Resolve conflicts

svn path=/head/; revision=72616

crypto/openssl/crypto/evp/evp.h

@@ -465,12 +465,20 @@ typedef int (EVP_PBE_KEYGEN)(EVP_CIPHER_CTX *ctx, const char *pass, int passlen,
 		ASN1_TYPE *param, EVP_CIPHER *cipher,
                 EVP_MD *md, int en_de);
 
+#ifndef NO_RSA
 #define EVP_PKEY_assign_RSA(pkey,rsa) EVP_PKEY_assign((pkey),EVP_PKEY_RSA,\
 					(char *)(rsa))
+#endif
+
+#ifndef NO_DSA
 #define EVP_PKEY_assign_DSA(pkey,dsa) EVP_PKEY_assign((pkey),EVP_PKEY_DSA,\
 					(char *)(dsa))
+#endif
+
+#ifndef NO_DH
 #define EVP_PKEY_assign_DH(pkey,dh) EVP_PKEY_assign((pkey),EVP_PKEY_DH,\
 					(char *)(dh))
+#endif
 
 /* Add some extra combinations */
 #define EVP_get_digestbynid(a) EVP_get_digestbyname(OBJ_nid2sn(a))
@@ -614,17 +622,29 @@ void BIO_set_cipher(BIO *b,const EVP_CIPHER *c,unsigned char *k,
 #endif
 
 EVP_MD *EVP_md_null(void);
+#ifndef NO_MD2
 EVP_MD *EVP_md2(void);
+#endif
+#ifndef NO_MD4
 EVP_MD *EVP_md4(void);
+#endif
+#ifndef NO_MD5
 EVP_MD *EVP_md5(void);
+#endif
+#ifndef NO_SHA
 EVP_MD *EVP_sha(void);
 EVP_MD *EVP_sha1(void);
 EVP_MD *EVP_dss(void);
 EVP_MD *EVP_dss1(void);
+#endif
+#ifndef NO_MDC2
 EVP_MD *EVP_mdc2(void);
+#endif
+#ifndef NO_RIPEMD
 EVP_MD *EVP_ripemd160(void);
-
+#endif
 EVP_CIPHER *EVP_enc_null(void);		/* does nothing :-) */
+#ifndef NO_DES
 EVP_CIPHER *EVP_des_ecb(void);
 EVP_CIPHER *EVP_des_ede(void);
 EVP_CIPHER *EVP_des_ede3(void);
@@ -638,31 +658,43 @@ EVP_CIPHER *EVP_des_cbc(void);
 EVP_CIPHER *EVP_des_ede_cbc(void);
 EVP_CIPHER *EVP_des_ede3_cbc(void);
 EVP_CIPHER *EVP_desx_cbc(void);
+#endif
+#ifndef NO_RC4
 EVP_CIPHER *EVP_rc4(void);
 EVP_CIPHER *EVP_rc4_40(void);
+#endif
+#ifndef NO_IDEA
 EVP_CIPHER *EVP_idea_ecb(void);
 EVP_CIPHER *EVP_idea_cfb(void);
 EVP_CIPHER *EVP_idea_ofb(void);
 EVP_CIPHER *EVP_idea_cbc(void);
+#endif
+#ifndef NO_RC2
 EVP_CIPHER *EVP_rc2_ecb(void);
 EVP_CIPHER *EVP_rc2_cbc(void);
 EVP_CIPHER *EVP_rc2_40_cbc(void);
 EVP_CIPHER *EVP_rc2_64_cbc(void);
 EVP_CIPHER *EVP_rc2_cfb(void);
 EVP_CIPHER *EVP_rc2_ofb(void);
+#endif
+#ifndef NO_BF
 EVP_CIPHER *EVP_bf_ecb(void);
 EVP_CIPHER *EVP_bf_cbc(void);
 EVP_CIPHER *EVP_bf_cfb(void);
 EVP_CIPHER *EVP_bf_ofb(void);
+#endif
+#ifndef NO_CAST
 EVP_CIPHER *EVP_cast5_ecb(void);
 EVP_CIPHER *EVP_cast5_cbc(void);
 EVP_CIPHER *EVP_cast5_cfb(void);
 EVP_CIPHER *EVP_cast5_ofb(void);
+#endif
+#ifndef NO_RC5
 EVP_CIPHER *EVP_rc5_32_12_16_cbc(void);
 EVP_CIPHER *EVP_rc5_32_12_16_ecb(void);
 EVP_CIPHER *EVP_rc5_32_12_16_cfb(void);
 EVP_CIPHER *EVP_rc5_32_12_16_ofb(void);
-
+#endif
 void OpenSSL_add_all_algorithms(void);
 void OpenSSL_add_all_ciphers(void);
 void OpenSSL_add_all_digests(void);

crypto/openssl/crypto/idea/Makefile.ssl

@@ -40,7 +40,8 @@ all:	lib
 
 lib:	$(LIBOBJ)
 	$(AR) $(LIB) $(LIBOBJ)
-	$(RANLIB) $(LIB)
+	@echo You may get an error following this line.  Please ignore.
+	- $(RANLIB) $(LIB)
 	@touch lib
 
 files:

crypto/openssl/crypto/rsa/rsa_eay.c

@@ -139,11 +139,28 @@ static int RSA_eay_public_encrypt(int flen, unsigned char *from,
 	
 	if ((rsa->_method_mod_n == NULL) && (rsa->flags & RSA_FLAG_CACHE_PUBLIC))
 		{
-		if ((rsa->_method_mod_n=BN_MONT_CTX_new()) != NULL)
-			if (!BN_MONT_CTX_set(rsa->_method_mod_n,rsa->n,ctx))
-			    goto err;
+		BN_MONT_CTX* bn_mont_ctx;
+		if ((bn_mont_ctx=BN_MONT_CTX_new()) == NULL)
+			goto err;
+		if (!BN_MONT_CTX_set(bn_mont_ctx,rsa->n,ctx))
+			{
+			BN_MONT_CTX_free(bn_mont_ctx);
+			goto err;
+			}
+		if (rsa->_method_mod_n == NULL) /* other thread may have finished first */
+			{
+			CRYPTO_w_lock(CRYPTO_LOCK_RSA);
+			if (rsa->_method_mod_n == NULL)
+				{
+				rsa->_method_mod_n = bn_mont_ctx;
+				bn_mont_ctx = NULL;
+				}
+			CRYPTO_w_unlock(CRYPTO_LOCK_RSA);
+			}
+		if (bn_mont_ctx)
+			BN_MONT_CTX_free(bn_mont_ctx);
 		}
-
+		
 	if (!rsa->meth->bn_mod_exp(&ret,&f,rsa->e,rsa->n,ctx,
 		rsa->_method_mod_n)) goto err;
 
@@ -370,11 +387,28 @@ static int RSA_eay_public_decrypt(int flen, unsigned char *from,
 	/* do the decrypt */
 	if ((rsa->_method_mod_n == NULL) && (rsa->flags & RSA_FLAG_CACHE_PUBLIC))
 		{
-		if ((rsa->_method_mod_n=BN_MONT_CTX_new()) != NULL)
-			if (!BN_MONT_CTX_set(rsa->_method_mod_n,rsa->n,ctx))
-			    goto err;
+		BN_MONT_CTX* bn_mont_ctx;
+		if ((bn_mont_ctx=BN_MONT_CTX_new()) == NULL)
+			goto err;
+		if (!BN_MONT_CTX_set(bn_mont_ctx,rsa->n,ctx))
+			{
+			BN_MONT_CTX_free(bn_mont_ctx);
+			goto err;
+			}
+		if (rsa->_method_mod_n == NULL) /* other thread may have finished first */
+			{
+			CRYPTO_w_lock(CRYPTO_LOCK_RSA);
+			if (rsa->_method_mod_n == NULL)
+				{
+				rsa->_method_mod_n = bn_mont_ctx;
+				bn_mont_ctx = NULL;
+				}
+			CRYPTO_w_unlock(CRYPTO_LOCK_RSA);
+			}
+		if (bn_mont_ctx)
+			BN_MONT_CTX_free(bn_mont_ctx);
 		}
-
+		
 	if (!rsa->meth->bn_mod_exp(&ret,&f,rsa->e,rsa->n,ctx,
 		rsa->_method_mod_n)) goto err;
 
@@ -422,20 +456,53 @@ static int RSA_eay_mod_exp(BIGNUM *r0, BIGNUM *I, RSA *rsa)
 		{
 		if (rsa->_method_mod_p == NULL)
 			{
-			if ((rsa->_method_mod_p=BN_MONT_CTX_new()) != NULL)
-				if (!BN_MONT_CTX_set(rsa->_method_mod_p,rsa->p,
-						     ctx))
-					goto err;
+			BN_MONT_CTX* bn_mont_ctx;
+			if ((bn_mont_ctx=BN_MONT_CTX_new()) == NULL)
+				goto err;
+			if (!BN_MONT_CTX_set(bn_mont_ctx,rsa->p,ctx))
+				{
+				BN_MONT_CTX_free(bn_mont_ctx);
+				goto err;
+				}
+			if (rsa->_method_mod_p == NULL) /* other thread may have finished first */
+				{
+				CRYPTO_w_lock(CRYPTO_LOCK_RSA);
+				if (rsa->_method_mod_p == NULL)
+					{
+					rsa->_method_mod_p = bn_mont_ctx;
+					bn_mont_ctx = NULL;
+					}
+				CRYPTO_w_unlock(CRYPTO_LOCK_RSA);
+				}
+			if (bn_mont_ctx)
+				BN_MONT_CTX_free(bn_mont_ctx);
 			}
+
 		if (rsa->_method_mod_q == NULL)
 			{
-			if ((rsa->_method_mod_q=BN_MONT_CTX_new()) != NULL)
-				if (!BN_MONT_CTX_set(rsa->_method_mod_q,rsa->q,
-						     ctx))
-					goto err;
+			BN_MONT_CTX* bn_mont_ctx;
+			if ((bn_mont_ctx=BN_MONT_CTX_new()) == NULL)
+				goto err;
+			if (!BN_MONT_CTX_set(bn_mont_ctx,rsa->q,ctx))
+				{
+				BN_MONT_CTX_free(bn_mont_ctx);
+				goto err;
+				}
+			if (rsa->_method_mod_q == NULL) /* other thread may have finished first */
+				{
+				CRYPTO_w_lock(CRYPTO_LOCK_RSA);
+				if (rsa->_method_mod_q == NULL)
+					{
+					rsa->_method_mod_q = bn_mont_ctx;
+					bn_mont_ctx = NULL;
+					}
+				CRYPTO_w_unlock(CRYPTO_LOCK_RSA);
+				}
+			if (bn_mont_ctx)
+				BN_MONT_CTX_free(bn_mont_ctx);
 			}
 		}
-
+		
 	if (!BN_mod(&r1,I,rsa->q,ctx)) goto err;
 	if (!rsa->meth->bn_mod_exp(&m1,&r1,rsa->dmq1,rsa->q,ctx,
 		rsa->_method_mod_q)) goto err;

crypto/openssl/ssl/s2_clnt.c

@@ -923,6 +923,7 @@ int ssl2_set_certificate(SSL *s, int type, int len, unsigned char *data)
 		goto err;
 		}
 	ERR_clear_error(); /* but we keep s->verify_result */
+	s->session->verify_result = s->verify_result;
 
 	/* server's cert for this session */
 	sc=ssl_sess_cert_new();

crypto/openssl/ssl/s2_lib.c

@@ -262,7 +262,7 @@ SSL_CIPHER *ssl2_get_cipher(unsigned int u)
 
 int ssl2_pending(SSL *s)
 	{
-	return(s->s2->ract_data_length);
+	return SSL_in_init(s) ? 0 : s->s2->ract_data_length;
 	}
 
 int ssl2_new(SSL *s)
@@ -272,10 +272,16 @@ int ssl2_new(SSL *s)
 	if ((s2=OPENSSL_malloc(sizeof *s2)) == NULL) goto err;
 	memset(s2,0,sizeof *s2);
 
+#if SSL2_MAX_RECORD_LENGTH_3_BYTE_HEADER + 3 > SSL2_MAX_RECORD_LENGTH_2_BYTE_HEADER + 2
+#  error "assertion failed"
+#endif
+
 	if ((s2->rbuf=OPENSSL_malloc(
 		SSL2_MAX_RECORD_LENGTH_2_BYTE_HEADER+2)) == NULL) goto err;
+	/* wbuf needs one byte more because when using two-byte headers,
+	 * we leave the first byte unused in do_ssl_write (s2_pkt.c) */
 	if ((s2->wbuf=OPENSSL_malloc(
-		SSL2_MAX_RECORD_LENGTH_2_BYTE_HEADER+2)) == NULL) goto err;
+		SSL2_MAX_RECORD_LENGTH_2_BYTE_HEADER+3)) == NULL) goto err;
 	s->s2=s2;
 
 	ssl2_clear(s);

crypto/openssl/ssl/s2_pkt.c

@@ -54,6 +54,58 @@
  * derivative of this code cannot be changed.  i.e. this code cannot simply be
  * copied and put under another distribution licence
  * [including the GNU Public Licence.]
+ */
+/* ====================================================================
+ * Copyright (c) 1998-2000 The OpenSSL Project.  All rights reserved.
+ *
+ * Redistribution and use in source and binary forms, with or without
+ * modification, are permitted provided that the following conditions
+ * are met:
+ *
+ * 1. Redistributions of source code must retain the above copyright
+ *    notice, this list of conditions and the following disclaimer. 
+ *
+ * 2. Redistributions in binary form must reproduce the above copyright
+ *    notice, this list of conditions and the following disclaimer in
+ *    the documentation and/or other materials provided with the
+ *    distribution.
+ *
+ * 3. All advertising materials mentioning features or use of this
+ *    software must display the following acknowledgment:
+ *    "This product includes software developed by the OpenSSL Project
+ *    for use in the OpenSSL Toolkit. (http://www.openssl.org/)"
+ *
+ * 4. The names "OpenSSL Toolkit" and "OpenSSL Project" must not be used to
+ *    endorse or promote products derived from this software without
+ *    prior written permission. For written permission, please contact
+ *    openssl-core@openssl.org.
+ *
+ * 5. Products derived from this software may not be called "OpenSSL"
+ *    nor may "OpenSSL" appear in their names without prior written
+ *    permission of the OpenSSL Project.
+ *
+ * 6. Redistributions of any form whatsoever must retain the following
+ *    acknowledgment:
+ *    "This product includes software developed by the OpenSSL Project
+ *    for use in the OpenSSL Toolkit (http://www.openssl.org/)"
+ *
+ * THIS SOFTWARE IS PROVIDED BY THE OpenSSL PROJECT ``AS IS'' AND ANY
+ * EXPRESSED OR IMPLIED WARRANTIES, INCLUDING, BUT NOT LIMITED TO, THE
+ * IMPLIED WARRANTIES OF MERCHANTABILITY AND FITNESS FOR A PARTICULAR
+ * PURPOSE ARE DISCLAIMED.  IN NO EVENT SHALL THE OpenSSL PROJECT OR
+ * ITS CONTRIBUTORS BE LIABLE FOR ANY DIRECT, INDIRECT, INCIDENTAL,
+ * SPECIAL, EXEMPLARY, OR CONSEQUENTIAL DAMAGES (INCLUDING, BUT
+ * NOT LIMITED TO, PROCUREMENT OF SUBSTITUTE GOODS OR SERVICES;
+ * LOSS OF USE, DATA, OR PROFITS; OR BUSINESS INTERRUPTION)
+ * HOWEVER CAUSED AND ON ANY THEORY OF LIABILITY, WHETHER IN CONTRACT,
+ * STRICT LIABILITY, OR TORT (INCLUDING NEGLIGENCE OR OTHERWISE)
+ * ARISING IN ANY WAY OUT OF THE USE OF THIS SOFTWARE, EVEN IF ADVISED
+ * OF THE POSSIBILITY OF SUCH DAMAGE.
+ * ====================================================================
+ *
+ * This product includes cryptographic software written by Eric Young
+ * (eay@cryptsoft.com).  This product includes software written by Tim
+ * Hudson (tjh@cryptsoft.com).
  *
  * $FreeBSD$
  */
@@ -68,23 +120,12 @@ static int read_n(SSL *s,unsigned int n,unsigned int max,unsigned int extend);
 static int do_ssl_write(SSL *s, const unsigned char *buf, unsigned int len);
 static int write_pending(SSL *s, const unsigned char *buf, unsigned int len);
 static int ssl_mt_error(int n);
-int ssl2_peek(SSL *s, char *buf, int len)
-	{
-	int ret;
 
-	ret=ssl2_read(s,buf,len);
-	if (ret > 0)
-	        {
-		s->s2->ract_data_length+=ret;
-		s->s2->ract_data-=ret;
-		}
-	return(ret);
-	}
 
-/* SSL_read -
+/* SSL 2.0 imlementation for SSL_read/SSL_peek -
  * This routine will return 0 to len bytes, decrypted etc if required.
  */
-int ssl2_read(SSL *s, void *buf, int len)
+static int ssl2_read_internal(SSL *s, void *buf, int len, int peek)
 	{
 	int n;
 	unsigned char mac[MAX_MAC_SIZE];
@@ -92,14 +133,14 @@ int ssl2_read(SSL *s, void *buf, int len)
 	int i;
 	unsigned int mac_size=0;
 
-ssl2_read_again:
+ ssl2_read_again:
 	if (SSL_in_init(s) && !s->in_handshake)
 		{
 		n=s->handshake_func(s);
 		if (n < 0) return(n);
 		if (n == 0)
 			{
-			SSLerr(SSL_F_SSL2_READ,SSL_R_SSL_HANDSHAKE_FAILURE);
+			SSLerr(SSL_F_SSL2_READ_INTERNAL,SSL_R_SSL_HANDSHAKE_FAILURE);
 			return(-1);
 			}
 		}
@@ -116,13 +157,22 @@ int ssl2_read(SSL *s, void *buf, int len)
 			n=len;
 
 		memcpy(buf,s->s2->ract_data,(unsigned int)n);
-		s->s2->ract_data_length-=n;
-		s->s2->ract_data+=n;
-		if (s->s2->ract_data_length == 0)
-			s->rstate=SSL_ST_READ_HEADER;
+		if (!peek)
+			{
+			s->s2->ract_data_length-=n;
+			s->s2->ract_data+=n;
+			if (s->s2->ract_data_length == 0)
+				s->rstate=SSL_ST_READ_HEADER;
+			}
+
 		return(n);
 		}
 
+	/* s->s2->ract_data_length == 0
+	 * 
+	 * Fill the buffer, then goto ssl2_read_again.
+	 */
+
 	if (s->rstate == SSL_ST_READ_HEADER)
 		{
 		if (s->first_packet)
@@ -135,7 +185,7 @@ int ssl2_read(SSL *s, void *buf, int len)
 				(p[2] == SSL2_MT_CLIENT_HELLO) ||
 				(p[2] == SSL2_MT_SERVER_HELLO))))
 				{
-				SSLerr(SSL_F_SSL2_READ,SSL_R_NON_SSLV2_INITIAL_PACKET);
+				SSLerr(SSL_F_SSL2_READ_INTERNAL,SSL_R_NON_SSLV2_INITIAL_PACKET);
 				return(-1);
 				}
 			}
@@ -213,48 +263,49 @@ int ssl2_read(SSL *s, void *buf, int len)
 				(unsigned int)mac_size) != 0) ||
 				(s->s2->rlength%EVP_CIPHER_CTX_block_size(s->enc_read_ctx) != 0))
 				{
-				SSLerr(SSL_F_SSL2_READ,SSL_R_BAD_MAC_DECODE);
+				SSLerr(SSL_F_SSL2_READ_INTERNAL,SSL_R_BAD_MAC_DECODE);
 				return(-1);
 				}
 			}
 		INC32(s->s2->read_sequence); /* expect next number */
 		/* s->s2->ract_data is now available for processing */
 
-#if 1
-		/* How should we react when a packet containing 0
-		 * bytes is received?  (Note that SSLeay/OpenSSL itself
-		 * never sends such packets; see ssl2_write.)
-		 * Returning 0 would be interpreted by the caller as
-		 * indicating EOF, so it's not a good idea.
-		 * Instead, we just continue reading.  Note that using
-		 * select() for blocking sockets *never* guarantees
+		/* Possibly the packet that we just read had 0 actual data bytes.
+		 * (SSLeay/OpenSSL itself never sends such packets; see ssl2_write.)
+		 * In this case, returning 0 would be interpreted by the caller
+		 * as indicating EOF, so it's not a good idea.  Instead, we just
+		 * continue reading; thus ssl2_read_internal may have to process
+		 * multiple packets before it can return.
+		 *
+		 * [Note that using select() for blocking sockets *never* guarantees
 		 * that the next SSL_read will not block -- the available
-		 * data may contain incomplete packets, and except for SSL 2
-		 * renegotiation can confuse things even more. */
+		 * data may contain incomplete packets, and except for SSL 2,
+		 * renegotiation can confuse things even more.] */
 
 		goto ssl2_read_again; /* This should really be
-				       * "return ssl2_read(s,buf,len)",
-				       * but that would allow for
-				       * denial-of-service attacks if a
-				       * C compiler is used that does not
-				       * recognize end-recursion. */
-#else
-		/* If a 0 byte packet was sent, return 0, otherwise
-		 * we play havoc with people using select with
-		 * blocking sockets.  Let them handle a packet at a time,
-		 * they should really be using non-blocking sockets. */
-		if (s->s2->ract_data_length == 0)
-			return(0);
-		return(ssl2_read(s,buf,len));
-#endif
+		                       * "return ssl2_read(s,buf,len)",
+		                       * but that would allow for
+		                       * denial-of-service attacks if a
+		                       * C compiler is used that does not
+		                       * recognize end-recursion. */
 		}
 	else
 		{
-		SSLerr(SSL_F_SSL2_READ,SSL_R_BAD_STATE);
+		SSLerr(SSL_F_SSL2_READ_INTERNAL,SSL_R_BAD_STATE);
 			return(-1);
 		}
 	}
 
+int ssl2_read(SSL *s, void *buf, int len)
+	{
+	return ssl2_read_internal(s, buf, len, 0);
+	}
+
+int ssl2_peek(SSL *s, char *buf, int len)
+	{
+	return ssl2_read_internal(s, buf, len, 1);
+	}
+
 static int read_n(SSL *s, unsigned int n, unsigned int max,
 	     unsigned int extend)
 	{
@@ -485,6 +536,9 @@ static int do_ssl_write(SSL *s, const unsigned char *buf, unsigned int len)
 		{
 		bs=EVP_CIPHER_CTX_block_size(s->enc_read_ctx);
 		j=len+mac_size;
+		/* Two-byte headers allow for a larger record length than
+		 * three-byte headers, but we can't use them if we need
+		 * padding or if we have to set the escape bit. */
 		if ((j > SSL2_MAX_RECORD_LENGTH_3_BYTE_HEADER) &&
 			(!s->s2->escape))
 			{
@@ -500,25 +554,39 @@ static int do_ssl_write(SSL *s, const unsigned char *buf, unsigned int len)
 			}
 		else if ((bs <= 1) && (!s->s2->escape))
 			{
-			/* len=len; */
+			/* j <= SSL2_MAX_RECORD_LENGTH_3_BYTE_HEADER, thus
+			 * j < SSL2_MAX_RECORD_LENGTH_2_BYTE_HEADER */
 			s->s2->three_byte_header=0;
 			p=0;
 			}
-		else /* 3 byte header */
+		else /* we may have to use a 3 byte header */
 			{
-			/*len=len; */
+			/* If s->s2->escape is not set, then
+			 * j <= SSL2_MAX_RECORD_LENGTH_3_BYTE_HEADER, and thus
+			 * j < SSL2_MAX_RECORD_LENGTH_2_BYTE_HEADER. */
 			p=(j%bs);
 			p=(p == 0)?0:(bs-p);
 			if (s->s2->escape)
+				{
 				s->s2->three_byte_header=1;
+				if (j > SSL2_MAX_RECORD_LENGTH_3_BYTE_HEADER)
+					j=SSL2_MAX_RECORD_LENGTH_3_BYTE_HEADER;
+				}
 			else
 				s->s2->three_byte_header=(p == 0)?0:1;
 			}
 		}
+
+	/* Now
+	 *      j <= SSL2_MAX_RECORD_LENGTH_2_BYTE_HEADER
+	 * holds, and if s->s2->three_byte_header is set, then even
+	 *      j <= SSL2_MAX_RECORD_LENGTH_3_BYTE_HEADER.
+	 */
+
 	/* mac_size is the number of MAC bytes
 	 * len is the number of data bytes we are going to send
 	 * p is the number of padding bytes
-	 * if p == 0, it is a 2 byte header */
+	 * (if it is a two-byte header, then p == 0) */
 
 	s->s2->wlength=len;
 	s->s2->padding=p;