From 9fe6127c90ba1cfc658a4179dd928e3fdbac9c9a Mon Sep 17 00:00:00 2001 From: kris Date: Mon, 13 Nov 2000 02:20:29 +0000 Subject: [PATCH] Resolve conflicts, and garbage collect some local changes that are no longer required --- crypto/openssl/apps/speed.c | 538 +++++++++++++++++++-------- crypto/openssl/crypto/des/des.h | 9 +- crypto/openssl/crypto/err/err_all.c | 9 + crypto/openssl/crypto/evp/evp.h | 133 +++++-- crypto/openssl/crypto/idea/i_cbc.c | 4 +- crypto/openssl/crypto/idea/i_cfb64.c | 6 +- crypto/openssl/crypto/idea/i_ecb.c | 2 +- crypto/openssl/crypto/idea/i_ofb64.c | 5 +- crypto/openssl/crypto/idea/i_skey.c | 2 +- crypto/openssl/crypto/idea/idea.h | 18 +- crypto/openssl/crypto/rsa/rsa.h | 24 +- crypto/openssl/crypto/rsa/rsa_eay.c | 26 +- crypto/openssl/crypto/rsa/rsa_lib.c | 33 +- crypto/openssl/ssl/s23_clnt.c | 4 +- crypto/openssl/ssl/s23_srvr.c | 32 +- crypto/openssl/ssl/s2_clnt.c | 1 + crypto/openssl/ssl/s2_enc.c | 4 +- crypto/openssl/ssl/s2_lib.c | 20 +- crypto/openssl/ssl/s2_srvr.c | 4 +- crypto/openssl/util/pl/Mingw32.pl | 29 +- 20 files changed, 625 insertions(+), 278 deletions(-) diff --git a/crypto/openssl/apps/speed.c b/crypto/openssl/apps/speed.c index 094326c0aa48..156d19f79d5d 100644 --- a/crypto/openssl/apps/speed.c +++ b/crypto/openssl/apps/speed.c @@ -84,16 +84,25 @@ #include #include -#if !defined(MSDOS) && (!defined(VMS) || defined(__DECC)) -#define TIMES +#if defined(__FreeBSD__) +# define USE_TOD +#elif !defined(MSDOS) && (!defined(VMS) || defined(__DECC)) +# define TIMES +#endif +#if !defined(_UNICOS) && !defined(__OpenBSD__) && !defined(sgi) && !defined(__FreeBSD__) && !(defined(__bsdi) || defined(__bsdi__)) && !defined(_AIX) && !defined(MPE) +# define TIMEB #endif #ifndef _IRIX -#include +# include #endif #ifdef TIMES -#include -#include +# include +# include +#endif +#ifdef USE_TOD +# include +# include #endif /* Depending on the VMS version, the tms structure is perhaps defined. @@ -104,10 +113,14 @@ #undef TIMES #endif -#ifndef TIMES +#ifdef TIMEB #include #endif +#if !defined(TIMES) && !defined(TIMEB) && !defined(USE_TOD) +#error "It seems neither struct tms nor struct timeb is supported in this platform!" +#endif + #if defined(sun) || defined(__ultrix) #define _POSIX_SOURCE #include @@ -123,6 +136,9 @@ #ifndef NO_MDC2 #include #endif +#ifndef NO_MD4 +#include +#endif #ifndef NO_MD5 #include #endif @@ -180,7 +196,7 @@ #define BUFSIZE ((long)1024*8+1) int run=0; -static double Time_F(int s); +static double Time_F(int s, int usertime); static void print_message(char *s,long num,int length); static void pkey_print_message(char *str,char *str2,long num,int bits,int sec); #ifdef SIGALRM @@ -204,39 +220,91 @@ static SIGRETTYPE sig_done(int sig) #define START 0 #define STOP 1 -static double Time_F(int s) +static double Time_F(int s, int usertime) { double ret; -#ifdef TIMES - static struct tms tstart,tend; - if (s == START) - { - times(&tstart); - return(0); +#ifdef USE_TOD + if(usertime) + { + static struct rusage tstart,tend; + + if (s == START) + { + getrusage(RUSAGE_SELF,&tstart); + return(0); + } + else + { + long i; + + getrusage(RUSAGE_SELF,&tend); + i=(long)tend.ru_utime.tv_usec-(long)tstart.ru_utime.tv_usec; + ret=((double)(tend.ru_utime.tv_sec-tstart.ru_utime.tv_sec)) + +((double)i)/1000000.0; + return((ret < 0.001)?0.001:ret); + } } else { - times(&tend); - ret=((double)(tend.tms_utime-tstart.tms_utime))/HZ; - return((ret < 1e-3)?1e-3:ret); - } -#else /* !times() */ - static struct timeb tstart,tend; - long i; + static struct timeval tstart,tend; + long i; - if (s == START) - { - ftime(&tstart); - return(0); + if (s == START) + { + gettimeofday(&tstart,NULL); + return(0); + } + else + { + gettimeofday(&tend,NULL); + i=(long)tend.tv_usec-(long)tstart.tv_usec; + ret=((double)(tend.tv_sec-tstart.tv_sec))+((double)i)/1000000.0; + return((ret < 0.001)?0.001:ret); + } } +#else /* ndef USE_TOD */ + +# ifdef TIMES + if (usertime) + { + static struct tms tstart,tend; + + if (s == START) + { + times(&tstart); + return(0); + } + else + { + times(&tend); + ret=((double)(tend.tms_utime-tstart.tms_utime))/HZ; + return((ret < 1e-3)?1e-3:ret); + } + } +# endif /* times() */ +# if defined(TIMES) && defined(TIMEB) else +# endif +# ifdef TIMEB { - ftime(&tend); - i=(long)tend.millitm-(long)tstart.millitm; - ret=((double)(tend.time-tstart.time))+((double)i)/1000.0; - return((ret < 0.001)?0.001:ret); + static struct timeb tstart,tend; + long i; + + if (s == START) + { + ftime(&tstart); + return(0); + } + else + { + ftime(&tend); + i=(long)tend.millitm-(long)tstart.millitm; + ret=((double)(tend.time-tstart.time))+((double)i)/1000.0; + return((ret < 0.001)?0.001:ret); + } } +# endif #endif } @@ -246,19 +314,22 @@ int MAIN(int argc, char **argv) { unsigned char *buf=NULL,*buf2=NULL; int mret=1; -#define ALGOR_NUM 14 +#define ALGOR_NUM 15 #define SIZE_NUM 5 #define RSA_NUM 4 #define DSA_NUM 3 long count,rsa_count; int i,j,k; - unsigned rsa_num,rsa_num2; + unsigned rsa_num; #ifndef NO_MD2 unsigned char md2[MD2_DIGEST_LENGTH]; #endif #ifndef NO_MDC2 unsigned char mdc2[MDC2_DIGEST_LENGTH]; #endif +#ifndef NO_MD4 + unsigned char md4[MD4_DIGEST_LENGTH]; +#endif #ifndef NO_MD5 unsigned char md5[MD5_DIGEST_LENGTH]; unsigned char hmac[MD5_DIGEST_LENGTH]; @@ -300,23 +371,24 @@ int MAIN(int argc, char **argv) #endif #define D_MD2 0 #define D_MDC2 1 -#define D_MD5 2 -#define D_HMAC 3 -#define D_SHA1 4 -#define D_RMD160 5 -#define D_RC4 6 -#define D_CBC_DES 7 -#define D_EDE3_DES 8 -#define D_CBC_IDEA 9 -#define D_CBC_RC2 10 -#define D_CBC_RC5 11 -#define D_CBC_BF 12 -#define D_CBC_CAST 13 +#define D_MD4 2 +#define D_MD5 3 +#define D_HMAC 4 +#define D_SHA1 5 +#define D_RMD160 6 +#define D_RC4 7 +#define D_CBC_DES 8 +#define D_EDE3_DES 9 +#define D_CBC_IDEA 10 +#define D_CBC_RC2 11 +#define D_CBC_RC5 12 +#define D_CBC_BF 13 +#define D_CBC_CAST 14 double d,results[ALGOR_NUM][SIZE_NUM]; static int lengths[SIZE_NUM]={8,64,256,1024,8*1024}; long c[ALGOR_NUM][SIZE_NUM]; static char *names[ALGOR_NUM]={ - "md2","mdc2","md5","hmac(md5)","sha1","rmd160","rc4", + "md2","mdc2","md4","md5","hmac(md5)","sha1","rmd160","rc4", "des cbc","des ede3","idea cbc", "rc2 cbc","rc5-32/12 cbc","blowfish cbc","cast cbc"}; #define R_DSA_512 0 @@ -347,6 +419,11 @@ int MAIN(int argc, char **argv) int dsa_doit[DSA_NUM]; int doit[ALGOR_NUM]; int pr_header=0; + int usertime=1; + +#ifndef TIMES + usertime=-1; +#endif apps_startup(); memset(results, 0, sizeof(results)); @@ -364,7 +441,7 @@ int MAIN(int argc, char **argv) rsa_key[i]=NULL; #endif - if ((buf=(unsigned char *)Malloc((int)BUFSIZE)) == NULL) + if ((buf=(unsigned char *)OPENSSL_malloc((int)BUFSIZE)) == NULL) { BIO_printf(bio_err,"out of memory\n"); goto end; @@ -372,7 +449,7 @@ int MAIN(int argc, char **argv) #ifndef NO_DES buf_as_des_cblock = (des_cblock *)buf; #endif - if ((buf2=(unsigned char *)Malloc((int)BUFSIZE)) == NULL) + if ((buf2=(unsigned char *)OPENSSL_malloc((int)BUFSIZE)) == NULL) { BIO_printf(bio_err,"out of memory\n"); goto end; @@ -393,6 +470,8 @@ int MAIN(int argc, char **argv) argv++; while (argc) { + if ((argc > 0) && (strcmp(*argv,"-elapsed") == 0)) + usertime = 0; #ifndef NO_MD2 if (strcmp(*argv,"md2") == 0) doit[D_MD2]=1; else @@ -401,6 +480,10 @@ int MAIN(int argc, char **argv) if (strcmp(*argv,"mdc2") == 0) doit[D_MDC2]=1; else #endif +#ifndef NO_MD4 + if (strcmp(*argv,"md4") == 0) doit[D_MD4]=1; + else +#endif #ifndef NO_MD5 if (strcmp(*argv,"md5") == 0) doit[D_MD5]=1; else @@ -433,10 +516,18 @@ int MAIN(int argc, char **argv) else #endif #ifndef NO_RSA +#ifdef RSAref + if (strcmp(*argv,"rsaref") == 0) + { + RSA_set_default_method(RSA_PKCS1_RSAref()); + j--; + } + else +#endif #ifndef RSA_NULL if (strcmp(*argv,"openssl") == 0) { - RSA_set_default_method(RSA_PKCS1()); + RSA_set_default_method(RSA_PKCS1_SSLeay()); j--; } else @@ -504,8 +595,34 @@ int MAIN(int argc, char **argv) else #endif { - BIO_printf(bio_err,"bad value, pick one of\n"); - BIO_printf(bio_err,"md2 mdc2 md5 hmac sha1 rmd160\n"); + BIO_printf(bio_err,"Error: bad option or value\n"); + BIO_printf(bio_err,"\n"); + BIO_printf(bio_err,"Available values:\n"); +#ifndef NO_MD2 + BIO_printf(bio_err,"md2 "); +#endif +#ifndef NO_MDC2 + BIO_printf(bio_err,"mdc2 "); +#endif +#ifndef NO_MD4 + BIO_printf(bio_err,"md4 "); +#endif +#ifndef NO_MD5 + BIO_printf(bio_err,"md5 "); +#ifndef NO_HMAC + BIO_printf(bio_err,"hmac "); +#endif +#endif +#ifndef NO_SHA1 + BIO_printf(bio_err,"sha1 "); +#endif +#ifndef NO_RIPEMD160 + BIO_printf(bio_err,"rmd160"); +#endif +#if !defined(NO_MD2) || !defined(NO_MDC2) || !defined(NO_MD4) || !defined(NO_MD5) || !defined(NO_SHA1) || !defined(NO_RIPEMD160) + BIO_printf(bio_err,"\n"); +#endif + #ifndef NO_IDEA BIO_printf(bio_err,"idea-cbc "); #endif @@ -518,20 +635,48 @@ int MAIN(int argc, char **argv) #ifndef NO_BF BIO_printf(bio_err,"bf-cbc"); #endif -#if !defined(NO_IDEA) && !defined(NO_RC2) && !defined(NO_BF) && !defined(NO_RC5) +#if !defined(NO_IDEA) || !defined(NO_RC2) || !defined(NO_BF) || !defined(NO_RC5) BIO_printf(bio_err,"\n"); #endif + BIO_printf(bio_err,"des-cbc des-ede3 "); #ifndef NO_RC4 BIO_printf(bio_err,"rc4"); #endif + BIO_printf(bio_err,"\n"); + #ifndef NO_RSA - BIO_printf(bio_err,"\nrsa512 rsa1024 rsa2048 rsa4096\n"); + BIO_printf(bio_err,"rsa512 rsa1024 rsa2048 rsa4096\n"); #endif + #ifndef NO_DSA - BIO_printf(bio_err,"\ndsa512 dsa1024 dsa2048\n"); + BIO_printf(bio_err,"dsa512 dsa1024 dsa2048\n"); +#endif + +#ifndef NO_IDEA + BIO_printf(bio_err,"idea "); +#endif +#ifndef NO_RC2 + BIO_printf(bio_err,"rc2 "); +#endif +#ifndef NO_DES + BIO_printf(bio_err,"des "); +#endif +#ifndef NO_RSA + BIO_printf(bio_err,"rsa "); +#endif +#ifndef NO_BF + BIO_printf(bio_err,"blowfish"); +#endif +#if !defined(NO_IDEA) || !defined(NO_RC2) || !defined(NO_DES) || !defined(NO_RSA) || !defined(NO_BF) + BIO_printf(bio_err,"\n"); +#endif + +#ifdef TIMES + BIO_printf(bio_err,"\n"); + BIO_printf(bio_err,"Available options:\n"); + BIO_printf(bio_err,"-elapsed measure time in real time instead of CPU user time.\n"); #endif - BIO_printf(bio_err,"idea rc2 des rsa blowfish\n"); goto end; } argc--; @@ -551,10 +696,13 @@ int MAIN(int argc, char **argv) for (i=0; i replaces . #endif -#include #include /* DES_LONG */ #include /* OPENSSL_EXTERN */ +#ifdef __cplusplus +extern "C" { +#endif + typedef unsigned char des_cblock[8]; typedef /* const */ unsigned char const_des_cblock[8]; /* With "const", gcc 2.8.1 on Solaris thinks that des_cblock * diff --git a/crypto/openssl/crypto/err/err_all.c b/crypto/openssl/crypto/err/err_all.c index 18a2cb31e3e0..5449a31c4e94 100644 --- a/crypto/openssl/crypto/err/err_all.c +++ b/crypto/openssl/crypto/err/err_all.c @@ -65,6 +65,9 @@ #ifndef NO_RSA #include #endif +#ifdef RSAref +#include +#endif #ifndef NO_DH #include #endif @@ -80,6 +83,7 @@ #include #include #include +#include void ERR_load_crypto_strings(void) { @@ -94,8 +98,12 @@ void ERR_load_crypto_strings(void) ERR_load_BIO_strings(); ERR_load_CONF_strings(); #ifndef NO_RSA +#ifdef RSAref + ERR_load_RSAREF_strings(); +#else ERR_load_RSA_strings(); #endif +#endif #ifndef NO_DH ERR_load_DH_strings(); #endif @@ -112,5 +120,6 @@ void ERR_load_crypto_strings(void) ERR_load_PKCS7_strings(); ERR_load_PKCS12_strings(); ERR_load_RAND_strings(); + ERR_load_DSO_strings(); #endif } diff --git a/crypto/openssl/crypto/evp/evp.h b/crypto/openssl/crypto/evp/evp.h index 39969c2e91a9..d224551884ad 100644 --- a/crypto/openssl/crypto/evp/evp.h +++ b/crypto/openssl/crypto/evp/evp.h @@ -61,13 +61,23 @@ #ifndef HEADER_ENVELOPE_H #define HEADER_ENVELOPE_H -#ifdef __cplusplus -extern "C" { +#ifdef OPENSSL_ALGORITHM_DEFINES +# include +#else +# define OPENSSL_ALGORITHM_DEFINES +# include +# undef OPENSSL_ALGORITHM_DEFINES #endif +#ifndef NO_BIO +#include +#endif #ifndef NO_MD2 #include #endif +#ifndef NO_MD4 +#include +#endif #ifndef NO_MD5 #include #endif @@ -149,6 +159,10 @@ extern "C" { #define EVP_PKEY_DSA4 NID_dsaWithSHA1_2 #define EVP_PKEY_DH NID_dhKeyAgreement +#ifdef __cplusplus +extern "C" { +#endif + /* Type needs to be a bit field * Sub-type needs to be for variations on the method, as in, can it do * arbitrary encryption.... */ @@ -170,7 +184,7 @@ typedef struct evp_pkey_st #endif } pkey; int save_parameters; - STACK /*X509_ATTRIBUTE*/ *attributes; /* [ 0 ] */ + STACK_OF(X509_ATTRIBUTE) *attributes; /* [ 0 ] */ } EVP_PKEY; #define EVP_PKEY_MO_SIGN 0x0001 @@ -300,6 +314,9 @@ typedef struct env_md_ctx_st #ifndef NO_MD5 MD5_CTX md5; #endif +#ifndef NO_MD4 + MD4_CTX md4; +#endif #ifndef NO_RIPEMD RIPEMD160_CTX ripemd160; #endif @@ -312,21 +329,57 @@ typedef struct env_md_ctx_st } md; } EVP_MD_CTX; -typedef struct evp_cipher_st +typedef struct evp_cipher_st EVP_CIPHER; +typedef struct evp_cipher_ctx_st EVP_CIPHER_CTX; + +struct evp_cipher_st { int nid; int block_size; - int key_len; + int key_len; /* Default value for variable length ciphers */ int iv_len; - void (*init)(); /* init for encryption */ - void (*do_cipher)(); /* encrypt data */ - void (*cleanup)(); /* used by cipher method */ + unsigned long flags; /* Various flags */ + int (*init)(EVP_CIPHER_CTX *ctx, const unsigned char *key, + const unsigned char *iv, int enc); /* init key */ + int (*do_cipher)(EVP_CIPHER_CTX *ctx, unsigned char *out, + const unsigned char *in, unsigned int inl);/* encrypt/decrypt data */ + int (*cleanup)(EVP_CIPHER_CTX *); /* cleanup ctx */ int ctx_size; /* how big the ctx needs to be */ - /* int set_asn1_parameters(EVP_CIPHER_CTX,ASN1_TYPE *); */ - int (*set_asn1_parameters)(); /* Populate a ASN1_TYPE with parameters */ - /* int get_asn1_parameters(EVP_CIPHER_CTX,ASN1_TYPE *); */ - int (*get_asn1_parameters)(); /* Get parameters from a ASN1_TYPE */ - } EVP_CIPHER; + int (*set_asn1_parameters)(EVP_CIPHER_CTX *, ASN1_TYPE *); /* Populate a ASN1_TYPE with parameters */ + int (*get_asn1_parameters)(EVP_CIPHER_CTX *, ASN1_TYPE *); /* Get parameters from a ASN1_TYPE */ + int (*ctrl)(EVP_CIPHER_CTX *, int type, int arg, void *ptr); /* Miscellaneous operations */ + void *app_data; /* Application data */ + }; + +/* Values for cipher flags */ + +/* Modes for ciphers */ + +#define EVP_CIPH_STREAM_CIPHER 0x0 +#define EVP_CIPH_ECB_MODE 0x1 +#define EVP_CIPH_CBC_MODE 0x2 +#define EVP_CIPH_CFB_MODE 0x3 +#define EVP_CIPH_OFB_MODE 0x4 +#define EVP_CIPH_MODE 0x7 +/* Set if variable length cipher */ +#define EVP_CIPH_VARIABLE_LENGTH 0x8 +/* Set if the iv handling should be done by the cipher itself */ +#define EVP_CIPH_CUSTOM_IV 0x10 +/* Set if the cipher's init() function should be called if key is NULL */ +#define EVP_CIPH_ALWAYS_CALL_INIT 0x20 +/* Call ctrl() to init cipher parameters */ +#define EVP_CIPH_CTRL_INIT 0x40 +/* Don't use standard key length function */ +#define EVP_CIPH_CUSTOM_KEY_LENGTH 0x80 + +/* ctrl() values */ + +#define EVP_CTRL_INIT 0x0 +#define EVP_CTRL_SET_KEY_LENGTH 0x1 +#define EVP_CTRL_GET_RC2_KEY_BITS 0x2 +#define EVP_CTRL_SET_RC2_KEY_BITS 0x3 +#define EVP_CTRL_GET_RC5_ROUNDS 0x4 +#define EVP_CTRL_SET_RC5_ROUNDS 0x5 typedef struct evp_cipher_info_st { @@ -334,7 +387,7 @@ typedef struct evp_cipher_info_st unsigned char iv[EVP_MAX_IV_LENGTH]; } EVP_CIPHER_INFO; -typedef struct evp_cipher_ctx_st +struct evp_cipher_ctx_st { const EVP_CIPHER *cipher; int encrypt; /* encrypt or decrypt */ @@ -345,7 +398,8 @@ typedef struct evp_cipher_ctx_st unsigned char buf[EVP_MAX_IV_LENGTH]; /* saved partial block */ int num; /* used by cfb/ofb mode */ - char *app_data; /* application stuff */ + void *app_data; /* application stuff */ + int key_len; /* May change for variable length cipher */ union { #ifndef NO_RC4 struct @@ -373,10 +427,16 @@ typedef struct evp_cipher_ctx_st IDEA_KEY_SCHEDULE idea_ks;/* key schedule */ #endif #ifndef NO_RC2 - RC2_KEY rc2_ks;/* key schedule */ + struct { + int key_bits; /* effective key bits */ + RC2_KEY ks;/* key schedule */ + } rc2; #endif #ifndef NO_RC5 - RC5_32_KEY rc5_ks;/* key schedule */ + struct { + int rounds; /* number of rounds */ + RC5_32_KEY ks;/* key schedule */ + } rc5; #endif #ifndef NO_BF BF_KEY bf_ks;/* key schedule */ @@ -385,7 +445,7 @@ typedef struct evp_cipher_ctx_st CAST_KEY cast_ks;/* key schedule */ #endif } c; - } EVP_CIPHER_CTX; + }; typedef struct evp_Encode_Ctx_st { @@ -432,15 +492,19 @@ typedef int (EVP_PBE_KEYGEN)(EVP_CIPHER_CTX *ctx, const char *pass, int passlen, #define EVP_CIPHER_block_size(e) ((e)->block_size) #define EVP_CIPHER_key_length(e) ((e)->key_len) #define EVP_CIPHER_iv_length(e) ((e)->iv_len) +#define EVP_CIPHER_flags(e) ((e)->flags) +#define EVP_CIPHER_mode(e) ((e)->flags) & EVP_CIPH_MODE) #define EVP_CIPHER_CTX_cipher(e) ((e)->cipher) #define EVP_CIPHER_CTX_nid(e) ((e)->cipher->nid) #define EVP_CIPHER_CTX_block_size(e) ((e)->cipher->block_size) -#define EVP_CIPHER_CTX_key_length(e) ((e)->cipher->key_len) +#define EVP_CIPHER_CTX_key_length(e) ((e)->key_len) #define EVP_CIPHER_CTX_iv_length(e) ((e)->cipher->iv_len) #define EVP_CIPHER_CTX_get_app_data(e) ((e)->app_data) #define EVP_CIPHER_CTX_set_app_data(e,d) ((e)->app_data=(char *)(d)) #define EVP_CIPHER_CTX_type(c) EVP_CIPHER_type(EVP_CIPHER_CTX_cipher(c)) +#define EVP_CIPHER_CTX_flags(e) ((e)->cipher->flags) +#define EVP_CIPHER_CTX_mode(e) ((e)->cipher->flags & EVP_CIPH_MODE) #define EVP_ENCODE_LENGTH(l) (((l+2)/3*4)+(l/48+1)*2+80) #define EVP_DECODE_LENGTH(l) ((l+3)/4*3+80) @@ -488,21 +552,21 @@ int EVP_BytesToKey(const EVP_CIPHER *type,EVP_MD *md,unsigned char *salt, unsigned char *data, int datal, int count, unsigned char *key,unsigned char *iv); -void EVP_EncryptInit(EVP_CIPHER_CTX *ctx,const EVP_CIPHER *type, +int EVP_EncryptInit(EVP_CIPHER_CTX *ctx,const EVP_CIPHER *type, unsigned char *key, unsigned char *iv); -void EVP_EncryptUpdate(EVP_CIPHER_CTX *ctx, unsigned char *out, +int EVP_EncryptUpdate(EVP_CIPHER_CTX *ctx, unsigned char *out, int *outl, unsigned char *in, int inl); -void EVP_EncryptFinal(EVP_CIPHER_CTX *ctx, unsigned char *out, int *outl); +int EVP_EncryptFinal(EVP_CIPHER_CTX *ctx, unsigned char *out, int *outl); -void EVP_DecryptInit(EVP_CIPHER_CTX *ctx,const EVP_CIPHER *type, +int EVP_DecryptInit(EVP_CIPHER_CTX *ctx,const EVP_CIPHER *type, unsigned char *key, unsigned char *iv); -void EVP_DecryptUpdate(EVP_CIPHER_CTX *ctx, unsigned char *out, +int EVP_DecryptUpdate(EVP_CIPHER_CTX *ctx, unsigned char *out, int *outl, unsigned char *in, int inl); int EVP_DecryptFinal(EVP_CIPHER_CTX *ctx, unsigned char *outm, int *outl); -void EVP_CipherInit(EVP_CIPHER_CTX *ctx,const EVP_CIPHER *type, +int EVP_CipherInit(EVP_CIPHER_CTX *ctx,const EVP_CIPHER *type, unsigned char *key,unsigned char *iv,int enc); -void EVP_CipherUpdate(EVP_CIPHER_CTX *ctx, unsigned char *out, +int EVP_CipherUpdate(EVP_CIPHER_CTX *ctx, unsigned char *out, int *outl, unsigned char *in, int inl); int EVP_CipherFinal(EVP_CIPHER_CTX *ctx, unsigned char *outm, int *outl); @@ -536,9 +600,11 @@ int EVP_DecodeBlock(unsigned char *t, const unsigned char *f, int n); void ERR_load_EVP_strings(void ); void EVP_CIPHER_CTX_init(EVP_CIPHER_CTX *a); -void EVP_CIPHER_CTX_cleanup(EVP_CIPHER_CTX *a); +int EVP_CIPHER_CTX_cleanup(EVP_CIPHER_CTX *a); +int EVP_CIPHER_CTX_set_key_length(EVP_CIPHER_CTX *x, int keylen); +int EVP_CIPHER_CTX_ctrl(EVP_CIPHER_CTX *ctx, int type, int arg, void *ptr); -#ifdef HEADER_BIO_H +#ifndef NO_BIO BIO_METHOD *BIO_f_md(void); BIO_METHOD *BIO_f_base64(void); BIO_METHOD *BIO_f_cipher(void); @@ -549,6 +615,7 @@ void BIO_set_cipher(BIO *b,const EVP_CIPHER *c,unsigned char *k, EVP_MD *EVP_md_null(void); EVP_MD *EVP_md2(void); +EVP_MD *EVP_md4(void); EVP_MD *EVP_md5(void); EVP_MD *EVP_sha(void); EVP_MD *EVP_sha1(void); @@ -685,6 +752,9 @@ void EVP_PBE_cleanup(void); /* Function codes. */ #define EVP_F_D2I_PKEY 100 +#define EVP_F_EVP_CIPHERINIT 123 +#define EVP_F_EVP_CIPHER_CTX_CTRL 124 +#define EVP_F_EVP_CIPHER_CTX_SET_KEY_LENGTH 122 #define EVP_F_EVP_DECRYPTFINAL 101 #define EVP_F_EVP_MD_CTX_COPY 110 #define EVP_F_EVP_OPENINIT 102 @@ -705,12 +775,15 @@ void EVP_PBE_cleanup(void); #define EVP_F_PKCS5_PBE_KEYIVGEN 117 #define EVP_F_PKCS5_V2_PBE_KEYIVGEN 118 #define EVP_F_RC2_MAGIC_TO_METH 109 +#define EVP_F_RC5_CTRL 125 /* Reason codes. */ #define EVP_R_BAD_DECRYPT 100 #define EVP_R_BN_DECODE_ERROR 112 #define EVP_R_BN_PUBKEY_ERROR 113 #define EVP_R_CIPHER_PARAMETER_ERROR 122 +#define EVP_R_CTRL_NOT_IMPLEMENTED 132 +#define EVP_R_CTRL_OPERATION_NOT_IMPLEMENTED 133 #define EVP_R_DECODE_ERROR 114 #define EVP_R_DIFFERENT_KEY_TYPES 101 #define EVP_R_ENCODE_ERROR 115 @@ -718,16 +791,20 @@ void EVP_PBE_cleanup(void); #define EVP_R_EXPECTING_AN_RSA_KEY 127 #define EVP_R_EXPECTING_A_DH_KEY 128 #define EVP_R_EXPECTING_A_DSA_KEY 129 +#define EVP_R_INITIALIZATION_ERROR 134 #define EVP_R_INPUT_NOT_INITIALIZED 111 +#define EVP_R_INVALID_KEY_LENGTH 130 #define EVP_R_IV_TOO_LARGE 102 #define EVP_R_KEYGEN_FAILURE 120 #define EVP_R_MISSING_PARAMETERS 103 +#define EVP_R_NO_CIPHER_SET 131 #define EVP_R_NO_DSA_PARAMETERS 116 #define EVP_R_NO_SIGN_FUNCTION_CONFIGURED 104 #define EVP_R_NO_VERIFY_FUNCTION_CONFIGURED 105 #define EVP_R_PKCS8_UNKNOWN_BROKEN_TYPE 117 #define EVP_R_PUBLIC_KEY_NOT_RSA 106 #define EVP_R_UNKNOWN_PBE_ALGORITHM 121 +#define EVP_R_UNSUPORTED_NUMBER_OF_ROUNDS 135 #define EVP_R_UNSUPPORTED_CIPHER 107 #define EVP_R_UNSUPPORTED_KEYLENGTH 123 #define EVP_R_UNSUPPORTED_KEY_DERIVATION_FUNCTION 124 diff --git a/crypto/openssl/crypto/idea/i_cbc.c b/crypto/openssl/crypto/idea/i_cbc.c index 76b610073c3c..d141cc2e2e8f 100644 --- a/crypto/openssl/crypto/idea/i_cbc.c +++ b/crypto/openssl/crypto/idea/i_cbc.c @@ -47,7 +47,7 @@ * OR SERVICES; LOSS OF USE, DATA, OR PROFITS; OR BUSINESS INTERRUPTION) * HOWEVER CAUSED AND ON ANY THEORY OF LIABILITY, WHETHER IN CONTRACT, STRICT * LIABILITY, OR TORT (INCLUDING NEGLIGENCE OR OTHERWISE) ARISING IN ANY WAY - * OUT OF THE USE OF THIS SOFTWARE, EVEN IF ADVISED OF THE POSSIBILITY OF + * OUT OF THE USE OF THIS SOFTWARE, EVEN IF ADVISED OF THE POSSIBILITY OF * SUCH DAMAGE. * * The licence and distribution terms for any publically available version or @@ -60,7 +60,7 @@ #include #include "idea_lcl.h" -void idea_cbc_encrypt(unsigned char *in, unsigned char *out, long length, +void idea_cbc_encrypt(const unsigned char *in, unsigned char *out, long length, IDEA_KEY_SCHEDULE *ks, unsigned char *iv, int encrypt) { register unsigned long tin0,tin1; diff --git a/crypto/openssl/crypto/idea/i_cfb64.c b/crypto/openssl/crypto/idea/i_cfb64.c index 2093aaa72803..6f7e364fcb5a 100644 --- a/crypto/openssl/crypto/idea/i_cfb64.c +++ b/crypto/openssl/crypto/idea/i_cfb64.c @@ -65,9 +65,9 @@ * 64bit block we have used is contained in *num; */ -void idea_cfb64_encrypt(unsigned char *in, unsigned char *out, long length, - IDEA_KEY_SCHEDULE *schedule, unsigned char *ivec, int *num, - int encrypt) +void idea_cfb64_encrypt(const unsigned char *in, unsigned char *out, + long length, IDEA_KEY_SCHEDULE *schedule, + unsigned char *ivec, int *num, int encrypt) { register unsigned long v0,v1,t; register int n= *num; diff --git a/crypto/openssl/crypto/idea/i_ecb.c b/crypto/openssl/crypto/idea/i_ecb.c index 73f684e94c1b..3789cb523294 100644 --- a/crypto/openssl/crypto/idea/i_ecb.c +++ b/crypto/openssl/crypto/idea/i_ecb.c @@ -71,7 +71,7 @@ const char *idea_options(void) return("idea(short)"); } -void idea_ecb_encrypt(unsigned char *in, unsigned char *out, +void idea_ecb_encrypt(const unsigned char *in, unsigned char *out, IDEA_KEY_SCHEDULE *ks) { unsigned long l0,l1,d[2]; diff --git a/crypto/openssl/crypto/idea/i_ofb64.c b/crypto/openssl/crypto/idea/i_ofb64.c index 41d1be89894c..b3397f9a8e11 100644 --- a/crypto/openssl/crypto/idea/i_ofb64.c +++ b/crypto/openssl/crypto/idea/i_ofb64.c @@ -64,8 +64,9 @@ * used. The extra state information to record how much of the * 64bit block we have used is contained in *num; */ -void idea_ofb64_encrypt(unsigned char *in, unsigned char *out, long length, - IDEA_KEY_SCHEDULE *schedule, unsigned char *ivec, int *num) +void idea_ofb64_encrypt(const unsigned char *in, unsigned char *out, + long length, IDEA_KEY_SCHEDULE *schedule, + unsigned char *ivec, int *num) { register unsigned long v0,v1,t; register int n= *num; diff --git a/crypto/openssl/crypto/idea/i_skey.c b/crypto/openssl/crypto/idea/i_skey.c index da2fd85c5237..5fea5cc2f675 100644 --- a/crypto/openssl/crypto/idea/i_skey.c +++ b/crypto/openssl/crypto/idea/i_skey.c @@ -61,7 +61,7 @@ #include "idea_lcl.h" static IDEA_INT inverse(unsigned int xin); -void idea_set_encrypt_key(unsigned char *key, IDEA_KEY_SCHEDULE *ks) +void idea_set_encrypt_key(const unsigned char *key, IDEA_KEY_SCHEDULE *ks) { int i; register IDEA_INT *kt,*kf,r0,r1,r2; diff --git a/crypto/openssl/crypto/idea/idea.h b/crypto/openssl/crypto/idea/idea.h index 38e553fbc683..31d3c895af99 100644 --- a/crypto/openssl/crypto/idea/idea.h +++ b/crypto/openssl/crypto/idea/idea.h @@ -60,10 +60,6 @@ #ifndef HEADER_IDEA_H #define HEADER_IDEA_H -#ifdef __cplusplus -extern "C" { -#endif - #ifdef NO_IDEA #error IDEA is disabled. #endif @@ -75,22 +71,26 @@ extern "C" { #define IDEA_BLOCK 8 #define IDEA_KEY_LENGTH 16 +#ifdef __cplusplus +extern "C" { +#endif + typedef struct idea_key_st { IDEA_INT data[9][6]; } IDEA_KEY_SCHEDULE; const char *idea_options(void); -void idea_ecb_encrypt(unsigned char *in, unsigned char *out, +void idea_ecb_encrypt(const unsigned char *in, unsigned char *out, IDEA_KEY_SCHEDULE *ks); -void idea_set_encrypt_key(unsigned char *key, IDEA_KEY_SCHEDULE *ks); +void idea_set_encrypt_key(const unsigned char *key, IDEA_KEY_SCHEDULE *ks); void idea_set_decrypt_key(IDEA_KEY_SCHEDULE *ek, IDEA_KEY_SCHEDULE *dk); -void idea_cbc_encrypt(unsigned char *in, unsigned char *out, +void idea_cbc_encrypt(const unsigned char *in, unsigned char *out, long length, IDEA_KEY_SCHEDULE *ks, unsigned char *iv,int enc); -void idea_cfb64_encrypt(unsigned char *in, unsigned char *out, +void idea_cfb64_encrypt(const unsigned char *in, unsigned char *out, long length, IDEA_KEY_SCHEDULE *ks, unsigned char *iv, int *num,int enc); -void idea_ofb64_encrypt(unsigned char *in, unsigned char *out, +void idea_ofb64_encrypt(const unsigned char *in, unsigned char *out, long length, IDEA_KEY_SCHEDULE *ks, unsigned char *iv, int *num); void idea_encrypt(unsigned long *in, IDEA_KEY_SCHEDULE *ks); #ifdef __cplusplus diff --git a/crypto/openssl/crypto/rsa/rsa.h b/crypto/openssl/crypto/rsa/rsa.h index b4492284bfe5..880ebfe1e9d6 100644 --- a/crypto/openssl/crypto/rsa/rsa.h +++ b/crypto/openssl/crypto/rsa/rsa.h @@ -60,10 +60,9 @@ #ifndef HEADER_RSA_H #define HEADER_RSA_H -#ifdef __cplusplus -extern "C" { +#ifndef NO_BIO +#include #endif - #include #include @@ -71,6 +70,10 @@ extern "C" { #error RSA is disabled. #endif +#ifdef __cplusplus +extern "C" { +#endif + typedef struct rsa_st RSA; typedef struct rsa_meth_st @@ -192,8 +195,11 @@ RSA_METHOD *RSA_set_method(RSA *rsa, RSA_METHOD *meth); /* This function needs the memory locking malloc callbacks to be installed */ int RSA_memory_lock(RSA *r); +/* If you have RSAref compiled in. */ +RSA_METHOD *RSA_PKCS1_RSAref(void); + /* these are the actual SSLeay RSA functions */ -RSA_METHOD *RSA_PKCS1(void); +RSA_METHOD *RSA_PKCS1_SSLeay(void); RSA_METHOD *RSA_null_method(void); @@ -207,10 +213,14 @@ int i2d_RSAPrivateKey(RSA *a, unsigned char **pp); int RSA_print_fp(FILE *fp, RSA *r,int offset); #endif -#ifdef HEADER_BIO_H +#ifndef NO_BIO int RSA_print(BIO *bp, RSA *r,int offset); #endif +int i2d_RSA_NET(RSA *a, unsigned char **pp, int (*cb)(), int sgckey); +RSA *d2i_RSA_NET(RSA **a, unsigned char **pp, long length, int (*cb)(), int sgckey); +RSA *d2i_RSA_NET_2(RSA **a, unsigned char **pp, long length, int (*cb)(), int sgckey); + int i2d_Netscape_RSA(RSA *a, unsigned char **pp, int (*cb)()); RSA *d2i_Netscape_RSA(RSA **a, unsigned char **pp, long length, int (*cb)()); /* Naughty internal function required elsewhere, to handle a MS structure @@ -257,7 +267,6 @@ int RSA_padding_add_none(unsigned char *to,int tlen, int RSA_padding_check_none(unsigned char *to,int tlen, unsigned char *f,int fl,int rsa_len); -int RSA_libversion(); int RSA_get_ex_new_index(long argl, void *argp, CRYPTO_EX_new *new_func, CRYPTO_EX_dup *dup_func, CRYPTO_EX_free *free_func); int RSA_set_ex_data(RSA *r,int idx,void *arg); @@ -330,9 +339,6 @@ void *RSA_get_ex_data(RSA *r, int idx); #define RSA_R_UNKNOWN_PADDING_TYPE 118 #define RSA_R_WRONG_SIGNATURE_LENGTH 119 -#define RSALIB_OPENSSL 1 -#define RSALIB_RSAREF 2 - #ifdef __cplusplus } #endif diff --git a/crypto/openssl/crypto/rsa/rsa_eay.c b/crypto/openssl/crypto/rsa/rsa_eay.c index f73d7b2889b8..816211741203 100644 --- a/crypto/openssl/crypto/rsa/rsa_eay.c +++ b/crypto/openssl/crypto/rsa/rsa_eay.c @@ -63,6 +63,8 @@ #include #include +#ifndef RSA_NULL + static int RSA_eay_public_encrypt(int flen, unsigned char *from, unsigned char *to, RSA *rsa,int padding); static int RSA_eay_private_encrypt(int flen, unsigned char *from, @@ -88,7 +90,7 @@ static RSA_METHOD rsa_pkcs1_eay_meth={ NULL, }; -RSA_METHOD *RSA_PKCS1(void) +RSA_METHOD *RSA_PKCS1_SSLeay(void) { return(&rsa_pkcs1_eay_meth); } @@ -105,7 +107,7 @@ static int RSA_eay_public_encrypt(int flen, unsigned char *from, BN_init(&ret); if ((ctx=BN_CTX_new()) == NULL) goto err; num=BN_num_bytes(rsa->n); - if ((buf=(unsigned char *)Malloc(num)) == NULL) + if ((buf=(unsigned char *)OPENSSL_malloc(num)) == NULL) { RSAerr(RSA_F_RSA_EAY_PUBLIC_ENCRYPT,ERR_R_MALLOC_FAILURE); goto err; @@ -160,7 +162,7 @@ static int RSA_eay_public_encrypt(int flen, unsigned char *from, if (buf != NULL) { memset(buf,0,num); - Free(buf); + OPENSSL_free(buf); } return(r); } @@ -178,7 +180,7 @@ static int RSA_eay_private_encrypt(int flen, unsigned char *from, if ((ctx=BN_CTX_new()) == NULL) goto err; num=BN_num_bytes(rsa->n); - if ((buf=(unsigned char *)Malloc(num)) == NULL) + if ((buf=(unsigned char *)OPENSSL_malloc(num)) == NULL) { RSAerr(RSA_F_RSA_EAY_PRIVATE_ENCRYPT,ERR_R_MALLOC_FAILURE); goto err; @@ -236,7 +238,7 @@ static int RSA_eay_private_encrypt(int flen, unsigned char *from, if (buf != NULL) { memset(buf,0,num); - Free(buf); + OPENSSL_free(buf); } return(r); } @@ -257,13 +259,13 @@ static int RSA_eay_private_decrypt(int flen, unsigned char *from, num=BN_num_bytes(rsa->n); - if ((buf=(unsigned char *)Malloc(num)) == NULL) + if ((buf=(unsigned char *)OPENSSL_malloc(num)) == NULL) { RSAerr(RSA_F_RSA_EAY_PRIVATE_DECRYPT,ERR_R_MALLOC_FAILURE); goto err; } - /* This check was for equallity but PGP does evil things + /* This check was for equality but PGP does evil things * and chops off the top '0' bytes */ if (flen > num) { @@ -329,7 +331,7 @@ static int RSA_eay_private_decrypt(int flen, unsigned char *from, if (buf != NULL) { memset(buf,0,num); - Free(buf); + OPENSSL_free(buf); } return(r); } @@ -349,14 +351,14 @@ static int RSA_eay_public_decrypt(int flen, unsigned char *from, if (ctx == NULL) goto err; num=BN_num_bytes(rsa->n); - buf=(unsigned char *)Malloc(num); + buf=(unsigned char *)OPENSSL_malloc(num); if (buf == NULL) { RSAerr(RSA_F_RSA_EAY_PUBLIC_DECRYPT,ERR_R_MALLOC_FAILURE); goto err; } - /* This check was for equallity but PGP does evil things + /* This check was for equality but PGP does evil things * and chops off the top '0' bytes */ if (flen > num) { @@ -401,7 +403,7 @@ static int RSA_eay_public_decrypt(int flen, unsigned char *from, if (buf != NULL) { memset(buf,0,num); - Free(buf); + OPENSSL_free(buf); } return(r); } @@ -487,4 +489,4 @@ static int RSA_eay_finish(RSA *rsa) return(1); } - +#endif diff --git a/crypto/openssl/crypto/rsa/rsa_lib.c b/crypto/openssl/crypto/rsa/rsa_lib.c index c2a0b03827a3..f5d1770ab30f 100644 --- a/crypto/openssl/crypto/rsa/rsa_lib.c +++ b/crypto/openssl/crypto/rsa/rsa_lib.c @@ -82,6 +82,19 @@ void RSA_set_default_method(RSA_METHOD *meth) RSA_METHOD *RSA_get_default_method(void) { + if (default_RSA_meth == NULL) + { +#ifdef RSA_NULL + default_RSA_meth=RSA_null_method(); +#else +#ifdef RSAref + default_RSA_meth=RSA_PKCS1_RSAref(); +#else + default_RSA_meth=RSA_PKCS1_SSLeay(); +#endif +#endif + } + return default_RSA_meth; } @@ -104,15 +117,7 @@ RSA *RSA_new_method(RSA_METHOD *meth) { RSA *ret; - if (default_RSA_meth == NULL) - { -#ifdef RSA_NULL - default_RSA_meth=RSA_null_method(); -#else - default_RSA_meth=RSA_PKCS1(); -#endif - } - ret=(RSA *)Malloc(sizeof(RSA)); + ret=(RSA *)OPENSSL_malloc(sizeof(RSA)); if (ret == NULL) { RSAerr(RSA_F_RSA_NEW_METHOD,ERR_R_MALLOC_FAILURE); @@ -120,7 +125,7 @@ RSA *RSA_new_method(RSA_METHOD *meth) } if (meth == NULL) - ret->meth=default_RSA_meth; + ret->meth=RSA_get_default_method(); else ret->meth=meth; @@ -143,7 +148,7 @@ RSA *RSA_new_method(RSA_METHOD *meth) ret->flags=ret->meth->flags; if ((ret->meth->init != NULL) && !ret->meth->init(ret)) { - Free(ret); + OPENSSL_free(ret); ret=NULL; } else @@ -184,8 +189,8 @@ void RSA_free(RSA *r) if (r->dmq1 != NULL) BN_clear_free(r->dmq1); if (r->iqmp != NULL) BN_clear_free(r->iqmp); if (r->blinding != NULL) BN_BLINDING_free(r->blinding); - if (r->bignum_data != NULL) Free_locked(r->bignum_data); - Free(r); + if (r->bignum_data != NULL) OPENSSL_free_locked(r->bignum_data); + OPENSSL_free(r); } int RSA_get_ex_new_index(long argl, void *argp, CRYPTO_EX_new *new_func, @@ -302,7 +307,7 @@ int RSA_memory_lock(RSA *r) j=1; for (i=0; i<6; i++) j+= (*t[i])->top; - if ((p=Malloc_locked((off+j)*sizeof(BN_ULONG))) == NULL) + if ((p=OPENSSL_malloc_locked((off+j)*sizeof(BN_ULONG))) == NULL) { RSAerr(RSA_F_MEMORY_LOCK,ERR_R_MALLOC_FAILURE); return(0); diff --git a/crypto/openssl/ssl/s23_clnt.c b/crypto/openssl/ssl/s23_clnt.c index c6b23239e741..8a3daaf33cc1 100644 --- a/crypto/openssl/ssl/s23_clnt.c +++ b/crypto/openssl/ssl/s23_clnt.c @@ -368,7 +368,9 @@ static int ssl23_get_server_hello(SSL *s) } s->state=SSL2_ST_GET_SERVER_HELLO_A; - s->s2->ssl2_rollback=1; + if (!(s->client_version == SSL2_VERSION)) + /* use special padding (SSL 3.0 draft/RFC 2246, App. E.2) */ + s->s2->ssl2_rollback=1; /* setup the 5 bytes we have read so we get them from * the sslv2 buffer */ diff --git a/crypto/openssl/ssl/s23_srvr.c b/crypto/openssl/ssl/s23_srvr.c index c1c2e9d3f4ec..2dbf6148ce82 100644 --- a/crypto/openssl/ssl/s23_srvr.c +++ b/crypto/openssl/ssl/s23_srvr.c @@ -299,7 +299,7 @@ int ssl23_get_client_hello(SSL *s) if (n <= 0) return(n); p=s->packet; - if ((buf=Malloc(n)) == NULL) + if ((buf=OPENSSL_malloc(n)) == NULL) { SSLerr(SSL_F_SSL23_GET_CLIENT_HELLO,ERR_R_MALLOC_FAILURE); goto err; @@ -350,16 +350,21 @@ int ssl23_get_client_hello(SSL *s) * SSLv3 or tls1 header */ - v[0]=p[1]; /* major version */ + v[0]=p[1]; /* major version (= SSL3_VERSION_MAJOR) */ /* We must look at client_version inside the Client Hello message - * to get the correct minor version: */ - v[1]=p[10]; - /* However if we have only a pathologically small fragment of the - * Client Hello message, we simply use the version from the - * record header -- this is incorrect but unlikely to fail in - * practice */ + * to get the correct minor version. + * However if we have only a pathologically small fragment of the + * Client Hello message, this would be difficult, we'd have + * to read at least one additional record to find out. + * This doesn't usually happen in real life, so we just complain + * for now. + */ if (p[3] == 0 && p[4] < 6) - v[1]=p[2]; + { + SSLerr(SSL_F_SSL23_GET_CLIENT_HELLO,SSL_R_RECORD_TOO_SMALL); + goto err; + } + v[1]=p[10]; /* minor version according to client_version */ if (v[1] >= TLS1_VERSION_MINOR) { if (!(s->options & SSL_OP_NO_TLSv1)) @@ -497,9 +502,12 @@ int ssl23_get_client_hello(SSL *s) s->state=SSL2_ST_GET_CLIENT_HELLO_A; if ((s->options & SSL_OP_MSIE_SSLV2_RSA_PADDING) || - use_sslv2_strong) + use_sslv2_strong || + (s->options & SSL_OP_NO_TLSv1 && s->options & SSL_OP_NO_SSLv3)) s->s2->ssl2_rollback=0; else + /* reject SSL 2.0 session if client supports SSL 3.0 or TLS 1.0 + * (SSL 3.0 draft/RFC 2246, App. E.2) */ s->s2->ssl2_rollback=1; /* setup the n bytes we have read so we get them from @@ -561,10 +569,10 @@ int ssl23_get_client_hello(SSL *s) } s->init_num=0; - if (buf != buf_space) Free(buf); + if (buf != buf_space) OPENSSL_free(buf); s->first_packet=1; return(SSL_accept(s)); err: - if (buf != buf_space) Free(buf); + if (buf != buf_space) OPENSSL_free(buf); return(-1); } diff --git a/crypto/openssl/ssl/s2_clnt.c b/crypto/openssl/ssl/s2_clnt.c index 5781f98b022e..e448a60ae4f5 100644 --- a/crypto/openssl/ssl/s2_clnt.c +++ b/crypto/openssl/ssl/s2_clnt.c @@ -922,6 +922,7 @@ int ssl2_set_certificate(SSL *s, int type, int len, unsigned char *data) SSLerr(SSL_F_SSL2_SET_CERTIFICATE,SSL_R_CERTIFICATE_VERIFY_FAILED); goto err; } + ERR_clear_error(); /* but we keep s->verify_result */ /* server's cert for this session */ sc=ssl_sess_cert_new(); diff --git a/crypto/openssl/ssl/s2_enc.c b/crypto/openssl/ssl/s2_enc.c index 204acd7cc689..7643f963d87b 100644 --- a/crypto/openssl/ssl/s2_enc.c +++ b/crypto/openssl/ssl/s2_enc.c @@ -82,11 +82,11 @@ int ssl2_enc_init(SSL *s, int client) if ((s->enc_read_ctx == NULL) && ((s->enc_read_ctx=(EVP_CIPHER_CTX *) - Malloc(sizeof(EVP_CIPHER_CTX))) == NULL)) + OPENSSL_malloc(sizeof(EVP_CIPHER_CTX))) == NULL)) goto err; if ((s->enc_write_ctx == NULL) && ((s->enc_write_ctx=(EVP_CIPHER_CTX *) - Malloc(sizeof(EVP_CIPHER_CTX))) == NULL)) + OPENSSL_malloc(sizeof(EVP_CIPHER_CTX))) == NULL)) goto err; rs= s->enc_read_ctx; diff --git a/crypto/openssl/ssl/s2_lib.c b/crypto/openssl/ssl/s2_lib.c index 8230f3b7b40a..c64c8d89c5e0 100644 --- a/crypto/openssl/ssl/s2_lib.c +++ b/crypto/openssl/ssl/s2_lib.c @@ -269,12 +269,12 @@ int ssl2_new(SSL *s) { SSL2_STATE *s2; - if ((s2=Malloc(sizeof *s2)) == NULL) goto err; + if ((s2=OPENSSL_malloc(sizeof *s2)) == NULL) goto err; memset(s2,0,sizeof *s2); - if ((s2->rbuf=Malloc( + if ((s2->rbuf=OPENSSL_malloc( SSL2_MAX_RECORD_LENGTH_2_BYTE_HEADER+2)) == NULL) goto err; - if ((s2->wbuf=Malloc( + if ((s2->wbuf=OPENSSL_malloc( SSL2_MAX_RECORD_LENGTH_2_BYTE_HEADER+2)) == NULL) goto err; s->s2=s2; @@ -283,9 +283,9 @@ int ssl2_new(SSL *s) err: if (s2 != NULL) { - if (s2->wbuf != NULL) Free(s2->wbuf); - if (s2->rbuf != NULL) Free(s2->rbuf); - Free(s2); + if (s2->wbuf != NULL) OPENSSL_free(s2->wbuf); + if (s2->rbuf != NULL) OPENSSL_free(s2->rbuf); + OPENSSL_free(s2); } return(0); } @@ -298,10 +298,10 @@ void ssl2_free(SSL *s) return; s2=s->s2; - if (s2->rbuf != NULL) Free(s2->rbuf); - if (s2->wbuf != NULL) Free(s2->wbuf); + if (s2->rbuf != NULL) OPENSSL_free(s2->rbuf); + if (s2->wbuf != NULL) OPENSSL_free(s2->wbuf); memset(s2,0,sizeof *s2); - Free(s2); + OPENSSL_free(s2); s->s2=NULL; } @@ -386,7 +386,7 @@ SSL_CIPHER *ssl2_get_cipher_by_char(const unsigned char *p) cpp=(SSL_CIPHER **)OBJ_bsearch((char *)&cp, (char *)sorted, SSL2_NUM_CIPHERS,sizeof(SSL_CIPHER *), - (int (*)())ssl_cipher_ptr_id_cmp); + FP_ICC ssl_cipher_ptr_id_cmp); if ((cpp == NULL) || !(*cpp)->valid) return(NULL); else diff --git a/crypto/openssl/ssl/s2_srvr.c b/crypto/openssl/ssl/s2_srvr.c index 51c70df96acf..2f3ec610c377 100644 --- a/crypto/openssl/ssl/s2_srvr.c +++ b/crypto/openssl/ssl/s2_srvr.c @@ -900,7 +900,7 @@ static int request_certificate(SSL *s) EVP_VerifyUpdate(&ctx,ccd,SSL2_MIN_CERT_CHALLENGE_LENGTH); i=i2d_X509(s->cert->pkeys[SSL_PKEY_RSA_ENC].x509,NULL); - buf2=Malloc((unsigned int)i); + buf2=OPENSSL_malloc((unsigned int)i); if (buf2 == NULL) { SSLerr(SSL_F_REQUEST_CERTIFICATE,ERR_R_MALLOC_FAILURE); @@ -909,7 +909,7 @@ static int request_certificate(SSL *s) p2=buf2; i=i2d_X509(s->cert->pkeys[SSL_PKEY_RSA_ENC].x509,&p2); EVP_VerifyUpdate(&ctx,buf2,(unsigned int)i); - Free(buf2); + OPENSSL_free(buf2); pkey=X509_get_pubkey(x509); if (pkey == NULL) goto end; diff --git a/crypto/openssl/util/pl/Mingw32.pl b/crypto/openssl/util/pl/Mingw32.pl index 2d33c91a0184..02a5086f8236 100644 --- a/crypto/openssl/util/pl/Mingw32.pl +++ b/crypto/openssl/util/pl/Mingw32.pl @@ -18,9 +18,33 @@ $mkdir='gmkdir'; $cc='gcc'; if ($debug) - { $cflags="-g2 -ggdb"; } + { $cflags="-DL_ENDIAN -DDSO_WIN32 -g2 -ggdb"; } else - { $cflags="-DL_ENDIAN -fomit-frame-pointer -O3 -m486 -Wall"; } + { $cflags="-DL_ENDIAN -DDSO_WIN32 -fomit-frame-pointer -O3 -m486 -Wall"; } + +if ($gaswin and !$no_asm) + { + $bn_asm_obj='$(OBJ_D)/bn-win32.o'; + $bn_asm_src='crypto/bn/asm/bn-win32.s'; + $des_enc_obj='$(OBJ_D)/d-win32.o $(OBJ_D)/y-win32.o'; + $des_enc_src='crypto/des/asm/d-win32.s crypto/des/asm/y-win32.s'; + $bf_enc_obj='$(OBJ_D)/b-win32.o'; + $bf_enc_src='crypto/bf/asm/b-win32.s'; +# $cast_enc_obj='$(OBJ_D)/c-win32.o'; +# $cast_enc_src='crypto/cast/asm/c-win32.s'; + $rc4_enc_obj='$(OBJ_D)/r4-win32.o'; + $rc4_enc_src='crypto/rc4/asm/r4-win32.s'; + $rc5_enc_obj='$(OBJ_D)/r5-win32.o'; + $rc5_enc_src='crypto/rc5/asm/r5-win32.s'; + $md5_asm_obj='$(OBJ_D)/m5-win32.o'; + $md5_asm_src='crypto/md5/asm/m5-win32.s'; + $rmd160_asm_obj='$(OBJ_D)/rm-win32.o'; + $rmd160_asm_src='crypto/ripemd/asm/rm-win32.s'; + $sha1_asm_obj='$(OBJ_D)/s1-win32.o'; + $sha1_asm_src='crypto/sha/asm/s1-win32.s'; + $cflags.=" -DBN_ASM -DMD5_ASM -DSHA1_ASM"; + } + $obj='.o'; $ofile='-o '; @@ -77,4 +101,3 @@ sub do_link_rule return($ret); } 1; -