sys_id = @@ -2952,7 +2952,7 @@ $arflags = *** linux-elf $cc = gcc -$cflags = -DL_ENDIAN -DTERMIO -O3 -fomit-frame-pointer -m486 -Wall +$cflags = -DL_ENDIAN -O3 -fomit-frame-pointer -m486 -Wall $unistd = $thread_cflag = -D_REENTRANT $sys_id = @@ -2977,7 +2977,7 @@ $arflags = *** linux-elf-arm $cc = gcc -$cflags = -DL_ENDIAN -DTERMIO -O3 -fomit-frame-pointer -Wall +$cflags = -DL_ENDIAN -O3 -fomit-frame-pointer -Wall $unistd = $thread_cflag = -D_REENTRANT $sys_id = @@ -3002,7 +3002,7 @@ $arflags = *** linux-ia32-icc $cc = icc -$cflags = -DL_ENDIAN -DTERMIO -O2 +$cflags = -DL_ENDIAN -O2 $unistd = $thread_cflag = -D_REENTRANT $sys_id = @@ -3027,7 +3027,7 @@ $arflags = *** linux-ia64 $cc = gcc -$cflags = -DL_ENDIAN -DTERMIO -O3 -fomit-frame-pointer -Wall +$cflags = -DL_ENDIAN -O3 -fomit-frame-pointer -Wall $unistd = $thread_cflag = -D_REENTRANT $sys_id = @@ -3052,7 +3052,7 @@ $arflags = *** linux-ia64-ecc $cc = ecc -$cflags = -DL_ENDIAN -DTERMIO -O2 -Wall +$cflags = -DL_ENDIAN -O2 -Wall $unistd = $thread_cflag = -D_REENTRANT $sys_id = @@ -3077,7 +3077,7 @@ $arflags = *** linux-k6 $cc = gcc -$cflags = -DL_ENDIAN -DTERMIO -O3 -fomit-frame-pointer -mcpu=k6 -Wall +$cflags = -DL_ENDIAN -O3 -fomit-frame-pointer -mcpu=k6 -Wall $unistd = $thread_cflag = -D_REENTRANT $sys_id = @@ -3102,7 +3102,7 @@ $arflags = *** linux-m68k $cc = gcc -$cflags = -DB_ENDIAN -DTERMIO -O2 -fomit-frame-pointer -Wall +$cflags = -DB_ENDIAN -O2 -fomit-frame-pointer -Wall $unistd = $thread_cflag = -D_REENTRANT $sys_id = @@ -3127,7 +3127,7 @@ $arflags = *** linux-mips $cc = gcc -$cflags = -DB_ENDIAN -DTERMIO -O3 -fomit-frame-pointer -Wall +$cflags = -DB_ENDIAN -O3 -fomit-frame-pointer -Wall $unistd = $thread_cflag = -D_REENTRANT $sys_id = @@ -3152,7 +3152,7 @@ $arflags = *** linux-mipsel $cc = gcc -$cflags = -DL_ENDIAN -DTERMIO -O3 -fomit-frame-pointer -Wall +$cflags = -DL_ENDIAN -O3 -fomit-frame-pointer -Wall $unistd = $thread_cflag = -D_REENTRANT $sys_id = @@ -3177,7 +3177,7 @@ $arflags = *** linux-parisc $cc = gcc -$cflags = -DB_ENDIAN -DTERMIO -O3 -fomit-frame-pointer -Wall -DBN_DIV2W +$cflags = -DB_ENDIAN -O3 -fomit-frame-pointer -Wall -DBN_DIV2W $unistd = $thread_cflag = -D_REENTRANT $sys_id = @@ -3202,7 +3202,7 @@ $arflags = *** linux-pentium $cc = gcc -$cflags = -DL_ENDIAN -DTERMIO -O3 -fomit-frame-pointer -mcpu=pentium -Wall +$cflags = -DL_ENDIAN -O3 -fomit-frame-pointer -mcpu=pentium -Wall $unistd = $thread_cflag = -D_REENTRANT $sys_id = @@ -3227,7 +3227,7 @@ $arflags = *** linux-ppc $cc = gcc -$cflags = -DB_ENDIAN -DTERMIO -O3 -fomit-frame-pointer -Wall +$cflags = -DB_ENDIAN -O3 -fomit-frame-pointer -Wall $unistd = $thread_cflag = -D_REENTRANT $sys_id = @@ -3252,7 +3252,7 @@ $arflags = *** linux-ppro $cc = gcc -$cflags = -DL_ENDIAN -DTERMIO -O3 -fomit-frame-pointer -mcpu=pentiumpro -Wall +$cflags = -DL_ENDIAN -O3 -fomit-frame-pointer -mcpu=pentiumpro -Wall $unistd = $thread_cflag = -D_REENTRANT $sys_id = @@ -3277,7 +3277,7 @@ $arflags = *** linux-s390 $cc = gcc -$cflags = -DB_ENDIAN -DTERMIO -DNO_ASM -O3 -fomit-frame-pointer -Wall +$cflags = -DB_ENDIAN -DNO_ASM -O3 -fomit-frame-pointer -Wall $unistd = $thread_cflag = -D_REENTRANT $sys_id = @@ -3302,7 +3302,7 @@ $arflags = *** linux-s390x $cc = gcc -$cflags = -DB_ENDIAN -DTERMIO -DNO_ASM -O3 -fomit-frame-pointer -Wall +$cflags = -DB_ENDIAN -DNO_ASM -O3 -fomit-frame-pointer -Wall $unistd = $thread_cflag = -D_REENTRANT $sys_id = @@ -3327,7 +3327,7 @@ $arflags = *** linux-sparcv7 $cc = gcc -$cflags = -DB_ENDIAN -DTERMIO -O3 -fomit-frame-pointer -Wall +$cflags = -DB_ENDIAN -O3 -fomit-frame-pointer -Wall $unistd = $thread_cflag = -D_REENTRANT $sys_id = @@ -3352,7 +3352,7 @@ $arflags = *** linux-sparcv8 $cc = gcc -$cflags = -mv8 -DB_ENDIAN -DTERMIO -O3 -fomit-frame-pointer -Wall -DBN_DIV2W +$cflags = -mv8 -DB_ENDIAN -O3 -fomit-frame-pointer -Wall -DBN_DIV2W $unistd = $thread_cflag = -D_REENTRANT $sys_id = @@ -3377,7 +3377,7 @@ $arflags = *** linux-sparcv9 $cc = gcc -$cflags = -mcpu=ultrasparc -DB_ENDIAN -DTERMIO -O3 -fomit-frame-pointer -Wall -Wa,-Av8plus -DBN_DIV2W +$cflags = -mcpu=ultrasparc -DB_ENDIAN -O3 -fomit-frame-pointer -Wall -Wa,-Av8plus -DBN_DIV2W $unistd = $thread_cflag = -D_REENTRANT $sys_id = ULTRASPARC @@ -3402,7 +3402,7 @@ $arflags = *** linux-x86_64 $cc = gcc -$cflags = -m64 -DL_ENDIAN -DTERMIO -O3 -Wall -DMD32_REG_T=int +$cflags = -m64 -DL_ENDIAN -O3 -Wall -DMD32_REG_T=int $unistd = $thread_cflag = -D_REENTRANT $sys_id = @@ -3427,7 +3427,7 @@ $arflags = *** linux64-sparcv9 $cc = gcc -$cflags = -m64 -mcpu=ultrasparc -DB_ENDIAN -DTERMIO -O3 -fomit-frame-pointer -Wall +$cflags = -m64 -mcpu=ultrasparc -DB_ENDIAN -O3 -fomit-frame-pointer -Wall $unistd = $thread_cflag = -D_REENTRANT $sys_id = ULTRASPARC diff --git a/util/libeay.num b/util/libeay.num index 97082f053f..aee8b4215b 100755 --- a/util/libeay.num +++ b/util/libeay.num @@ -3146,3 +3146,4 @@ STORE_store_arbitrary 3575 EXIST::FUNCTION: STORE_new_engine 3576 EXIST::FUNCTION: ERR_set_mark 3577 EXIST::FUNCTION: ERR_pop_to_mark 3578 EXIST::FUNCTION: +STORE_ATTR_INFO_in_range 3579 EXIST::FUNCTION: From cf82439de892cfd9e7fe722416f614bbb9a4a2ee Mon Sep 17 00:00:00 2001 From: Richard Levitte Date: Fri, 20 Jun 2003 00:57:18 +0000 Subject: [PATCH 355/393] Make sure the compiler knows we run with pedantic settings. --- Configure | 2 +- 1 file changed, 1 insertion(+), 1 deletion(-) diff --git a/Configure b/Configure index 77b57e2905..a88c0cb6a9 100755 --- a/Configure +++ b/Configure @@ -178,7 +178,7 @@ my %table=( #### "debug-solaris-sparcv8-gcc","gcc:-DBN_DEBUG -DREF_CHECK -DCONF_DEBUG -DBN_CTX_DEBUG -DCRYPTO_MDEBUG_ALL -O -g -mv8 -Wall -DB_ENDIAN::-D_REENTRANT::-lsocket -lnsl -ldl:BN_LLONG RC4_CHAR RC4_CHUNK DES_UNROLL BF_PTR:asm/sparcv8.o:::::::::dlfcn:solaris-shared:-fPIC:-shared:.so.\$(SHLIB_MAJOR).\$(SHLIB_MINOR)", -"debug-solaris-sparcv9-gcc","gcc:-DBN_DEBUG -DREF_CHECK -DCONF_DEBUG -DBN_CTX_DEBUG -DCRYPTO_MDEBUG_ALL -O -g -mcpu=ultrasparc -pedantic -ansi -Wall -Wshadow -Wno-long-long -D__EXTENSIONS__ -DB_ENDIAN -DBN_DIV2W::-D_REENTRANT:ULTRASPARC:-lsocket -lnsl -ldl:BN_LLONG RC4_CHAR RC4_CHUNK DES_UNROLL BF_PTR:asm/sparcv8plus.o:asm/des_enc-sparc.o fcrypt_b.o::asm/md5-sparcv8plus.o::::::dlfcn:solaris-shared:-fPIC:-shared:.so.\$(SHLIB_MAJOR).\$(SHLIB_MINOR)", +"debug-solaris-sparcv9-gcc","gcc:-DBN_DEBUG -DREF_CHECK -DCONF_DEBUG -DBN_CTX_DEBUG -DCRYPTO_MDEBUG_ALL -DPEDANTIC -O -g -mcpu=ultrasparc -pedantic -ansi -Wall -Wshadow -Wno-long-long -D__EXTENSIONS__ -DB_ENDIAN -DBN_DIV2W::-D_REENTRANT:ULTRASPARC:-lsocket -lnsl -ldl:BN_LLONG RC4_CHAR RC4_CHUNK DES_UNROLL BF_PTR:asm/sparcv8plus.o:asm/des_enc-sparc.o fcrypt_b.o::asm/md5-sparcv8plus.o::::::dlfcn:solaris-shared:-fPIC:-shared:.so.\$(SHLIB_MAJOR).\$(SHLIB_MINOR)", #### SPARC Solaris with Sun C setups # DO NOT use /xO[34] on sparc with SC3.0. It is broken, and will not pass the tests From 037f6e73f17c1b322d49fc23bd2934b969ffdf79 Mon Sep 17 00:00:00 2001 From: "Dr. Stephen Henson" Date: Tue, 24 Jun 2003 17:11:44 +0000 Subject: [PATCH 356/393] Return EOF when an S/MIME part have been read. --- crypto/pkcs7/pk7_mime.c | 1 + 1 file changed, 1 insertion(+) diff --git a/crypto/pkcs7/pk7_mime.c b/crypto/pkcs7/pk7_mime.c index 0480db219f..1823418465 100644 --- a/crypto/pkcs7/pk7_mime.c +++ b/crypto/pkcs7/pk7_mime.c @@ -446,6 +446,7 @@ static int multi_split(BIO *bio, char *bound, STACK_OF(BIO) **ret) first = 0; if(bpart) sk_BIO_push(parts, bpart); bpart = BIO_new(BIO_s_mem()); + BIO_set_mem_eof_return(bpart, 0); } else if (eol) BIO_write(bpart, "\r\n", 2); eol = next_eol; From 0fbffe7a7136950b3a83b619cbd21e7330fe3942 Mon Sep 17 00:00:00 2001 From: =?UTF-8?q?Bodo=20M=C3=B6ller?= Date: Wed, 25 Jun 2003 21:35:05 +0000 Subject: [PATCH 357/393] implement PKCS #8 / SEC1 private key format for ECC Submitted by: Nils Larsch --- apps/pkcs8.c | 17 +++++++ crypto/evp/evp_pkey.c | 108 ++++++++++++++++++++++++++---------------- 2 files changed, 84 insertions(+), 41 deletions(-) diff --git a/apps/pkcs8.c b/apps/pkcs8.c index ee8cf02813..43a8284847 100644 --- a/apps/pkcs8.c +++ b/apps/pkcs8.c @@ -232,11 +232,14 @@ int MAIN(int argc, char **argv) pkey = load_key(bio_err, infile, informat, 1, passin, e, "key"); if (!pkey) { + BIO_free_all(out); return (1); } if (!(p8inf = EVP_PKEY2PKCS8_broken(pkey, p8_broken))) { BIO_printf(bio_err, "Error converting key\n"); ERR_print_errors(bio_err); + EVP_PKEY_free(pkey); + BIO_free_all(out); return (1); } if(nocrypt) { @@ -246,6 +249,9 @@ int MAIN(int argc, char **argv) i2d_PKCS8_PRIV_KEY_INFO_bio(out, p8inf); else { BIO_printf(bio_err, "Bad format specified for key\n"); + PKCS8_PRIV_KEY_INFO_free(p8inf); + EVP_PKEY_free(pkey); + BIO_free_all(out); return (1); } } else { @@ -253,7 +259,12 @@ int MAIN(int argc, char **argv) else { p8pass = pass; if (EVP_read_pw_string(pass, sizeof pass, "Enter Encryption Password:", 1)) + { + PKCS8_PRIV_KEY_INFO_free(p8inf); + EVP_PKEY_free(pkey); + BIO_free_all(out); return (1); + } } app_RAND_load_file(NULL, bio_err, 0); if (!(p8 = PKCS8_encrypt(pbe_nid, cipher, @@ -261,6 +272,9 @@ int MAIN(int argc, char **argv) NULL, 0, iter, p8inf))) { BIO_printf(bio_err, "Error encrypting key\n"); ERR_print_errors(bio_err); + PKCS8_PRIV_KEY_INFO_free(p8inf); + EVP_PKEY_free(pkey); + BIO_free_all(out); return (1); } app_RAND_write_file(NULL, bio_err); @@ -270,6 +284,9 @@ int MAIN(int argc, char **argv) i2d_PKCS8_bio(out, p8); else { BIO_printf(bio_err, "Bad format specified for key\n"); + PKCS8_PRIV_KEY_INFO_free(p8inf); + EVP_PKEY_free(pkey); + BIO_free_all(out); return (1); } X509_SIG_free(p8); diff --git a/crypto/evp/evp_pkey.c b/crypto/evp/evp_pkey.c index a97b1f87da..6def5d44de 100644 --- a/crypto/evp/evp_pkey.c +++ b/crypto/evp/evp_pkey.c @@ -80,14 +80,15 @@ EVP_PKEY *EVP_PKCS82PKEY (PKCS8_PRIV_KEY_INFO *p8) #ifndef OPENSSL_NO_DSA DSA *dsa = NULL; ASN1_TYPE *t1, *t2; + ASN1_INTEGER *privkey; STACK_OF(ASN1_TYPE) *ndsa = NULL; #endif #ifndef OPENSSL_NO_EC EC_KEY *eckey = NULL; + const unsigned char *p_tmp; #endif #if !defined(OPENSSL_NO_DSA) || !defined(OPENSSL_NO_EC) ASN1_TYPE *param = NULL; - ASN1_INTEGER *privkey; BN_CTX *ctx = NULL; int plen; #endif @@ -221,11 +222,8 @@ EVP_PKEY *EVP_PKCS82PKEY (PKCS8_PRIV_KEY_INFO *p8) #endif #ifndef OPENSSL_NO_EC case NID_X9_62_id_ecPublicKey: - if (!(privkey=d2i_ASN1_INTEGER (NULL, &p, pkeylen))) - { - EVPerr(EVP_F_EVP_PKCS82PKEY, EVP_R_DECODE_ERROR); - goto ecerr; - } + p_tmp = p; + /* extract the ec parameters */ param = p8->pkeyalg->parameter; if (!param || ((param->type != V_ASN1_SEQUENCE) && @@ -269,35 +267,40 @@ EVP_PKEY *EVP_PKCS82PKEY (PKCS8_PRIV_KEY_INFO *p8) } /* We have parameters now set private key */ - if (!(eckey->priv_key = ASN1_INTEGER_to_BN(privkey, NULL))) + if (!d2i_ECPrivateKey(&eckey, &p_tmp, pkeylen)) { - EVPerr(EVP_F_EVP_PKCS82PKEY, EVP_R_BN_DECODE_ERROR); + EVPerr(EVP_F_EVP_PKCS82PKEY, EVP_R_DECODE_ERROR); goto ecerr; } - /* Calculate public key */ - if ((eckey->pub_key = EC_POINT_new(eckey->group)) == NULL) + + /* calculate public key (if necessary) */ + if (!eckey->pub_key) { - EVPerr(EVP_F_EVP_PKCS82PKEY, ERR_R_EC_LIB); - goto ecerr; - } - if (!EC_POINT_copy(eckey->pub_key, - EC_GROUP_get0_generator(eckey->group))) - { - EVPerr(EVP_F_EVP_PKCS82PKEY, ERR_R_EC_LIB); - goto ecerr; - } - if (!EC_POINT_mul(eckey->group, eckey->pub_key, - eckey->priv_key, NULL, NULL, ctx)) - { - EVPerr(EVP_F_EVP_PKCS82PKEY, ERR_R_EC_LIB); - goto ecerr; + /* the public key was not included in the SEC1 private + * key => calculate the public key */ + eckey->pub_key = EC_POINT_new(eckey->group); + if (!eckey->pub_key) + { + EVPerr(EVP_F_EVP_PKCS82PKEY, ERR_R_EC_LIB); + goto ecerr; + } + if (!EC_POINT_copy(eckey->pub_key, + EC_GROUP_get0_generator(eckey->group))) + { + EVPerr(EVP_F_EVP_PKCS82PKEY, ERR_R_EC_LIB); + goto ecerr; + } + if (!EC_POINT_mul(eckey->group, eckey->pub_key, + eckey->priv_key, NULL, NULL, ctx)) + { + EVPerr(EVP_F_EVP_PKCS82PKEY, ERR_R_EC_LIB); + goto ecerr; + } } EVP_PKEY_assign_EC_KEY(pkey, eckey); if (ctx) BN_CTX_free(ctx); - if (privkey) - ASN1_INTEGER_free(privkey); break; ecerr: if (ctx) @@ -526,7 +529,8 @@ static int eckey_pkey2pkcs8(PKCS8_PRIV_KEY_INFO *p8, EVP_PKEY *pkey) EC_KEY *eckey; ASN1_INTEGER *prkey = NULL; unsigned char *p, *pp; - int nid; + int nid, i, ret = 0; + unsigned int tmp_flags; if (pkey->pkey.eckey == NULL || pkey->pkey.eckey->group == NULL) { @@ -564,7 +568,6 @@ static int eckey_pkey2pkcs8(PKCS8_PRIV_KEY_INFO *p8, EVP_PKEY *pkey) } else /* explicit parameters */ { - int i; if ((i = i2d_ECParameters(eckey, NULL)) == 0) { EVPerr(EVP_F_EC_KEY_PKEY2PKCS8, ERR_R_EC_LIB); @@ -595,35 +598,58 @@ static int eckey_pkey2pkcs8(PKCS8_PRIV_KEY_INFO *p8, EVP_PKEY *pkey) } /* set the private key */ - if ((prkey = BN_to_ASN1_INTEGER(pkey->pkey.eckey->priv_key, NULL)) - == NULL) + + /* do not include the parameters in the SEC1 private key + * see PKCS#11 12.11 */ + tmp_flags = pkey->pkey.eckey->enc_flag; + pkey->pkey.eckey->enc_flag |= EC_PKEY_NO_PARAMETERS; + i = i2d_ECPrivateKey(pkey->pkey.eckey, NULL); + if (!i) { - EVPerr(EVP_F_EC_KEY_PKEY2PKCS8, ERR_R_ASN1_LIB); + pkey->pkey.eckey->enc_flag = tmp_flags; + EVPerr(EVP_F_EC_KEY_PKEY2PKCS8, ERR_R_EC_LIB); return 0; } + p = (unsigned char *) OPENSSL_malloc(i); + if (!p) + { + pkey->pkey.eckey->enc_flag = tmp_flags; + EVPerr(EVP_F_EC_KEY_PKEY2PKCS8, ERR_R_MALLOC_FAILURE); + return 0; + } + pp = p; + if (!i2d_ECPrivateKey(pkey->pkey.eckey, &pp)) + { + pkey->pkey.eckey->enc_flag = tmp_flags; + EVPerr(EVP_F_EC_KEY_PKEY2PKCS8, ERR_R_EC_LIB); + OPENSSL_free(p); + return 0; + } + /* restore old encoding flags */ + pkey->pkey.eckey->enc_flag = tmp_flags; switch(p8->broken) { case PKCS8_OK: - if (!ASN1_pack_string((char *)prkey, i2d_ASN1_INTEGER, - &p8->pkey->value.octet_string)) + p8->pkey->value.octet_string = ASN1_OCTET_STRING_new(); + if (!p8->pkey->value.octet_string || + !M_ASN1_OCTET_STRING_set(p8->pkey->value.octet_string, + (const void *)p, i)) + { EVPerr(EVP_F_EC_KEY_PKEY2PKCS8, ERR_R_MALLOC_FAILURE); - M_ASN1_INTEGER_free(prkey); - return 0; } - - ASN1_INTEGER_free(prkey); - + else + ret = 1; break; case PKCS8_NO_OCTET: /* RSA specific */ case PKCS8_NS_DB: /* DSA specific */ case PKCS8_EMBEDDED_PARAM: /* DSA specific */ default: EVPerr(EVP_F_EVP_PKEY2PKCS8,EVP_R_ENCODE_ERROR); - return 0; - } - return 1; + OPENSSL_cleanse(p, (size_t)i); + OPENSSL_free(p); + return ret; } #endif From dfc31519250a4b2fad51c19f0bb3a16f0d0947a9 Mon Sep 17 00:00:00 2001 From: Richard Levitte Date: Thu, 26 Jun 2003 07:03:49 +0000 Subject: [PATCH 358/393] The definition of dynamic_ctrl() should change along with the declaration :-). --- crypto/engine/eng_dyn.c | 2 +- 1 file changed, 1 insertion(+), 1 deletion(-) diff --git a/crypto/engine/eng_dyn.c b/crypto/engine/eng_dyn.c index 3a1c200ce4..3cb46856cc 100644 --- a/crypto/engine/eng_dyn.c +++ b/crypto/engine/eng_dyn.c @@ -316,7 +316,7 @@ static int dynamic_finish(ENGINE *e) return 0; } -static int dynamic_ctrl(ENGINE *e, int cmd, long i, void *p, void (*f)()) +static int dynamic_ctrl(ENGINE *e, int cmd, long i, void *p, void (*f)(void)) { dynamic_data_ctx *ctx = dynamic_get_data_ctx(e); int initialised; From c687a3d5d57d4b3e557a2f7a4a952c1ace749d4e Mon Sep 17 00:00:00 2001 From: Richard Levitte Date: Thu, 26 Jun 2003 07:05:19 +0000 Subject: [PATCH 359/393] Scan through the engines directory as well. --- util/mkfiles.pl | 1 + 1 file changed, 1 insertion(+) diff --git a/util/mkfiles.pl b/util/mkfiles.pl index a95d14cc6a..d8cac3a3b4 100755 --- a/util/mkfiles.pl +++ b/util/mkfiles.pl @@ -56,6 +56,7 @@ my @dirs = ( "crypto/store", "ssl", "apps", +"engines", "test", "tools" ); From a99ce1a57481ff7de2971b9c5cc50c2613f4c420 Mon Sep 17 00:00:00 2001 From: Richard Levitte Date: Thu, 26 Jun 2003 07:10:10 +0000 Subject: [PATCH 360/393] Conform with the standard prototype for engine control functions. --- engines/e_4758_cca.c | 4 ++-- engines/e_aep.c | 4 ++-- engines/e_atalla.c | 4 ++-- engines/e_cswift.c | 4 ++-- engines/e_gmp.c | 4 ++-- engines/e_ncipher.c | 4 ++-- engines/e_nuron.c | 2 +- engines/e_sureware.c | 4 ++-- engines/e_ubsec.c | 4 ++-- 9 files changed, 17 insertions(+), 17 deletions(-) diff --git a/engines/e_4758_cca.c b/engines/e_4758_cca.c index 68a628229d..ee52a3f66f 100644 --- a/engines/e_4758_cca.c +++ b/engines/e_4758_cca.c @@ -76,7 +76,7 @@ static int ibm_4758_cca_destroy(ENGINE *e); static int ibm_4758_cca_init(ENGINE *e); static int ibm_4758_cca_finish(ENGINE *e); -static int ibm_4758_cca_ctrl(ENGINE *e, int cmd, long i, void *p, void (*f)()); +static int ibm_4758_cca_ctrl(ENGINE *e, int cmd, long i, void *p, void (*f)(void)); /* rsa functions */ /*---------------*/ @@ -343,7 +343,7 @@ static int ibm_4758_cca_finish(ENGINE *e) return 1; } -static int ibm_4758_cca_ctrl(ENGINE *e, int cmd, long i, void *p, void (*f)()) +static int ibm_4758_cca_ctrl(ENGINE *e, int cmd, long i, void *p, void (*f)(void)) { int initialised = ((dso == NULL) ? 0 : 1); switch(cmd) diff --git a/engines/e_aep.c b/engines/e_aep.c index 46ccac2823..8e10bb7760 100644 --- a/engines/e_aep.c +++ b/engines/e_aep.c @@ -88,7 +88,7 @@ typedef int pid_t; static int aep_init(ENGINE *e); static int aep_finish(ENGINE *e); -static int aep_ctrl(ENGINE *e, int cmd, long i, void *p, void (*f)()); +static int aep_ctrl(ENGINE *e, int cmd, long i, void *p, void (*f)(void)); static int aep_destroy(ENGINE *e); static AEP_RV aep_get_connection(AEP_CONNECTION_HNDL_PTR hConnection); @@ -554,7 +554,7 @@ static int aep_finish(ENGINE *e) return to_return; } -static int aep_ctrl(ENGINE *e, int cmd, long i, void *p, void (*f)()) +static int aep_ctrl(ENGINE *e, int cmd, long i, void *p, void (*f)(void)) { int initialised = ((aep_dso == NULL) ? 0 : 1); switch(cmd) diff --git a/engines/e_atalla.c b/engines/e_atalla.c index 64dcc046e8..79abc70678 100644 --- a/engines/e_atalla.c +++ b/engines/e_atalla.c @@ -78,7 +78,7 @@ static int atalla_destroy(ENGINE *e); static int atalla_init(ENGINE *e); static int atalla_finish(ENGINE *e); -static int atalla_ctrl(ENGINE *e, int cmd, long i, void *p, void (*f)()); +static int atalla_ctrl(ENGINE *e, int cmd, long i, void *p, void (*f)(void)); /* BIGNUM stuff */ static int atalla_mod_exp(BIGNUM *r, const BIGNUM *a, const BIGNUM *p, @@ -406,7 +406,7 @@ static int atalla_finish(ENGINE *e) return 1; } -static int atalla_ctrl(ENGINE *e, int cmd, long i, void *p, void (*f)()) +static int atalla_ctrl(ENGINE *e, int cmd, long i, void *p, void (*f)(void)) { int initialised = ((atalla_dso == NULL) ? 0 : 1); switch(cmd) diff --git a/engines/e_cswift.c b/engines/e_cswift.c index 28a51d1bfd..793aaccb11 100644 --- a/engines/e_cswift.c +++ b/engines/e_cswift.c @@ -92,7 +92,7 @@ static int cswift_destroy(ENGINE *e); static int cswift_init(ENGINE *e); static int cswift_finish(ENGINE *e); -static int cswift_ctrl(ENGINE *e, int cmd, long i, void *p, void (*f)()); +static int cswift_ctrl(ENGINE *e, int cmd, long i, void *p, void (*f)(void)); /* BIGNUM stuff */ static int cswift_mod_exp(BIGNUM *r, const BIGNUM *a, const BIGNUM *p, @@ -439,7 +439,7 @@ static int cswift_finish(ENGINE *e) return 1; } -static int cswift_ctrl(ENGINE *e, int cmd, long i, void *p, void (*f)()) +static int cswift_ctrl(ENGINE *e, int cmd, long i, void *p, void (*f)(void)) { int initialised = ((cswift_dso == NULL) ? 0 : 1); switch(cmd) diff --git a/engines/e_gmp.c b/engines/e_gmp.c index 8d778fcbf7..64cb039ed8 100644 --- a/engines/e_gmp.c +++ b/engines/e_gmp.c @@ -97,7 +97,7 @@ static int e_gmp_destroy(ENGINE *e); static int e_gmp_init(ENGINE *e); static int e_gmp_finish(ENGINE *e); -static int e_gmp_ctrl(ENGINE *e, int cmd, long i, void *p, void (*f)()); +static int e_gmp_ctrl(ENGINE *e, int cmd, long i, void *p, void (*f)(void)); #ifndef OPENSSL_NO_RSA /* RSA stuff */ @@ -230,7 +230,7 @@ static int e_gmp_finish(ENGINE *e) return 1; } -static int e_gmp_ctrl(ENGINE *e, int cmd, long i, void *p, void (*f)()) +static int e_gmp_ctrl(ENGINE *e, int cmd, long i, void *p, void (*f)(void)) { int to_return = 1; diff --git a/engines/e_ncipher.c b/engines/e_ncipher.c index bf95ca8612..e416cffedb 100644 --- a/engines/e_ncipher.c +++ b/engines/e_ncipher.c @@ -88,7 +88,7 @@ static int hwcrhk_destroy(ENGINE *e); static int hwcrhk_init(ENGINE *e); static int hwcrhk_finish(ENGINE *e); -static int hwcrhk_ctrl(ENGINE *e, int cmd, long i, void *p, void (*f)()); +static int hwcrhk_ctrl(ENGINE *e, int cmd, long i, void *p, void (*f)(void)); /* Functions to handle mutexes */ static int hwcrhk_mutex_init(HWCryptoHook_Mutex*, HWCryptoHook_CallerContext*); @@ -648,7 +648,7 @@ static int hwcrhk_finish(ENGINE *e) return to_return; } -static int hwcrhk_ctrl(ENGINE *e, int cmd, long i, void *p, void (*f)()) +static int hwcrhk_ctrl(ENGINE *e, int cmd, long i, void *p, void (*f)(void)) { int to_return = 1; diff --git a/engines/e_nuron.c b/engines/e_nuron.c index f9c3795033..e3a9406c49 100644 --- a/engines/e_nuron.c +++ b/engines/e_nuron.c @@ -156,7 +156,7 @@ static int nuron_finish(ENGINE *e) return 1; } -static int nuron_ctrl(ENGINE *e, int cmd, long i, void *p, void (*f)()) +static int nuron_ctrl(ENGINE *e, int cmd, long i, void *p, void (*f)(void)) { int initialised = ((pvDSOHandle == NULL) ? 0 : 1); switch(cmd) diff --git a/engines/e_sureware.c b/engines/e_sureware.c index cae8bf4856..8e77e5c282 100644 --- a/engines/e_sureware.c +++ b/engines/e_sureware.c @@ -69,7 +69,7 @@ #define SUREWARE_LIB_NAME "sureware engine" #include "e_sureware_err.c" -static int surewarehk_ctrl(ENGINE *e, int cmd, long i, void *p, void (*f)()); +static int surewarehk_ctrl(ENGINE *e, int cmd, long i, void *p, void (*f)(void)); static int surewarehk_destroy(ENGINE *e); static int surewarehk_init(ENGINE *e); static int surewarehk_finish(ENGINE *e); @@ -368,7 +368,7 @@ static BIO *logstream = NULL; * called, the checking and error handling is probably down there. */ static int threadsafe=1; -static int surewarehk_ctrl(ENGINE *e, int cmd, long i, void *p, void (*f)()) +static int surewarehk_ctrl(ENGINE *e, int cmd, long i, void *p, void (*f)(void)) { int to_return = 1; diff --git a/engines/e_ubsec.c b/engines/e_ubsec.c index b019714a56..094458887c 100644 --- a/engines/e_ubsec.c +++ b/engines/e_ubsec.c @@ -82,7 +82,7 @@ static int ubsec_destroy(ENGINE *e); static int ubsec_init(ENGINE *e); static int ubsec_finish(ENGINE *e); -static int ubsec_ctrl(ENGINE *e, int cmd, long i, void *p, void (*f)()); +static int ubsec_ctrl(ENGINE *e, int cmd, long i, void *p, void (*f)(void)); static int ubsec_mod_exp(BIGNUM *r, const BIGNUM *a, const BIGNUM *p, const BIGNUM *m, BN_CTX *ctx); static int ubsec_mod_exp_crt(BIGNUM *r, const BIGNUM *a, const BIGNUM *p, @@ -518,7 +518,7 @@ static int ubsec_finish(ENGINE *e) return 1; } -static int ubsec_ctrl(ENGINE *e, int cmd, long i, void *p, void (*f)()) +static int ubsec_ctrl(ENGINE *e, int cmd, long i, void *p, void (*f)(void)) { int initialised = ((ubsec_dso == NULL) ? 0 : 1); switch(cmd) From d55141ed7a844b4a0b8c75169267566695642840 Mon Sep 17 00:00:00 2001 From: Richard Levitte Date: Thu, 26 Jun 2003 10:23:00 +0000 Subject: [PATCH 361/393] "Remove" unused variable --- crypto/evp/evp_pkey.c | 2 ++ 1 file changed, 2 insertions(+) diff --git a/crypto/evp/evp_pkey.c b/crypto/evp/evp_pkey.c index 6def5d44de..ee7e3aabac 100644 --- a/crypto/evp/evp_pkey.c +++ b/crypto/evp/evp_pkey.c @@ -527,7 +527,9 @@ static int dsa_pkey2pkcs8(PKCS8_PRIV_KEY_INFO *p8, EVP_PKEY *pkey) static int eckey_pkey2pkcs8(PKCS8_PRIV_KEY_INFO *p8, EVP_PKEY *pkey) { EC_KEY *eckey; +#if 0 /* unused */ ASN1_INTEGER *prkey = NULL; +#endif unsigned char *p, *pp; int nid, i, ret = 0; unsigned int tmp_flags; From ed5fae580e88ce5612be3152ba739a208c61fcdd Mon Sep 17 00:00:00 2001 From: Richard Levitte Date: Thu, 26 Jun 2003 10:26:42 +0000 Subject: [PATCH 362/393] Implement missing functions. Have the f parameter to _ctrl functions have the prototype (*)(void) rather than (*)(), for the sake of C++ compilers. Disable unimplemented functionality. --- crypto/store/store.h | 29 ++++++++-- crypto/store/str_err.c | 18 +++++- crypto/store/str_lib.c | 121 ++++++++++++++++++++++++++++++++++++++++ crypto/store/str_mem.c | 4 +- crypto/store/str_meth.c | 33 +++++++++++ 5 files changed, 196 insertions(+), 9 deletions(-) diff --git a/crypto/store/store.h b/crypto/store/store.h index e82aa3edd8..314f216283 100644 --- a/crypto/store/store.h +++ b/crypto/store/store.h @@ -91,7 +91,7 @@ void STORE_free(STORE *ui); /* Give a user interface parametrised control commands. This can be used to send down an integer, a data pointer or a function pointer, as well as be used to get information from a STORE. */ -int STORE_ctrl(STORE *store, int cmd, long i, void *p, void (*f)()); +int STORE_ctrl(STORE *store, int cmd, long i, void *p, void (*f)(void)); /* A control to set the directory with keys and certificates. Used by the built-in directory level method. */ @@ -123,6 +123,7 @@ const STORE_METHOD *STORE_set_method(STORE *store, const STORE_METHOD *meth); and is of course volatile. It's used by other methods that have an in-memory cache. */ const STORE_METHOD *STORE_Memory(void); +#if 0 /* Not yet implemented */ /* This is the directory store. It does everything except revoking and updating, and uses STORE_Memory() to cache things in memory. */ const STORE_METHOD *STORE_Directory(void); @@ -130,7 +131,7 @@ const STORE_METHOD *STORE_Directory(void); and uses STORE_Memory() to cache things in memory. Certificates are added to it with the store operation, and it will only get cached certificates. */ const STORE_METHOD *STORE_File(void); - +#endif /* Store functions take a type code for the type of data they should store or fetch */ @@ -331,11 +332,11 @@ typedef int (*STORE_HANDLE_OBJECT_FUNC_PTR)(STORE *, STORE_OBJECT_TYPES type, OP typedef int (*STORE_STORE_OBJECT_FUNC_PTR)(STORE *, STORE_OBJECT_TYPES type, STORE_OBJECT *data, OPENSSL_ITEM attributes[], OPENSSL_ITEM parameters[]); typedef int (*STORE_MODIFY_OBJECT_FUNC_PTR)(STORE *, STORE_OBJECT_TYPES type, OPENSSL_ITEM search_attributes[], OPENSSL_ITEM add_attributes[], OPENSSL_ITEM modify_attributes[], OPENSSL_ITEM delete_attributes[], OPENSSL_ITEM parameters[]); typedef int (*STORE_GENERIC_FUNC_PTR)(STORE *, OPENSSL_ITEM attributes[], OPENSSL_ITEM parameters[]); -typedef int (*STORE_CTRL_FUNC_PTR)(STORE *, int cmd, long l, void *p, void (*f)()); +typedef int (*STORE_CTRL_FUNC_PTR)(STORE *, int cmd, long l, void *p, void (*f)(void)); -int STORE_method_set_initialise_function(STORE_METHOD *sm, STORE_INITIALISE_FUNC_PTR gen_f); -int STORE_method_set_cleanup_function(STORE_METHOD *sm, STORE_CLEANUP_FUNC_PTR gen_f); -int STORE_method_set_generate_function(STORE_METHOD *sm, STORE_GENERATE_OBJECT_FUNC_PTR gen_f); +int STORE_method_set_initialise_function(STORE_METHOD *sm, STORE_INITIALISE_FUNC_PTR init_f); +int STORE_method_set_cleanup_function(STORE_METHOD *sm, STORE_CLEANUP_FUNC_PTR clean_f); +int STORE_method_set_generate_function(STORE_METHOD *sm, STORE_GENERATE_OBJECT_FUNC_PTR generate_f); int STORE_method_set_get_function(STORE_METHOD *sm, STORE_GET_OBJECT_FUNC_PTR get_f); int STORE_method_set_store_function(STORE_METHOD *sm, STORE_STORE_OBJECT_FUNC_PTR store_f); int STORE_method_set_modify_function(STORE_METHOD *sm, STORE_MODIFY_OBJECT_FUNC_PTR store_f); @@ -429,6 +430,7 @@ void ERR_load_STORE_strings(void); /* Error codes for the STORE functions. */ /* Function codes. */ +#define STORE_F_CTRL 160 #define STORE_F_MEM_DELETE 134 #define STORE_F_MEM_GENERATE 135 #define STORE_F_MEM_LIST_NEXT 136 @@ -449,6 +451,7 @@ void ERR_load_STORE_strings(void); #define STORE_F_STORE_ATTR_INFO_SET_SHA1STR 150 #define STORE_F_STORE_CERTIFICATE 100 #define STORE_F_STORE_CRL 101 +#define STORE_F_STORE_CTRL 161 #define STORE_F_STORE_DELETE_ARBITRARY 158 #define STORE_F_STORE_DELETE_CERTIFICATE 102 #define STORE_F_STORE_DELETE_CRL 103 @@ -479,6 +482,12 @@ void ERR_load_STORE_strings(void); #define STORE_F_STORE_LIST_PUBLIC_KEY_ENDP 156 #define STORE_F_STORE_LIST_PUBLIC_KEY_NEXT 124 #define STORE_F_STORE_LIST_PUBLIC_KEY_START 125 +#define STORE_F_STORE_MODIFY_ARBITRARY 162 +#define STORE_F_STORE_MODIFY_CERTIFICATE 163 +#define STORE_F_STORE_MODIFY_CRL 164 +#define STORE_F_STORE_MODIFY_NUMBER 165 +#define STORE_F_STORE_MODIFY_PRIVATE_KEY 166 +#define STORE_F_STORE_MODIFY_PUBLIC_KEY 167 #define STORE_F_STORE_NEW_ENGINE 133 #define STORE_F_STORE_NEW_METHOD 132 #define STORE_F_STORE_NUMBER 126 @@ -504,6 +513,12 @@ void ERR_load_STORE_strings(void); #define STORE_R_FAILED_GETTING_NUMBER 107 #define STORE_R_FAILED_LISTING_CERTIFICATES 108 #define STORE_R_FAILED_LISTING_KEYS 109 +#define STORE_R_FAILED_MODIFYING_ARBITRARY 138 +#define STORE_R_FAILED_MODIFYING_CERTIFICATE 139 +#define STORE_R_FAILED_MODIFYING_CRL 140 +#define STORE_R_FAILED_MODIFYING_NUMBER 141 +#define STORE_R_FAILED_MODIFYING_PRIVATE_KEY 142 +#define STORE_R_FAILED_MODIFYING_PUBLIC_KEY 143 #define STORE_R_FAILED_REVOKING_CERTIFICATE 110 #define STORE_R_FAILED_REVOKING_KEY 111 #define STORE_R_FAILED_STORING_ARBITRARY 134 @@ -511,6 +526,7 @@ void ERR_load_STORE_strings(void); #define STORE_R_FAILED_STORING_KEY 113 #define STORE_R_FAILED_STORING_NUMBER 114 #define STORE_R_NOT_IMPLEMENTED 128 +#define STORE_R_NO_CONTROL_FUNCTION 144 #define STORE_R_NO_DELETE_ARBITRARY_FUNCTION 135 #define STORE_R_NO_DELETE_NUMBER_FUNCTION 115 #define STORE_R_NO_DELETE_OBJECT_FUNCTION 116 @@ -523,6 +539,7 @@ void ERR_load_STORE_strings(void); #define STORE_R_NO_LIST_OBJECT_END_FUNCTION 121 #define STORE_R_NO_LIST_OBJECT_NEXT_FUNCTION 122 #define STORE_R_NO_LIST_OBJECT_START_FUNCTION 123 +#define STORE_R_NO_MODIFY_OBJECT_FUNCTION 145 #define STORE_R_NO_REVOKE_OBJECT_FUNCTION 124 #define STORE_R_NO_STORE 129 #define STORE_R_NO_STORE_OBJECT_ARBITRARY_FUNCTION 137 diff --git a/crypto/store/str_err.c b/crypto/store/str_err.c index 2c2779bd7f..d18acaccd1 100644 --- a/crypto/store/str_err.c +++ b/crypto/store/str_err.c @@ -66,6 +66,7 @@ #ifndef OPENSSL_NO_ERR static ERR_STRING_DATA STORE_str_functs[]= { +{ERR_PACK(0,STORE_F_CTRL,0), "CTRL"}, {ERR_PACK(0,STORE_F_MEM_DELETE,0), "MEM_DELETE"}, {ERR_PACK(0,STORE_F_MEM_GENERATE,0), "MEM_GENERATE"}, {ERR_PACK(0,STORE_F_MEM_LIST_NEXT,0), "MEM_LIST_NEXT"}, @@ -86,6 +87,7 @@ static ERR_STRING_DATA STORE_str_functs[]= {ERR_PACK(0,STORE_F_STORE_ATTR_INFO_SET_SHA1STR,0), "STORE_ATTR_INFO_set_sha1str"}, {ERR_PACK(0,STORE_F_STORE_CERTIFICATE,0), "STORE_CERTIFICATE"}, {ERR_PACK(0,STORE_F_STORE_CRL,0), "STORE_CRL"}, +{ERR_PACK(0,STORE_F_STORE_CTRL,0), "STORE_ctrl"}, {ERR_PACK(0,STORE_F_STORE_DELETE_ARBITRARY,0), "STORE_delete_arbitrary"}, {ERR_PACK(0,STORE_F_STORE_DELETE_CERTIFICATE,0), "STORE_delete_certificate"}, {ERR_PACK(0,STORE_F_STORE_DELETE_CRL,0), "STORE_delete_crl"}, @@ -116,7 +118,13 @@ static ERR_STRING_DATA STORE_str_functs[]= {ERR_PACK(0,STORE_F_STORE_LIST_PUBLIC_KEY_ENDP,0), "STORE_list_public_key_endp"}, {ERR_PACK(0,STORE_F_STORE_LIST_PUBLIC_KEY_NEXT,0), "STORE_list_public_key_next"}, {ERR_PACK(0,STORE_F_STORE_LIST_PUBLIC_KEY_START,0), "STORE_list_public_key_start"}, -{ERR_PACK(0,STORE_F_STORE_NEW_ENGINE,0), "STORE_NEW_ENGINE"}, +{ERR_PACK(0,STORE_F_STORE_MODIFY_ARBITRARY,0), "STORE_modify_arbitrary"}, +{ERR_PACK(0,STORE_F_STORE_MODIFY_CERTIFICATE,0), "STORE_modify_certificate"}, +{ERR_PACK(0,STORE_F_STORE_MODIFY_CRL,0), "STORE_modify_crl"}, +{ERR_PACK(0,STORE_F_STORE_MODIFY_NUMBER,0), "STORE_modify_number"}, +{ERR_PACK(0,STORE_F_STORE_MODIFY_PRIVATE_KEY,0), "STORE_modify_private_key"}, +{ERR_PACK(0,STORE_F_STORE_MODIFY_PUBLIC_KEY,0), "STORE_modify_public_key"}, +{ERR_PACK(0,STORE_F_STORE_NEW_ENGINE,0), "STORE_new_engine"}, {ERR_PACK(0,STORE_F_STORE_NEW_METHOD,0), "STORE_new_method"}, {ERR_PACK(0,STORE_F_STORE_NUMBER,0), "STORE_NUMBER"}, {ERR_PACK(0,STORE_F_STORE_PARSE_ATTRS_END,0), "STORE_parse_attrs_end"}, @@ -144,6 +152,12 @@ static ERR_STRING_DATA STORE_str_reasons[]= {STORE_R_FAILED_GETTING_NUMBER ,"failed getting number"}, {STORE_R_FAILED_LISTING_CERTIFICATES ,"failed listing certificates"}, {STORE_R_FAILED_LISTING_KEYS ,"failed listing keys"}, +{STORE_R_FAILED_MODIFYING_ARBITRARY ,"failed modifying arbitrary"}, +{STORE_R_FAILED_MODIFYING_CERTIFICATE ,"failed modifying certificate"}, +{STORE_R_FAILED_MODIFYING_CRL ,"failed modifying crl"}, +{STORE_R_FAILED_MODIFYING_NUMBER ,"failed modifying number"}, +{STORE_R_FAILED_MODIFYING_PRIVATE_KEY ,"failed modifying private key"}, +{STORE_R_FAILED_MODIFYING_PUBLIC_KEY ,"failed modifying public key"}, {STORE_R_FAILED_REVOKING_CERTIFICATE ,"failed revoking certificate"}, {STORE_R_FAILED_REVOKING_KEY ,"failed revoking key"}, {STORE_R_FAILED_STORING_ARBITRARY ,"failed storing arbitrary"}, @@ -151,6 +165,7 @@ static ERR_STRING_DATA STORE_str_reasons[]= {STORE_R_FAILED_STORING_KEY ,"failed storing key"}, {STORE_R_FAILED_STORING_NUMBER ,"failed storing number"}, {STORE_R_NOT_IMPLEMENTED ,"not implemented"}, +{STORE_R_NO_CONTROL_FUNCTION ,"no control function"}, {STORE_R_NO_DELETE_ARBITRARY_FUNCTION ,"no delete arbitrary function"}, {STORE_R_NO_DELETE_NUMBER_FUNCTION ,"no delete number function"}, {STORE_R_NO_DELETE_OBJECT_FUNCTION ,"no delete object function"}, @@ -163,6 +178,7 @@ static ERR_STRING_DATA STORE_str_reasons[]= {STORE_R_NO_LIST_OBJECT_END_FUNCTION ,"no list object end function"}, {STORE_R_NO_LIST_OBJECT_NEXT_FUNCTION ,"no list object next function"}, {STORE_R_NO_LIST_OBJECT_START_FUNCTION ,"no list object start function"}, +{STORE_R_NO_MODIFY_OBJECT_FUNCTION ,"no modify object function"}, {STORE_R_NO_REVOKE_OBJECT_FUNCTION ,"no revoke object function"}, {STORE_R_NO_STORE ,"no store"}, {STORE_R_NO_STORE_OBJECT_ARBITRARY_FUNCTION,"no store object arbitrary function"}, diff --git a/crypto/store/str_lib.c b/crypto/store/str_lib.c index 5e6e424ba3..eb9e6426be 100644 --- a/crypto/store/str_lib.c +++ b/crypto/store/str_lib.c @@ -184,6 +184,19 @@ void STORE_free(STORE *store) OPENSSL_free(store); } +int STORE_ctrl(STORE *store, int cmd, long i, void *p, void (*f)(void)) + { + if (store == NULL) + { + STOREerr(STORE_F_CTRL,ERR_R_PASSED_NULL_PARAMETER); + return 0; + } + if (store->meth->ctrl) + return store->meth->ctrl(store, cmd, i, p, f); + STOREerr(STORE_F_STORE_CTRL,STORE_R_NO_CONTROL_FUNCTION); + return 0; + } + int STORE_get_ex_new_index(long argl, void *argp, CRYPTO_EX_new *new_func, CRYPTO_EX_dup *dup_func, CRYPTO_EX_free *free_func) @@ -297,6 +310,24 @@ int STORE_store_certificate(STORE *s, X509 *data, OPENSSL_ITEM attributes[], return 1; } +int STORE_modify_certificate(STORE *s, OPENSSL_ITEM search_attributes[], + OPENSSL_ITEM add_attributes[], OPENSSL_ITEM modify_attributes[], + OPENSSL_ITEM delete_attributes[], OPENSSL_ITEM parameters[]) + { + check_store(s,STORE_F_STORE_MODIFY_CERTIFICATE, + modify_object,STORE_R_NO_MODIFY_OBJECT_FUNCTION); + + if (!s->meth->modify_object(s, STORE_OBJECT_TYPE_X509_CERTIFICATE, + search_attributes, add_attributes, modify_attributes, + delete_attributes, parameters)) + { + STOREerr(STORE_F_STORE_MODIFY_CERTIFICATE, + STORE_R_FAILED_MODIFYING_CERTIFICATE); + return 0; + } + return 1; + } + int STORE_revoke_certificate(STORE *s, OPENSSL_ITEM attributes[], OPENSSL_ITEM parameters[]) { @@ -496,6 +527,24 @@ int STORE_store_private_key(STORE *s, EVP_PKEY *data, OPENSSL_ITEM attributes[], return i; } +int STORE_modify_private_key(STORE *s, OPENSSL_ITEM search_attributes[], + OPENSSL_ITEM add_attributes[], OPENSSL_ITEM modify_attributes[], + OPENSSL_ITEM delete_attributes[], OPENSSL_ITEM parameters[]) + { + check_store(s,STORE_F_STORE_MODIFY_PRIVATE_KEY, + modify_object,STORE_R_NO_MODIFY_OBJECT_FUNCTION); + + if (!s->meth->modify_object(s, STORE_OBJECT_TYPE_PRIVATE_KEY, + search_attributes, add_attributes, modify_attributes, + delete_attributes, parameters)) + { + STOREerr(STORE_F_STORE_MODIFY_PRIVATE_KEY, + STORE_R_FAILED_MODIFYING_PRIVATE_KEY); + return 0; + } + return 1; + } + int STORE_revoke_private_key(STORE *s, OPENSSL_ITEM attributes[], OPENSSL_ITEM parameters[]) { @@ -673,6 +722,24 @@ int STORE_store_public_key(STORE *s, EVP_PKEY *data, OPENSSL_ITEM attributes[], return i; } +int STORE_modify_public_key(STORE *s, OPENSSL_ITEM search_attributes[], + OPENSSL_ITEM add_attributes[], OPENSSL_ITEM modify_attributes[], + OPENSSL_ITEM delete_attributes[], OPENSSL_ITEM parameters[]) + { + check_store(s,STORE_F_STORE_MODIFY_PUBLIC_KEY, + modify_object,STORE_R_NO_MODIFY_OBJECT_FUNCTION); + + if (!s->meth->modify_object(s, STORE_OBJECT_TYPE_PUBLIC_KEY, + search_attributes, add_attributes, modify_attributes, + delete_attributes, parameters)) + { + STOREerr(STORE_F_STORE_MODIFY_PUBLIC_KEY, + STORE_R_FAILED_MODIFYING_PUBLIC_KEY); + return 0; + } + return 1; + } + int STORE_revoke_public_key(STORE *s, OPENSSL_ITEM attributes[], OPENSSL_ITEM parameters[]) { @@ -869,6 +936,24 @@ int STORE_store_crl(STORE *s, X509_CRL *data, OPENSSL_ITEM attributes[], return i; } +int STORE_modify_crl(STORE *s, OPENSSL_ITEM search_attributes[], + OPENSSL_ITEM add_attributes[], OPENSSL_ITEM modify_attributes[], + OPENSSL_ITEM delete_attributes[], OPENSSL_ITEM parameters[]) + { + check_store(s,STORE_F_STORE_MODIFY_CRL, + modify_object,STORE_R_NO_MODIFY_OBJECT_FUNCTION); + + if (!s->meth->modify_object(s, STORE_OBJECT_TYPE_X509_CRL, + search_attributes, add_attributes, modify_attributes, + delete_attributes, parameters)) + { + STOREerr(STORE_F_STORE_MODIFY_CRL, + STORE_R_FAILED_MODIFYING_CRL); + return 0; + } + return 1; + } + int STORE_delete_crl(STORE *s, OPENSSL_ITEM attributes[], OPENSSL_ITEM parameters[]) { @@ -989,6 +1074,24 @@ int STORE_store_number(STORE *s, BIGNUM *data, OPENSSL_ITEM attributes[], return 1; } +int STORE_modify_number(STORE *s, OPENSSL_ITEM search_attributes[], + OPENSSL_ITEM add_attributes[], OPENSSL_ITEM modify_attributes[], + OPENSSL_ITEM delete_attributes[], OPENSSL_ITEM parameters[]) + { + check_store(s,STORE_F_STORE_MODIFY_NUMBER, + modify_object,STORE_R_NO_MODIFY_OBJECT_FUNCTION); + + if (!s->meth->modify_object(s, STORE_OBJECT_TYPE_NUMBER, + search_attributes, add_attributes, modify_attributes, + delete_attributes, parameters)) + { + STOREerr(STORE_F_STORE_MODIFY_NUMBER, + STORE_R_FAILED_MODIFYING_NUMBER); + return 0; + } + return 1; + } + BIGNUM *STORE_get_number(STORE *s, OPENSSL_ITEM attributes[], OPENSSL_ITEM parameters[]) { @@ -1061,6 +1164,24 @@ int STORE_store_arbitrary(STORE *s, BUF_MEM *data, OPENSSL_ITEM attributes[], return 1; } +int STORE_modify_arbitrary(STORE *s, OPENSSL_ITEM search_attributes[], + OPENSSL_ITEM add_attributes[], OPENSSL_ITEM modify_attributes[], + OPENSSL_ITEM delete_attributes[], OPENSSL_ITEM parameters[]) + { + check_store(s,STORE_F_STORE_MODIFY_ARBITRARY, + modify_object,STORE_R_NO_MODIFY_OBJECT_FUNCTION); + + if (!s->meth->modify_object(s, STORE_OBJECT_TYPE_ARBITRARY, + search_attributes, add_attributes, modify_attributes, + delete_attributes, parameters)) + { + STOREerr(STORE_F_STORE_MODIFY_ARBITRARY, + STORE_R_FAILED_MODIFYING_ARBITRARY); + return 0; + } + return 1; + } + BUF_MEM *STORE_get_arbitrary(STORE *s, OPENSSL_ITEM attributes[], OPENSSL_ITEM parameters[]) { diff --git a/crypto/store/str_mem.c b/crypto/store/str_mem.c index 25d789a068..77603e1814 100644 --- a/crypto/store/str_mem.c +++ b/crypto/store/str_mem.c @@ -126,7 +126,7 @@ static int mem_lock(STORE *s, OPENSSL_ITEM attributes[], OPENSSL_ITEM parameters[]); static int mem_unlock(STORE *s, OPENSSL_ITEM attributes[], OPENSSL_ITEM parameters[]); -static int mem_ctrl(STORE *s, int cmd, long l, void *p, void (*f)()); +static int mem_ctrl(STORE *s, int cmd, long l, void *p, void (*f)(void)); static STORE_METHOD store_memory = { @@ -351,7 +351,7 @@ static int mem_unlock(STORE *s, OPENSSL_ITEM attributes[], { return 1; } -static int mem_ctrl(STORE *s, int cmd, long l, void *p, void (*f)()) +static int mem_ctrl(STORE *s, int cmd, long l, void *p, void (*f)(void)) { return 1; } diff --git a/crypto/store/str_meth.c b/crypto/store/str_meth.c index e1c39bf06a..648c08d76d 100644 --- a/crypto/store/str_meth.c +++ b/crypto/store/str_meth.c @@ -81,6 +81,18 @@ void STORE_destroy_method(STORE_METHOD *store_method) OPENSSL_free(store_method); } +int STORE_method_set_initialise_function(STORE_METHOD *sm, STORE_INITIALISE_FUNC_PTR init_f) + { + sm->init = init_f; + return 1; + } + +int STORE_method_set_cleanup_function(STORE_METHOD *sm, STORE_CLEANUP_FUNC_PTR clean_f) + { + sm->clean = clean_f; + return 1; + } + int STORE_method_set_generate_function(STORE_METHOD *sm, STORE_GENERATE_OBJECT_FUNC_PTR generate_f) { sm->generate_object = generate_f; @@ -99,6 +111,12 @@ int STORE_method_set_store_function(STORE_METHOD *sm, STORE_STORE_OBJECT_FUNC_PT return 1; } +int STORE_method_set_modify_function(STORE_METHOD *sm, STORE_MODIFY_OBJECT_FUNC_PTR modify_f) + { + sm->modify_object = modify_f; + return 1; + } + int STORE_method_set_revoke_function(STORE_METHOD *sm, STORE_HANDLE_OBJECT_FUNC_PTR revoke_f) { sm->revoke_object = revoke_f; @@ -153,6 +171,16 @@ int STORE_method_set_ctrl_function(STORE_METHOD *sm, STORE_CTRL_FUNC_PTR ctrl_f) return 1; } +STORE_INITIALISE_FUNC_PTR STORE_method_get_initialise_function(STORE_METHOD *sm) + { + return sm->init; + } + +STORE_CLEANUP_FUNC_PTR STORE_method_get_cleanup_function(STORE_METHOD *sm) + { + return sm->clean; + } + STORE_GENERATE_OBJECT_FUNC_PTR STORE_method_get_generate_function(STORE_METHOD *sm) { return sm->generate_object; @@ -168,6 +196,11 @@ STORE_STORE_OBJECT_FUNC_PTR STORE_method_get_store_function(STORE_METHOD *sm) return sm->store_object; } +STORE_MODIFY_OBJECT_FUNC_PTR STORE_method_get_modify_function(STORE_METHOD *sm) + { + return sm->modify_object; + } + STORE_HANDLE_OBJECT_FUNC_PTR STORE_method_get_revoke_function(STORE_METHOD *sm) { return sm->revoke_object; From c89f31def0c5ae23ae0d1ba429ec8ce7a9ffbb33 Mon Sep 17 00:00:00 2001 From: Richard Levitte Date: Thu, 26 Jun 2003 10:27:11 +0000 Subject: [PATCH 363/393] make update --- TABLE | 60 ++++++++++++++++++++-------------------- crypto/objects/obj_dat.h | 2 +- util/libeay.num | 4 +-- 3 files changed, 33 insertions(+), 33 deletions(-) diff --git a/TABLE b/TABLE index 0ad0fcaf91..796a0094bc 100644 --- a/TABLE +++ b/TABLE @@ -1652,7 +1652,7 @@ $arflags = *** debug-levitte-linux-elf $cc = gcc -$cflags = -DLEVITTE_DEBUG -DREF_CHECK -DCONF_DEBUG -DBN_CTX_DEBUG -DCRYPTO_MDEBUG -DL_ENDIAN -D_POSIX_SOURCE -DPEDANTIC -ggdb -g3 -mcpu=i486 -pedantic -ansi -Wall -Wshadow -Wcast-align -Wstrict-prototypes -Wmissing-prototypes -Wno-long-long -pipe +$cflags = -DLEVITTE_DEBUG -DREF_CHECK -DCONF_DEBUG -DBN_CTX_DEBUG -DCRYPTO_MDEBUG -DL_ENDIAN -DTERMIO -D_POSIX_SOURCE -DPEDANTIC -ggdb -g3 -mcpu=i486 -pedantic -ansi -Wall -Wshadow -Wcast-align -Wstrict-prototypes -Wmissing-prototypes -Wno-long-long -pipe $unistd = $thread_cflag = -D_REENTRANT $sys_id = @@ -1677,7 +1677,7 @@ $arflags = *** debug-levitte-linux-elf-extreme $cc = gcc -$cflags = -DLEVITTE_DEBUG -DREF_CHECK -DCONF_DEBUG -DBN_CTX_DEBUG -DCRYPTO_MDEBUG -DL_ENDIAN -D_POSIX_SOURCE -DPEDANTIC -ggdb -g3 -mcpu=i486 -pedantic -ansi -Wall -W -Wundef -Wshadow -Wcast-align -Wstrict-prototypes -Wmissing-prototypes -Wconversion -Wno-long-long -pipe +$cflags = -DLEVITTE_DEBUG -DREF_CHECK -DCONF_DEBUG -DBN_CTX_DEBUG -DCRYPTO_MDEBUG -DL_ENDIAN -DTERMIO -D_POSIX_SOURCE -DPEDANTIC -ggdb -g3 -mcpu=i486 -pedantic -ansi -Wall -W -Wundef -Wshadow -Wcast-align -Wstrict-prototypes -Wmissing-prototypes -Wconversion -Wno-long-long -pipe $unistd = $thread_cflag = -D_REENTRANT $sys_id = @@ -1702,7 +1702,7 @@ $arflags = *** debug-levitte-linux-noasm $cc = gcc -$cflags = -DLEVITTE_DEBUG -DREF_CHECK -DCONF_DEBUG -DBN_CTX_DEBUG -DCRYPTO_MDEBUG -DOPENSSL_NO_ASM -DL_ENDIAN -D_POSIX_SOURCE -DPEDANTIC -ggdb -g3 -mcpu=i486 -pedantic -ansi -Wall -Wshadow -Wcast-align -Wstrict-prototypes -Wmissing-prototypes -Wno-long-long -pipe +$cflags = -DLEVITTE_DEBUG -DREF_CHECK -DCONF_DEBUG -DBN_CTX_DEBUG -DCRYPTO_MDEBUG -DOPENSSL_NO_ASM -DL_ENDIAN -DTERMIO -D_POSIX_SOURCE -DPEDANTIC -ggdb -g3 -mcpu=i486 -pedantic -ansi -Wall -Wshadow -Wcast-align -Wstrict-prototypes -Wmissing-prototypes -Wno-long-long -pipe $unistd = $thread_cflag = -D_REENTRANT $sys_id = @@ -1727,7 +1727,7 @@ $arflags = *** debug-levitte-linux-noasm-extreme $cc = gcc -$cflags = -DLEVITTE_DEBUG -DREF_CHECK -DCONF_DEBUG -DBN_CTX_DEBUG -DCRYPTO_MDEBUG -DOPENSSL_NO_ASM -DL_ENDIAN -D_POSIX_SOURCE -DPEDANTIC -ggdb -g3 -mcpu=i486 -pedantic -ansi -Wall -W -Wundef -Wshadow -Wcast-align -Wstrict-prototypes -Wmissing-prototypes -Wconversion -Wno-long-long -pipe +$cflags = -DLEVITTE_DEBUG -DREF_CHECK -DCONF_DEBUG -DBN_CTX_DEBUG -DCRYPTO_MDEBUG -DOPENSSL_NO_ASM -DL_ENDIAN -DTERMIO -D_POSIX_SOURCE -DPEDANTIC -ggdb -g3 -mcpu=i486 -pedantic -ansi -Wall -W -Wundef -Wshadow -Wcast-align -Wstrict-prototypes -Wmissing-prototypes -Wconversion -Wno-long-long -pipe $unistd = $thread_cflag = -D_REENTRANT $sys_id = @@ -1752,7 +1752,7 @@ $arflags = *** debug-linux-elf $cc = gcc -$cflags = -DBN_DEBUG -DREF_CHECK -DCONF_DEBUG -DBN_CTX_DEBUG -DCRYPTO_MDEBUG -DL_ENDIAN -g -m486 -Wall +$cflags = -DBN_DEBUG -DREF_CHECK -DCONF_DEBUG -DBN_CTX_DEBUG -DCRYPTO_MDEBUG -DL_ENDIAN -DTERMIO -g -m486 -Wall $unistd = $thread_cflag = -D_REENTRANT $sys_id = @@ -1777,7 +1777,7 @@ $arflags = *** debug-linux-elf-noefence $cc = gcc -$cflags = -DBN_DEBUG -DREF_CHECK -DCONF_DEBUG -DBN_CTX_DEBUG -DCRYPTO_MDEBUG -DL_ENDIAN -g -m486 -Wall +$cflags = -DBN_DEBUG -DREF_CHECK -DCONF_DEBUG -DBN_CTX_DEBUG -DCRYPTO_MDEBUG -DL_ENDIAN -DTERMIO -g -m486 -Wall $unistd = $thread_cflag = -D_REENTRANT $sys_id = @@ -1802,7 +1802,7 @@ $arflags = *** debug-linux-pentium $cc = gcc -$cflags = -DBN_DEBUG -DREF_CHECK -DCONF_DEBUG -DBN_CTX_DEBUG -DCRYPTO_MDEBUG -DL_ENDIAN -g -mcpu=pentium -Wall +$cflags = -DBN_DEBUG -DREF_CHECK -DCONF_DEBUG -DBN_CTX_DEBUG -DCRYPTO_MDEBUG -DL_ENDIAN -DTERMIO -g -mcpu=pentium -Wall $unistd = $thread_cflag = -D_REENTRANT $sys_id = @@ -1827,7 +1827,7 @@ $arflags = *** debug-linux-ppro $cc = gcc -$cflags = -DBN_DEBUG -DREF_CHECK -DCONF_DEBUG -DBN_CTX_DEBUG -DCRYPTO_MDEBUG -DL_ENDIAN -g -mcpu=pentiumpro -Wall +$cflags = -DBN_DEBUG -DREF_CHECK -DCONF_DEBUG -DBN_CTX_DEBUG -DCRYPTO_MDEBUG -DL_ENDIAN -DTERMIO -g -mcpu=pentiumpro -Wall $unistd = $thread_cflag = -D_REENTRANT $sys_id = @@ -1952,7 +1952,7 @@ $arflags = *** debug-solaris-sparcv9-gcc $cc = gcc -$cflags = -DBN_DEBUG -DREF_CHECK -DCONF_DEBUG -DBN_CTX_DEBUG -DCRYPTO_MDEBUG_ALL -O -g -mcpu=ultrasparc -pedantic -ansi -Wall -Wshadow -Wno-long-long -D__EXTENSIONS__ -DB_ENDIAN -DBN_DIV2W +$cflags = -DBN_DEBUG -DREF_CHECK -DCONF_DEBUG -DBN_CTX_DEBUG -DCRYPTO_MDEBUG_ALL -DPEDANTIC -O -g -mcpu=ultrasparc -pedantic -ansi -Wall -Wshadow -Wno-long-long -D__EXTENSIONS__ -DB_ENDIAN -DBN_DIV2W $unistd = $thread_cflag = -D_REENTRANT $sys_id = ULTRASPARC @@ -2927,7 +2927,7 @@ $arflags = *** linux-aout $cc = gcc -$cflags = -DL_ENDIAN -O3 -fomit-frame-pointer -m486 -Wall +$cflags = -DL_ENDIAN -DTERMIO -O3 -fomit-frame-pointer -m486 -Wall $unistd = $thread_cflag = (unknown) $sys_id = @@ -2952,7 +2952,7 @@ $arflags = *** linux-elf $cc = gcc -$cflags = -DL_ENDIAN -O3 -fomit-frame-pointer -m486 -Wall +$cflags = -DL_ENDIAN -DTERMIO -O3 -fomit-frame-pointer -m486 -Wall $unistd = $thread_cflag = -D_REENTRANT $sys_id = @@ -2977,7 +2977,7 @@ $arflags = *** linux-elf-arm $cc = gcc -$cflags = -DL_ENDIAN -O3 -fomit-frame-pointer -Wall +$cflags = -DL_ENDIAN -DTERMIO -O3 -fomit-frame-pointer -Wall $unistd = $thread_cflag = -D_REENTRANT $sys_id = @@ -3002,7 +3002,7 @@ $arflags = *** linux-ia32-icc $cc = icc -$cflags = -DL_ENDIAN -O2 +$cflags = -DL_ENDIAN -DTERMIO -O2 $unistd = $thread_cflag = -D_REENTRANT $sys_id = @@ -3027,7 +3027,7 @@ $arflags = *** linux-ia64 $cc = gcc -$cflags = -DL_ENDIAN -O3 -fomit-frame-pointer -Wall +$cflags = -DL_ENDIAN -DTERMIO -O3 -fomit-frame-pointer -Wall $unistd = $thread_cflag = -D_REENTRANT $sys_id = @@ -3052,7 +3052,7 @@ $arflags = *** linux-ia64-ecc $cc = ecc -$cflags = -DL_ENDIAN -O2 -Wall +$cflags = -DL_ENDIAN -DTERMIO -O2 -Wall $unistd = $thread_cflag = -D_REENTRANT $sys_id = @@ -3077,7 +3077,7 @@ $arflags = *** linux-k6 $cc = gcc -$cflags = -DL_ENDIAN -O3 -fomit-frame-pointer -mcpu=k6 -Wall +$cflags = -DL_ENDIAN -DTERMIO -O3 -fomit-frame-pointer -mcpu=k6 -Wall $unistd = $thread_cflag = -D_REENTRANT $sys_id = @@ -3102,7 +3102,7 @@ $arflags = *** linux-m68k $cc = gcc -$cflags = -DB_ENDIAN -O2 -fomit-frame-pointer -Wall +$cflags = -DB_ENDIAN -DTERMIO -O2 -fomit-frame-pointer -Wall $unistd = $thread_cflag = -D_REENTRANT $sys_id = @@ -3127,7 +3127,7 @@ $arflags = *** linux-mips $cc = gcc -$cflags = -DB_ENDIAN -O3 -fomit-frame-pointer -Wall +$cflags = -DB_ENDIAN -DTERMIO -O3 -fomit-frame-pointer -Wall $unistd = $thread_cflag = -D_REENTRANT $sys_id = @@ -3152,7 +3152,7 @@ $arflags = *** linux-mipsel $cc = gcc -$cflags = -DL_ENDIAN -O3 -fomit-frame-pointer -Wall +$cflags = -DL_ENDIAN -DTERMIO -O3 -fomit-frame-pointer -Wall $unistd = $thread_cflag = -D_REENTRANT $sys_id = @@ -3177,7 +3177,7 @@ $arflags = *** linux-parisc $cc = gcc -$cflags = -DB_ENDIAN -O3 -fomit-frame-pointer -Wall -DBN_DIV2W +$cflags = -DB_ENDIAN -DTERMIO -O3 -fomit-frame-pointer -Wall -DBN_DIV2W $unistd = $thread_cflag = -D_REENTRANT $sys_id = @@ -3202,7 +3202,7 @@ $arflags = *** linux-pentium $cc = gcc -$cflags = -DL_ENDIAN -O3 -fomit-frame-pointer -mcpu=pentium -Wall +$cflags = -DL_ENDIAN -DTERMIO -O3 -fomit-frame-pointer -mcpu=pentium -Wall $unistd = $thread_cflag = -D_REENTRANT $sys_id = @@ -3227,7 +3227,7 @@ $arflags = *** linux-ppc $cc = gcc -$cflags = -DB_ENDIAN -O3 -fomit-frame-pointer -Wall +$cflags = -DB_ENDIAN -DTERMIO -O3 -fomit-frame-pointer -Wall $unistd = $thread_cflag = -D_REENTRANT $sys_id = @@ -3252,7 +3252,7 @@ $arflags = *** linux-ppro $cc = gcc -$cflags = -DL_ENDIAN -O3 -fomit-frame-pointer -mcpu=pentiumpro -Wall +$cflags = -DL_ENDIAN -DTERMIO -O3 -fomit-frame-pointer -mcpu=pentiumpro -Wall $unistd = $thread_cflag = -D_REENTRANT $sys_id = @@ -3277,7 +3277,7 @@ $arflags = *** linux-s390 $cc = gcc -$cflags = -DB_ENDIAN -DNO_ASM -O3 -fomit-frame-pointer -Wall +$cflags = -DB_ENDIAN -DTERMIO -DNO_ASM -O3 -fomit-frame-pointer -Wall $unistd = $thread_cflag = -D_REENTRANT $sys_id = @@ -3302,7 +3302,7 @@ $arflags = *** linux-s390x $cc = gcc -$cflags = -DB_ENDIAN -DNO_ASM -O3 -fomit-frame-pointer -Wall +$cflags = -DB_ENDIAN -DTERMIO -DNO_ASM -O3 -fomit-frame-pointer -Wall $unistd = $thread_cflag = -D_REENTRANT $sys_id = @@ -3327,7 +3327,7 @@ $arflags = *** linux-sparcv7 $cc = gcc -$cflags = -DB_ENDIAN -O3 -fomit-frame-pointer -Wall +$cflags = -DB_ENDIAN -DTERMIO -O3 -fomit-frame-pointer -Wall $unistd = $thread_cflag = -D_REENTRANT $sys_id = @@ -3352,7 +3352,7 @@ $arflags = *** linux-sparcv8 $cc = gcc -$cflags = -mv8 -DB_ENDIAN -O3 -fomit-frame-pointer -Wall -DBN_DIV2W +$cflags = -mv8 -DB_ENDIAN -DTERMIO -O3 -fomit-frame-pointer -Wall -DBN_DIV2W $unistd = $thread_cflag = -D_REENTRANT $sys_id = @@ -3377,7 +3377,7 @@ $arflags = *** linux-sparcv9 $cc = gcc -$cflags = -mcpu=ultrasparc -DB_ENDIAN -O3 -fomit-frame-pointer -Wall -Wa,-Av8plus -DBN_DIV2W +$cflags = -mcpu=ultrasparc -DB_ENDIAN -DTERMIO -O3 -fomit-frame-pointer -Wall -Wa,-Av8plus -DBN_DIV2W $unistd = $thread_cflag = -D_REENTRANT $sys_id = ULTRASPARC @@ -3402,7 +3402,7 @@ $arflags = *** linux-x86_64 $cc = gcc -$cflags = -m64 -DL_ENDIAN -O3 -Wall -DMD32_REG_T=int +$cflags = -m64 -DL_ENDIAN -DTERMIO -O3 -Wall -DMD32_REG_T=int $unistd = $thread_cflag = -D_REENTRANT $sys_id = @@ -3427,7 +3427,7 @@ $arflags = *** linux64-sparcv9 $cc = gcc -$cflags = -m64 -mcpu=ultrasparc -DB_ENDIAN -O3 -fomit-frame-pointer -Wall +$cflags = -m64 -mcpu=ultrasparc -DB_ENDIAN -DTERMIO -O3 -fomit-frame-pointer -Wall $unistd = $thread_cflag = -D_REENTRANT $sys_id = ULTRASPARC diff --git a/crypto/objects/obj_dat.h b/crypto/objects/obj_dat.h index c16ff85819..7a187aff6d 100644 --- a/crypto/objects/obj_dat.h +++ b/crypto/objects/obj_dat.h @@ -3333,8 +3333,8 @@ static ASN1_OBJECT *obj_objs[NUM_OBJ]={ &(nid_objs[434]),/* OBJ_data 0 9 */ &(nid_objs[181]),/* OBJ_iso 1 */ &(nid_objs[182]),/* OBJ_member_body 1 2 */ -&(nid_objs[527]),/* OBJ_identified_organization 1 3 */ &(nid_objs[379]),/* OBJ_org 1 3 */ +&(nid_objs[527]),/* OBJ_identified_organization 1 3 */ &(nid_objs[393]),/* OBJ_joint_iso_ccitt 2 */ &(nid_objs[11]),/* OBJ_X500 2 5 */ &(nid_objs[380]),/* OBJ_dod 1 3 6 */ diff --git a/util/libeay.num b/util/libeay.num index aee8b4215b..fa11a9fa6f 100755 --- a/util/libeay.num +++ b/util/libeay.num @@ -3093,7 +3093,7 @@ ENGINE_register_all_STORE 3522 EXIST::FUNCTION:ENGINE STORE_ATTR_INFO_modify_cstr 3523 EXIST::FUNCTION: STORE_generate_crl 3524 EXIST::FUNCTION: STORE_store_public_key 3525 EXIST::FUNCTION: -STORE_Directory 3526 EXIST::FUNCTION: +STORE_Directory 3526 NOEXIST::FUNCTION: STORE_revoke_private_key 3527 EXIST::FUNCTION: STORE_ATTR_INFO_modify_dn 3528 EXIST::FUNCTION: STORE_method_get_initialise_function 3529 EXIST::FUNCTION: @@ -3117,7 +3117,7 @@ STORE_OBJECT_free 3546 EXIST::FUNCTION: STORE_ATTR_INFO_get0_sha1str 3547 EXIST::FUNCTION: STORE_ATTR_INFO_get0_cstr 3548 EXIST::FUNCTION: STORE_get_ex_new_index 3549 EXIST::FUNCTION: -STORE_File 3550 EXIST::FUNCTION: +STORE_File 3550 NOEXIST::FUNCTION: ENGINE_get_STORE 3551 EXIST::FUNCTION:ENGINE STORE_get_certificate 3552 EXIST::FUNCTION: STORE_delete_certificate 3553 EXIST::FUNCTION: From eb3d68c454d1481009f44c6671f658edf115edfa Mon Sep 17 00:00:00 2001 From: Richard Levitte Date: Thu, 26 Jun 2003 11:52:23 +0000 Subject: [PATCH 364/393] Nils Larsch told me I could remove that variable entirely. --- crypto/evp/evp_pkey.c | 3 --- 1 file changed, 3 deletions(-) diff --git a/crypto/evp/evp_pkey.c b/crypto/evp/evp_pkey.c index ee7e3aabac..74c974e686 100644 --- a/crypto/evp/evp_pkey.c +++ b/crypto/evp/evp_pkey.c @@ -527,9 +527,6 @@ static int dsa_pkey2pkcs8(PKCS8_PRIV_KEY_INFO *p8, EVP_PKEY *pkey) static int eckey_pkey2pkcs8(PKCS8_PRIV_KEY_INFO *p8, EVP_PKEY *pkey) { EC_KEY *eckey; -#if 0 /* unused */ - ASN1_INTEGER *prkey = NULL; -#endif unsigned char *p, *pp; int nid, i, ret = 0; unsigned int tmp_flags; From aa5ae4841e74c0fb94c0b9513cd93e5f24d12d4b Mon Sep 17 00:00:00 2001 From: Richard Levitte Date: Thu, 26 Jun 2003 11:58:02 +0000 Subject: [PATCH 365/393] Only remove old files if they exist. [Maing32]. Notified by Michael Gerdau --- util/pl/Mingw32.pl | 2 +- 1 file changed, 1 insertion(+), 1 deletion(-) diff --git a/util/pl/Mingw32.pl b/util/pl/Mingw32.pl index d0472df278..b76b7afd27 100644 --- a/util/pl/Mingw32.pl +++ b/util/pl/Mingw32.pl @@ -85,7 +85,7 @@ sub do_lib_rule ($Name=$name) =~ tr/a-z/A-Z/; $ret.="$target: \$(${Name}OBJ)\n"; - $ret.="\t\$(RM) $target\n"; + $ret.="\tif exist $target \$(RM) $target\n"; $ret.="\t\$(MKLIB) $target \$(${Name}OBJ)\n"; $ret.="\t\$(RANLIB) $target\n\n"; } From 9d19fbc4fce71a7a5f40314e3d0e25db26f82043 Mon Sep 17 00:00:00 2001 From: =?UTF-8?q?Lutz=20J=C3=A4nicke?= Date: Thu, 26 Jun 2003 14:03:03 +0000 Subject: [PATCH 366/393] Clarify wording of verify_callback() behaviour. --- doc/ssl/SSL_CTX_set_verify.pod | 6 +++--- 1 file changed, 3 insertions(+), 3 deletions(-) diff --git a/doc/ssl/SSL_CTX_set_verify.pod b/doc/ssl/SSL_CTX_set_verify.pod index d15b2a3a1a..ca8d81b82c 100644 --- a/doc/ssl/SSL_CTX_set_verify.pod +++ b/doc/ssl/SSL_CTX_set_verify.pod @@ -135,9 +135,9 @@ process is immediately stopped with "verification failed" state. If SSL_VERIFY_PEER is set, a verification failure alert is sent to the peer and the TLS/SSL handshake is terminated. If B returns 1, the verification process is continued. If B always returns -1, the TLS/SSL handshake will never be terminated because of this application -experiencing a verification failure. The calling process can however -retrieve the error code of the last verification error using +1, the TLS/SSL handshake will not be terminated with respect to verification +failures and the connection will be established. The calling process can +however retrieve the error code of the last verification error using L or by maintaining its own error storage managed by B. From da0d33560f78b7c430a20981f2cf125d56926899 Mon Sep 17 00:00:00 2001 From: Richard Levitte Date: Thu, 3 Jul 2003 06:41:30 +0000 Subject: [PATCH 367/393] Change AES-CTR to increment the IV by 1 instead of 2^64. --- crypto/aes/aes_ctr.c | 50 +++++++++++++++++++++++++++++++++++++------- 1 file changed, 43 insertions(+), 7 deletions(-) diff --git a/crypto/aes/aes_ctr.c b/crypto/aes/aes_ctr.c index 59088499a0..5a1ced67f8 100644 --- a/crypto/aes/aes_ctr.c +++ b/crypto/aes/aes_ctr.c @@ -62,19 +62,49 @@ /* NOTE: CTR mode is big-endian. The rest of the AES code * is endian-neutral. */ -/* increment counter (128-bit int) by 2^64 */ +/* increment counter (128-bit int) by 1 */ static void AES_ctr128_inc(unsigned char *counter) { unsigned long c; - /* Grab 3rd dword of counter and increment */ + /* Grab bottom dword of counter and increment */ #ifdef L_ENDIAN - c = GETU32(counter + 8); + c = GETU32(counter + 0); c++; - PUTU32(counter + 8, c); + PUTU32(counter + 0, c); #else - c = GETU32(counter + 4); + c = GETU32(counter + 12); c++; - PUTU32(counter + 4, c); + PUTU32(counter + 12, c); +#endif + + /* if no overflow, we're done */ + if (c) + return; + + /* Grab 1st dword of counter and increment */ +#ifdef L_ENDIAN + c = GETU32(counter + 4); + c++; + PUTU32(counter + 4, c); +#else + c = GETU32(counter + 8); + c++; + PUTU32(counter + 8, c); +#endif + + /* if no overflow, we're done */ + if (c) + return; + + /* Grab 2nd dword of counter and increment */ +#ifdef L_ENDIAN + c = GETU32(counter + 8); + c++; + PUTU32(counter + 8, c); +#else + c = GETU32(counter + 4); + c++; + PUTU32(counter + 4, c); #endif /* if no overflow, we're done */ @@ -100,10 +130,16 @@ static void AES_ctr128_inc(unsigned char *counter) { * encrypted counter is kept in ecount_buf. Both *num and * ecount_buf must be initialised with zeros before the first * call to AES_ctr128_encrypt(). + * + * This algorithm assumes that the counter is in the x lower bits + * of the IV (ivec), and that the application has full control over + * overflow and the rest of the IV. This implementation takes NO + * responsability for checking that the counter doesn't overflow + * into the rest of the IV when incremented. */ void AES_ctr128_encrypt(const unsigned char *in, unsigned char *out, const unsigned long length, const AES_KEY *key, - unsigned char counter[AES_BLOCK_SIZE], + unsigned char ivec[AES_BLOCK_SIZE], unsigned char ecount_buf[AES_BLOCK_SIZE], unsigned int *num) { From da6c44fc97c2913287e2b58fb09485ebf36d6b8b Mon Sep 17 00:00:00 2001 From: Richard Levitte Date: Thu, 3 Jul 2003 06:42:43 +0000 Subject: [PATCH 368/393] The 'counter' is really the IV. --- crypto/aes/aes.h | 2 +- 1 file changed, 1 insertion(+), 1 deletion(-) diff --git a/crypto/aes/aes.h b/crypto/aes/aes.h index 7f4b0e8066..6bc0cf00a9 100644 --- a/crypto/aes/aes.h +++ b/crypto/aes/aes.h @@ -102,7 +102,7 @@ void AES_ofb128_encrypt(const unsigned char *in, unsigned char *out, unsigned char *ivec, int *num); void AES_ctr128_encrypt(const unsigned char *in, unsigned char *out, const unsigned long length, const AES_KEY *key, - unsigned char counter[AES_BLOCK_SIZE], + unsigned char ivec[AES_BLOCK_SIZE], unsigned char ecount_buf[AES_BLOCK_SIZE], unsigned int *num); From 6f2f534b5848ba9088462fc85b09ae0a7aa97502 Mon Sep 17 00:00:00 2001 From: Richard Levitte Date: Thu, 3 Jul 2003 07:46:52 +0000 Subject: [PATCH 369/393] The convenience argumetn for -nameopt and -certopt is ca_default, not default_ca. PR: 653 --- doc/apps/ca.pod | 6 +++--- 1 file changed, 3 insertions(+), 3 deletions(-) diff --git a/doc/apps/ca.pod b/doc/apps/ca.pod index e2a4591a14..d0a7703e61 100644 --- a/doc/apps/ca.pod +++ b/doc/apps/ca.pod @@ -431,7 +431,7 @@ here, except the B and B are permanently set and cannot be disabled (this is because the certificate signature cannot be displayed because the certificate has not been signed at this point). -For convenience the values B are accepted by both to produce +For convenience the values B are accepted by both to produce a reasonable output. If neither option is present the format used in earlier versions of @@ -544,8 +544,8 @@ A sample configuration file with the relevant sections for B: policy = policy_any # default policy email_in_dn = no # Don't add the email into cert DN - nameopt = default_ca # Subject name display option - certopt = default_ca # Certificate display option + nameopt = ca_default # Subject name display option + certopt = ca_default # Certificate display option copy_extensions = none # Don't copy extensions from request [ policy_any ] From 94805c84d104310305c29a0c25fb0c6f0330b378 Mon Sep 17 00:00:00 2001 From: Richard Levitte Date: Thu, 3 Jul 2003 20:45:09 +0000 Subject: [PATCH 370/393] Add -issuer_hash and make -subject_hash the default way to get the subject hash, with -hash a synonym kept around for backward compatibility reasons. PR: 650 --- apps/x509.c | 21 +++++++++++++++------ doc/apps/x509.pod | 12 +++++++++++- 2 files changed, 26 insertions(+), 7 deletions(-) diff --git a/apps/x509.c b/apps/x509.c index ed9e40574a..f0ef5596fa 100644 --- a/apps/x509.c +++ b/apps/x509.c @@ -92,7 +92,9 @@ static char *x509_usage[]={ " -out arg - output file - default stdout\n", " -passin arg - private key password source\n", " -serial - print serial number value\n", -" -hash - print hash value\n", +" -subject_hash - print subject hash value\n", +" -issuer_hash - print issuer hash value\n", +" -hash - synonym for -subject_hash\n", " -subject - print subject DN\n", " -issuer - print issuer DN\n", " -email - print email address(es)\n", @@ -167,8 +169,8 @@ int MAIN(int argc, char **argv) char *infile=NULL,*outfile=NULL,*keyfile=NULL,*CAfile=NULL; char *CAkeyfile=NULL,*CAserial=NULL; char *alias=NULL; - int text=0,serial=0,hash=0,subject=0,issuer=0,startdate=0,enddate=0; - int ocspid=0; + int text=0,serial=0,subject=0,issuer=0,startdate=0,enddate=0; + int subject_hash=0,issuer_hash=0,ocspid=0; int noout=0,sign_flag=0,CA_flag=0,CA_createserial=0,email=0; int trustout=0,clrtrust=0,clrreject=0,aliasout=0,clrext=0; int C=0; @@ -379,8 +381,11 @@ int MAIN(int argc, char **argv) x509req= ++num; else if (strcmp(*argv,"-text") == 0) text= ++num; - else if (strcmp(*argv,"-hash") == 0) - hash= ++num; + else if (strcmp(*argv,"-hash") == 0 + || strcmp(*argv,"-subject_hash") == 0) + subject_hash= ++num; + else if (strcmp(*argv,"-issuer_hash") == 0) + issuer_hash= ++num; else if (strcmp(*argv,"-subject") == 0) subject= ++num; else if (strcmp(*argv,"-issuer") == 0) @@ -707,10 +712,14 @@ bad: if (alstr) BIO_printf(STDout,"%s\n", alstr); else BIO_puts(STDout,"\n"); } - else if (hash == i) + else if (subject_hash == i) { BIO_printf(STDout,"%08lx\n",X509_subject_name_hash(x)); } + else if (issuer_hash == i) + { + BIO_printf(STDout,"%08lx\n",X509_issuer_name_hash(x)); + } else if (pprint == i) { X509_PURPOSE *ptmp; diff --git a/doc/apps/x509.pod b/doc/apps/x509.pod index 50343cd685..21bdfccb9a 100644 --- a/doc/apps/x509.pod +++ b/doc/apps/x509.pod @@ -17,6 +17,8 @@ B B [B<-out filename>] [B<-serial>] [B<-hash>] +[B<-subject_hash>] +[B<-issuer_hash>] [B<-subject>] [B<-issuer>] [B<-nameopt option>] @@ -141,12 +143,20 @@ contained in the certificate. outputs the certificate serial number. -=item B<-hash> +=item B<-subject_hash> outputs the "hash" of the certificate subject name. This is used in OpenSSL to form an index to allow certificates in a directory to be looked up by subject name. +=item B<-issuer_hash> + +outputs the "hash" of the certificate issuer name. + +=item B<-hash> + +synonym for "-hash" for backward compatibility reasons. + =item B<-subject> outputs the subject name. From 2ae0352b0f9ace97bd5b00f474d7b5ae8e7a501d Mon Sep 17 00:00:00 2001 From: Richard Levitte Date: Thu, 3 Jul 2003 20:50:44 +0000 Subject: [PATCH 371/393] Oops, I forgot to replace 'counter' with 'ivec' when used... --- crypto/aes/aes_ctr.c | 4 ++-- 1 file changed, 2 insertions(+), 2 deletions(-) diff --git a/crypto/aes/aes_ctr.c b/crypto/aes/aes_ctr.c index 5a1ced67f8..79e1c18f19 100644 --- a/crypto/aes/aes_ctr.c +++ b/crypto/aes/aes_ctr.c @@ -153,8 +153,8 @@ void AES_ctr128_encrypt(const unsigned char *in, unsigned char *out, while (l--) { if (n == 0) { - AES_encrypt(counter, ecount_buf, key); - AES_ctr128_inc(counter); + AES_encrypt(ivec, ecount_buf, key); + AES_ctr128_inc(ivec); } *(out++) = *(in++) ^ ecount_buf[n]; n = (n+1) % AES_BLOCK_SIZE; From 61f00386ab2866c386605248b26b1584d85520ce Mon Sep 17 00:00:00 2001 From: Richard Levitte Date: Fri, 4 Jul 2003 11:37:50 +0000 Subject: [PATCH 372/393] The counter is big-endian. Since it comes as an array of char, there's absolutely no need to special-case it on little-endian machines. Notified by Thierry Boivin --- crypto/aes/aes_ctr.c | 27 +-------------------------- 1 file changed, 1 insertion(+), 26 deletions(-) diff --git a/crypto/aes/aes_ctr.c b/crypto/aes/aes_ctr.c index 79e1c18f19..2487d83fb1 100644 --- a/crypto/aes/aes_ctr.c +++ b/crypto/aes/aes_ctr.c @@ -59,7 +59,7 @@ #include #include "aes_locl.h" -/* NOTE: CTR mode is big-endian. The rest of the AES code +/* NOTE: the IV/counter CTR mode is big-endian. The rest of the AES code * is endian-neutral. */ /* increment counter (128-bit int) by 1 */ @@ -67,61 +67,36 @@ static void AES_ctr128_inc(unsigned char *counter) { unsigned long c; /* Grab bottom dword of counter and increment */ -#ifdef L_ENDIAN - c = GETU32(counter + 0); - c++; - PUTU32(counter + 0, c); -#else c = GETU32(counter + 12); c++; PUTU32(counter + 12, c); -#endif /* if no overflow, we're done */ if (c) return; /* Grab 1st dword of counter and increment */ -#ifdef L_ENDIAN - c = GETU32(counter + 4); - c++; - PUTU32(counter + 4, c); -#else c = GETU32(counter + 8); c++; PUTU32(counter + 8, c); -#endif /* if no overflow, we're done */ if (c) return; /* Grab 2nd dword of counter and increment */ -#ifdef L_ENDIAN - c = GETU32(counter + 8); - c++; - PUTU32(counter + 8, c); -#else c = GETU32(counter + 4); c++; PUTU32(counter + 4, c); -#endif /* if no overflow, we're done */ if (c) return; /* Grab top dword of counter and increment */ -#ifdef L_ENDIAN - c = GETU32(counter + 12); - c++; - PUTU32(counter + 12, c); -#else c = GETU32(counter + 0); c++; PUTU32(counter + 0, c); -#endif - } /* The input encrypted as though 128bit counter mode is being From 182cd19deac4b91c922d761edaddd5ac73c5c0f6 Mon Sep 17 00:00:00 2001 From: Richard Levitte Date: Fri, 4 Jul 2003 11:41:13 +0000 Subject: [PATCH 373/393] Make sure openssl.pc is readable by everyone. PR: 654 --- Makefile.org | 1 + 1 file changed, 1 insertion(+) diff --git a/Makefile.org b/Makefile.org index 2b9e5f8922..ae871aad87 100644 --- a/Makefile.org +++ b/Makefile.org @@ -554,6 +554,7 @@ install: all install_docs fi; \ fi cp openssl.pc $(INSTALL_PREFIX)$(INSTALLTOP)/lib/pkgconfig + chmod 644 $(INSTALL_PREFIX)$(INSTALLTOP)/lib/pkgconfig install_docs: @$(PERL) $(TOP)/util/mkdir-p.pl \ From f9d183c20986602add9f956485e9b1ab2d385e9f Mon Sep 17 00:00:00 2001 From: Richard Levitte Date: Fri, 4 Jul 2003 15:45:04 +0000 Subject: [PATCH 374/393] Replace CCITT with ITU-T. Keep CCITT around as an alias. make update PR: 80 --- crypto/objects/obj_mac.h | 31 +++++++++++++++++++++---------- crypto/objects/obj_mac.num | 3 +++ crypto/objects/objects.txt | 19 ++++++++++++------- 3 files changed, 36 insertions(+), 17 deletions(-) diff --git a/crypto/objects/obj_mac.h b/crypto/objects/obj_mac.h index 9417e8c7c9..2715cfdd75 100644 --- a/crypto/objects/obj_mac.h +++ b/crypto/objects/obj_mac.h @@ -67,20 +67,26 @@ #define NID_undef 0 #define OBJ_undef 0L -#define SN_ccitt "CCITT" -#define LN_ccitt "ccitt" +#define SN_itu_t "ITU-T" +#define LN_itu_t "itu-t" +#define NID_itu_t 721 +#define OBJ_itu_t 0L + #define NID_ccitt 404 -#define OBJ_ccitt 0L +#define OBJ_ccitt OBJ_itu_t #define SN_iso "ISO" #define LN_iso "iso" #define NID_iso 181 #define OBJ_iso 1L -#define SN_joint_iso_ccitt "JOINT-ISO-CCITT" -#define LN_joint_iso_ccitt "joint-iso-ccitt" +#define SN_joint_iso_itu_t "JOINT-ISO-ITU-T" +#define LN_joint_iso_itu_t "joint-iso-itu-t" +#define NID_joint_iso_itu_t 722 +#define OBJ_joint_iso_itu_t 2L + #define NID_joint_iso_ccitt 393 -#define OBJ_joint_iso_ccitt 2L +#define OBJ_joint_iso_ccitt OBJ_joint_iso_itu_t #define SN_member_body "member-body" #define LN_member_body "ISO Member Body" @@ -95,9 +101,14 @@ #define NID_certicom_arc 528 #define OBJ_certicom_arc OBJ_identified_organization,132L +#define SN_international_organizations "international-organizations" +#define LN_international_organizations "International Organizations" +#define NID_international_organizations 723 +#define OBJ_international_organizations OBJ_joint_iso_itu_t,23L + #define SN_wap "wap" #define NID_wap 562 -#define OBJ_wap OBJ_joint_iso_ccitt,23L,43L +#define OBJ_wap OBJ_international_organizations,43L #define SN_wap_wsg "wap-wsg" #define NID_wap_wsg 563 @@ -106,7 +117,7 @@ #define SN_selected_attribute_types "selected-attribute-types" #define LN_selected_attribute_types "Selected Attribute Types" #define NID_selected_attribute_types 394 -#define OBJ_selected_attribute_types OBJ_joint_iso_ccitt,5L,1L,5L +#define OBJ_selected_attribute_types OBJ_joint_iso_itu_t,5L,1L,5L #define SN_clearance "clearance" #define NID_clearance 395 @@ -2332,7 +2343,7 @@ #define SN_data "data" #define NID_data 434 -#define OBJ_data OBJ_ccitt,9L +#define OBJ_data OBJ_itu_t,9L #define SN_pss "pss" #define NID_pss 435 @@ -2621,7 +2632,7 @@ #define SN_id_set "id-set" #define LN_id_set "Secure Electronic Transactions" #define NID_id_set 576 -#define OBJ_id_set 2L,23L,42L +#define OBJ_id_set OBJ_international_organizations,42L #define SN_set_ctype "set-ctype" #define LN_set_ctype "content types" diff --git a/crypto/objects/obj_mac.num b/crypto/objects/obj_mac.num index e84922d458..0840bac306 100644 --- a/crypto/objects/obj_mac.num +++ b/crypto/objects/obj_mac.num @@ -718,3 +718,6 @@ ms_upn 717 any_policy 718 policy_mappings 719 name_constraints 720 +itu_t 721 +joint_iso_itu_t 722 +international_organizations 723 diff --git a/crypto/objects/objects.txt b/crypto/objects/objects.txt index feeed99b57..b5209b6fda 100644 --- a/crypto/objects/objects.txt +++ b/crypto/objects/objects.txt @@ -1,8 +1,11 @@ -0 : CCITT : ccitt +# CCITT was renamed to ITU-T quite some time ago +0 : ITU-T : itu-t +!Alias ccitt itu-t 1 : ISO : iso -2 : JOINT-ISO-CCITT : joint-iso-ccitt +2 : JOINT-ISO-ITU-T : joint-iso-itu-t +!Alias joint-iso-ccitt joint-iso-itu-t iso 2 : member-body : ISO Member Body @@ -10,10 +13,12 @@ iso 3 : identified-organization identified-organization 132 : certicom-arc -joint-iso-ccitt 23 43 : wap +joint-iso-itu-t 23 : international-organizations : International Organizations + +international-organizations 43 : wap wap 13 : wap-wsg -joint-iso-ccitt 5 1 5 : selected-attribute-types : Selected Attribute Types +joint-iso-itu-t 5 1 5 : selected-attribute-types : Selected Attribute Types selected-attribute-types 55 : clearance @@ -781,9 +786,9 @@ holdInstruction 2 : holdInstructionCallIssuer : Hold Instruction Call Issuer !Cname hold-instruction-reject holdInstruction 3 : holdInstructionReject : Hold Instruction Reject -# OID's from CCITT. Most of this is defined in RFC 1274. A couple of +# OID's from ITU-T. Most of this is defined in RFC 1274. A couple of # them are also mentioned in RFC 2247 -ccitt 9 : data +itu-t 9 : data data 2342 : pss pss 19200300 : ucl ucl 100 : pilot @@ -857,7 +862,7 @@ pilotAttributeType 54 : : dITRedirect pilotAttributeType 55 : audio pilotAttributeType 56 : : documentPublisher -2 23 42 : id-set : Secure Electronic Transactions +international-organizations 42 : id-set : Secure Electronic Transactions id-set 0 : set-ctype : content types id-set 1 : set-msgExt : message extensions From d143dce03c25462cdc202d7ed35ba833dd49e03e Mon Sep 17 00:00:00 2001 From: Richard Levitte Date: Thu, 10 Jul 2003 08:49:03 +0000 Subject: [PATCH 375/393] A document that has a very rough description of the X509 functionality. This is mostly so there's a way to get from the crypto.html page to the function descriptions. --- doc/crypto/x509.pod | 64 +++++++++++++++++++++++++++++++++++++++++++++ 1 file changed, 64 insertions(+) create mode 100644 doc/crypto/x509.pod diff --git a/doc/crypto/x509.pod b/doc/crypto/x509.pod new file mode 100644 index 0000000000..f9e58e0e41 --- /dev/null +++ b/doc/crypto/x509.pod @@ -0,0 +1,64 @@ +=pod + +=head1 NAME + +x509 - X.509 certificate handling + +=head1 SYNOPSIS + + #include + +=head1 DESCRIPTION + +A X.509 certificate is a structured grouping of information about +an individual, a device, or anything one can imagine. A X.509 CRL +(certificate revocation list) is a tool to help determine if a +certificate is still valid. The exact definition of those can be +found in the X.509 document from ITU-T, or in RFC3280 from PKIX. +In OpenSSL, the type X509 is used to express such a certificate, and +the type X509_CRL is used to express a CRL. + +A related structure is a certificate request, defined in PKCS#10 from +RSA Security, Inc, also reflected in RFC2896. In OpenSSL, the type +X509_REQ is used to express such a certificate request. + +To handle some complex parts of a certificate, there are the types +X509_NAME (to express a certificate name), X509_ATTRIBUTE (to express +a certificate attributes), X509_EXTENSION (to express a certificate +extension) and a few more. + +Finally, there's the supertype X509_INFO, which can contain a CRL, a +certificate and a corresponding private key. + +BI<...>, BI<...> and BI<...> handle X.509 +certificates, with some exceptions, shown below. + +BI<...>, BI<...> and BI<...> +handle X.509 CRLs. + +BI<...>, BI<...> and BI<...> +handle PKCS#10 certificate requests. + +BI<...> handle certificate names. + +BI<...> handle certificate attributes. + +BI<...> handle certificate extensions. + +=head1 SEE ALSO + +L, +L, +L, +L, +L, +L, +L, +L, +L, +L, +L, +L, +L + +=cut From 2c789c82be736604ede5485519f070a1ae0d176d Mon Sep 17 00:00:00 2001 From: =?UTF-8?q?Bodo=20M=C3=B6ller?= Date: Mon, 21 Jul 2003 13:40:02 +0000 Subject: [PATCH 376/393] manpages for 'openssl ec' and 'openssl ecparam' Submitted by: Nils Larsch --- doc/apps/ec.pod | 190 +++++++++++++++++++++++++++++++++++++++++++ doc/apps/ecparam.pod | 179 ++++++++++++++++++++++++++++++++++++++++ 2 files changed, 369 insertions(+) create mode 100644 doc/apps/ec.pod create mode 100644 doc/apps/ecparam.pod diff --git a/doc/apps/ec.pod b/doc/apps/ec.pod new file mode 100644 index 0000000000..1d4a36dbf4 --- /dev/null +++ b/doc/apps/ec.pod @@ -0,0 +1,190 @@ +=pod + +=head1 NAME + +ec - EC key processing + +=head1 SYNOPSIS + +B B +[B<-inform PEM|DER>] +[B<-outform PEM|DER>] +[B<-in filename>] +[B<-passin arg>] +[B<-out filename>] +[B<-passout arg>] +[B<-des>] +[B<-des3>] +[B<-idea>] +[B<-text>] +[B<-noout>] +[B<-param_out>] +[B<-pubin>] +[B<-pubout>] +[B<-conv_form arg>] +[B<-param_enc arg>] +[B<-engine id>] + +=head1 DESCRIPTION + +The B command processes EC keys. They can be converted between various +forms and their components printed out. B OpenSSL uses the +private key format specified in 'SEC 1: Elliptic Curve Cryptography' +(http://www.secg.org/). To convert a OpenSSL EC private key into the +PKCS#8 private key format use the B command. + +=head1 COMMAND OPTIONS + +=over 4 + +=item B<-inform DER|PEM> + +This specifies the input format. The B option with a private key uses +an ASN.1 DER encoded SEC1 private key. When used with a public key it +uses the SubjectPublicKeyInfo structur as specified in RFC 3280. +The B form is the default format: it consists of the B format base64 +encoded with additional header and footer lines. In the case of a private key +PKCS#8 format is also accepted. + +=item B<-outform DER|PEM> + +This specifies the output format, the options have the same meaning as the +B<-inform> option. + +=item B<-in filename> + +This specifies the input filename to read a key from or standard input if this +option is not specified. If the key is encrypted a pass phrase will be +prompted for. + +=item B<-passin arg> + +the input file password source. For more information about the format of B +see the B section in L. + +=item B<-out filename> + +This specifies the output filename to write a key to or standard output by +is not specified. If any encryption options are set then a pass phrase will be +prompted for. The output filename should B be the same as the input +filename. + +=item B<-passout arg> + +the output file password source. For more information about the format of B +see the B section in L. + +=item B<-des|-des3|-idea> + +These options encrypt the private key with the DES, triple DES, IDEA or +any other cipher supported by OpenSSL before outputting it. A pass phrase is +prompted for. +If none of these options is specified the key is written in plain text. This +means that using the B utility to read in an encrypted key with no +encryption option can be used to remove the pass phrase from a key, or by +setting the encryption options it can be use to add or change the pass phrase. +These options can only be used with PEM format output files. + +=item B<-text> + +prints out the public, private key components and parameters. + +=item B<-noout> + +this option prevents output of the encoded version of the key. + +=item B<-modulus> + +this option prints out the value of the public key component of the key. + +=item B<-pubin> + +by default a private key is read from the input file: with this option a +public key is read instead. + +=item B<-pubout> + +by default a private key is output. With this option a public +key will be output instead. This option is automatically set if the input is +a public key. + +=item B<-conv_form> + +This specifies how the points on the elliptic curve are converted +into octet strings. Possible values are: B (the default +value), B and B. For more information regarding +the point conversion forms please read the X9.62 standard. +B Due to patent issues the B option is disabled +by default for binary curves and can be enabled by defining +the preprocessor macro B at compile time. + +=item B<-param_enc arg> + +This specifies how the elliptic curve parameters are encoded. +Possible value are: B, i.e. the ec parameters are +specified by a OID, or B where the ec parameters are +explicitly given (see RFC 3279 for the definition of the +EC parameters structures). The default value is B. +B the B alternative ,as specified in RFC 3279, +is currently not implemented in OpenSSL. + +=item B<-engine id> + +specifying an engine (by it's unique B string) will cause B +to attempt to obtain a functional reference to the specified engine, +thus initialising it if needed. The engine will then be set as the default +for all available algorithms. + +=back + +=head1 NOTES + +The PEM private key format uses the header and footer lines: + + -----BEGIN EC PRIVATE KEY----- + -----END EC PRIVATE KEY----- + +The PEM public key format uses the header and footer lines: + + -----BEGIN PUBLIC KEY----- + -----END PUBLIC KEY----- + +=head1 EXAMPLES + +To encrypt a private key using triple DES: + + openssl ec -in key.pem -des3 -out keyout.pem + +To convert a private key from PEM to DER format: + + openssl ec -in key.pem -outform DER -out keyout.der + +To print out the components of a private key to standard output: + + openssl ec -in key.pem -text -noout + +To just output the public part of a private key: + + openssl ec -in key.pem -pubout -out pubkey.pem + +To change the parameters encoding to B: + + openssl ec -in key.pem -param_enc explicit -out keyout.pem + +To change the point conversion form to B: + + openssl ec -in key.pem -conv_form compressed -out keyout.pem + +=head1 SEE ALSO + +L, L, L + +=head1 HISTORY + +The ec command was first introduced in OpenSSL 0.9.8. + +=head1 AUTHOR + +Nils Larsch for the OpenSSL project (http://www.openssl.org). + +=cut diff --git a/doc/apps/ecparam.pod b/doc/apps/ecparam.pod new file mode 100644 index 0000000000..2523a9b103 --- /dev/null +++ b/doc/apps/ecparam.pod @@ -0,0 +1,179 @@ +=pod + +=head1 NAME + +ecparam - EC parameter manipulation and generation + +=head1 SYNOPSIS + +B +[B<-inform DER|PEM>] +[B<-outform DER|PEM>] +[B<-in filename>] +[B<-out filename>] +[B<-noout>] +[B<-text>] +[B<-C>] +[B<-check>] +[B<-name arg>] +[B<-list_curve>] +[B<-conv_form arg>] +[B<-param_enc arg>] +[B<-no_seed>] +[B<-rand file(s)>] +[B<-genkey>] +[B<-engine id>] + +=head1 DESCRIPTION + +This command is used to manipulate or generate EC parameter files. + +=head1 OPTIONS + +=over 4 + +=item B<-inform DER|PEM> + +This specifies the input format. The B option uses an ASN.1 DER encoded +form compatible with RFC 3279 EcpkParameters. The PEM form is the default +format: it consists of the B format base64 encoded with additional +header and footer lines. + +=item B<-outform DER|PEM> + +This specifies the output format, the options have the same meaning as the +B<-inform> option. + +=item B<-in filename> + +This specifies the input filename to read parameters from or standard input if +this option is not specified. + +=item B<-out filename> + +This specifies the output filename parameters to. Standard output is used +if this option is not present. The output filename should B be the same +as the input filename. + +=item B<-noout> + +This option inhibits the output of the encoded version of the parameters. + +=item B<-text> + +This option prints out the EC parameters in human readable form. + +=item B<-C> + +This option converts the EC parameters into C code. The parameters can then +be loaded by calling the B function. + +=item B<-check> + +Validate the elliptic curve parameters. + +=item B<-name arg> + +Use the EC parameters with the specified 'short' name. Use B<-list_curves> +to get a list of all currently implemented EC parameters. + +=item B<-list_curves> + +If this options is specified B will print out a list of all +currently implemented EC parameters names and exit. + +=item B<-conv_form> + +This specifies how the points on the elliptic curve are converted +into octet strings. Possible values are: B (the default +value), B and B. For more information regarding +the point conversion forms please read the X9.62 standard. +B Due to patent issues the B option is disabled +by default for binary curves and can be enabled by defining +the preprocessor macro B at compile time. + +=item B<-param_enc arg> + +This specifies how the elliptic curve parameters are encoded. +Possible value are: B, i.e. the ec parameters are +specified by a OID, or B where the ec parameters are +explicitly given (see RFC 3279 for the definition of the +EC parameters structures). The default value is B. +B the B alternative ,as specified in RFC 3279, +is currently not implemented in OpenSSL. + +=item B<-no_seed> + +This option inhibits that the 'seed' for the parameter generation +is included in the ECParameters structure (see RFC 3279). + +=item B<-genkey> + +This option will generate a EC private key using the specified parameters. + +=item B<-rand file(s)> + +a file or files containing random data used to seed the random number +generator, or an EGD socket (see L). +Multiple files can be specified separated by a OS-dependent character. +The separator is B<;> for MS-Windows, B<,> for OpenVMS, and B<:> for +all others. + +=item B<-engine id> + +specifying an engine (by it's unique B string) will cause B +to attempt to obtain a functional reference to the specified engine, +thus initialising it if needed. The engine will then be set as the default +for all available algorithms. + +=back + +=head1 NOTES + +PEM format EC parameters use the header and footer lines: + + -----BEGIN EC PARAMETERS----- + -----END EC PARAMETERS----- + +OpenSSL is currently not able to generate new groups and therefore +B can only create EC parameters from known (named) curves. + +=head1 EXAMPLES + +To create EC parameters with the group 'prime192v1': + + openssl ec -out ec_param.pem -name prime192v1 + +To create EC parameters with explicit parameters: + + openssl ec -out ec_param.pem -name prime192v1 -param_enc explicit + +To validate given EC parameters: + + openssl ec -in ec_param.pem -check + +To create EC parameters and a private key: + + openssl ec -out ec_key.pem -name prime192v1 -genkey + +To change the point encoding to 'compressed': + + openssl ec -in ec_in.pem -out ec_out.pem -conv_form compressed + +To print out the EC parameters to standard output: + + openssl ec -in ec_param.pem -noout -text + +=head1 SEE ALSO + +L, L + +=head1 HISTORY + +The ecparam command was first introduced in OpenSSL 0.9.8. + +=head1 AUTHOR + +Nils Larsch for the OpenSSL project (http://www.openssl.org) + +=cut From ada0e717fa36f4202298b797b9b663831a47548c Mon Sep 17 00:00:00 2001 From: =?UTF-8?q?Bodo=20M=C3=B6ller?= Date: Mon, 21 Jul 2003 13:43:28 +0000 Subject: [PATCH 377/393] new function EC_GROUP_cmp() (used by EVP_PKEY_cmp()) Submitted by: Nils Larsch --- crypto/ec/ec.h | 3 ++ crypto/ec/ec_lib.c | 75 ++++++++++++++++++++++++++++++++++++++++++++++ crypto/evp/p_lib.c | 9 ++++++ 3 files changed, 87 insertions(+) diff --git a/crypto/ec/ec.h b/crypto/ec/ec.h index 431a28b38f..dcffc8c049 100644 --- a/crypto/ec/ec.h +++ b/crypto/ec/ec.h @@ -166,6 +166,9 @@ int EC_GROUP_check(const EC_GROUP *group, BN_CTX *ctx); * elliptic curve is not zero, 0 otherwise */ int EC_GROUP_check_discriminant(const EC_GROUP *, BN_CTX *); +/* EC_GROUP_cmp() returns 0 if both groups are equal and 1 otherwise */ +int EC_GROUP_cmp(const EC_GROUP *, const EC_GROUP *, BN_CTX *); + /* EC_GROUP_new_GF*() calls EC_GROUP_new() and EC_GROUP_set_GF*() * after choosing an appropriate EC_METHOD */ EC_GROUP *EC_GROUP_new_curve_GFp(const BIGNUM *p, const BIGNUM *a, const BIGNUM *b, BN_CTX *); diff --git a/crypto/ec/ec_lib.c b/crypto/ec/ec_lib.c index c00875cd73..b3ef05659a 100644 --- a/crypto/ec/ec_lib.c +++ b/crypto/ec/ec_lib.c @@ -470,6 +470,81 @@ int EC_GROUP_check_discriminant(const EC_GROUP *group, BN_CTX *ctx) } +int EC_GROUP_cmp(const EC_GROUP *a, const EC_GROUP *b, BN_CTX *ctx) + { + int r = 0; + BIGNUM *a1, *a2, *a3, *b1, *b2, *b3; + BN_CTX *ctx_new = NULL; + + /* compare the field types*/ + if (EC_METHOD_get_field_type(EC_GROUP_method_of(a)) != + EC_METHOD_get_field_type(EC_GROUP_method_of(b))) + return 1; + /* compare the curve name (if present) */ + if (EC_GROUP_get_nid(a) && EC_GROUP_get_nid(b) && + EC_GROUP_get_nid(a) == EC_GROUP_get_nid(b)) + return 0; + + if (!ctx) + ctx_new = ctx = BN_CTX_new(); + if (!ctx) + return -1; + + BN_CTX_start(ctx); + a1 = BN_CTX_get(ctx); + a2 = BN_CTX_get(ctx); + a3 = BN_CTX_get(ctx); + b1 = BN_CTX_get(ctx); + b2 = BN_CTX_get(ctx); + b3 = BN_CTX_get(ctx); + if (!b3) + { + BN_CTX_end(ctx); + if (ctx_new) + BN_CTX_free(ctx); + return -1; + } + + /* XXX This approach assumes that the external representation + * of curves over the same field type is the same. + */ + if (!a->meth->group_get_curve(a, a1, a2, a3, ctx) || + !b->meth->group_get_curve(b, b1, b2, b3, ctx)) + r = 1; + + if (r || BN_cmp(a1, b2) || BN_cmp(a2, b2) || BN_cmp(a3, b3)) + r = 1; + + /* XXX EC_POINT_cmp() assumes that the methods are equal */ + if (r || EC_POINT_cmp(a, EC_GROUP_get0_generator(a), + EC_GROUP_get0_generator(b), ctx)) + r = 1; + + if (!r) + { + /* compare the order and cofactor */ + if (!EC_GROUP_get_order(a, a1, ctx) || + !EC_GROUP_get_order(b, b1, ctx) || + !EC_GROUP_get_cofactor(a, a2, ctx) || + !EC_GROUP_get_cofactor(b, b2, ctx)) + { + BN_CTX_end(ctx); + if (ctx_new) + BN_CTX_free(ctx); + return -1; + } + if (BN_cmp(a1, b1) || BN_cmp(a2, b2)) + r = 1; + } + + BN_CTX_end(ctx); + if (ctx_new) + BN_CTX_free(ctx); + + return r; + } + + /* this has 'package' visibility */ int EC_GROUP_set_extra_data(EC_GROUP *group, void *data, void *(*dup_func)(void *), void (*free_func)(void *), void (*clear_free_func)(void *)) diff --git a/crypto/evp/p_lib.c b/crypto/evp/p_lib.c index 730ef4d0a9..d6d7234cd5 100644 --- a/crypto/evp/p_lib.c +++ b/crypto/evp/p_lib.c @@ -233,6 +233,15 @@ int EVP_PKEY_cmp_parameters(const EVP_PKEY *a, const EVP_PKEY *b) else return(1); } +#endif +#ifndef OPENSSL_NO_EC + if (a->type == EVP_PKEY_EC && b->type == EVP_PKEY_EC) + { + if (EC_GROUP_cmp(a->pkey.eckey->group, b->pkey.eckey->group, NULL)) + return 0; + else + return 1; + } #endif return(-1); } From 02e0559477977f09279a7781817dc6f5c90f54c1 Mon Sep 17 00:00:00 2001 From: =?UTF-8?q?Bodo=20M=C3=B6ller?= Date: Mon, 21 Jul 2003 15:08:01 +0000 Subject: [PATCH 378/393] fix: 0.9.7 is based on 0.9.6h, not on 0.9.6k typo in 0.9.6k section --- CHANGES | 4 ++-- 1 file changed, 2 insertions(+), 2 deletions(-) diff --git a/CHANGES b/CHANGES index f81d555a06..116c85f1df 100644 --- a/CHANGES +++ b/CHANGES @@ -669,7 +669,7 @@ yet to be integrated into this CVS branch: the config script, much like the NetBSD support. [Richard Levitte & Kris Kennaway ] - Changes between 0.9.6k and 0.9.7 [31 Dec 2002] + Changes between 0.9.6h and 0.9.7 [31 Dec 2002] *) Fix session ID handling in SSLv2 client code: the SERVER FINISHED code (06) was taken as the first octet of the session ID and the last @@ -2491,7 +2491,7 @@ des-cbc 3624.96k 5258.21k 5530.91k 5624.30k 5628.26k Changes between 0.9.6j and 0.9.6k [xx XXX 2003] - *) Change X509_cretificate_type() to mark the key as exported/exportable + *) Change X509_certificate_type() to mark the key as exported/exportable when it's 512 *bits* long, not 512 bytes. [Richard Levitte] From ddc38679cedcd154eb18187b8c384b1a05f61fc6 Mon Sep 17 00:00:00 2001 From: =?UTF-8?q?Bodo=20M=C3=B6ller?= Date: Mon, 21 Jul 2003 15:17:46 +0000 Subject: [PATCH 379/393] tolerate extra data at end of client hello for SSL 3.0 PR: 659 --- CHANGES | 17 +++++++++++++++++ ssl/s3_srvr.c | 4 ++++ 2 files changed, 21 insertions(+) diff --git a/CHANGES b/CHANGES index 116c85f1df..caa091c906 100644 --- a/CHANGES +++ b/CHANGES @@ -537,6 +537,15 @@ Changes between 0.9.7b and 0.9.7c [xx XXX 2003] + *) In ssl3_get_client_hello() (ssl/s3_srvr.c), tolerate additional + extra data after the compression methods not only for TLS 1.0 + but also for SSL 3.0 (as required by the specification). + [Bodo Moeller; problem pointed out by Matthias Loepfe] + + *) Change X509_certificate_type() to mark the key as exported/exportable + when it's 512 *bits* long, not 512 bytes. + [Richard Levitte] + *) Change AES_cbc_encrypt() so it outputs exact multiple of blocks during encryption. [Richard Levitte] @@ -671,6 +680,9 @@ yet to be integrated into this CVS branch: Changes between 0.9.6h and 0.9.7 [31 Dec 2002] + [NB: OpenSSL 0.9.6i and later 0.9.6 patch levels were released after + OpenSSL 0.9.7.] + *) Fix session ID handling in SSLv2 client code: the SERVER FINISHED code (06) was taken as the first octet of the session ID and the last octet was ignored consequently. As a result SSLv2 client side session @@ -2491,6 +2503,11 @@ des-cbc 3624.96k 5258.21k 5530.91k 5624.30k 5628.26k Changes between 0.9.6j and 0.9.6k [xx XXX 2003] + *) In ssl3_get_client_hello() (ssl/s3_srvr.c), tolerate additional + extra data after the compression methods not only for TLS 1.0 + but also for SSL 3.0 (as required by the specification). + [Bodo Moeller; problem pointed out by Matthias Loepfe] + *) Change X509_certificate_type() to mark the key as exported/exportable when it's 512 *bits* long, not 512 bytes. [Richard Levitte] diff --git a/ssl/s3_srvr.c b/ssl/s3_srvr.c index e941068416..c2ac8cb2fc 100644 --- a/ssl/s3_srvr.c +++ b/ssl/s3_srvr.c @@ -883,6 +883,9 @@ static int ssl3_get_client_hello(SSL *s) } /* TLS does not mind if there is extra stuff */ +#if 0 /* SSL 3.0 does not mind either, so we should disable this test + * (was enabled in 0.9.6d through 0.9.6j and 0.9.7 through 0.9.7b, + * in earlier SSLeay/OpenSSL releases this test existed but was buggy) */ if (s->version == SSL3_VERSION) { if (p < (d+n)) @@ -894,6 +897,7 @@ static int ssl3_get_client_hello(SSL *s) goto f_err; } } +#endif /* Given s->session->ciphers and SSL_get_ciphers, we must * pick a cipher */ From 652ae06badda3a8964f650ce1713e335257548d9 Mon Sep 17 00:00:00 2001 From: =?UTF-8?q?Bodo=20M=C3=B6ller?= Date: Tue, 22 Jul 2003 10:39:10 +0000 Subject: [PATCH 380/393] add test for secp160r1 add code for kP+lQ timings Submitted by: Douglas Stebila Reviewed by: Bodo Moeller --- CHANGES | 4 ++ crypto/ec/ectest.c | 157 +++++++++++++++++++++++++++++++++------------ 2 files changed, 121 insertions(+), 40 deletions(-) diff --git a/CHANGES b/CHANGES index caa091c906..b7b6b99035 100644 --- a/CHANGES +++ b/CHANGES @@ -4,6 +4,10 @@ Changes between 0.9.7c and 0.9.8 [xx XXX xxxx] + *) Add code for kP+lQ timings to crypto/ec/ectest.c, and add SEC2 + curve secp160r1 to the tests. + [Douglas Stebila (Sun Microsystems Laboratories)] + *) Add the possibility to load symbols globally with DSO. [Götz Babin-Ebell via Richard Levitte] diff --git a/crypto/ec/ectest.c b/crypto/ec/ectest.c index e91c8fffb3..9b32f55be8 100644 --- a/crypto/ec/ectest.c +++ b/crypto/ec/ectest.c @@ -104,8 +104,12 @@ void prime_field_tests(void); void char2_field_tests(void); void internal_curve_test(void); +#define TIMING_BASE_PT 0 +#define TIMING_RAND_PT 1 +#define TIMING_SIMUL 2 + #if 0 -static void timings(EC_GROUP *group, int multi, BN_CTX *ctx) +static void timings(EC_GROUP *group, int type, BN_CTX *ctx) { clock_t clck; int i, j; @@ -129,7 +133,7 @@ static void timings(EC_GROUP *group, int multi, BN_CTX *ctx) { if ((r[i] = BN_new()) == NULL) ABORT; if (!BN_pseudo_rand(r[i], BN_num_bits(s), 0, 0)) ABORT; - if (multi) + if (type != TIMING_BASE_PT) { if ((r0[i] = BN_new()) == NULL) ABORT; if (!BN_pseudo_rand(r0[i], BN_num_bits(s), 0, 0)) ABORT; @@ -141,13 +145,14 @@ static void timings(EC_GROUP *group, int multi, BN_CTX *ctx) { for (j = 0; j < 10; j++) { - if (!EC_POINT_mul(group, P, r[i], multi ? P : NULL, multi ? r0[i] : NULL, ctx)) ABORT; + if (!EC_POINT_mul(group, P, (type != TIMING_RAND_PT) ? r[i] : NULL, + (type != TIMING_BASE_PT) ? P : NULL, (type != TIMING_BASE_PT) ? r0[i] : NULL, ctx)) ABORT; } } - fprintf(stdout, "\n"); - clck = clock() - clck; + fprintf(stdout, "\n"); + #ifdef CLOCKS_PER_SEC /* "To determine the time in seconds, the value returned * by the clock function should be divided by the value @@ -161,9 +166,16 @@ static void timings(EC_GROUP *group, int multi, BN_CTX *ctx) # define CLOCKS_PER_SEC 1 #endif - fprintf(stdout, "%i %s in %.2f " UNIT "\n", i*j, - multi ? "s*P+t*Q operations" : "point multiplications", - (double)clck/CLOCKS_PER_SEC); + if (type == TIMING_BASE_PT) { + fprintf(stdout, "%i %s in %.2f " UNIT "\n", i*j, + "base point multiplications", (double)clck/CLOCKS_PER_SEC); + } else if (type == TIMING_RAND_PT) { + fprintf(stdout, "%i %s in %.2f " UNIT "\n", i*j, + "random point multiplications", (double)clck/CLOCKS_PER_SEC); + } else if (type == TIMING_SIMUL) { + fprintf(stdout, "%i %s in %.2f " UNIT "\n", i*j, + "s*P+t*Q operations", (double)clck/CLOCKS_PER_SEC); + } fprintf(stdout, "average: %.4f " UNIT "\n", (double)clck/(CLOCKS_PER_SEC*i*j)); EC_POINT_free(P); @@ -171,7 +183,7 @@ static void timings(EC_GROUP *group, int multi, BN_CTX *ctx) for (i = 0; i < 10; i++) { BN_free(r[i]); - if (multi) BN_free(r0[i]); + if (type != TIMING_BASE_PT) BN_free(r0[i]); } } #endif @@ -181,7 +193,7 @@ void prime_field_tests() BN_CTX *ctx = NULL; BIGNUM *p, *a, *b; EC_GROUP *group; - EC_GROUP *P_192 = NULL, *P_224 = NULL, *P_256 = NULL, *P_384 = NULL, *P_521 = NULL; + EC_GROUP *P_160 = NULL, *P_192 = NULL, *P_224 = NULL, *P_256 = NULL, *P_384 = NULL, *P_521 = NULL; EC_POINT *P, *Q, *R; BIGNUM *x, *y, *z; unsigned char buf[100]; @@ -332,6 +344,52 @@ void prime_field_tests() if (0 != EC_POINT_cmp(group, P, R, ctx)) ABORT; + /* Curve secp160r1 (Certicom Research SEC 2 Version 1.0, section 2.4.2, 2000) + * -- not a NIST curve, but commonly used */ + + if (!BN_hex2bn(&p, "FFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFF7FFFFFFF")) ABORT; + if (1 != BN_is_prime_ex(p, BN_prime_checks, ctx, NULL)) ABORT; + if (!BN_hex2bn(&a, "FFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFF7FFFFFFC")) ABORT; + if (!BN_hex2bn(&b, "1C97BEFC54BD7A8B65ACF89F81D4D4ADC565FA45")) ABORT; + if (!EC_GROUP_set_curve_GFp(group, p, a, b, ctx)) ABORT; + + if (!BN_hex2bn(&x, "4A96B5688EF573284664698968C38BB913CBFC82")) ABORT; + if (!BN_hex2bn(&y, "23a628553168947d59dcc912042351377ac5fb32")) ABORT; + if (!EC_POINT_set_affine_coordinates_GFp(group, P, x, y, ctx)) ABORT; + if (!EC_POINT_is_on_curve(group, P, ctx)) ABORT; + if (!BN_hex2bn(&z, "0100000000000000000001F4C8F927AED3CA752257")) ABORT; + if (!EC_GROUP_set_generator(group, P, z, BN_value_one())) ABORT; + + if (!EC_POINT_get_affine_coordinates_GFp(group, P, x, y, ctx)) ABORT; + fprintf(stdout, "\nSEC2 curve secp160r1 -- Generator:\n x = 0x"); + BN_print_fp(stdout, x); + fprintf(stdout, "\n y = 0x"); + BN_print_fp(stdout, y); + fprintf(stdout, "\n"); + /* G_y value taken from the standard: */ + if (!BN_hex2bn(&z, "23a628553168947d59dcc912042351377ac5fb32")) ABORT; + if (0 != BN_cmp(y, z)) ABORT; + + fprintf(stdout, "verify degree ..."); + if (EC_GROUP_get_degree(group) != 160) ABORT; + fprintf(stdout, " ok\n"); + + fprintf(stdout, "verify group order ..."); + fflush(stdout); + if (!EC_GROUP_get_order(group, z, ctx)) ABORT; + if (!EC_POINT_mul(group, Q, z, NULL, NULL, ctx)) ABORT; + if (!EC_POINT_is_at_infinity(group, Q)) ABORT; + fprintf(stdout, "."); + fflush(stdout); + if (!EC_GROUP_precompute_mult(group, ctx)) ABORT; + if (!EC_POINT_mul(group, Q, z, NULL, NULL, ctx)) ABORT; + if (!EC_POINT_is_at_infinity(group, Q)) ABORT; + fprintf(stdout, " ok\n"); + + if (!(P_160 = EC_GROUP_new(EC_GROUP_method_of(group)))) ABORT; + if (!EC_GROUP_copy(P_160, group)) ABORT; + + /* Curve P-192 (FIPS PUB 186-2, App. 6) */ if (!BN_hex2bn(&p, "FFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFEFFFFFFFFFFFFFFFF")) ABORT; @@ -637,16 +695,24 @@ void prime_field_tests() #if 0 - timings(P_192, 0, ctx); - timings(P_192, 1, ctx); - timings(P_224, 0, ctx); - timings(P_224, 1, ctx); - timings(P_256, 0, ctx); - timings(P_256, 1, ctx); - timings(P_384, 0, ctx); - timings(P_384, 1, ctx); - timings(P_521, 0, ctx); - timings(P_521, 1, ctx); + timings(P_160, TIMING_BASE_PT, ctx); + timings(P_160, TIMING_RAND_PT, ctx); + timings(P_160, TIMING_SIMUL, ctx); + timings(P_192, TIMING_BASE_PT, ctx); + timings(P_192, TIMING_RAND_PT, ctx); + timings(P_192, TIMING_SIMUL, ctx); + timings(P_224, TIMING_BASE_PT, ctx); + timings(P_224, TIMING_RAND_PT, ctx); + timings(P_224, TIMING_SIMUL, ctx); + timings(P_256, TIMING_BASE_PT, ctx); + timings(P_256, TIMING_RAND_PT, ctx); + timings(P_256, TIMING_SIMUL, ctx); + timings(P_384, TIMING_BASE_PT, ctx); + timings(P_384, TIMING_RAND_PT, ctx); + timings(P_384, TIMING_SIMUL, ctx); + timings(P_521, TIMING_BASE_PT, ctx); + timings(P_521, TIMING_RAND_PT, ctx); + timings(P_521, TIMING_SIMUL, ctx); #endif @@ -659,6 +725,7 @@ void prime_field_tests() EC_POINT_free(R); BN_free(x); BN_free(y); BN_free(z); + if (P_160) EC_GROUP_free(P_160); if (P_192) EC_GROUP_free(P_192); if (P_224) EC_GROUP_free(P_224); if (P_256) EC_GROUP_free(P_256); @@ -1103,26 +1170,36 @@ void char2_field_tests() #if 0 - timings(C2_K163, 0, ctx); - timings(C2_K163, 1, ctx); - timings(C2_B163, 0, ctx); - timings(C2_B163, 1, ctx); - timings(C2_K233, 0, ctx); - timings(C2_K233, 1, ctx); - timings(C2_B233, 0, ctx); - timings(C2_B233, 1, ctx); - timings(C2_K283, 0, ctx); - timings(C2_K283, 1, ctx); - timings(C2_B283, 0, ctx); - timings(C2_B283, 1, ctx); - timings(C2_K409, 0, ctx); - timings(C2_K409, 1, ctx); - timings(C2_B409, 0, ctx); - timings(C2_B409, 1, ctx); - timings(C2_K571, 0, ctx); - timings(C2_K571, 1, ctx); - timings(C2_B571, 0, ctx); - timings(C2_B571, 1, ctx); + timings(C2_K163, TIMING_BASE_PT, ctx); + timings(C2_K163, TIMING_RAND_PT, ctx); + timings(C2_K163, TIMING_SIMUL, ctx); + timings(C2_B163, TIMING_BASE_PT, ctx); + timings(C2_B163, TIMING_RAND_PT, ctx); + timings(C2_B163, TIMING_SIMUL, ctx); + timings(C2_K233, TIMING_BASE_PT, ctx); + timings(C2_K233, TIMING_RAND_PT, ctx); + timings(C2_K233, TIMING_SIMUL, ctx); + timings(C2_B233, TIMING_BASE_PT, ctx); + timings(C2_B233, TIMING_RAND_PT, ctx); + timings(C2_B233, TIMING_SIMUL, ctx); + timings(C2_K283, TIMING_BASE_PT, ctx); + timings(C2_K283, TIMING_RAND_PT, ctx); + timings(C2_K283, TIMING_SIMUL, ctx); + timings(C2_B283, TIMING_BASE_PT, ctx); + timings(C2_B283, TIMING_RAND_PT, ctx); + timings(C2_B283, TIMING_SIMUL, ctx); + timings(C2_K409, TIMING_BASE_PT, ctx); + timings(C2_K409, TIMING_RAND_PT, ctx); + timings(C2_K409, TIMING_SIMUL, ctx); + timings(C2_B409, TIMING_BASE_PT, ctx); + timings(C2_B409, TIMING_RAND_PT, ctx); + timings(C2_B409, TIMING_SIMUL, ctx); + timings(C2_K571, TIMING_BASE_PT, ctx); + timings(C2_K571, TIMING_RAND_PT, ctx); + timings(C2_K571, TIMING_SIMUL, ctx); + timings(C2_B571, TIMING_BASE_PT, ctx); + timings(C2_B571, TIMING_RAND_PT, ctx); + timings(C2_B571, TIMING_SIMUL, ctx); #endif From 968766cad84d15d556d9b8f7ab3c927df700c378 Mon Sep 17 00:00:00 2001 From: =?UTF-8?q?Bodo=20M=C3=B6ller?= Date: Tue, 22 Jul 2003 12:34:21 +0000 Subject: [PATCH 381/393] updates for draft-ietf-tls-ecc-03.txt Submitted by: Douglas Stebila Reviewed by: Bodo Moeller --- CHANGES | 8 +++++++ apps/speed.c | 28 ++++++++++++++++++------ crypto/ec/ec.h | 1 + crypto/objects/obj_dat.h | 46 +++++++++++++++++++++++++++------------- demos/ssltest-ecc/README | 2 +- ssl/s3_clnt.c | 20 +++++++++++++++-- ssl/s3_srvr.c | 20 +++++++++++++++-- ssl/tls1.h | 4 ++++ 8 files changed, 103 insertions(+), 26 deletions(-) diff --git a/CHANGES b/CHANGES index b7b6b99035..0e7f968846 100644 --- a/CHANGES +++ b/CHANGES @@ -4,6 +4,14 @@ Changes between 0.9.7c and 0.9.8 [xx XXX xxxx] + *) Update support for ECC-based TLS ciphersuites according to + draft-ietf-tls-ecc-03.txt: the KDF1 key derivation function with + SHA-1 now is only used for "small" curves (where the + representation of a field element takes up to 24 bytes); for + larger curves, the field element resulting from ECDH is directly + used as premaster secret. + [Douglas Stebila (Sun Microsystems Laboratories)] + *) Add code for kP+lQ timings to crypto/ec/ectest.c, and add SEC2 curve secp160r1 to the tests. [Douglas Stebila (Sun Microsystems Laboratories)] diff --git a/apps/speed.c b/apps/speed.c index a634b11729..1c2b9cded0 100644 --- a/apps/speed.c +++ b/apps/speed.c @@ -2079,12 +2079,28 @@ int MAIN(int argc, char **argv) } else { - secret_size_a = ECDH_compute_key(secret_a, KDF1_SHA1_len, + /* If field size is not more than 24 octets, then use SHA-1 hash of result; + * otherwise, use result (see section 4.8 of draft-ietf-tls-ecc-03.txt). + */ + int field_size, outlen; + void *(*kdf)(void *in, size_t inlen, void *out, size_t outlen); + field_size = EC_GROUP_get_degree(ecdh_a[j]->group); + if (field_size <= 24 * 8) + { + outlen = KDF1_SHA1_len; + kdf = KDF1_SHA1; + } + else + { + outlen = (field_size+7)/8; + kdf = NULL; + } + secret_size_a = ECDH_compute_key(secret_a, outlen, ecdh_b[j]->pub_key, - ecdh_a[j], KDF1_SHA1); - secret_size_b = ECDH_compute_key(secret_b, KDF1_SHA1_len, + ecdh_a[j], kdf); + secret_size_b = ECDH_compute_key(secret_b, outlen, ecdh_a[j]->pub_key, - ecdh_b[j], KDF1_SHA1); + ecdh_b[j], kdf); if (secret_size_a != secret_size_b) ecdh_checks = 0; else @@ -2113,9 +2129,9 @@ int MAIN(int argc, char **argv) Time_F(START); for (count=0,run=1; COND(ecdh_c[j][0]); count++) { - ECDH_compute_key(secret_a, KDF1_SHA1_len, + ECDH_compute_key(secret_a, outlen, ecdh_b[j]->pub_key, - ecdh_a[j], KDF1_SHA1); + ecdh_a[j], kdf); } d=Time_F(STOP); BIO_printf(bio_err, mr ? "+R7:%ld:%d:%.2f\n" :"%ld %d-bit ECDH ops in %.2fs\n", diff --git a/crypto/ec/ec.h b/crypto/ec/ec.h index dcffc8c049..8f4d4e1818 100644 --- a/crypto/ec/ec.h +++ b/crypto/ec/ec.h @@ -158,6 +158,7 @@ int EC_GROUP_get_curve_GFp(const EC_GROUP *, BIGNUM *p, BIGNUM *a, BIGNUM *b, BN int EC_GROUP_set_curve_GF2m(EC_GROUP *, const BIGNUM *p, const BIGNUM *a, const BIGNUM *b, BN_CTX *); int EC_GROUP_get_curve_GF2m(const EC_GROUP *, BIGNUM *p, BIGNUM *a, BIGNUM *b, BN_CTX *); +/* returns the number of bits needed to represent a field element */ int EC_GROUP_get_degree(const EC_GROUP *); /* EC_GROUP_check() returns 1 if 'group' defines a valid group, 0 otherwise */ diff --git a/crypto/objects/obj_dat.h b/crypto/objects/obj_dat.h index 7a187aff6d..090719a6d2 100644 --- a/crypto/objects/obj_dat.h +++ b/crypto/objects/obj_dat.h @@ -62,12 +62,12 @@ * [including the GNU Public Licence.] */ -#define NUM_NID 721 -#define NUM_SN 716 -#define NUM_LN 716 -#define NUM_OBJ 690 +#define NUM_NID 724 +#define NUM_SN 719 +#define NUM_LN 719 +#define NUM_OBJ 693 -static unsigned char lvalues[4879]={ +static unsigned char lvalues[4882]={ 0x00, /* [ 0] OBJ_undef */ 0x2A,0x86,0x48,0x86,0xF7,0x0D, /* [ 1] OBJ_rsadsi */ 0x2A,0x86,0x48,0x86,0xF7,0x0D,0x01, /* [ 7] OBJ_pkcs */ @@ -432,7 +432,7 @@ static unsigned char lvalues[4879]={ 0x2B,0x06,0x01,0x04,0x01,0x8B,0x3A,0x82,0x58,/* [2865] OBJ_dcObject */ 0x09,0x92,0x26,0x89,0x93,0xF2,0x2C,0x64,0x01,0x19,/* [2874] OBJ_domainComponent */ 0x09,0x92,0x26,0x89,0x93,0xF2,0x2C,0x64,0x04,0x0D,/* [2884] OBJ_Domain */ -0x50, /* [2894] OBJ_joint_iso_ccitt */ +0x00, /* [2894] OBJ_joint_iso_ccitt */ 0x55,0x01,0x05, /* [2895] OBJ_selected_attribute_types */ 0x55,0x01,0x05,0x37, /* [2898] OBJ_clearance */ 0x2A,0x86,0x48,0x86,0xF7,0x0D,0x01,0x01,0x03,/* [2902] OBJ_md4WithRSAEncryption */ @@ -758,6 +758,9 @@ static unsigned char lvalues[4879]={ 0x55,0x1D,0x20,0x00, /* [4868] OBJ_any_policy */ 0x55,0x1D,0x21, /* [4872] OBJ_policy_mappings */ 0x55,0x1D,0x1E, /* [4875] OBJ_name_constraints */ +0x00, /* [4878] OBJ_itu_t */ +0x50, /* [4879] OBJ_joint_iso_itu_t */ +0x67, /* [4880] OBJ_international_organizations */ }; static ASN1_OBJECT nid_objs[NUM_NID]={ @@ -1370,8 +1373,7 @@ static ASN1_OBJECT nid_objs[NUM_NID]={ {"dcobject","dcObject",NID_dcObject,9,&(lvalues[2865]),0}, {"DC","domainComponent",NID_domainComponent,10,&(lvalues[2874]),0}, {"domain","Domain",NID_Domain,10,&(lvalues[2884]),0}, -{"JOINT-ISO-CCITT","joint-iso-ccitt",NID_joint_iso_ccitt,1, - &(lvalues[2894]),0}, +{"NULL","NULL",NID_joint_iso_ccitt,1,&(lvalues[2894]),0}, {"selected-attribute-types","Selected Attribute Types", NID_selected_attribute_types,3,&(lvalues[2895]),0}, {"clearance","clearance",NID_clearance,4,&(lvalues[2898]),0}, @@ -1389,7 +1391,7 @@ static ASN1_OBJECT nid_objs[NUM_NID]={ &(lvalues[2941]),0}, {"noRevAvail","X509v3 No Revocation Available",NID_no_rev_avail,3, &(lvalues[2944]),0}, -{"CCITT","ccitt",NID_ccitt,1,&(lvalues[2947]),0}, +{"NULL","NULL",NID_ccitt,1,&(lvalues[2947]),0}, {"ansi-X9-62","ANSI X9.62",NID_ansi_X9_62,5,&(lvalues[2948]),0}, {"prime-field","prime-field",NID_X9_62_prime_field,7,&(lvalues[2953]),0}, {"characteristic-two-field","characteristic-two-field", @@ -1887,6 +1889,11 @@ static ASN1_OBJECT nid_objs[NUM_NID]={ &(lvalues[4872]),0}, {"nameConstraints","X509v3 Name Constraints",NID_name_constraints,3, &(lvalues[4875]),0}, +{"ITU-T","itu-t",NID_itu_t,1,&(lvalues[4878]),0}, +{"JOINT-ISO-ITU-T","joint-iso-itu-t",NID_joint_iso_itu_t,1, + &(lvalues[4879]),0}, +{"international-organizations","International Organizations", + NID_international_organizations,1,&(lvalues[4880]),0}, }; static ASN1_OBJECT *sn_objs[NUM_SN]={ @@ -1912,7 +1919,6 @@ static ASN1_OBJECT *sn_objs[NUM_SN]={ &(nid_objs[110]),/* "CAST5-CFB" */ &(nid_objs[109]),/* "CAST5-ECB" */ &(nid_objs[111]),/* "CAST5-OFB" */ -&(nid_objs[404]),/* "CCITT" */ &(nid_objs[13]),/* "CN" */ &(nid_objs[141]),/* "CRLReason" */ &(nid_objs[417]),/* "CSPName" */ @@ -1947,7 +1953,8 @@ static ASN1_OBJECT *sn_objs[NUM_SN]={ &(nid_objs[46]),/* "IDEA-OFB" */ &(nid_objs[181]),/* "ISO" */ &(nid_objs[183]),/* "ISO-US" */ -&(nid_objs[393]),/* "JOINT-ISO-CCITT" */ +&(nid_objs[721]),/* "ITU-T" */ +&(nid_objs[722]),/* "JOINT-ISO-ITU-T" */ &(nid_objs[15]),/* "L" */ &(nid_objs[ 3]),/* "MD2" */ &(nid_objs[257]),/* "MD4" */ @@ -1955,6 +1962,8 @@ static ASN1_OBJECT *sn_objs[NUM_SN]={ &(nid_objs[114]),/* "MD5-SHA1" */ &(nid_objs[95]),/* "MDC2" */ &(nid_objs[388]),/* "Mail" */ +&(nid_objs[393]),/* "NULL" */ +&(nid_objs[404]),/* "NULL" */ &(nid_objs[57]),/* "Netscape" */ &(nid_objs[366]),/* "Nonce" */ &(nid_objs[17]),/* "O" */ @@ -2291,6 +2300,7 @@ static ASN1_OBJECT *sn_objs[NUM_SN]={ &(nid_objs[527]),/* "identified-organization" */ &(nid_objs[461]),/* "info" */ &(nid_objs[101]),/* "initials" */ +&(nid_objs[723]),/* "international-organizations" */ &(nid_objs[142]),/* "invalidityDate" */ &(nid_objs[294]),/* "ipsecEndSystem" */ &(nid_objs[295]),/* "ipsecTunnel" */ @@ -2634,6 +2644,7 @@ static ASN1_OBJECT *ln_objs[NUM_LN]={ &(nid_objs[296]),/* "IPSec User" */ &(nid_objs[182]),/* "ISO Member Body" */ &(nid_objs[183]),/* "ISO US Member Body" */ +&(nid_objs[723]),/* "International Organizations" */ &(nid_objs[142]),/* "Invalidity Date" */ &(nid_objs[569]),/* "MIME MHS" */ &(nid_objs[388]),/* "Mail" */ @@ -2647,6 +2658,8 @@ static ASN1_OBJECT *ln_objs[NUM_LN]={ &(nid_objs[716]),/* "Microsoft Smartcardlogin" */ &(nid_objs[136]),/* "Microsoft Trust List Signing" */ &(nid_objs[717]),/* "Microsoft Universal Principal Name" */ +&(nid_objs[393]),/* "NULL" */ +&(nid_objs[404]),/* "NULL" */ &(nid_objs[72]),/* "Netscape Base Url" */ &(nid_objs[76]),/* "Netscape CA Policy Url" */ &(nid_objs[74]),/* "Netscape CA Revocation Url" */ @@ -2765,7 +2778,6 @@ static ASN1_OBJECT *ln_objs[NUM_LN]={ &(nid_objs[110]),/* "cast5-cfb" */ &(nid_objs[109]),/* "cast5-ecb" */ &(nid_objs[111]),/* "cast5-ofb" */ -&(nid_objs[404]),/* "ccitt" */ &(nid_objs[152]),/* "certBag" */ &(nid_objs[528]),/* "certicom-arc" */ &(nid_objs[581]),/* "certificate extensions" */ @@ -3015,8 +3027,9 @@ static ASN1_OBJECT *ln_objs[NUM_LN]={ &(nid_objs[101]),/* "initials" */ &(nid_objs[181]),/* "iso" */ &(nid_objs[687]),/* "issuer capabilities" */ +&(nid_objs[721]),/* "itu-t" */ &(nid_objs[492]),/* "janetMailbox" */ -&(nid_objs[393]),/* "joint-iso-ccitt" */ +&(nid_objs[722]),/* "joint-iso-itu-t" */ &(nid_objs[150]),/* "keyBag" */ &(nid_objs[477]),/* "lastModifiedBy" */ &(nid_objs[476]),/* "lastModifiedTime" */ @@ -3329,14 +3342,17 @@ static ASN1_OBJECT *ln_objs[NUM_LN]={ static ASN1_OBJECT *obj_objs[NUM_OBJ]={ &(nid_objs[ 0]),/* OBJ_undef 0 */ -&(nid_objs[404]),/* OBJ_ccitt 0 */ +&(nid_objs[721]),/* OBJ_itu_t 0 */ +&(nid_objs[393]),/* OBJ_joint_iso_ccitt OBJ_joint_iso_itu_t */ +&(nid_objs[404]),/* OBJ_ccitt OBJ_itu_t */ &(nid_objs[434]),/* OBJ_data 0 9 */ &(nid_objs[181]),/* OBJ_iso 1 */ &(nid_objs[182]),/* OBJ_member_body 1 2 */ &(nid_objs[379]),/* OBJ_org 1 3 */ &(nid_objs[527]),/* OBJ_identified_organization 1 3 */ -&(nid_objs[393]),/* OBJ_joint_iso_ccitt 2 */ +&(nid_objs[722]),/* OBJ_joint_iso_itu_t 2 */ &(nid_objs[11]),/* OBJ_X500 2 5 */ +&(nid_objs[723]),/* OBJ_international_organizations 2 23 */ &(nid_objs[380]),/* OBJ_dod 1 3 6 */ &(nid_objs[12]),/* OBJ_X509 2 5 4 */ &(nid_objs[378]),/* OBJ_X500algorithms 2 5 8 */ diff --git a/demos/ssltest-ecc/README b/demos/ssltest-ecc/README index b045c28fb6..71c070af16 100644 --- a/demos/ssltest-ecc/README +++ b/demos/ssltest-ecc/README @@ -1,6 +1,6 @@ Scripts for using ECC ciphersuites with test/testssl (these ciphersuites are described in the Internet Draft available at -http://www.ietf.org/internet-drafts/draft-ietf-tls-ecc-02.txt). +http://www.ietf.org/internet-drafts/draft-ietf-tls-ecc-03.txt). Use ECCcertgen.sh, RSAcertgen.sh, ECC-RSAcertgen.sh to generate root, client and server certs of the following types: diff --git a/ssl/s3_clnt.c b/ssl/s3_clnt.c index 211dd03b11..7eff4f1d5e 100644 --- a/ssl/s3_clnt.c +++ b/ssl/s3_clnt.c @@ -1870,6 +1870,7 @@ static int ssl3_send_client_key_exchange(SSL *s) { EC_GROUP *srvr_group = NULL; int ecdh_clnt_cert = 0; + int field_size = 0; /* Did we send out the client's * ECDH share for use in premaster @@ -1962,7 +1963,21 @@ static int ssl3_send_client_key_exchange(SSL *s) * make sure to clear it out afterwards */ - n=ECDH_compute_key(p, KDF1_SHA1_len, srvr_ecpoint, clnt_ecdh, KDF1_SHA1); + field_size = EC_GROUP_get_degree(clnt_ecdh->group); + if (field_size <= 0) + { + SSLerr(SSL_F_SSL3_SEND_CLIENT_KEY_EXCHANGE, + ERR_R_ECDH_LIB); + goto err; + } + /* If field size is not more than 24 octets, then use SHA-1 hash of result; + * otherwise, use result (see section 4.8 of draft-ietf-tls-ecc-03.txt; + * this is new with this version of the Internet Draft). + */ + if (field_size <= 24 * 8) + n=ECDH_compute_key(p, KDF1_SHA1_len, srvr_ecpoint, clnt_ecdh, KDF1_SHA1); + else + n=ECDH_compute_key(p, (field_size+7)/8, srvr_ecpoint, clnt_ecdh, NULL); if (n <= 0) { SSLerr(SSL_F_SSL3_SEND_CLIENT_KEY_EXCHANGE, @@ -2375,7 +2390,8 @@ err: /* This is the complement of nid2curve_id in s3_srvr.c. */ static int curve_id2nid(int curve_id) { - /* ECC curves from draft-ietf-tls-ecc-01.txt (Mar 15, 2001) */ + /* ECC curves from draft-ietf-tls-ecc-01.txt (Mar 15, 2001) + * (no changes in draft-ietf-tls-ecc-03.txt [June 2003]) */ static int nid_list[26] = { 0, diff --git a/ssl/s3_srvr.c b/ssl/s3_srvr.c index c2ac8cb2fc..32ddc48090 100644 --- a/ssl/s3_srvr.c +++ b/ssl/s3_srvr.c @@ -1962,6 +1962,7 @@ static int ssl3_get_client_key_exchange(SSL *s) if ((l & SSL_kECDH) || (l & SSL_kECDHE)) { int ret = 1; + int field_size = 0; /* initialize structures for server's ECDH key pair */ if ((srvr_ecdh = EC_KEY_new()) == NULL) @@ -2062,7 +2063,21 @@ static int ssl3_get_client_key_exchange(SSL *s) } /* Compute the shared pre-master secret */ - i = ECDH_compute_key(p, KDF1_SHA1_len, clnt_ecpoint, srvr_ecdh, KDF1_SHA1); + field_size = EC_GROUP_get_degree(srvr_ecdh->group); + if (field_size <= 0) + { + SSLerr(SSL_F_SSL3_GET_CLIENT_KEY_EXCHANGE, + ERR_R_ECDH_LIB); + goto err; + } + /* If field size is not more than 24 octets, then use SHA-1 hash of result; + * otherwise, use result (see section 4.8 of draft-ietf-tls-ecc-03.txt; + * this is new with this version of the Internet Draft). + */ + if (field_size <= 24 * 8) + i = ECDH_compute_key(p, KDF1_SHA1_len, clnt_ecpoint, srvr_ecdh, KDF1_SHA1); + else + i = ECDH_compute_key(p, (field_size+7)/8, clnt_ecpoint, srvr_ecdh, NULL); if (i <= 0) { SSLerr(SSL_F_SSL3_GET_CLIENT_KEY_EXCHANGE, @@ -2459,7 +2474,8 @@ int ssl3_send_server_certificate(SSL *s) /* This is the complement of curve_id2nid in s3_clnt.c. */ static int nid2curve_id(int nid) { - /* ECC curves from draft-ietf-tls-ecc-01.txt (Mar 15, 2001) */ + /* ECC curves from draft-ietf-tls-ecc-01.txt (Mar 15, 2001) + * (no changes in draft-ietf-tls-ecc-03.txt [June 2003]) */ switch (nid) { case NID_sect163k1: /* sect163k1 (1) */ return 1; diff --git a/ssl/tls1.h b/ssl/tls1.h index 7f4a2f3085..be15445384 100644 --- a/ssl/tls1.h +++ b/ssl/tls1.h @@ -131,6 +131,10 @@ extern "C" { * suites to use 5B and 5C instead (this may change with future * updates to the IETF draft). */ +/* draft-ietf-tls-ecc-03.txt (June 2003) gives a changed list of + * ciphersuites, but does not define numbers for all of them + * because of possible conflicts with other Internet Drafts; + * most numbers are still subject to change. */ #define TLS1_CK_ECDH_ECDSA_WITH_NULL_SHA 0x03000047 #define TLS1_CK_ECDH_ECDSA_WITH_RC4_128_SHA 0x03000048 #define TLS1_CK_ECDH_ECDSA_WITH_DES_CBC_SHA 0x03000049 From f96d1af449bcbe01efa3c1eb42712e10544b8811 Mon Sep 17 00:00:00 2001 From: "Dr. Stephen Henson" Date: Wed, 23 Jul 2003 00:10:43 +0000 Subject: [PATCH 382/393] Avoid clashes with Win32 names in WinCrypt.h --- crypto/ossl_typ.h | 1 + crypto/x509/x509.h | 3 ++- 2 files changed, 3 insertions(+), 1 deletion(-) diff --git a/crypto/ossl_typ.h b/crypto/ossl_typ.h index b50e9ae256..46200a80b1 100644 --- a/crypto/ossl_typ.h +++ b/crypto/ossl_typ.h @@ -97,6 +97,7 @@ typedef int ASN1_NULL; #ifdef OPENSSL_SYS_WIN32 #undef X509_NAME +#undef X509_CERT_PAIR #undef PKCS7_ISSUER_AND_SERIAL #endif diff --git a/crypto/x509/x509.h b/crypto/x509/x509.h index 049308ba80..e7706ce9f9 100644 --- a/crypto/x509/x509.h +++ b/crypto/x509/x509.h @@ -112,8 +112,9 @@ extern "C" { #endif #ifdef OPENSSL_SYS_WIN32 -/* Under Win32 this is defined in wincrypt.h */ +/* Under Win32 these are defined in wincrypt.h */ #undef X509_NAME +#undef X509_CERT_PAIR #endif #define X509_FILETYPE_PEM 1 From 5b6e7c8c65114e004023ec6627cd227d72ca0579 Mon Sep 17 00:00:00 2001 From: Richard Levitte Date: Mon, 4 Aug 2003 10:12:36 +0000 Subject: [PATCH 383/393] Inclusion of openssl/engine.h should always be wrapped with a check that OPENSSL_NO_ENGINE is not defined. --- crypto/evp/c_all.c | 2 ++ 1 file changed, 2 insertions(+) diff --git a/crypto/evp/c_all.c b/crypto/evp/c_all.c index 879d84ae79..fa60a73ead 100644 --- a/crypto/evp/c_all.c +++ b/crypto/evp/c_all.c @@ -59,7 +59,9 @@ #include #include "cryptlib.h" #include +#ifndef OPENSSL_NO_ENGINE #include +#endif #if 0 #undef OpenSSL_add_all_algorithms From 3aa8d3a7f11fdcef71240a1ae0c4f6000986cc45 Mon Sep 17 00:00:00 2001 From: =?UTF-8?q?Bodo=20M=C3=B6ller?= Date: Wed, 6 Aug 2003 10:36:25 +0000 Subject: [PATCH 384/393] add OpenSSL license fix typo --- crypto/bio/bss_bio.c | 55 +++++++++++++++++++++++++++++++++++++++++++- 1 file changed, 54 insertions(+), 1 deletion(-) diff --git a/crypto/bio/bss_bio.c b/crypto/bio/bss_bio.c index aa58dab046..0f9f0955b4 100644 --- a/crypto/bio/bss_bio.c +++ b/crypto/bio/bss_bio.c @@ -1,4 +1,57 @@ /* crypto/bio/bss_bio.c -*- Mode: C; c-file-style: "eay" -*- */ +/* ==================================================================== + * Copyright (c) 1998-2003 The OpenSSL Project. All rights reserved. + * + * Redistribution and use in source and binary forms, with or without + * modification, are permitted provided that the following conditions + * are met: + * + * 1. Redistributions of source code must retain the above copyright + * notice, this list of conditions and the following disclaimer. + * + * 2. Redistributions in binary form must reproduce the above copyright + * notice, this list of conditions and the following disclaimer in + * the documentation and/or other materials provided with the + * distribution. + * + * 3. All advertising materials mentioning features or use of this + * software must display the following acknowledgment: + * "This product includes software developed by the OpenSSL Project + * for use in the OpenSSL Toolkit. (http://www.openssl.org/)" + * + * 4. The names "OpenSSL Toolkit" and "OpenSSL Project" must not be used to + * endorse or promote products derived from this software without + * prior written permission. For written permission, please contact + * openssl-core@openssl.org. + * + * 5. Products derived from this software may not be called "OpenSSL" + * nor may "OpenSSL" appear in their names without prior written + * permission of the OpenSSL Project. + * + * 6. Redistributions of any form whatsoever must retain the following + * acknowledgment: + * "This product includes software developed by the OpenSSL Project + * for use in the OpenSSL Toolkit (http://www.openssl.org/)" + * + * THIS SOFTWARE IS PROVIDED BY THE OpenSSL PROJECT ``AS IS'' AND ANY + * EXPRESSED OR IMPLIED WARRANTIES, INCLUDING, BUT NOT LIMITED TO, THE + * IMPLIED WARRANTIES OF MERCHANTABILITY AND FITNESS FOR A PARTICULAR + * PURPOSE ARE DISCLAIMED. IN NO EVENT SHALL THE OpenSSL PROJECT OR + * ITS CONTRIBUTORS BE LIABLE FOR ANY DIRECT, INDIRECT, INCIDENTAL, + * SPECIAL, EXEMPLARY, OR CONSEQUENTIAL DAMAGES (INCLUDING, BUT + * NOT LIMITED TO, PROCUREMENT OF SUBSTITUTE GOODS OR SERVICES; + * LOSS OF USE, DATA, OR PROFITS; OR BUSINESS INTERRUPTION) + * HOWEVER CAUSED AND ON ANY THEORY OF LIABILITY, WHETHER IN CONTRACT, + * STRICT LIABILITY, OR TORT (INCLUDING NEGLIGENCE OR OTHERWISE) + * ARISING IN ANY WAY OUT OF THE USE OF THIS SOFTWARE, EVEN IF ADVISED + * OF THE POSSIBILITY OF SUCH DAMAGE. + * ==================================================================== + * + * This product includes cryptographic software written by Eric Young + * (eay@cryptsoft.com). This product includes software written by Tim + * Hudson (tjh@cryptsoft.com). + * + */ /* Special method for a BIO where the other endpoint is also a BIO * of this kind, handled by the same thread (i.e. the "peer" is actually @@ -502,7 +555,7 @@ static long bio_ctrl(BIO *bio, int cmd, long num, void *ptr) break; case BIO_C_DESTROY_BIO_PAIR: - /* Effects both BIOs in the pair -- call just once! + /* Affects both BIOs in the pair -- call just once! * Or let BIO_free(bio1); BIO_free(bio2); do the job. */ bio_destroy_pair(bio); ret = 1; From 88401ed449a889f3aeba78ff1ac89045bda8e7b7 Mon Sep 17 00:00:00 2001 From: Richard Levitte Date: Thu, 7 Aug 2003 11:57:42 +0000 Subject: [PATCH 385/393] Correct two problems, found by Martin Kochanski : 1. CreateToolhelp32Snapshot returns INVALID_HANDLE_VALUE, not NULL, on error. 2. On Windows CE, a snapshot handle is closed with CloseToolhelp32Snapshot, not CloseHandle. --- crypto/rand/rand_win.c | 14 ++++++++++---- 1 file changed, 10 insertions(+), 4 deletions(-) diff --git a/crypto/rand/rand_win.c b/crypto/rand/rand_win.c index 113b58678f..263068d256 100644 --- a/crypto/rand/rand_win.c +++ b/crypto/rand/rand_win.c @@ -162,6 +162,7 @@ typedef BOOL (WINAPI *GETCURSORINFO)(PCURSORINFO); typedef DWORD (WINAPI *GETQUEUESTATUS)(UINT); typedef HANDLE (WINAPI *CREATETOOLHELP32SNAPSHOT)(DWORD, DWORD); +typedef BOOL (WINAPI *CLOSETOOLHELP32SNAPSHOT)(HANDLE); typedef BOOL (WINAPI *HEAP32FIRST)(LPHEAPENTRY32, DWORD, DWORD); typedef BOOL (WINAPI *HEAP32NEXT)(LPHEAPENTRY32); typedef BOOL (WINAPI *HEAP32LIST)(HANDLE, LPHEAPLIST32); @@ -431,7 +432,7 @@ int RAND_poll(void) * This seeding method was proposed in Peter Gutmann, Software * Generation of Practically Strong Random Numbers, * http://www.usenix.org/publications/library/proceedings/sec98/gutmann.html - * revised version at http://www.cryptoengines.com/~peter/06_random.pdf + * revised version at http://www.cryptoengines.com/~peter/06_random.pdf * (The assignment of entropy estimates below is arbitrary, but based * on Peter's analysis the full poll appears to be safe. Additional * interactive seeding is encouraged.) @@ -440,6 +441,7 @@ int RAND_poll(void) if (kernel) { CREATETOOLHELP32SNAPSHOT snap; + CLOSETOOLHELP32SNAPSHOT close_snap; HANDLE handle; HEAP32FIRST heap_first; @@ -457,6 +459,8 @@ int RAND_poll(void) snap = (CREATETOOLHELP32SNAPSHOT) GetProcAddress(kernel, TEXT("CreateToolhelp32Snapshot")); + close_snap = (CLOSETOOLHELP32SNAPSHOT) + GetProcAddress(kernel, TEXT("CloseToolhelp32Snapshot")); heap_first = (HEAP32FIRST) GetProcAddress(kernel, TEXT("Heap32First")); heap_next = (HEAP32NEXT) GetProcAddress(kernel, TEXT("Heap32Next")); heaplist_first = (HEAP32LIST) GetProcAddress(kernel, TEXT("Heap32ListFirst")); @@ -472,7 +476,7 @@ int RAND_poll(void) heaplist_next && process_first && process_next && thread_first && thread_next && module_first && module_next && (handle = snap(TH32CS_SNAPALL,0)) - != NULL) + != INVALID_HANDLE_VALUE) { /* heap list and heap walking */ /* HEAPLIST32 contains 3 fields that will change with @@ -534,8 +538,10 @@ int RAND_poll(void) do RAND_add(&m, m.dwSize, 9); while (module_next(handle, &m)); - - CloseHandle(handle); + if (close_snap) + close_snap(handle); + else + CloseHandle(handle); } FreeLibrary(kernel); From 643ecd2ed6fa6f91d674429fc9fca6e2405946de Mon Sep 17 00:00:00 2001 From: =?UTF-8?q?Bodo=20M=C3=B6ller?= Date: Mon, 11 Aug 2003 18:56:22 +0000 Subject: [PATCH 386/393] make sure no error is left in the queue that is intentionally ignored --- ssl/ssl_rsa.c | 4 +++- 1 file changed, 3 insertions(+), 1 deletion(-) diff --git a/ssl/ssl_rsa.c b/ssl/ssl_rsa.c index 03828b6632..330390519b 100644 --- a/ssl/ssl_rsa.c +++ b/ssl/ssl_rsa.c @@ -207,7 +207,7 @@ static int ssl_set_pkey(CERT *c, EVP_PKEY *pkey) ok=1; else #endif - if (!X509_check_private_key(c->pkeys[i].x509,pkey)) + if (!X509_check_private_key(c->pkeys[i].x509,pkey)) { if ((i == SSL_PKEY_DH_RSA) || (i == SSL_PKEY_DH_DSA)) { @@ -241,6 +241,8 @@ static int ssl_set_pkey(CERT *c, EVP_PKEY *pkey) return(0); } + ERR_clear_error(); /* make sure no error from X509_check_private_key() + * is left if we have chosen to ignore it */ if (c->pkeys[i].privatekey != NULL) EVP_PKEY_free(c->pkeys[i].privatekey); CRYPTO_add(&pkey->references,1,CRYPTO_LOCK_EVP_PKEY); From 563c05e2dc77221c4aad740c3b89fc21c84652be Mon Sep 17 00:00:00 2001 From: =?UTF-8?q?Bodo=20M=C3=B6ller?= Date: Thu, 14 Aug 2003 10:33:56 +0000 Subject: [PATCH 387/393] fix out-of-bounds check in lock_dbg_cb (was too lose to detect all invalid cases) PR: 674 --- apps/openssl.c | 2 +- ssl/ssltest.c | 2 +- 2 files changed, 2 insertions(+), 2 deletions(-) diff --git a/apps/openssl.c b/apps/openssl.c index 45af2ba7f9..e0d89d4ab4 100644 --- a/apps/openssl.c +++ b/apps/openssl.c @@ -163,7 +163,7 @@ static void lock_dbg_cb(int mode, int type, const char *file, int line) goto err; } - if (type < 0 || type > CRYPTO_NUM_LOCKS) + if (type < 0 || type >= CRYPTO_NUM_LOCKS) { errstr = "type out of bounds"; goto err; diff --git a/ssl/ssltest.c b/ssl/ssltest.c index a304398b9f..7bb4152000 100644 --- a/ssl/ssltest.c +++ b/ssl/ssltest.c @@ -303,7 +303,7 @@ static void lock_dbg_cb(int mode, int type, const char *file, int line) goto err; } - if (type < 0 || type > CRYPTO_NUM_LOCKS) + if (type < 0 || type >= CRYPTO_NUM_LOCKS) { errstr = "type out of bounds"; goto err; From 510dc1ecd00296a17a9b680288290942d82beddf Mon Sep 17 00:00:00 2001 From: "Dr. Stephen Henson" Date: Thu, 21 Aug 2003 12:32:12 +0000 Subject: [PATCH 388/393] outlen should be int * in out_utf8. --- crypto/asn1/a_mbstr.c | 2 +- 1 file changed, 1 insertion(+), 1 deletion(-) diff --git a/crypto/asn1/a_mbstr.c b/crypto/asn1/a_mbstr.c index 5d981c6553..e8a26af521 100644 --- a/crypto/asn1/a_mbstr.c +++ b/crypto/asn1/a_mbstr.c @@ -296,7 +296,7 @@ static int in_utf8(unsigned long value, void *arg) static int out_utf8(unsigned long value, void *arg) { - long *outlen; + int *outlen; outlen = arg; *outlen += UTF8_putc(NULL, -1, value); return 1; From 14f3d7c5ccd38875d5f3ee2007baec5a7240adc0 Mon Sep 17 00:00:00 2001 From: "Dr. Stephen Henson" Date: Wed, 3 Sep 2003 23:47:34 +0000 Subject: [PATCH 389/393] Only accept a client certificate if the server requests one, as required by SSL/TLS specs. --- CHANGES | 5 +++++ ssl/s3_srvr.c | 9 +++++---- 2 files changed, 10 insertions(+), 4 deletions(-) diff --git a/CHANGES b/CHANGES index 0e7f968846..421d41fd72 100644 --- a/CHANGES +++ b/CHANGES @@ -2515,6 +2515,11 @@ des-cbc 3624.96k 5258.21k 5530.91k 5624.30k 5628.26k Changes between 0.9.6j and 0.9.6k [xx XXX 2003] + *) In ssl3_accept() (ssl/s3_srvr.c) only accept a client certificate + if the server requested one: as stated in TLS 1.0 and SSL 3.0 + specifications. + [Steve Henson] + *) In ssl3_get_client_hello() (ssl/s3_srvr.c), tolerate additional extra data after the compression methods not only for TLS 1.0 but also for SSL 3.0 (as required by the specification). diff --git a/ssl/s3_srvr.c b/ssl/s3_srvr.c index 32ddc48090..ca39d6b1c8 100644 --- a/ssl/s3_srvr.c +++ b/ssl/s3_srvr.c @@ -456,10 +456,11 @@ int ssl3_accept(SSL *s) if (ret == 2) s->state = SSL3_ST_SR_CLNT_HELLO_C; else { - /* could be sent for a DH cert, even if we - * have not asked for it :-) */ - ret=ssl3_get_client_certificate(s); - if (ret <= 0) goto end; + if (s->s3->tmp.cert_request) + { + ret=ssl3_get_client_certificate(s); + if (ret <= 0) goto end; + } s->init_num=0; s->state=SSL3_ST_SR_KEY_EXCH_A; } From 560dfd2a02df2fd3d6f0a12519eb26c3c4f60fa8 Mon Sep 17 00:00:00 2001 From: "Dr. Stephen Henson" Date: Wed, 3 Sep 2003 23:56:01 +0000 Subject: [PATCH 390/393] New -ignore_err option in ocsp application to stop the server exiting on the first error in a request. --- CHANGES | 4 ++++ apps/ocsp.c | 5 +++++ 2 files changed, 9 insertions(+) diff --git a/CHANGES b/CHANGES index 421d41fd72..dd23a4ee2b 100644 --- a/CHANGES +++ b/CHANGES @@ -549,6 +549,10 @@ Changes between 0.9.7b and 0.9.7c [xx XXX 2003] + *) New -ignore_err option in ocsp application to stop the server + exiting on the first error in a request. + [Steve Henson] + *) In ssl3_get_client_hello() (ssl/s3_srvr.c), tolerate additional extra data after the compression methods not only for TLS 1.0 but also for SSL 3.0 (as required by the specification). diff --git a/apps/ocsp.c b/apps/ocsp.c index 0cf4aad3f8..9c8e20d35a 100644 --- a/apps/ocsp.c +++ b/apps/ocsp.c @@ -123,6 +123,7 @@ int MAIN(int argc, char **argv) int accept_count = -1; int badarg = 0; int i; + int ignore_err = 0; STACK *reqnames = NULL; STACK_OF(OCSP_CERTID) *ids = NULL; @@ -182,6 +183,8 @@ int MAIN(int argc, char **argv) } else badarg = 1; } + else if (!strcmp(*args, "-ignore_err")) + ignore_err = 1; else if (!strcmp(*args, "-noverify")) noverify = 1; else if (!strcmp(*args, "-nonce")) @@ -783,6 +786,8 @@ int MAIN(int argc, char **argv) { BIO_printf(out, "Responder Error: %s (%d)\n", OCSP_response_status_str(i), i); + if (ignore_err) + goto redo_accept; ret = 0; goto end; } From a907751350f2bec14d413bccd517ab9c724dac3c Mon Sep 17 00:00:00 2001 From: =?UTF-8?q?Bodo=20M=C3=B6ller?= Date: Thu, 4 Sep 2003 12:52:56 +0000 Subject: [PATCH 391/393] certain changes have to be listed twice in this file because OpenSSL 0.9.6h forked into 0.9.6i and 0.9.7 ... --- CHANGES | 5 +++++ 1 file changed, 5 insertions(+) diff --git a/CHANGES b/CHANGES index dd23a4ee2b..fc57065a61 100644 --- a/CHANGES +++ b/CHANGES @@ -553,6 +553,11 @@ exiting on the first error in a request. [Steve Henson] + *) In ssl3_accept() (ssl/s3_srvr.c) only accept a client certificate + if the server requested one: as stated in TLS 1.0 and SSL 3.0 + specifications. + [Steve Henson] + *) In ssl3_get_client_hello() (ssl/s3_srvr.c), tolerate additional extra data after the compression methods not only for TLS 1.0 but also for SSL 3.0 (as required by the specification). From 9ea72d3705697b3d83023326f2d453530e5b4802 Mon Sep 17 00:00:00 2001 From: Geoff Thorpe Date: Mon, 8 Sep 2003 15:47:55 +0000 Subject: [PATCH 392/393] These should be write-locks, not read-locks. --- ssl/ssl_sess.c | 4 ++-- 1 file changed, 2 insertions(+), 2 deletions(-) diff --git a/ssl/ssl_sess.c b/ssl/ssl_sess.c index b4fb90448f..5cf79d274a 100644 --- a/ssl/ssl_sess.c +++ b/ssl/ssl_sess.c @@ -79,11 +79,11 @@ SSL_SESSION *SSL_get1_session(SSL *ssl) /* Need to lock this all up rather than just use CRYPTO_add so that * somebody doesn't free ssl->session between when we check it's * non-null and when we up the reference count. */ - CRYPTO_r_lock(CRYPTO_LOCK_SSL_SESSION); + CRYPTO_w_lock(CRYPTO_LOCK_SSL_SESSION); sess = ssl->session; if(sess) sess->references++; - CRYPTO_r_unlock(CRYPTO_LOCK_SSL_SESSION); + CRYPTO_w_unlock(CRYPTO_LOCK_SSL_SESSION); return(sess); } From e6fa67fa9337d498b4383b067da04c6b6e802cd0 Mon Sep 17 00:00:00 2001 From: Richard Levitte Date: Tue, 9 Sep 2003 14:48:36 +0000 Subject: [PATCH 393/393] Generalise the definition of strcasecmp() and strncasecmp() for platforms that don't (necessarely) have it. In the case of VMS, this means moving a couple of functions from apps/ to crypto/ and make them general (although only used privately). --- apps/apps.c | 26 ------------ apps/apps.h | 6 --- apps/ca.c | 10 ----- crypto/Makefile.ssl | 6 +-- crypto/crypto-lib.com | 2 +- crypto/o_str.c | 95 +++++++++++++++++++++++++++++++++++++++++++ crypto/o_str.h | 67 ++++++++++++++++++++++++++++++ e_os.h | 21 +++++++++- 8 files changed, 186 insertions(+), 47 deletions(-) create mode 100644 crypto/o_str.c create mode 100644 crypto/o_str.h diff --git a/apps/apps.c b/apps/apps.c index ac9e3daa5e..b1916bbc0f 100644 --- a/apps/apps.c +++ b/apps/apps.c @@ -126,16 +126,6 @@ #include #endif -#ifdef OPENSSL_SYS_WINDOWS -#define strcasecmp _stricmp -#else -# ifdef NO_STRINGS_H - int strcasecmp(); -# else -# include -# endif /* NO_STRINGS_H */ -#endif - #define NON_MAIN #include "apps.h" #undef NON_MAIN @@ -378,22 +368,6 @@ int WIN32_rename(char *from, char *to) } #endif -#ifdef OPENSSL_SYS_VMS -int VMS_strcasecmp(const char *str1, const char *str2) - { - while (*str1 && *str2) - { - int res = toupper(*str1) - toupper(*str2); - if (res) return res < 0 ? -1 : 1; - } - if (*str1) - return 1; - if (*str2) - return -1; - return 0; - } -#endif - int chopup_args(ARGS *arg, char *buf, int *argc, char **argv[]) { int num,len,i; diff --git a/apps/apps.h b/apps/apps.h index 8a9c4ab0a0..0d50a94774 100644 --- a/apps/apps.h +++ b/apps/apps.h @@ -141,12 +141,6 @@ long app_RAND_load_files(char *file); /* `file' is a list of files to read, int WIN32_rename(char *oldname,char *newname); #endif -/* VMS below version 7.0 doesn't have strcasecmp() */ -#ifdef OPENSSL_SYS_VMS -#define strcasecmp(str1,str2) VMS_strcasecmp((str1),(str2)) -int VMS_strcasecmp(const char *str1, const char *str2); -#endif - #ifndef MONOLITH #define MAIN(a,v) main(a,v) diff --git a/apps/ca.c b/apps/ca.c index 2c7e91aabb..780868a9f0 100644 --- a/apps/ca.c +++ b/apps/ca.c @@ -76,16 +76,6 @@ #include #include -#ifdef OPENSSL_SYS_WINDOWS -#define strcasecmp _stricmp -#else -# ifdef NO_STRINGS_H - int strcasecmp(); -# else -# include -# endif /* NO_STRINGS_H */ -#endif - #ifndef W_OK # ifdef OPENSSL_SYS_VMS # if defined(__DECC) diff --git a/crypto/Makefile.ssl b/crypto/Makefile.ssl index b52157e4db..059d8a6d27 100644 --- a/crypto/Makefile.ssl +++ b/crypto/Makefile.ssl @@ -37,14 +37,14 @@ GENERAL=Makefile README crypto-lib.com install.com LIB= $(TOP)/libcrypto.a SHARED_LIB= libcrypto$(SHLIB_EXT) -LIBSRC= cryptlib.c mem.c mem_clr.c mem_dbg.c cversion.c ex_data.c tmdiff.c cpt_err.c ebcdic.c uid.c o_time.c -LIBOBJ= cryptlib.o mem.o mem_clr.o mem_dbg.o cversion.o ex_data.o tmdiff.o cpt_err.o ebcdic.o uid.o o_time.o +LIBSRC= cryptlib.c mem.c mem_clr.c mem_dbg.c cversion.c ex_data.c tmdiff.c cpt_err.c ebcdic.c uid.c o_time.c o_str.c +LIBOBJ= cryptlib.o mem.o mem_clr.o mem_dbg.o cversion.o ex_data.o tmdiff.o cpt_err.o ebcdic.o uid.o o_time.o o_str.c SRC= $(LIBSRC) EXHEADER= crypto.h tmdiff.h opensslv.h opensslconf.h ebcdic.h symhacks.h \ ossl_typ.h -HEADER= cryptlib.h buildinf.h md32_common.h o_time.h $(EXHEADER) +HEADER= cryptlib.h buildinf.h md32_common.h o_time.h o_str.h $(EXHEADER) ALL= $(GENERAL) $(SRC) $(HEADER) diff --git a/crypto/crypto-lib.com b/crypto/crypto-lib.com index da1ee269b7..410e449046 100644 --- a/crypto/crypto-lib.com +++ b/crypto/crypto-lib.com @@ -159,7 +159,7 @@ $! $ APPS_DES = "DES/DES,CBC3_ENC" $ APPS_PKCS7 = "ENC/ENC;DEC/DEC;SIGN/SIGN;VERIFY/VERIFY,EXAMPLE" $ -$ LIB_ = "cryptlib,mem,mem_clr,mem_dbg,cversion,ex_data,tmdiff,cpt_err,ebcdic,uid,o_time" +$ LIB_ = "cryptlib,mem,mem_clr,mem_dbg,cversion,ex_data,tmdiff,cpt_err,ebcdic,uid,o_time,o_str" $ LIB_MD2 = "md2_dgst,md2_one" $ LIB_MD4 = "md4_dgst,md4_one" $ LIB_MD5 = "md5_dgst,md5_one" diff --git a/crypto/o_str.c b/crypto/o_str.c new file mode 100644 index 0000000000..8bcdc25e76 --- /dev/null +++ b/crypto/o_str.c @@ -0,0 +1,95 @@ +/* crypto/o_str.c -*- mode:C; c-file-style: "eay" -*- */ +/* Written by Richard Levitte (richard@levitte.org) for the OpenSSL + * project 2003. + */ +/* ==================================================================== + * Copyright (c) 2003 The OpenSSL Project. All rights reserved. + * + * Redistribution and use in source and binary forms, with or without + * modification, are permitted provided that the following conditions + * are met: + * + * 1. Redistributions of source code must retain the above copyright + * notice, this list of conditions and the following disclaimer. + * + * 2. Redistributions in binary form must reproduce the above copyright + * notice, this list of conditions and the following disclaimer in + * the documentation and/or other materials provided with the + * distribution. + * + * 3. All advertising materials mentioning features or use of this + * software must display the following acknowledgment: + * "This product includes software developed by the OpenSSL Project + * for use in the OpenSSL Toolkit. (http://www.openssl.org/)" + * + * 4. The names "OpenSSL Toolkit" and "OpenSSL Project" must not be used to + * endorse or promote products derived from this software without + * prior written permission. For written permission, please contact + * openssl-core@openssl.org. + * + * 5. Products derived from this software may not be called "OpenSSL" + * nor may "OpenSSL" appear in their names without prior written + * permission of the OpenSSL Project. + * + * 6. Redistributions of any form whatsoever must retain the following + * acknowledgment: + * "This product includes software developed by the OpenSSL Project + * for use in the OpenSSL Toolkit (http://www.openssl.org/)" + * + * THIS SOFTWARE IS PROVIDED BY THE OpenSSL PROJECT ``AS IS'' AND ANY + * EXPRESSED OR IMPLIED WARRANTIES, INCLUDING, BUT NOT LIMITED TO, THE + * IMPLIED WARRANTIES OF MERCHANTABILITY AND FITNESS FOR A PARTICULAR + * PURPOSE ARE DISCLAIMED. IN NO EVENT SHALL THE OpenSSL PROJECT OR + * ITS CONTRIBUTORS BE LIABLE FOR ANY DIRECT, INDIRECT, INCIDENTAL, + * SPECIAL, EXEMPLARY, OR CONSEQUENTIAL DAMAGES (INCLUDING, BUT + * NOT LIMITED TO, PROCUREMENT OF SUBSTITUTE GOODS OR SERVICES; + * LOSS OF USE, DATA, OR PROFITS; OR BUSINESS INTERRUPTION) + * HOWEVER CAUSED AND ON ANY THEORY OF LIABILITY, WHETHER IN CONTRACT, + * STRICT LIABILITY, OR TORT (INCLUDING NEGLIGENCE OR OTHERWISE) + * ARISING IN ANY WAY OUT OF THE USE OF THIS SOFTWARE, EVEN IF ADVISED + * OF THE POSSIBILITY OF SUCH DAMAGE. + * ==================================================================== + * + * This product includes cryptographic software written by Eric Young + * (eay@cryptsoft.com). This product includes software written by Tim + * Hudson (tjh@cryptsoft.com). + * + */ + +#include + +int OPENSSL_strncasecmp(const char *str1, const char *str2, size_t n) + { +#if defined(OPENSSL_SYS_VMS) + while (*str1 && *str2 && n) + { + int res = toupper(*str1) - toupper(*str2); + if (res) return res < 0 ? -1 : 1; + str1++; + str2++; + n--; + } + if (n == 0) + return 0; + if (*str1) + return 1; + if (*str2) + return -1; + return 0; +#elif defined(OPENSSL_SYS_WINDOWS) + return _strnicmp(str1, str2, n); +#else + return strncasecmp(str1, str2, n); +#endif + } +int OPENSSL_strcasecmp(const char *str1, const char *str2) + { +#if defined(OPENSSL_SYS_VMS) + return OSSL_strncasecmp(str1, str2, (size_t)-1); +#elif defined(OPENSSL_SYS_WINDOWS) + return _stricmp(str1, str2, n); +#else + return strcasecmp(str1, str2); +#endif + } + diff --git a/crypto/o_str.h b/crypto/o_str.h new file mode 100644 index 0000000000..5535123abc --- /dev/null +++ b/crypto/o_str.h @@ -0,0 +1,67 @@ +/* crypto/o_str.h -*- mode:C; c-file-style: "eay" -*- */ +/* Written by Richard Levitte (richard@levitte.org) for the OpenSSL + * project 2003. + */ +/* ==================================================================== + * Copyright (c) 2003 The OpenSSL Project. All rights reserved. + * + * Redistribution and use in source and binary forms, with or without + * modification, are permitted provided that the following conditions + * are met: + * + * 1. Redistributions of source code must retain the above copyright + * notice, this list of conditions and the following disclaimer. + * + * 2. Redistributions in binary form must reproduce the above copyright + * notice, this list of conditions and the following disclaimer in + * the documentation and/or other materials provided with the + * distribution. + * + * 3. All advertising materials mentioning features or use of this + * software must display the following acknowledgment: + * "This product includes software developed by the OpenSSL Project + * for use in the OpenSSL Toolkit. (http://www.OpenSSL.org/)" + * + * 4. The names "OpenSSL Toolkit" and "OpenSSL Project" must not be used to + * endorse or promote products derived from this software without + * prior written permission. For written permission, please contact + * licensing@OpenSSL.org. + * + * 5. Products derived from this software may not be called "OpenSSL" + * nor may "OpenSSL" appear in their names without prior written + * permission of the OpenSSL Project. + * + * 6. Redistributions of any form whatsoever must retain the following + * acknowledgment: + * "This product includes software developed by the OpenSSL Project + * for use in the OpenSSL Toolkit (http://www.OpenSSL.org/)" + * + * THIS SOFTWARE IS PROVIDED BY THE OpenSSL PROJECT ``AS IS'' AND ANY + * EXPRESSED OR IMPLIED WARRANTIES, INCLUDING, BUT NOT LIMITED TO, THE + * IMPLIED WARRANTIES OF MERCHANTABILITY AND FITNESS FOR A PARTICULAR + * PURPOSE ARE DISCLAIMED. IN NO EVENT SHALL THE OpenSSL PROJECT OR + * ITS CONTRIBUTORS BE LIABLE FOR ANY DIRECT, INDIRECT, INCIDENTAL, + * SPECIAL, EXEMPLARY, OR CONSEQUENTIAL DAMAGES (INCLUDING, BUT + * NOT LIMITED TO, PROCUREMENT OF SUBSTITUTE GOODS OR SERVICES; + * LOSS OF USE, DATA, OR PROFITS; OR BUSINESS INTERRUPTION) + * HOWEVER CAUSED AND ON ANY THEORY OF LIABILITY, WHETHER IN CONTRACT, + * STRICT LIABILITY, OR TORT (INCLUDING NEGLIGENCE OR OTHERWISE) + * ARISING IN ANY WAY OUT OF THE USE OF THIS SOFTWARE, EVEN IF ADVISED + * OF THE POSSIBILITY OF SUCH DAMAGE. + * ==================================================================== + * + * This product includes cryptographic software written by Eric Young + * (eay@cryptsoft.com). This product includes software written by Tim + * Hudson (tjh@cryptsoft.com). + * + */ + +#ifndef HEADER_O_STR_H +#define HEADER_O_STR_H + +#include + +int OPENSSL_strcasecmp(const char *str1, const char *str2); +int OPENSSL_strncasecmp(const char *str1, const char *str2, size_t n) + +#endif diff --git a/e_os.h b/e_os.h index 3800bfd75f..3f7cdf4b51 100644 --- a/e_os.h +++ b/e_os.h @@ -503,11 +503,30 @@ extern char *sys_errlist[]; extern int sys_nerr; #define IRIX_CC_BUG /* CDS++ up to V2.0Bsomething suffered from the same bug.*/ #endif +#if defined(OPENSSL_SYS_WINDOWS) +# define strcasecmp _stricmp +# define strncasecmp _strnicmp +#elif defined(OPENSSL_SYS_VMS) +/* VMS below version 7.0 doesn't have strcasecmp() */ +# include +# define strcasecmp OPENSSL_strcasecmp +# define strncasecmp OPENSSL_strncasecmp +#elif defined(OPENSSL_SYS_OS2) && defined(__EMX__) +# define strcasecmp stricmp +# define strncasecmp strnicmp +#else +# ifdef NO_STRINGS_H + int strcasecmp(); + int strncasecmp(); +# else +# include +# endif /* NO_STRINGS_H */ +#endif + #if defined(OPENSSL_SYS_OS2) && defined(__EMX__) # include # include # define NO_SYSLOG -# define strcasecmp stricmp #endif /* vxworks */