d/freebsd-nq
1
0
Fork 0
Code Issues Pull Requests Packages Projects Releases Wiki Activity

Import OpenSSL 0.9.8k.

Browse Source
This commit is contained in:
Simon L. B. Nielsen 2009-06-07 19:56:18 +00:00
parent c285625302
commit 518099af59
558 changed files with 48780 additions and 5597 deletions

94
CHANGES

@ -2,6 +2,88 @@
OpenSSL CHANGES
_______________
Changes between 0.9.8j and 0.9.8k [25 Mar 2009]
*) Don't set val to NULL when freeing up structures, it is freed up by
underlying code. If sizeof(void *) > sizeof(long) this can result in
zeroing past the valid field. (CVE-2009-0789)
[Paolo Ganci <Paolo.Ganci@AdNovum.CH>]
*) Fix bug where return value of CMS_SignerInfo_verify_content() was not
checked correctly. This would allow some invalid signed attributes to
appear to verify correctly. (CVE-2009-0591)
[Ivan Nestlerode <inestlerode@us.ibm.com>]
*) Reject UniversalString and BMPString types with invalid lengths. This
prevents a crash in ASN1_STRING_print_ex() which assumes the strings have
a legal length. (CVE-2009-0590)
[Steve Henson]
*) Set S/MIME signing as the default purpose rather than setting it
unconditionally. This allows applications to override it at the store
level.
[Steve Henson]
*) Permit restricted recursion of ASN1 strings. This is needed in practice
to handle some structures.
[Steve Henson]
*) Improve efficiency of mem_gets: don't search whole buffer each time
for a '\n'
[Jeremy Shapiro <jnshapir@us.ibm.com>]
*) New -hex option for openssl rand.
[Matthieu Herrb]
*) Print out UTF8String and NumericString when parsing ASN1.
[Steve Henson]
*) Support NumericString type for name components.
[Steve Henson]
*) Allow CC in the environment to override the automatically chosen
compiler. Note that nothing is done to ensure flags work with the
chosen compiler.
[Ben Laurie]
Changes between 0.9.8i and 0.9.8j [07 Jan 2009]
*) Properly check EVP_VerifyFinal() and similar return values
(CVE-2008-5077).
[Ben Laurie, Bodo Moeller, Google Security Team]
*) Enable TLS extensions by default.
[Ben Laurie]
*) Allow the CHIL engine to be loaded, whether the application is
multithreaded or not. (This does not release the developer from the
obligation to set up the dynamic locking callbacks.)
[Sander Temme <sander@temme.net>]
*) Use correct exit code if there is an error in dgst command.
[Steve Henson; problem pointed out by Roland Dirlewanger]
*) Tweak Configure so that you need to say "experimental-jpake" to enable
JPAKE, and need to use -DOPENSSL_EXPERIMENTAL_JPAKE in applications.
[Bodo Moeller]
*) Add experimental JPAKE support, including demo authentication in
s_client and s_server.
[Ben Laurie]
*) Set the comparison function in v3_addr_canonize().
[Rob Austein <sra@hactrn.net>]
*) Add support for XMPP STARTTLS in s_client.
[Philip Paeps <philip@freebsd.org>]
*) Change the server-side SSL_OP_NETSCAPE_REUSE_CIPHER_CHANGE_BUG behavior
to ensure that even with this option, only ciphersuites in the
server's preference list will be accepted. (Note that the option
applies only when resuming a session, so the earlier behavior was
just about the algorithm choice for symmetric cryptography.)
[Bodo Moeller]
Changes between 0.9.8h and 0.9.8i [15 Sep 2008]
*) Fix a state transitition in s3_srvr.c and d1_srvr.c
@ -34,6 +116,10 @@
[Neel Mehta, Bodo Moeller]
*) Allow engines to be "soft loaded" - i.e. optionally don't die if
the load fails. Useful for distros.
[Ben Laurie and the FreeBSD team]
*) Add support for Local Machine Keyset attribute in PKCS#12 files.
[Steve Henson]
@ -52,9 +138,11 @@
This work was sponsored by Logica.
[Steve Henson]
*) Allow engines to be "soft loaded" - i.e. optionally don't die if
the load fails. Useful for distros.
[Ben Laurie and the FreeBSD team]
*) Fix bug in X509_ATTRIBUTE creation: dont set attribute using
ASN1_TYPE_set1 if MBSTRING flag set. This bug would crash certain
attribute creation routines such as certifcate requests and PKCS#12
files.
[Steve Henson]
Changes between 0.9.8g and 0.9.8h [28 May 2008]

281
Configure

@ -6,11 +6,13 @@ eval 'exec perl -S $0 ${1+"$@"}'
##
require 5.000;
use strict;
eval 'use strict;';
print STDERR "Warning: perl module strict not found.\n" if ($@);
# see INSTALL for instructions.
my $usage="Usage: Configure [no-<cipher> ...] [enable-<cipher> ...] [-Dxxx] [-lxxx] [-Lxxx] [-fxxx] [-Kxxx] [no-hw-xxx|no-hw] [[no-]threads] [[no-]shared] [[no-]zlib|zlib-dynamic] [enable-montasm] [no-asm] [no-dso] [no-krb5] [386] [--prefix=DIR] [--openssldir=OPENSSLDIR] [--with-xxx[=vvv]] [--test-sanity] os/compiler[:flags]\n";
my $usage="Usage: Configure [no-<cipher> ...] [enable-<cipher> ...] [experimental-<cipher> ...] [-Dxxx] [-lxxx] [-Lxxx] [-fxxx] [-Kxxx] [no-hw-xxx|no-hw] [[no-]threads] [[no-]shared] [[no-]zlib|zlib-dynamic] [enable-montasm] [no-asm] [no-dso] [no-krb5] [386] [--prefix=DIR] [--openssldir=OPENSSLDIR] [--with-xxx[=vvv]] [--test-sanity] os/compiler[:flags]\n";
# Options:
#
@ -99,6 +101,11 @@ my $usage="Usage: Configure [no-<cipher> ...] [enable-<cipher> ...] [-Dxxx] [-lx
# SHA512_ASM sha512_block is implemented in assembler
# AES_ASM ASE_[en|de]crypt is implemented in assembler
# Minimum warning options... any contributions to OpenSSL should at least get
# past these.
my $gcc_devteam_warn = "-Wall -pedantic -DPEDANTIC -Wno-long-long -Wsign-compare -Wmissing-prototypes -Wshadow -Wformat -Werror -DCRYPTO_MDEBUG_ALL -DCRYPTO_MDEBUG_ABORT -DREF_CHECK -DOPENSSL_NO_DEPRECATED";
my $x86_gcc_des="DES_PTR DES_RISC1 DES_UNROLL";
# MD2_CHAR slags pentium pros
@ -152,15 +159,15 @@ my %table=(
"debug-ben", "gcc:-DBN_DEBUG -DREF_CHECK -DCONF_DEBUG -DBN_CTX_DEBUG -DCRYPTO_MDEBUG -DPEDANTIC -DDEBUG_SAFESTACK -O2 -pedantic -Wall -Wshadow -Werror -pipe::(unknown):::::bn86-elf.o co86-elf.o",
"debug-ben-openbsd","gcc:-DBN_DEBUG -DREF_CHECK -DCONF_DEBUG -DBN_CTX_DEBUG -DCRYPTO_MDEBUG -DPEDANTIC -DDEBUG_SAFESTACK -DOPENSSL_OPENBSD_DEV_CRYPTO -DOPENSSL_NO_ASM -O2 -pedantic -Wall -Wshadow -Werror -pipe::(unknown)::::",
"debug-ben-openbsd-debug","gcc:-DBN_DEBUG -DREF_CHECK -DCONF_DEBUG -DBN_CTX_DEBUG -DCRYPTO_MDEBUG -DPEDANTIC -DDEBUG_SAFESTACK -DOPENSSL_OPENBSD_DEV_CRYPTO -DOPENSSL_NO_ASM -g3 -O2 -pedantic -Wall -Wshadow -Werror -pipe::(unknown)::::",
"debug-ben-debug", "gcc:-DBN_DEBUG -DREF_CHECK -DCONF_DEBUG -DBN_CTX_DEBUG -DCRYPTO_MDEBUG -DPEDANTIC -DDEBUG_SAFESTACK -g3 -O2 -pedantic -Wall -Wshadow -Werror -pipe::(unknown)::::::",
"debug-ben-debug", "gcc:$gcc_devteam_warn -DBN_DEBUG -DREF_CHECK -DCONF_DEBUG -DBN_CTX_DEBUG -DDEBUG_SAFESTACK -g3 -O2 -pipe::(unknown)::::::",
"debug-ben-strict", "gcc:-DBN_DEBUG -DREF_CHECK -DCONF_DEBUG -DBN_CTX_DEBUG -DCRYPTO_MDEBUG -DCONST_STRICT -O2 -Wall -Wshadow -Werror -Wpointer-arith -Wcast-qual -Wwrite-strings -pipe::(unknown)::::::",
"debug-rse","cc:-DTERMIOS -DL_ENDIAN -pipe -O -g -ggdb3 -Wall::(unknown):::BN_LLONG ${x86_gcc_des} ${x86_gcc_opts}:${x86_elf_asm}",
"debug-bodo", "gcc:-DL_ENDIAN -DBN_DEBUG -DREF_CHECK -DCONF_DEBUG -DBIO_PAIR_DEBUG -DPEDANTIC -g -march=i486 -pedantic -Wshadow -Wall::-D_REENTRANT:::BN_LLONG ${x86_gcc_des} ${x86_gcc_opts}:${x86_elf_asm}",
"debug-bodo", "gcc:-DL_ENDIAN -DBN_DEBUG -DREF_CHECK -DCONF_DEBUG -DBIO_PAIR_DEBUG -DPEDANTIC -g -march=i486 -pedantic -Wshadow -Wall -Wcast-align -Wstrict-prototypes -Wmissing-prototypes -Wno-long-long -Wundef -Wconversion -pipe::-D_REENTRANT:::BN_LLONG ${x86_gcc_des} ${x86_gcc_opts}:${x86_elf_asm}",
"debug-ulf", "gcc:-DTERMIOS -DL_ENDIAN -march=i486 -Wall -DBN_DEBUG -DBN_DEBUG_RAND -DREF_CHECK -DCONF_DEBUG -DBN_CTX_DEBUG -DCRYPTO_MDEBUG -DOPENSSL_NO_ASM -g -Wformat -Wshadow -Wmissing-prototypes -Wmissing-declarations:::CYGWIN32:::${no_asm}:win32:cygwin-shared:::.dll",
"debug-steve64", "gcc:-m64 -DL_ENDIAN -DTERMIO -DREF_CHECK -DCONF_DEBUG -DDEBUG_SAFESTACK -DCRYPTO_MDEBUG_ALL -DPEDANTIC -DOPENSSL_NO_DEPRECATED -g -pedantic -Wall -Werror -Wno-long-long -DMD32_REG_T=int::-D_REENTRANT::-ldl:SIXTY_FOUR_BIT_LONG RC4_CHUNK BF_PTR2 DES_INT DES_UNROLL:${x86_64_asm}:dlfcn:linux-shared:-fPIC:-m64:.so.\$(SHLIB_MAJOR).\$(SHLIB_MINOR)",
"debug-steve32", "gcc:-m32 -DL_ENDIAN -DREF_CHECK -DCONF_DEBUG -DDEBUG_SAFESTACK -DCRYPTO_MDEBUG_ALL -DPEDANTIC -DOPENSSL_NO_DEPRECATED -g -pedantic -Wno-long-long -Wall -Werror -Wshadow -pipe::-D_REENTRANT::-rdynamic -ldl:BN_LLONG ${x86_gcc_des} ${x86_gcc_opts}:${x86_elf_asm}:dlfcn:linux-shared:-fPIC:-m32:.so.\$(SHLIB_MAJOR).\$(SHLIB_MINOR)",
"debug-steve64", "gcc:$gcc_devteam_warn -m64 -DL_ENDIAN -DTERMIO -DCONF_DEBUG -DDEBUG_SAFESTACK -g -DMD32_REG_T=int::-D_REENTRANT::-ldl:SIXTY_FOUR_BIT_LONG RC4_CHUNK BF_PTR2 DES_INT DES_UNROLL:${x86_64_asm}:elf:dlfcn:linux-shared:-fPIC:-m64:.so.\$(SHLIB_MAJOR).\$(SHLIB_MINOR)",
"debug-steve32", "gcc:$gcc_devteam_warn -m32 -DL_ENDIAN -DCONF_DEBUG -DDEBUG_SAFESTACK -g -pipe::-D_REENTRANT::-rdynamic -ldl:BN_LLONG ${x86_gcc_des} ${x86_gcc_opts}:${x86_elf_asm}:dlfcn:linux-shared:-fPIC:-m32:.so.\$(SHLIB_MAJOR).\$(SHLIB_MINOR)",
"debug-steve-opt", "gcc:$gcc_devteam_warn -m64 -O3 -DL_ENDIAN -DTERMIO -DCONF_DEBUG -DDEBUG_SAFESTACK -g -DMD32_REG_T=int::-D_REENTRANT::-ldl:SIXTY_FOUR_BIT_LONG RC4_CHUNK BF_PTR2 DES_INT DES_UNROLL:${x86_64_asm}:elf:dlfcn:linux-shared:-fPIC:-m64:.so.\$(SHLIB_MAJOR).\$(SHLIB_MINOR)",
"debug-steve", "gcc:-DL_ENDIAN -DREF_CHECK -DCONF_DEBUG -DDEBUG_SAFESTACK -DCRYPTO_MDEBUG_ALL -DPEDANTIC -m32 -g -pedantic -Wno-long-long -Wall -Werror -Wshadow -pipe::-D_REENTRANT::-rdynamic -ldl:BN_LLONG ${x86_gcc_des} ${x86_gcc_opts}:${x86_elf_asm}:dlfcn:linux-shared",
"debug-steve-opt", "gcc:-DL_ENDIAN -DREF_CHECK -DCONF_DEBUG -DDEBUG_SAFESTACK -DCRYPTO_MDEBUG_ALL -DPEDANTIC -m32 -O3 -g -pedantic -Wno-long-long -Wall -Werror -Wshadow -pipe::-D_REENTRANT::-rdynamic -ldl:BN_LLONG ${x86_gcc_des} ${x86_gcc_opts}:${x86_elf_asm}:dlfcn:linux-shared",
"debug-steve-linux-pseudo64", "gcc:-DL_ENDIAN -DREF_CHECK -DCONF_DEBUG -DBN_CTX_DEBUG -DDEBUG_SAFESTACK -DCRYPTO_MDEBUG_ALL -DOPENSSL_NO_ASM -g -mcpu=i486 -Wall -Werror -Wshadow -pipe::-D_REENTRANT::-rdynamic -ldl:SIXTY_FOUR_BIT:${no_asm}:dlfcn:linux-shared",
"debug-levitte-linux-elf","gcc:-DLEVITTE_DEBUG -DREF_CHECK -DCONF_DEBUG -DBN_DEBUG -DBN_DEBUG_RAND -DCRYPTO_MDEBUG -DENGINE_CONF_DEBUG -DL_ENDIAN -DTERMIO -D_POSIX_SOURCE -DPEDANTIC -ggdb -g3 -mcpu=i486 -pedantic -ansi -Wall -Wshadow -Wcast-align -Wstrict-prototypes -Wmissing-prototypes -Wno-long-long -Wundef -Wconversion -pipe::-D_REENTRANT::-ldl:BN_LLONG ${x86_gcc_des} ${x86_gcc_opts}:${x86_elf_asm}:dlfcn:linux-shared:-fPIC::.so.\$(SHLIB_MAJOR).\$(SHLIB_MINOR)",
"debug-levitte-linux-noasm","gcc:-DLEVITTE_DEBUG -DREF_CHECK -DCONF_DEBUG -DBN_DEBUG -DBN_DEBUG_RAND -DCRYPTO_MDEBUG -DENGINE_CONF_DEBUG -DOPENSSL_NO_ASM -DL_ENDIAN -DTERMIO -D_POSIX_SOURCE -DPEDANTIC -ggdb -g3 -mcpu=i486 -pedantic -ansi -Wall -Wshadow -Wcast-align -Wstrict-prototypes -Wmissing-prototypes -Wno-long-long -Wundef -Wconversion -pipe::-D_REENTRANT::-ldl:BN_LLONG ${x86_gcc_des} ${x86_gcc_opts}:${no_asm}:dlfcn:linux-shared:-fPIC::.so.\$(SHLIB_MAJOR).\$(SHLIB_MINOR)",
@ -577,6 +584,11 @@ my $prefix="";
my $openssldir="";
my $exe_ext="";
my $install_prefix="";
my $fipslibdir="/usr/local/ssl/fips-1.0/lib/";
my $nofipscanistercheck=0;
my $fipsdso=0;
my $fipscanisterinternal="n";
my $baseaddr="0xFB00000";
my $no_threads=0;
my $threads=0;
my $no_shared=0; # but "no-shared" is default
@ -600,6 +612,7 @@ my $rc2 ="crypto/rc2/rc2.h";
my $bf ="crypto/bf/bf_locl.h";
my $bn_asm ="bn_asm.o";
my $des_enc="des_enc.o fcrypt_b.o";
my $fips_des_enc="fips_des_enc.o";
my $aes_enc="aes_core.o aes_cbc.o";
my $bf_enc ="bf_enc.o";
my $cast_enc="c_enc.o";
@ -611,32 +624,40 @@ my $rmd160_obj="";
my $processor="";
my $default_ranlib;
my $perl;
my $fips=0;
# All of the following is disabled by default (RC5 was enabled before 0.9.8):
my %disabled = ( # "what" => "comment"
my %disabled = ( # "what" => "comment" [or special keyword "experimental"]
"camellia" => "default",
"capieng" => "default",
"cms" => "default",
"gmp" => "default",
"jpake" => "experimental",
"mdc2" => "default",
"montasm" => "default", # explicit option in 0.9.8 only (implicitly enabled in 0.9.9)
"rc5" => "default",
"rfc3779" => "default",
"seed" => "default",
"shared" => "default",
"tlsext" => "default",
"zlib" => "default",
"zlib-dynamic" => "default"
);
my @experimental = ();
# Additional "no-..." options will be collected in %disabled.
# To remove something from %disabled, use e.g. "enable-rc5".
# For symmetry, "disable-..." is a synonym for "no-...".
# This is what $depflags will look like with the above defaults
# (we need this to see if we should advise the user to run "make depend"):
my $default_depflags = " -DOPENSSL_NO_CAMELLIA -DOPENSSL_NO_CAPIENG -DOPENSSL_NO_CMS -DOPENSSL_NO_GMP -DOPENSSL_NO_JPAKE -DOPENSSL_NO_MDC2 -DOPENSSL_NO_RC5 -DOPENSSL_NO_RFC3779 -DOPENSSL_NO_SEED";
# This is what $depflags will look like with the above default:
my $default_depflags = "-DOPENSSL_NO_CAMELLIA -DOPENSSL_NO_CAPIENG -DOPENSSL_NO_CMS -DOPENSSL_NO_GMP -DOPENSSL_NO_MDC2 -DOPENSSL_NO_RC5 -DOPENSSL_NO_RFC3779 -DOPENSSL_NO_SEED -DOPENSSL_NO_TLSEXT ";
# Explicit "no-..." options will be collected in %disabled along with the defaults.
# To remove something from %disabled, use "enable-foo" (unless it's experimental).
# For symmetry, "disable-foo" is a synonym for "no-foo".
# For features called "experimental" here, a more explicit "experimental-foo" is needed to enable.
# We will collect such requests in @experimental.
# To avoid accidental use of experimental features, applications will have to use -DOPENSSL_EXPERIMENTAL_FOO.
my $no_sse2=0;
@ -645,6 +666,7 @@ my $no_sse2=0;
my $flags;
my $depflags;
my $openssl_experimental_defines;
my $openssl_algorithm_defines;
my $openssl_thread_defines;
my $openssl_sys_defines="";
@ -665,6 +687,7 @@ while($argv_unprocessed)
{
$flags="";
$depflags="";
$openssl_experimental_defines="";
$openssl_algorithm_defines="";
$openssl_thread_defines="";
$openssl_sys_defines="";
@ -690,25 +713,35 @@ PROCESS_ARGS:
if (/^no-(.+)$/ || /^disable-(.+)$/)
{
if ($1 eq "ssl")
if (!($disabled{$1} eq "experimental"))
{
$disabled{"ssl2"} = "option(ssl)";
$disabled{"ssl3"} = "option(ssl)";
}
elsif ($1 eq "tls")
{
$disabled{"tls1"} = "option(tls)"
}
else
{
$disabled{$1} = "option";
if ($1 eq "ssl")
{
$disabled{"ssl2"} = "option(ssl)";
$disabled{"ssl3"} = "option(ssl)";
}
elsif ($1 eq "tls")
{
$disabled{"tls1"} = "option(tls)"
}
else
{
$disabled{$1} = "option";
}
}
}
elsif (/^enable-(.+)$/)
elsif (/^enable-(.+)$/ || /^experimental-(.+)$/)
{
delete $disabled{$1};
my $algo = $1;
if ($disabled{$algo} eq "experimental")
{
die "You are requesting an experimental feature; please say 'experimental-$algo' if you are sure\n"
unless (/^experimental-/);
push @experimental, $algo;
}
delete $disabled{$algo};
$threads = 1 if ($1 eq "threads");
$threads = 1 if ($algo eq "threads");
}
elsif (/^--test-sanity$/)
{
@ -739,12 +772,36 @@ PROCESS_ARGS:
}
elsif (/^386$/)
{ $processor=386; }
elsif (/^fips$/)
{
$fips=1;
}
elsif (/^rsaref$/)
{
# No RSAref support any more since it's not needed.
# The check for the option is there so scripts aren't
# broken
}
elsif (/^nofipscanistercheck$/)
{
$fips = 1;
$nofipscanistercheck = 1;
}
elsif (/^fipscanisterbuild$/)
{
$fips = 1;
$nofipscanistercheck = 1;
$fipslibdir="";
$fipscanisterinternal="y";
}
elsif (/^fipsdso$/)
{
$fips = 1;
$nofipscanistercheck = 1;
$fipslibdir="";
$fipscanisterinternal="y";
$fipsdso = 1;
}
elsif (/^[-+]/)
{
if (/^-[lL](.*)$/)
@ -779,6 +836,14 @@ PROCESS_ARGS:
{
$withargs{"zlib-include"}="-I$1";
}
elsif (/^--with-fipslibdir=(.*)$/)
{
$fipslibdir="$1/";
}
elsif (/^--with-baseaddr=(.*)$/)
{
$baseaddr="$1";
}
else
{
print STDERR $usage;
@ -886,6 +951,54 @@ print "Configuring for $target\n";
&usage if (!defined($table{$target}));
my @fields = split(/\s*:\s*/,$table{$target} . ":" x 30 , -1);
my $cc = $fields[$idx_cc];
# Allow environment CC to override compiler...
if($ENV{CC}) {
$cc = $ENV{CC};
}
my $cflags = $fields[$idx_cflags];
my $unistd = $fields[$idx_unistd];
my $thread_cflag = $fields[$idx_thread_cflag];
my $sys_id = $fields[$idx_sys_id];
my $lflags = $fields[$idx_lflags];
my $bn_ops = $fields[$idx_bn_ops];
my $cpuid_obj = $fields[$idx_cpuid_obj];
my $bn_obj = $fields[$idx_bn_obj];
my $des_obj = $fields[$idx_des_obj];
my $aes_obj = $fields[$idx_aes_obj];
my $bf_obj = $fields[$idx_bf_obj];
my $md5_obj = $fields[$idx_md5_obj];
my $sha1_obj = $fields[$idx_sha1_obj];
my $cast_obj = $fields[$idx_cast_obj];
my $rc4_obj = $fields[$idx_rc4_obj];
my $rmd160_obj = $fields[$idx_rmd160_obj];
my $rc5_obj = $fields[$idx_rc5_obj];
my $dso_scheme = $fields[$idx_dso_scheme];
my $shared_target = $fields[$idx_shared_target];
my $shared_cflag = $fields[$idx_shared_cflag];
my $shared_ldflag = $fields[$idx_shared_ldflag];
my $shared_extension = $fields[$idx_shared_extension];
my $ranlib = $fields[$idx_ranlib];
my $arflags = $fields[$idx_arflags];
if ($fips)
{
delete $disabled{"shared"} if ($disabled{"shared"} eq "default");
$disabled{"asm"}="forced"
if ($target !~ "VC\-.*" &&
"$cpuid_obj:$bn_obj:$aes_obj:$des_obj:$sha1_obj" eq "::::");
}
foreach (sort @experimental)
{
my $ALGO;
($ALGO = $_) =~ tr/[a-z]/[A-Z]/;
# opensslconf.h will set OPENSSL_NO_... unless OPENSSL_EXPERIMENTAL_... is defined
$openssl_experimental_defines .= "#define OPENSSL_NO_$ALGO\n";
$cflags .= " -DOPENSSL_EXPERIMENTAL_$ALGO";
}
foreach (sort (keys %disabled))
{
@ -936,7 +1049,7 @@ foreach (sort (keys %disabled))
push @skip, $algo;
print " (skip dir)";
$depflags .="-DOPENSSL_NO_$ALGO ";
$depflags .= " -DOPENSSL_NO_$ALGO";
}
}
}
@ -944,15 +1057,26 @@ foreach (sort (keys %disabled))
print "\n";
}
my $IsMK1MF=scalar grep /^$target$/,@MK1MF_Builds;
$IsMK1MF=1 if ($target eq "mingw" && $^O ne "cygwin" && !is_msys());
$no_shared = 0 if ($fipsdso && !$IsMK1MF);
$exe_ext=".exe" if ($target eq "Cygwin" || $target eq "DJGPP" || $target eq "mingw");
$exe_ext=".nlm" if ($target =~ /netware/);
$exe_ext=".pm" if ($target =~ /vos/);
$openssldir="/usr/local/ssl" if ($openssldir eq "" and $prefix eq "");
if ($openssldir eq "" and $prefix eq "")
{
if ($fips)
{
$openssldir="/usr/local/ssl/fips";
}
else
{
$openssldir="/usr/local/ssl";
}
}
$prefix=$openssldir if $prefix eq "";
$default_ranlib= &which("ranlib") or $default_ranlib="true";
@ -960,7 +1084,7 @@ $perl=$ENV{'PERL'} or $perl=&which("perl5") or $perl=&which("perl")
or $perl="perl";
chop $openssldir if $openssldir =~ /\/$/;
chop $prefix if $prefix =~ /\/$/;
chop $prefix if $prefix =~ /.\/$/;
$openssldir=$prefix . "/ssl" if $openssldir eq "";
$openssldir=$prefix . "/" . $openssldir if $openssldir !~ /(^\/|^[a-zA-Z]:[\\\/])/;
@ -968,33 +1092,6 @@ $openssldir=$prefix . "/" . $openssldir if $openssldir !~ /(^\/|^[a-zA-Z]:[\\\/]
print "IsMK1MF=$IsMK1MF\n";
my @fields = split(/\s*:\s*/,$table{$target} . ":" x 30 , -1);
my $cc = $fields[$idx_cc];
my $cflags = $fields[$idx_cflags];
my $unistd = $fields[$idx_unistd];
my $thread_cflag = $fields[$idx_thread_cflag];
my $sys_id = $fields[$idx_sys_id];
my $lflags = $fields[$idx_lflags];
my $bn_ops = $fields[$idx_bn_ops];
my $cpuid_obj = $fields[$idx_cpuid_obj];
my $bn_obj = $fields[$idx_bn_obj];
my $des_obj = $fields[$idx_des_obj];
my $aes_obj = $fields[$idx_aes_obj];
my $bf_obj = $fields[$idx_bf_obj];
my $md5_obj = $fields[$idx_md5_obj];
my $sha1_obj = $fields[$idx_sha1_obj];
my $cast_obj = $fields[$idx_cast_obj];
my $rc4_obj = $fields[$idx_rc4_obj];
my $rmd160_obj = $fields[$idx_rmd160_obj];
my $rc5_obj = $fields[$idx_rc5_obj];
my $dso_scheme = $fields[$idx_dso_scheme];
my $shared_target = $fields[$idx_shared_target];
my $shared_cflag = $fields[$idx_shared_cflag];
my $shared_ldflag = $fields[$idx_shared_ldflag];
my $shared_extension = $fields[$idx_shared_extension];
my $ranlib = $fields[$idx_ranlib];
my $arflags = $fields[$idx_arflags];
# '%' in $lflags is used to split flags to "pre-" and post-flags
my ($prelflags,$postlflags)=split('%',$lflags);
if (defined($postlflags)) { $lflags=$postlflags; }
@ -1128,6 +1225,8 @@ if ($no_asm)
{
$cpuid_obj=$bn_obj=$des_obj=$aes_obj=$bf_obj=$cast_obj=$rc4_obj=$rc5_obj="";
$sha1_obj=$md5_obj=$rmd160_obj="";
$cflags=~s/\-D[BL]_ENDIAN// if ($fips);
$thread_cflags=~s/\-D[BL]_ENDIAN// if ($fips);
}
if ($montasm)
{
@ -1166,7 +1265,7 @@ if ($zlib)
my $shared_mark = "";
if ($shared_target eq "")
{
$no_shared_warn = 1 if !$no_shared;
$no_shared_warn = 1 if !$no_shared && !$fips;
$no_shared = 1;
}
if (!$no_shared)
@ -1255,8 +1354,14 @@ $bn_obj = $bn_asm unless $bn_obj ne "";
# bn86* is the only one implementing bn_*_part_words
$cflags.=" -DOPENSSL_BN_ASM_PART_WORDS" if ($bn_obj =~ /bn86/);
$cflags.=" -DOPENSSL_IA32_SSE2" if (!$no_sse2 && $bn_obj =~ /bn86/);
$cflags.=" -DOPENSSL_BN_ASM_MONT" if ($bn_obj =~ /\-mont|mo86\-/);
if ($fips)
{
$openssl_other_defines.="#define OPENSSL_FIPS\n";
}
$des_obj=$des_enc unless ($des_obj =~ /\.o$/);
$bf_obj=$bf_enc unless ($bf_obj =~ /\.o$/);
$cast_obj=$cast_enc unless ($cast_obj =~ /\.o$/);
@ -1341,10 +1446,13 @@ while (<IN>)
if ($sdirs) {
my $dir;
foreach $dir (@skip) {
s/([ ])$dir /\1/;
s/(\s)$dir\s/$1/;
s/\s$dir$//;
}
}
$sdirs = 0 unless /\\$/;
s/fips // if (/^DIRS=/ && !$fips);
s/engines // if (/^DIRS=/ && $disabled{"engine"});
s/^VERSION=.*/VERSION=$version/;
s/^MAJOR=.*/MAJOR=$major/;
s/^MINOR=.*/MINOR=$minor/;
@ -1362,7 +1470,7 @@ while (<IN>)
s/^CC=.*$/CC= $cc/;
s/^MAKEDEPPROG=.*$/MAKEDEPPROG= $cc/ if $cc eq "gcc";
s/^CFLAG=.*$/CFLAG= $cflags/;
s/^DEPFLAG=.*$/DEPFLAG= $depflags/;
s/^DEPFLAG=.*$/DEPFLAG=$depflags/;
s/^PEX_LIBS=.*$/PEX_LIBS= $prelflags/;
s/^EX_LIBS=.*$/EX_LIBS= $lflags/;
s/^EXE_EXT=.*$/EXE_EXT= $exe_ext/;
@ -1385,9 +1493,24 @@ while (<IN>)
s/^LIBKRB5=.*/LIBKRB5=$withargs{"krb5-lib"}/;
s/^LIBZLIB=.*/LIBZLIB=$withargs{"zlib-lib"}/;
s/^ZLIB_INCLUDE=.*/ZLIB_INCLUDE=$withargs{"zlib-include"}/;
s/^FIPSLIBDIR=.*/FIPSLIBDIR=$fipslibdir/;
if ($fipsdso)
{
s/^FIPSCANLIB=.*/FIPSCANLIB=libfips/;
s/^SHARED_FIPS=.*/SHARED_FIPS=libfips\$(SHLIB_EXT)/;
s/^SHLIBDIRS=.*/SHLIBDIRS= crypto ssl fips/;
}
else
{
s/^FIPSCANLIB=.*/FIPSCANLIB=libcrypto/ if $fips;
s/^SHARED_FIPS=.*/SHARED_FIPS=/;
s/^SHLIBDIRS=.*/SHLIBDIRS= crypto ssl/;
}
s/^FIPSCANISTERINTERNAL=.*/FIPSCANISTERINTERNAL=$fipscanisterinternal/;
s/^BASEADDR=.*/BASEADDR=$baseaddr/;
s/^SHLIB_TARGET=.*/SHLIB_TARGET=$shared_target/;
s/^SHLIB_MARK=.*/SHLIB_MARK=$shared_mark/;
s/^SHARED_LIBS=.*/SHARED_LIBS=\$(SHARED_CRYPTO) \$(SHARED_SSL)/ if (!$no_shared);
s/^SHARED_LIBS=.*/SHARED_LIBS=\$(SHARED_FIPS) \$(SHARED_CRYPTO) \$(SHARED_SSL)/ if (!$no_shared);
if ($shared_extension ne "" && $shared_extension =~ /^\.s([ol])\.[^\.]*$/)
{
my $sotmp = $1;
@ -1491,6 +1614,7 @@ print OUT "/* WARNING: Generated automatically from opensslconf.h.in by Configur
print OUT "/* OpenSSL was configured with the following options: */\n";
my $openssl_algorithm_defines_trans = $openssl_algorithm_defines;
$openssl_experimental_defines =~ s/^\s*#\s*define\s+OPENSSL_NO_(.*)/#ifndef OPENSSL_EXPERIMENTAL_$1\n# ifndef OPENSSL_NO_$1\n# define OPENSSL_NO_$1\n# endif\n#endif/mg;
$openssl_algorithm_defines_trans =~ s/^\s*#\s*define\s+OPENSSL_(.*)/# if defined(OPENSSL_$1) \&\& !defined($1)\n# define $1\n# endif/mg;
$openssl_algorithm_defines =~ s/^\s*#\s*define\s+(.*)/#ifndef $1\n# define $1\n#endif/mg;
$openssl_algorithm_defines = " /* no ciphers excluded */\n" if $openssl_algorithm_defines eq "";
@ -1499,8 +1623,10 @@ $openssl_sys_defines =~ s/^\s*#\s*define\s+(.*)/#ifndef $1\n# define $1\n#endif/
$openssl_other_defines =~ s/^\s*#\s*define\s+(.*)/#ifndef $1\n# define $1\n#endif/mg;
print OUT $openssl_sys_defines;
print OUT "#ifndef OPENSSL_DOING_MAKEDEPEND\n\n";
print OUT $openssl_experimental_defines;
print OUT "\n";
print OUT $openssl_algorithm_defines;
print OUT "\n#endif /* OPENSSL_DOING_MAKEDEPEND */\n";
print OUT "\n#endif /* OPENSSL_DOING_MAKEDEPEND */\n\n";
print OUT $openssl_thread_defines;
print OUT $openssl_other_defines,"\n";
@ -1682,9 +1808,16 @@ BEGIN
BEGIN
BLOCK "040904b0"
BEGIN
#if defined(FIPS)
VALUE "Comments", "WARNING: TEST VERSION ONLY ***NOT*** FIPS 140-2 VALIDATED.\\0"
#endif
// Required:
VALUE "CompanyName", "The OpenSSL Project, http://www.openssl.org/\\0"
#if defined(FIPS)
VALUE "FileDescription", "TEST UNVALIDATED FIPS140-2 DLL\\0"
#else
VALUE "FileDescription", "OpenSSL Shared Library\\0"
#endif
VALUE "FileVersion", "$version\\0"
#if defined(CRYPTO)
VALUE "InternalName", "libeay32\\0"
@ -1692,12 +1825,15 @@ BEGIN
#elif defined(SSL)
VALUE "InternalName", "ssleay32\\0"
VALUE "OriginalFilename", "ssleay32.dll\\0"
#elif defined(FIPS)
VALUE "InternalName", "libosslfips\\0"
VALUE "OriginalFilename", "libosslfips.dll\\0"
#endif
VALUE "ProductName", "The OpenSSL Toolkit\\0"
VALUE "ProductVersion", "$version\\0"
// Optional:
//VALUE "Comments", "\\0"
VALUE "LegalCopyright", "Copyright © 1998-2005 The OpenSSL Project. Copyright © 1995-1998 Eric A. Young, Tim J. Hudson. All rights reserved.\\0"
VALUE "LegalCopyright", "Copyright © 1998-2007 The OpenSSL Project. Copyright © 1995-1998 Eric A. Young, Tim J. Hudson. All rights reserved.\\0"
//VALUE "LegalTrademarks", "\\0"
//VALUE "PrivateBuild", "\\0"
//VALUE "SpecialBuild", "\\0"
@ -1734,6 +1870,21 @@ libraries on this platform, they will at least look at it and try their best
(but please first make sure you have tried with a current version of OpenSSL).
EOF
print <<\EOF if ($fipscanisterinternal eq "y");
WARNING: OpenSSL has been configured using unsupported option(s) to internally
generate a fipscanister.o object module for TESTING PURPOSES ONLY; that
compiled module is NOT FIPS 140-2 validated and CANNOT be used to replace the
OpenSSL FIPS Object Module as identified by the CMVP
(http://csrc.nist.gov/cryptval/) in any application requiring the use of FIPS
140-2 validated software.
This is an OpenSSL 0.9.8 test version.
See the file README.FIPS for details of how to build a test library.
EOF
exit(0);
sub usage

2
FAQ

@ -78,7 +78,7 @@ OpenSSL - Frequently Asked Questions
* Which is the current version of OpenSSL?
The current version is available from <URL: http://www.openssl.org>.
OpenSSL 0.9.8i was released on Sep 15th, 2008.
OpenSSL 0.9.8k was released on Mar 25th, 2009.
In addition to the current stable release, you can also access daily
snapshots of the OpenSSL development version at <URL:

156
Makefile

@ -4,7 +4,7 @@
## Makefile for OpenSSL
##
VERSION=0.9.8i
VERSION=0.9.8k
MAJOR=0
MINOR=9.8
SHLIB_VERSION_NUMBER=0.9.8
@ -13,7 +13,7 @@ SHLIB_MAJOR=0
SHLIB_MINOR=9.8
SHLIB_EXT=
PLATFORM=dist
OPTIONS= no-camellia no-capieng no-cms no-gmp no-krb5 no-mdc2 no-montasm no-rc5 no-rfc3779 no-seed no-shared no-tlsext no-zlib no-zlib-dynamic
OPTIONS= no-camellia no-capieng no-cms no-gmp no-jpake no-krb5 no-mdc2 no-montasm no-rc5 no-rfc3779 no-seed no-shared no-zlib no-zlib-dynamic
CONFIGURE_ARGS=dist
SHLIB_TARGET=
@ -61,12 +61,13 @@ OPENSSLDIR=/usr/local/ssl
CC= cc
CFLAG= -O
DEPFLAG= -DOPENSSL_NO_CAMELLIA -DOPENSSL_NO_CAPIENG -DOPENSSL_NO_CMS -DOPENSSL_NO_GMP -DOPENSSL_NO_MDC2 -DOPENSSL_NO_RC5 -DOPENSSL_NO_RFC3779 -DOPENSSL_NO_SEED -DOPENSSL_NO_TLSEXT
DEPFLAG= -DOPENSSL_NO_CAMELLIA -DOPENSSL_NO_CAPIENG -DOPENSSL_NO_CMS -DOPENSSL_NO_GMP -DOPENSSL_NO_JPAKE -DOPENSSL_NO_MDC2 -DOPENSSL_NO_RC5 -DOPENSSL_NO_RFC3779 -DOPENSSL_NO_SEED
PEX_LIBS=
EX_LIBS=
EXE_EXT=
ARFLAGS=
AR=ar $(ARFLAGS) r
ARD=ar $(ARFLAGS) d
RANLIB= /usr/bin/ranlib
PERL= /usr/bin/perl
TAR= tar
@ -106,6 +107,32 @@ LIBKRB5=
ZLIB_INCLUDE=
LIBZLIB=
# This is the location of fipscanister.o and friends.
# The FIPS module build will place it $(INSTALLTOP)/lib
# but since $(INSTALLTOP) can only take the default value
# when the module is built it will be in /usr/local/ssl/lib
# $(INSTALLTOP) for this build make be different so hard
# code the path.
FIPSLIBDIR=/usr/local/ssl/fips-1.0/lib/
# This is set to "y" if fipscanister.o is compiled internally as
# opposed to coming from an external validated location.
FIPSCANISTERINTERNAL=n
# The location of the library which contains fipscanister.o
# normally it will be libcrypto unless fipsdso is set in which
# case it will be libfips. If not compiling in FIPS mode at all
# this is empty making it a useful test for a FIPS compile.
FIPSCANLIB=
# Shared library base address. Currently only used on Windows.
#
BASEADDR=0xFB00000
DIRS= crypto ssl engines apps test tools
SHLIBDIRS= crypto ssl
@ -140,6 +167,7 @@ WDIRS= windows
LIBS= libcrypto.a libssl.a
SHARED_CRYPTO=libcrypto$(SHLIB_EXT)
SHARED_SSL=libssl$(SHLIB_EXT)
SHARED_FIPS=
SHARED_LIBS=
SHARED_LIBS_LINK_EXTS=
SHARED_LDFLAGS=
@ -193,6 +221,10 @@ BUILDENV= PLATFORM='${PLATFORM}' PROCESSOR='${PROCESSOR}' \
SHA1_ASM_OBJ='${SHA1_ASM_OBJ}' \
MD5_ASM_OBJ='${MD5_ASM_OBJ}' \
RMD160_ASM_OBJ='${RMD160_ASM_OBJ}' \
FIPSLIBDIR='${FIPSLIBDIR}' \
FIPSCANLIB="$${FIPSCANLIB:-$(FIPSCANLIB)}" \
FIPSCANISTERINTERNAL='${FIPSCANISTERINTERNAL}' \
FIPS_EX_OBJ='${FIPS_EX_OBJ}' \
THIS=$${THIS:-$@} MAKEFILE=Makefile MAKEOVERRIDES=
# MAKEOVERRIDES= effectively "equalizes" GNU-ish and SysV-ish make flavors,
# which in turn eliminates ambiguities in variable treatment with -e.
@ -211,7 +243,8 @@ BUILDENV= PLATFORM='${PLATFORM}' PROCESSOR='${PROCESSOR}' \
# subdirectories defined in $(DIRS). It requires that the target
# is given through the shell variable `target'.
BUILD_CMD= if [ -d "$$dir" ]; then \
( cd $$dir && echo "making $$target in $$dir..." && \
( [ $$target != all -a -z "$(FIPSCANLIB)" ] && FIPSCANLIB=/dev/null; \
cd $$dir && echo "making $$target in $$dir..." && \
$(CLEARENV) && $(MAKE) -e $(BUILDENV) TOP=.. DIR=$$dir $$target \
) || exit 1; \
fi
@ -224,13 +257,84 @@ BUILD_ONE_CMD=\
reflect:
@[ -n "$(THIS)" ] && $(CLEARENV) && $(MAKE) $(THIS) -e $(BUILDENV)
FIPS_EX_OBJ= ../crypto/aes/aes_cfb.o \
../crypto/aes/aes_ecb.o \
../crypto/aes/aes_ofb.o \
../crypto/bn/bn_add.o \
../crypto/bn/bn_blind.o \
../crypto/bn/bn_ctx.o \
../crypto/bn/bn_div.o \
../crypto/bn/bn_exp2.o \
../crypto/bn/bn_exp.o \
../crypto/bn/bn_gcd.o \
../crypto/bn/bn_lib.o \
../crypto/bn/bn_mod.o \
../crypto/bn/bn_mont.o \
../crypto/bn/bn_mul.o \
../crypto/bn/bn_prime.o \
../crypto/bn/bn_rand.o \
../crypto/bn/bn_recp.o \
../crypto/bn/bn_shift.o \
../crypto/bn/bn_sqr.o \
../crypto/bn/bn_word.o \
../crypto/bn/bn_x931p.o \
../crypto/buffer/buf_str.o \
../crypto/cryptlib.o \
../crypto/des/cfb64ede.o \
../crypto/des/cfb64enc.o \
../crypto/des/cfb_enc.o \
../crypto/des/ecb3_enc.o \
../crypto/des/ecb_enc.o \
../crypto/des/ofb64ede.o \
../crypto/des/ofb64enc.o \
../crypto/des/fcrypt.o \
../crypto/des/set_key.o \
../crypto/dsa/dsa_utl.o \
../crypto/dsa/dsa_sign.o \
../crypto/dsa/dsa_vrf.o \
../crypto/err/err.o \
../crypto/evp/digest.o \
../crypto/evp/enc_min.o \
../crypto/evp/e_aes.o \
../crypto/evp/e_des3.o \
../crypto/evp/p_sign.o \
../crypto/evp/p_verify.o \
../crypto/mem_clr.o \
../crypto/mem.o \
../crypto/rand/md_rand.o \
../crypto/rand/rand_egd.o \
../crypto/rand/randfile.o \
../crypto/rand/rand_lib.o \
../crypto/rand/rand_os2.o \
../crypto/rand/rand_unix.o \
../crypto/rand/rand_win.o \
../crypto/rsa/rsa_lib.o \
../crypto/rsa/rsa_none.o \
../crypto/rsa/rsa_oaep.o \
../crypto/rsa/rsa_pk1.o \
../crypto/rsa/rsa_pss.o \
../crypto/rsa/rsa_ssl.o \
../crypto/rsa/rsa_x931.o \
../crypto/sha/sha1dgst.o \
../crypto/sha/sha256.o \
../crypto/sha/sha512.o \
../crypto/uid.o
sub_all: build_all
build_all: build_libs build_apps build_tests build_tools
build_libs: build_crypto build_ssl build_engines
build_libs: build_crypto build_fips build_ssl build_shared build_engines
build_crypto:
@dir=crypto; target=all; $(BUILD_ONE_CMD)
if [ -n "$(FIPSCANLIB)" ]; then \
EXCL_OBJ='$(AES_ASM_OBJ) $(BN_ASM) $(DES_ENC) $(CPUID_OBJ) $(SHA1_ASM_OBJ) $(FIPS_EX_OBJ)' ; export EXCL_OBJ ; \
ARX='$(PERL) $${TOP}/util/arx.pl $(AR)' ; \
else \
ARX='${AR}' ; \
fi ; export ARX ; \
dir=crypto; target=all; $(BUILD_ONE_CMD)
build_fips:
@dir=fips; target=all; [ -z "$(FIPSCANLIB)" ] || $(BUILD_ONE_CMD)
build_ssl:
@dir=ssl; target=all; $(BUILD_ONE_CMD)
build_engines:
@ -246,9 +350,20 @@ all_testapps: build_libs build_testapps
build_testapps:
@dir=crypto; target=testapps; $(BUILD_ONE_CMD)
libcrypto$(SHLIB_EXT): libcrypto.a
build_shared: $(SHARED_LIBS)
libcrypto$(SHLIB_EXT): libcrypto.a $(SHARED_FIPS)
@if [ "$(SHLIB_TARGET)" != "" ]; then \
$(MAKE) SHLIBDIRS=crypto build-shared; \
if [ "$(FIPSCANLIB)" = "libfips" ]; then \
$(ARD) libcrypto.a fipscanister.o ; \
$(MAKE) SHLIBDIRS='crypto' SHLIBDEPS='-lfips' build-shared; \
$(AR) libcrypto.a fips/fipscanister.o ; \
else \
if [ "$(FIPSCANLIB)" = "libcrypto" ]; then \
FIPSLD_CC=$(CC); CC=fips/fipsld; \
export CC FIPSLD_CC; \
fi; \
$(MAKE) -e SHLIBDIRS='crypto' build-shared; \
fi \
else \
echo "There's no support for shared libraries on this platform" >&2; \
exit 1; \
@ -256,12 +371,32 @@ libcrypto$(SHLIB_EXT): libcrypto.a
libssl$(SHLIB_EXT): libcrypto$(SHLIB_EXT) libssl.a
@if [ "$(SHLIB_TARGET)" != "" ]; then \
$(MAKE) SHLIBDIRS=ssl SHLIBDEPS='-lcrypto' build-shared; \
shlibdeps=-lcrypto; \
[ "$(FIPSCANLIB)" = "libfips" ] && shlibdeps="$$shlibdeps -lfips"; \
$(MAKE) SHLIBDIRS=ssl SHLIBDEPS="$$shlibdeps" build-shared; \
else \
echo "There's no support for shared libraries on this platform" >&2 ; \
exit 1; \
fi
fips/fipscanister.o: build_fips
libfips$(SHLIB_EXT): fips/fipscanister.o
@if [ "$(SHLIB_TARGET)" != "" ]; then \
FIPSLD_CC=$(CC); CC=fips/fipsld; export CC FIPSLD_CC; \
$(MAKE) -f Makefile.shared -e $(BUILDENV) \
CC=$${CC} LIBNAME=fips THIS=$@ \
LIBEXTRAS=fips/fipscanister.o \
LIBDEPS="$(EX_LIBS)" \
LIBVERSION=${SHLIB_MAJOR}.${SHLIB_MINOR} \
link_o.$(SHLIB_TARGET) || { rm -f $@; exit 1; } \
else \
echo "There's no support for shared libraries on this platform" >&2; \
exit 1; \
fi
libfips.a:
dir=fips; target=all; $(BUILD_ONE_CMD)
clean-shared:
@set -e; for i in $(SHLIBDIRS); do \
if [ -n "$(SHARED_LIBS_LINK_EXTS)" ]; then \
@ -371,6 +506,9 @@ links:
@$(PERL) $(TOP)/util/mkdir-p.pl include/openssl
@$(PERL) $(TOP)/util/mklink.pl include/openssl $(EXHEADER)
@set -e; target=links; $(RECURSIVE_BUILD_CMD)
@if [ -z "$(FIPSCANLIB)" ]; then \
set -e; target=links; dir=fips ; $(BUILD_CMD) ; \
fi
gentests:
@(cd test && echo "generating dummy tests (if needed)..." && \

156
Makefile.org

@ -65,6 +65,7 @@ EX_LIBS=
EXE_EXT=
ARFLAGS=
AR=ar $(ARFLAGS) r
ARD=ar $(ARFLAGS) d
RANLIB= ranlib
PERL= perl
TAR= tar
@ -104,8 +105,34 @@ LIBKRB5=
ZLIB_INCLUDE=
LIBZLIB=
DIRS= crypto ssl engines apps test tools
SHLIBDIRS= crypto ssl
# This is the location of fipscanister.o and friends.
# The FIPS module build will place it $(INSTALLTOP)/lib
# but since $(INSTALLTOP) can only take the default value
# when the module is built it will be in /usr/local/ssl/lib
# $(INSTALLTOP) for this build make be different so hard
# code the path.
FIPSLIBDIR=/usr/local/ssl/lib/
# This is set to "y" if fipscanister.o is compiled internally as
# opposed to coming from an external validated location.
FIPSCANISTERINTERNAL=n
# The location of the library which contains fipscanister.o
# normally it will be libcrypto unless fipsdso is set in which
# case it will be libfips. If not compiling in FIPS mode at all
# this is empty making it a useful test for a FIPS compile.
FIPSCANLIB=
# Shared library base address. Currently only used on Windows.
#
BASEADDR=
DIRS= crypto fips ssl engines apps test tools
SHLIBDIRS= crypto ssl fips
# dirs in crypto to build
SDIRS= \
@ -115,7 +142,7 @@ SDIRS= \
bn ec rsa dsa ecdsa dh ecdh dso engine \
buffer bio stack lhash rand err \
evp asn1 pem x509 x509v3 conf txt_db pkcs7 pkcs12 comp ocsp ui krb5 \
store cms pqueue
store cms pqueue jpake
# keep in mind that the above list is adjusted by ./Configure
# according to no-xxx arguments...
@ -138,6 +165,7 @@ WDIRS= windows
LIBS= libcrypto.a libssl.a
SHARED_CRYPTO=libcrypto$(SHLIB_EXT)
SHARED_SSL=libssl$(SHLIB_EXT)
SHARED_FIPS=
SHARED_LIBS=
SHARED_LIBS_LINK_EXTS=
SHARED_LDFLAGS=
@ -191,6 +219,10 @@ BUILDENV= PLATFORM='${PLATFORM}' PROCESSOR='${PROCESSOR}' \
SHA1_ASM_OBJ='${SHA1_ASM_OBJ}' \
MD5_ASM_OBJ='${MD5_ASM_OBJ}' \
RMD160_ASM_OBJ='${RMD160_ASM_OBJ}' \
FIPSLIBDIR='${FIPSLIBDIR}' \
FIPSCANLIB="$${FIPSCANLIB:-$(FIPSCANLIB)}" \
FIPSCANISTERINTERNAL='${FIPSCANISTERINTERNAL}' \
FIPS_EX_OBJ='${FIPS_EX_OBJ}' \
THIS=$${THIS:-$@} MAKEFILE=Makefile MAKEOVERRIDES=
# MAKEOVERRIDES= effectively "equalizes" GNU-ish and SysV-ish make flavors,
# which in turn eliminates ambiguities in variable treatment with -e.
@ -209,7 +241,8 @@ BUILDENV= PLATFORM='${PLATFORM}' PROCESSOR='${PROCESSOR}' \
# subdirectories defined in $(DIRS). It requires that the target
# is given through the shell variable `target'.
BUILD_CMD= if [ -d "$$dir" ]; then \
( cd $$dir && echo "making $$target in $$dir..." && \
( [ $$target != all -a -z "$(FIPSCANLIB)" ] && FIPSCANLIB=/dev/null; \
cd $$dir && echo "making $$target in $$dir..." && \
$(CLEARENV) && $(MAKE) -e $(BUILDENV) TOP=.. DIR=$$dir $$target \
) || exit 1; \
fi
@ -222,13 +255,84 @@ BUILD_ONE_CMD=\
reflect:
@[ -n "$(THIS)" ] && $(CLEARENV) && $(MAKE) $(THIS) -e $(BUILDENV)
FIPS_EX_OBJ= ../crypto/aes/aes_cfb.o \
../crypto/aes/aes_ecb.o \
../crypto/aes/aes_ofb.o \
../crypto/bn/bn_add.o \
../crypto/bn/bn_blind.o \
../crypto/bn/bn_ctx.o \
../crypto/bn/bn_div.o \
../crypto/bn/bn_exp2.o \
../crypto/bn/bn_exp.o \
../crypto/bn/bn_gcd.o \
../crypto/bn/bn_lib.o \
../crypto/bn/bn_mod.o \
../crypto/bn/bn_mont.o \
../crypto/bn/bn_mul.o \
../crypto/bn/bn_prime.o \
../crypto/bn/bn_rand.o \
../crypto/bn/bn_recp.o \
../crypto/bn/bn_shift.o \
../crypto/bn/bn_sqr.o \
../crypto/bn/bn_word.o \
../crypto/bn/bn_x931p.o \
../crypto/buffer/buf_str.o \
../crypto/cryptlib.o \
../crypto/des/cfb64ede.o \
../crypto/des/cfb64enc.o \
../crypto/des/cfb_enc.o \
../crypto/des/ecb3_enc.o \
../crypto/des/ecb_enc.o \
../crypto/des/ofb64ede.o \
../crypto/des/ofb64enc.o \
../crypto/des/fcrypt.o \
../crypto/des/set_key.o \
../crypto/dsa/dsa_utl.o \
../crypto/dsa/dsa_sign.o \
../crypto/dsa/dsa_vrf.o \
../crypto/err/err.o \
../crypto/evp/digest.o \
../crypto/evp/enc_min.o \
../crypto/evp/e_aes.o \
../crypto/evp/e_des3.o \
../crypto/evp/p_sign.o \
../crypto/evp/p_verify.o \
../crypto/mem_clr.o \
../crypto/mem.o \
../crypto/rand/md_rand.o \
../crypto/rand/rand_egd.o \
../crypto/rand/randfile.o \
../crypto/rand/rand_lib.o \
../crypto/rand/rand_os2.o \
../crypto/rand/rand_unix.o \
../crypto/rand/rand_win.o \
../crypto/rsa/rsa_lib.o \
../crypto/rsa/rsa_none.o \
../crypto/rsa/rsa_oaep.o \
../crypto/rsa/rsa_pk1.o \
../crypto/rsa/rsa_pss.o \
../crypto/rsa/rsa_ssl.o \
../crypto/rsa/rsa_x931.o \
../crypto/sha/sha1dgst.o \
../crypto/sha/sha256.o \
../crypto/sha/sha512.o \
../crypto/uid.o
sub_all: build_all
build_all: build_libs build_apps build_tests build_tools
build_libs: build_crypto build_ssl build_engines
build_libs: build_crypto build_fips build_ssl build_shared build_engines
build_crypto:
@dir=crypto; target=all; $(BUILD_ONE_CMD)
if [ -n "$(FIPSCANLIB)" ]; then \
EXCL_OBJ='$(AES_ASM_OBJ) $(BN_ASM) $(DES_ENC) $(CPUID_OBJ) $(SHA1_ASM_OBJ) $(FIPS_EX_OBJ)' ; export EXCL_OBJ ; \
ARX='$(PERL) $${TOP}/util/arx.pl $(AR)' ; \
else \
ARX='${AR}' ; \
fi ; export ARX ; \
dir=crypto; target=all; $(BUILD_ONE_CMD)
build_fips:
@dir=fips; target=all; [ -z "$(FIPSCANLIB)" ] || $(BUILD_ONE_CMD)
build_ssl:
@dir=ssl; target=all; $(BUILD_ONE_CMD)
build_engines:
@ -244,9 +348,20 @@ all_testapps: build_libs build_testapps
build_testapps:
@dir=crypto; target=testapps; $(BUILD_ONE_CMD)
libcrypto$(SHLIB_EXT): libcrypto.a
build_shared: $(SHARED_LIBS)
libcrypto$(SHLIB_EXT): libcrypto.a $(SHARED_FIPS)
@if [ "$(SHLIB_TARGET)" != "" ]; then \
$(MAKE) SHLIBDIRS=crypto build-shared; \
if [ "$(FIPSCANLIB)" = "libfips" ]; then \
$(ARD) libcrypto.a fipscanister.o ; \
$(MAKE) SHLIBDIRS='crypto' SHLIBDEPS='-lfips' build-shared; \
$(AR) libcrypto.a fips/fipscanister.o ; \
else \
if [ "$(FIPSCANLIB)" = "libcrypto" ]; then \
FIPSLD_CC=$(CC); CC=fips/fipsld; \
export CC FIPSLD_CC; \
fi; \
$(MAKE) -e SHLIBDIRS='crypto' build-shared; \
fi \
else \
echo "There's no support for shared libraries on this platform" >&2; \
exit 1; \
@ -254,12 +369,32 @@ libcrypto$(SHLIB_EXT): libcrypto.a
libssl$(SHLIB_EXT): libcrypto$(SHLIB_EXT) libssl.a
@if [ "$(SHLIB_TARGET)" != "" ]; then \
$(MAKE) SHLIBDIRS=ssl SHLIBDEPS='-lcrypto' build-shared; \
shlibdeps=-lcrypto; \
[ "$(FIPSCANLIB)" = "libfips" ] && shlibdeps="$$shlibdeps -lfips"; \
$(MAKE) SHLIBDIRS=ssl SHLIBDEPS="$$shlibdeps" build-shared; \
else \
echo "There's no support for shared libraries on this platform" >&2 ; \
exit 1; \
fi
fips/fipscanister.o: build_fips
libfips$(SHLIB_EXT): fips/fipscanister.o
@if [ "$(SHLIB_TARGET)" != "" ]; then \
FIPSLD_CC=$(CC); CC=fips/fipsld; export CC FIPSLD_CC; \
$(MAKE) -f Makefile.shared -e $(BUILDENV) \
CC=$${CC} LIBNAME=fips THIS=$@ \
LIBEXTRAS=fips/fipscanister.o \
LIBDEPS="$(EX_LIBS)" \
LIBVERSION=${SHLIB_MAJOR}.${SHLIB_MINOR} \
link_o.$(SHLIB_TARGET) || { rm -f $@; exit 1; } \
else \
echo "There's no support for shared libraries on this platform" >&2; \
exit 1; \
fi
libfips.a:
dir=fips; target=all; $(BUILD_ONE_CMD)
clean-shared:
@set -e; for i in $(SHLIBDIRS); do \
if [ -n "$(SHARED_LIBS_LINK_EXTS)" ]; then \
@ -369,6 +504,9 @@ links:
@$(PERL) $(TOP)/util/mkdir-p.pl include/openssl
@$(PERL) $(TOP)/util/mklink.pl include/openssl $(EXHEADER)
@set -e; target=links; $(RECURSIVE_BUILD_CMD)
@if [ -z "$(FIPSCANLIB)" ]; then \
set -e; target=links; dir=fips ; $(BUILD_CMD) ; \
fi
gentests:
@(cd test && echo "generating dummy tests (if needed)..." && \

10
Makefile.shared

@ -101,15 +101,13 @@ LINK_SO= \
LIBDEPS="$${LIBDEPS:-$(LIBDEPS)}"; \
SHAREDCMD="$${SHAREDCMD:-$(CC)}"; \
SHAREDFLAGS="$${SHAREDFLAGS:-$(CFLAGS) $(SHARED_LDFLAGS)}"; \
nm -Pg $$SHOBJECTS | grep ' [BDT] ' | cut -f1 -d' ' > lib$(LIBNAME).exp; \
LIBPATH=`for x in $$LIBDEPS; do if echo $$x | grep '^ *-L' > /dev/null 2>&1; then echo $$x | sed -e 's/^ *-L//'; fi; done | uniq`; \
LIBPATH=`echo $$LIBPATH | sed -e 's/ /:/g'`; \
LD_LIBRARY_PATH=$$LIBPATH:$$LD_LIBRARY_PATH \
$${SHAREDCMD} $${SHAREDFLAGS} \
-o $$SHLIB$$SHLIB_SOVER$$SHLIB_SUFFIX \
$$ALLSYMSFLAGS $$SHOBJECTS $$NOALLSYMSFLAGS $$LIBDEPS \
) && $(SYMLINK_SO); \
( $(SET_X); rm -f lib$(LIBNAME).exp )
) && $(SYMLINK_SO)
SYMLINK_SO= \
if [ -n "$$INHIBIT_SYMLINKS" ]; then :; else \
@ -202,8 +200,10 @@ link_app.bsd:
# to use native NSModule(3) API and refers to dlfcn as termporary hack.
link_o.darwin:
@ $(CALC_VERSIONS); \
SHLIB=lib$(LIBNAME); \
SHLIB_SUFFIX=.so; \
SHLIB=`expr "$$THIS" : '.*/\([^/\.]*\)\.'`; \
SHLIB=$${SHLIB:-lib$(LIBNAME)}; \
SHLIB_SUFFIX=`expr "$$THIS" : '.*\(\.[^\.]*\)$$'`; \
SHLIB_SUFFIX=$${SHLIB_SUFFIX:-.so}; \
ALLSYMSFLAGS='-all_load'; \
NOALLSYMSFLAGS=''; \
SHAREDFLAGS="$(CFLAGS) $(SHARED_LDFLAGS)"; \

10
NEWS

@ -5,6 +5,16 @@
This file gives a brief overview of the major changes between each OpenSSL
release. For more details please read the CHANGES file.
Major changes between OpenSSL 0.9.8j and OpenSSL 0.9.8k:
o Fix various build issues.
o Fix security issues (CVE-2009-0590, CVE-2009-0591, CVE-2009-0789)
Major changes between OpenSSL 0.9.8i and OpenSSL 0.9.8j:
o Fix security issue (CVE-2008-5077)
o Merge FIPS 140-2 branch code.
Major changes between OpenSSL 0.9.8g and OpenSSL 0.9.8h:
o CryptoAPI ENGINE support.

2
README

@ -1,5 +1,5 @@
OpenSSL 0.9.8i
OpenSSL 0.9.8k
Copyright (c) 1998-2008 The OpenSSL Project
Copyright (c) 1995-1998 Eric A. Young, Tim J. Hudson

1031
apps/Makefile

File diff suppressed because it is too large Load Diff

234
apps/apps.c

@ -115,6 +115,7 @@
#include <sys/types.h>
#include <sys/stat.h>
#include <ctype.h>
#include <assert.h>
#include <openssl/err.h>
#include <openssl/x509.h>
#include <openssl/x509v3.h>
@ -129,6 +130,9 @@
#include <openssl/rsa.h>
#endif
#include <openssl/bn.h>
#ifndef OPENSSL_NO_JPAKE
#include <openssl/jpake.h>
#endif
#define NON_MAIN
#include "apps.h"
@ -2333,3 +2337,233 @@ void policies_print(BIO *out, X509_STORE_CTX *ctx)
if (free_out)
BIO_free(out);
}
#ifndef OPENSSL_NO_JPAKE
static JPAKE_CTX *jpake_init(const char *us, const char *them,
const char *secret)
{
BIGNUM *p = NULL;
BIGNUM *g = NULL;
BIGNUM *q = NULL;
BIGNUM *bnsecret = BN_new();
JPAKE_CTX *ctx;
/* Use a safe prime for p (that we found earlier) */
BN_hex2bn(&p, "F9E5B365665EA7A05A9C534502780FEE6F1AB5BD4F49947FD036DBD7E905269AF46EF28B0FC07487EE4F5D20FB3C0AF8E700F3A2FA3414970CBED44FEDFF80CE78D800F184BB82435D137AADA2C6C16523247930A63B85661D1FC817A51ACD96168E95898A1F83A79FFB529368AA7833ABD1B0C3AEDDB14D2E1A2F71D99F763F");
g = BN_new();
BN_set_word(g, 2);
q = BN_new();
BN_rshift1(q, p);
BN_bin2bn((const unsigned char *)secret, strlen(secret), bnsecret);
ctx = JPAKE_CTX_new(us, them, p, g, q, bnsecret);
BN_free(bnsecret);
BN_free(q);
BN_free(g);
BN_free(p);
return ctx;
}
static void jpake_send_part(BIO *conn, const JPAKE_STEP_PART *p)
{
BN_print(conn, p->gx);
BIO_puts(conn, "\n");
BN_print(conn, p->zkpx.gr);
BIO_puts(conn, "\n");
BN_print(conn, p->zkpx.b);
BIO_puts(conn, "\n");
}
static void jpake_send_step1(BIO *bconn, JPAKE_CTX *ctx)
{
JPAKE_STEP1 s1;
JPAKE_STEP1_init(&s1);
JPAKE_STEP1_generate(&s1, ctx);
jpake_send_part(bconn, &s1.p1);
jpake_send_part(bconn, &s1.p2);
(void)BIO_flush(bconn);
JPAKE_STEP1_release(&s1);
}
static void jpake_send_step2(BIO *bconn, JPAKE_CTX *ctx)
{
JPAKE_STEP2 s2;
JPAKE_STEP2_init(&s2);
JPAKE_STEP2_generate(&s2, ctx);
jpake_send_part(bconn, &s2);
(void)BIO_flush(bconn);
JPAKE_STEP2_release(&s2);
}
static void jpake_send_step3a(BIO *bconn, JPAKE_CTX *ctx)
{
JPAKE_STEP3A s3a;
JPAKE_STEP3A_init(&s3a);
JPAKE_STEP3A_generate(&s3a, ctx);
BIO_write(bconn, s3a.hhk, sizeof s3a.hhk);
(void)BIO_flush(bconn);
JPAKE_STEP3A_release(&s3a);
}
static void jpake_send_step3b(BIO *bconn, JPAKE_CTX *ctx)
{
JPAKE_STEP3B s3b;
JPAKE_STEP3B_init(&s3b);
JPAKE_STEP3B_generate(&s3b, ctx);
BIO_write(bconn, s3b.hk, sizeof s3b.hk);
(void)BIO_flush(bconn);
JPAKE_STEP3B_release(&s3b);
}
static void readbn(BIGNUM **bn, BIO *bconn)
{
char buf[10240];
int l;
l = BIO_gets(bconn, buf, sizeof buf);
assert(l > 0);
assert(buf[l-1] == '\n');
buf[l-1] = '\0';
BN_hex2bn(bn, buf);
}
static void jpake_receive_part(JPAKE_STEP_PART *p, BIO *bconn)
{
readbn(&p->gx, bconn);
readbn(&p->zkpx.gr, bconn);
readbn(&p->zkpx.b, bconn);
}
static void jpake_receive_step1(JPAKE_CTX *ctx, BIO *bconn)
{
JPAKE_STEP1 s1;
JPAKE_STEP1_init(&s1);
jpake_receive_part(&s1.p1, bconn);
jpake_receive_part(&s1.p2, bconn);
if(!JPAKE_STEP1_process(ctx, &s1))
{
ERR_print_errors(bio_err);
exit(1);
}
JPAKE_STEP1_release(&s1);
}
static void jpake_receive_step2(JPAKE_CTX *ctx, BIO *bconn)
{
JPAKE_STEP2 s2;
JPAKE_STEP2_init(&s2);
jpake_receive_part(&s2, bconn);
if(!JPAKE_STEP2_process(ctx, &s2))
{
ERR_print_errors(bio_err);
exit(1);
}
JPAKE_STEP2_release(&s2);
}
static void jpake_receive_step3a(JPAKE_CTX *ctx, BIO *bconn)
{
JPAKE_STEP3A s3a;
int l;
JPAKE_STEP3A_init(&s3a);
l = BIO_read(bconn, s3a.hhk, sizeof s3a.hhk);
assert(l == sizeof s3a.hhk);
if(!JPAKE_STEP3A_process(ctx, &s3a))
{
ERR_print_errors(bio_err);
exit(1);
}
JPAKE_STEP3A_release(&s3a);
}
static void jpake_receive_step3b(JPAKE_CTX *ctx, BIO *bconn)
{
JPAKE_STEP3B s3b;
int l;
JPAKE_STEP3B_init(&s3b);
l = BIO_read(bconn, s3b.hk, sizeof s3b.hk);
assert(l == sizeof s3b.hk);
if(!JPAKE_STEP3B_process(ctx, &s3b))
{
ERR_print_errors(bio_err);
exit(1);
}
JPAKE_STEP3B_release(&s3b);
}
void jpake_client_auth(BIO *out, BIO *conn, const char *secret)
{
JPAKE_CTX *ctx;
BIO *bconn;
BIO_puts(out, "Authenticating with JPAKE\n");
ctx = jpake_init("client", "server", secret);
bconn = BIO_new(BIO_f_buffer());
BIO_push(bconn, conn);
jpake_send_step1(bconn, ctx);
jpake_receive_step1(ctx, bconn);
jpake_send_step2(bconn, ctx);
jpake_receive_step2(ctx, bconn);
jpake_send_step3a(bconn, ctx);
jpake_receive_step3b(ctx, bconn);
/*
* The problem is that you must use the derived key in the
* session key or you are subject to man-in-the-middle
* attacks.
*/
BIO_puts(out, "JPAKE authentication succeeded (N.B. This version can"
" be MitMed. See the version in HEAD for how to do it"
" properly)\n");
BIO_pop(bconn);
BIO_free(bconn);
}
void jpake_server_auth(BIO *out, BIO *conn, const char *secret)
{
JPAKE_CTX *ctx;
BIO *bconn;
BIO_puts(out, "Authenticating with JPAKE\n");
ctx = jpake_init("server", "client", secret);
bconn = BIO_new(BIO_f_buffer());
BIO_push(bconn, conn);
jpake_receive_step1(ctx, bconn);
jpake_send_step1(bconn, ctx);
jpake_receive_step2(ctx, bconn);
jpake_send_step2(bconn, ctx);
jpake_receive_step3a(ctx, bconn);
jpake_send_step3b(bconn, ctx);
/*
* The problem is that you must use the derived key in the
* session key or you are subject to man-in-the-middle
* attacks.
*/
BIO_puts(out, "JPAKE authentication succeeded (N.B. This version can"
" be MitMed. See the version in HEAD for how to do it"
" properly)\n");
BIO_pop(bconn);
BIO_free(bconn);
}
#endif

7
apps/apps.h

@ -149,9 +149,11 @@ int WIN32_rename(const char *oldname,const char *newname);
#ifndef NON_MAIN
CONF *config=NULL;
BIO *bio_err=NULL;
int in_FIPS_mode=0;
#else
extern CONF *config;
extern BIO *bio_err;
extern int in_FIPS_mode;
#endif
#else
@ -160,6 +162,7 @@ extern BIO *bio_err;
extern CONF *config;
extern char *default_config_file;
extern BIO *bio_err;
extern int in_FIPS_mode;
#endif
@ -335,6 +338,10 @@ X509_NAME *parse_name(char *str, long chtype, int multirdn);
int args_verify(char ***pargs, int *pargc,
int *badarg, BIO *err, X509_VERIFY_PARAM **pm);
void policies_print(BIO *out, X509_STORE_CTX *ctx);
#ifndef OPENSSL_NO_JPAKE
void jpake_client_auth(BIO *out, BIO *conn, const char *secret);
void jpake_server_auth(BIO *out, BIO *conn, const char *secret);
#endif
#define FORMAT_UNDEF 0
#define FORMAT_ASN1 1

2
apps/asn1pars.c

@ -56,7 +56,7 @@
* [including the GNU Public Licence.]
*/
/* A nice addition from Dr Stephen Henson <shenson@bigfoot.com> to
/* A nice addition from Dr Stephen Henson <steve@openssl.org> to
* add the -strparse option which parses nested binary structures
*/

2
apps/ca.c

@ -83,7 +83,7 @@
# else
# include <unixlib.h>
# endif
# elif !defined(OPENSSL_SYS_VXWORKS) && !defined(OPENSSL_SYS_WINDOWS) && !defined(OPENSSL_SYS_NETWARE)
# elif !defined(OPENSSL_SYS_VXWORKS) && !defined(OPENSSL_SYS_WINDOWS) && !defined(OPENSSL_SYS_NETWARE) && !defined(__TANDEM)
# include <sys/file.h>
# endif
#endif

21
apps/crl.c

@ -85,6 +85,7 @@ static const char *crl_usage[]={
" -issuer - print issuer DN\n",
" -lastupdate - lastUpdate field\n",
" -nextupdate - nextUpdate field\n",
" -crlnumber - print CRL number\n",
" -noout - no CRL output\n",
" -CAfile name - verify CRL using certificates in file \"name\"\n",
" -CApath dir - verify CRL using certificates in \"dir\"\n",
@ -107,7 +108,7 @@ int MAIN(int argc, char **argv)
int informat,outformat;
char *infile=NULL,*outfile=NULL;
int hash=0,issuer=0,lastupdate=0,nextupdate=0,noout=0,text=0;
int fingerprint = 0;
int fingerprint = 0, crlnumber = 0;
const char **pp;
X509_STORE *store = NULL;
X509_STORE_CTX ctx;
@ -206,6 +207,8 @@ int MAIN(int argc, char **argv)
noout= ++num;
else if (strcmp(*argv,"-fingerprint") == 0)
fingerprint= ++num;
else if (strcmp(*argv,"-crlnumber") == 0)
crlnumber= ++num;
else if ((md_alg=EVP_get_digestbyname(*argv + 1)))
{
/* ok */
@ -281,7 +284,21 @@ bad:
{
print_name(bio_out, "issuer=", X509_CRL_get_issuer(x), nmflag);
}
if (crlnumber == i)
{
ASN1_INTEGER *crlnum;
crlnum = X509_CRL_get_ext_d2i(x, NID_crl_number,
NULL, NULL);
BIO_printf(bio_out,"crlNumber=");
if (crlnum)
{
i2a_ASN1_INTEGER(bio_out, crlnum);
ASN1_INTEGER_free(crlnum);
}
else
BIO_puts(bio_out, "<NONE>");
BIO_printf(bio_out,"\n");
}
if (hash == i)
{
BIO_printf(bio_out,"%08lx\n",

52
apps/dgst.c

@ -76,7 +76,7 @@
int do_fp(BIO *out, unsigned char *buf, BIO *bp, int sep, int binout,
EVP_PKEY *key, unsigned char *sigin, int siglen, const char *title,
const char *file,BIO *bmd,const char *hmac_key);
const char *file,BIO *bmd,const char *hmac_key, int non_fips_allow);
int MAIN(int, char **);
@ -84,7 +84,7 @@ int MAIN(int argc, char **argv)
{
ENGINE *e = NULL;
unsigned char *buf=NULL;
int i,err=0;
int i,err=1;
const EVP_MD *md=NULL,*m;
BIO *in=NULL,*inp;
BIO *bmd=NULL;
@ -101,14 +101,16 @@ int MAIN(int argc, char **argv)
EVP_PKEY *sigkey = NULL;
unsigned char *sigbuf = NULL;
int siglen = 0;
unsigned int sig_flags = 0;
char *passargin = NULL, *passin = NULL;
#ifndef OPENSSL_NO_ENGINE
char *engine=NULL;
#endif
char *hmac_key=NULL;
int non_fips_allow = 0;
apps_startup();
ERR_load_crypto_strings();
if ((buf=(unsigned char *)OPENSSL_malloc(BUFSIZE)) == NULL)
{
BIO_printf(bio_err,"out of memory\n");
@ -167,6 +169,27 @@ int MAIN(int argc, char **argv)
keyfile=*(++argv);
do_verify = 1;
}
else if (strcmp(*argv,"-x931") == 0)
sig_flags = EVP_MD_CTX_FLAG_PAD_X931;
else if (strcmp(*argv,"-pss_saltlen") == 0)
{
int saltlen;
if (--argc < 1) break;
saltlen=atoi(*(++argv));
if (saltlen == -1)
sig_flags = EVP_MD_CTX_FLAG_PSS_MREC;
else if (saltlen == -2)
sig_flags = EVP_MD_CTX_FLAG_PSS_MDLEN;
else if (saltlen < -2 || saltlen >= 0xFFFE)
{
BIO_printf(bio_err, "Invalid PSS salt length %d\n", saltlen);
goto end;
}
else
sig_flags = saltlen;
sig_flags <<= 16;
sig_flags |= EVP_MD_CTX_FLAG_PAD_PSS;
}
else if (strcmp(*argv,"-signature") == 0)
{
if (--argc < 1) break;
@ -190,6 +213,8 @@ int MAIN(int argc, char **argv)
out_bin = 1;
else if (strcmp(*argv,"-d") == 0)
debug=1;
else if (strcmp(*argv,"-non-fips-allow") == 0)
non_fips_allow=1;
else if (!strcmp(*argv,"-fips-fingerprint"))
hmac_key = "etaonrishdlcupfm";
else if (!strcmp(*argv,"-hmac"))
@ -356,8 +381,20 @@ int MAIN(int argc, char **argv)
goto end;
}
}
if (non_fips_allow)
{
EVP_MD_CTX *md_ctx;
BIO_get_md_ctx(bmd,&md_ctx);
EVP_MD_CTX_set_flags(md_ctx, EVP_MD_CTX_FLAG_NON_FIPS_ALLOW);
}
if (sig_flags)
{
EVP_MD_CTX *md_ctx;
BIO_get_md_ctx(bmd,&md_ctx);
EVP_MD_CTX_set_flags(md_ctx, sig_flags);
}
/* we use md as a filter, reading from 'in' */
if (!BIO_set_md(bmd,md))
@ -373,11 +410,12 @@ int MAIN(int argc, char **argv)
{
BIO_set_fp(in,stdin,BIO_NOCLOSE);
err=do_fp(out, buf,inp,separator, out_bin, sigkey, sigbuf,
siglen,"","(stdin)",bmd,hmac_key);
siglen,"","(stdin)",bmd,hmac_key,non_fips_allow);
}
else
{
name=OBJ_nid2sn(md->type);
err = 0;
for (i=0; i<argc; i++)
{
char *tmp,*tofree=NULL;
@ -399,7 +437,7 @@ int MAIN(int argc, char **argv)
else
tmp="";
r=do_fp(out,buf,inp,separator,out_bin,sigkey,sigbuf,
siglen,tmp,argv[i],bmd,hmac_key);
siglen,tmp,argv[i],bmd,hmac_key,non_fips_allow);
if(r)
err=r;
if(tofree)
@ -426,7 +464,7 @@ end:
int do_fp(BIO *out, unsigned char *buf, BIO *bp, int sep, int binout,
EVP_PKEY *key, unsigned char *sigin, int siglen, const char *title,
const char *file,BIO *bmd,const char *hmac_key)
const char *file,BIO *bmd,const char *hmac_key,int non_fips_allow)
{
unsigned int len;
int i;

2
apps/dsa.c

@ -96,9 +96,7 @@ int MAIN(int, char **);
int MAIN(int argc, char **argv)
{
#ifndef OPENSSL_NO_ENGINE
ENGINE *e = NULL;
#endif
int ret=1;
DSA *dsa=NULL;
int i,badops=0;

16
apps/enc.c

@ -127,6 +127,7 @@ int MAIN(int argc, char **argv)
char *engine = NULL;
#endif
const EVP_MD *dgst=NULL;
int non_fips_allow = 0;
apps_startup();
@ -261,6 +262,8 @@ int MAIN(int argc, char **argv)
if (--argc < 1) goto bad;
md= *(++argv);
}
else if (strcmp(*argv,"-non-fips-allow") == 0)
non_fips_allow = 1;
else if ((argv[0][0] == '-') &&
((c=EVP_get_cipherbyname(&(argv[0][1]))) != NULL))
{
@ -314,7 +317,10 @@ bad:
if (dgst == NULL)
{
dgst = EVP_md5();
if (in_FIPS_mode)
dgst = EVP_sha1();
else
dgst = EVP_md5();
}
if (bufsize != NULL)
@ -527,7 +533,8 @@ bad:
BIO_printf(bio_err,"invalid hex iv value\n");
goto end;
}
if ((hiv == NULL) && (str == NULL))
if ((hiv == NULL) && (str == NULL)
&& EVP_CIPHER_iv_length(cipher) != 0)
{
/* No IV was explicitly set and no IV was generated
* during EVP_BytesToKey. Hence the IV is undefined,
@ -549,6 +556,11 @@ bad:
*/
BIO_get_cipher_ctx(benc, &ctx);
if (non_fips_allow)
EVP_CIPHER_CTX_set_flags(ctx,
EVP_CIPH_FLAG_NON_FIPS_ALLOW);
if (!EVP_CipherInit_ex(ctx, cipher, NULL, NULL, NULL, enc))
{
BIO_printf(bio_err, "Error setting cipher %s\n",

6
apps/engine.c

@ -56,7 +56,6 @@
*
*/
#ifndef OPENSSL_NO_ENGINE
#include <stdio.h>
#include <stdlib.h>
@ -66,6 +65,7 @@
#endif
#include "apps.h"
#include <openssl/err.h>
#ifndef OPENSSL_NO_ENGINE
#include <openssl/engine.h>
#include <openssl/ssl.h>
@ -252,7 +252,7 @@ static int util_verbose(ENGINE *e, int verbose, BIO *bio_out, const char *indent
/* Now decide on the output */
if(xpos == 0)
/* Do an indent */
xpos = BIO_printf(bio_out, indent);
xpos = BIO_puts(bio_out, indent);
else
/* Otherwise prepend a ", " */
xpos += BIO_printf(bio_out, ", ");
@ -263,7 +263,7 @@ static int util_verbose(ENGINE *e, int verbose, BIO *bio_out, const char *indent
(xpos + (int)strlen(name) > line_wrap))
{
BIO_printf(bio_out, "\n");
xpos = BIO_printf(bio_out, indent);
xpos = BIO_puts(bio_out, indent);
}
xpos += BIO_printf(bio_out, "%s", name);
}

440
apps/genpkey.c Normal file

@ -0,0 +1,440 @@
/* apps/genpkey.c */
/* Written by Dr Stephen N Henson (steve@openssl.org) for the OpenSSL
* project 2006
*/
/* ====================================================================
* Copyright (c) 2006 The OpenSSL Project. All rights reserved.
*
* Redistribution and use in source and binary forms, with or without
* modification, are permitted provided that the following conditions
* are met:
*
* 1. Redistributions of source code must retain the above copyright
* notice, this list of conditions and the following disclaimer.
*
* 2. Redistributions in binary form must reproduce the above copyright
* notice, this list of conditions and the following disclaimer in
* the documentation and/or other materials provided with the
* distribution.
*
* 3. All advertising materials mentioning features or use of this
* software must display the following acknowledgment:
* "This product includes software developed by the OpenSSL Project
* for use in the OpenSSL Toolkit. (http://www.OpenSSL.org/)"
*
* 4. The names "OpenSSL Toolkit" and "OpenSSL Project" must not be used to
* endorse or promote products derived from this software without
* prior written permission. For written permission, please contact
* licensing@OpenSSL.org.
*
* 5. Products derived from this software may not be called "OpenSSL"
* nor may "OpenSSL" appear in their names without prior written
* permission of the OpenSSL Project.
*
* 6. Redistributions of any form whatsoever must retain the following
* acknowledgment:
* "This product includes software developed by the OpenSSL Project
* for use in the OpenSSL Toolkit (http://www.OpenSSL.org/)"
*
* THIS SOFTWARE IS PROVIDED BY THE OpenSSL PROJECT ``AS IS'' AND ANY
* EXPRESSED OR IMPLIED WARRANTIES, INCLUDING, BUT NOT LIMITED TO, THE
* IMPLIED WARRANTIES OF MERCHANTABILITY AND FITNESS FOR A PARTICULAR
* PURPOSE ARE DISCLAIMED. IN NO EVENT SHALL THE OpenSSL PROJECT OR
* ITS CONTRIBUTORS BE LIABLE FOR ANY DIRECT, INDIRECT, INCIDENTAL,
* SPECIAL, EXEMPLARY, OR CONSEQUENTIAL DAMAGES (INCLUDING, BUT
* NOT LIMITED TO, PROCUREMENT OF SUBSTITUTE GOODS OR SERVICES;
* LOSS OF USE, DATA, OR PROFITS; OR BUSINESS INTERRUPTION)
* HOWEVER CAUSED AND ON ANY THEORY OF LIABILITY, WHETHER IN CONTRACT,
* STRICT LIABILITY, OR TORT (INCLUDING NEGLIGENCE OR OTHERWISE)
* ARISING IN ANY WAY OUT OF THE USE OF THIS SOFTWARE, EVEN IF ADVISED
* OF THE POSSIBILITY OF SUCH DAMAGE.
* ====================================================================
*
* This product includes cryptographic software written by Eric Young
* (eay@cryptsoft.com). This product includes software written by Tim
* Hudson (tjh@cryptsoft.com).
*
*/
#include <stdio.h>
#include <string.h>
#include "apps.h"
#include <openssl/pem.h>
#include <openssl/err.h>
#include <openssl/evp.h>
#ifndef OPENSSL_NO_ENGINE
#include <openssl/engine.h>
#endif
static int init_keygen_file(BIO *err, EVP_PKEY_CTX **pctx,
const char *file, ENGINE *e);
static int genpkey_cb(EVP_PKEY_CTX *ctx);
#define PROG genpkey_main
int MAIN(int, char **);
int MAIN(int argc, char **argv)
{
ENGINE *e = NULL;
char **args, *outfile = NULL;
char *passarg = NULL;
BIO *in = NULL, *out = NULL;
const EVP_CIPHER *cipher = NULL;
int outformat;
int text = 0;
EVP_PKEY *pkey=NULL;
EVP_PKEY_CTX *ctx = NULL;
char *pass = NULL;
int badarg = 0;
int ret = 1, rv;
int do_param = 0;
if (bio_err == NULL)
bio_err = BIO_new_fp (stderr, BIO_NOCLOSE);
if (!load_config(bio_err, NULL))
goto end;
outformat=FORMAT_PEM;
ERR_load_crypto_strings();
OpenSSL_add_all_algorithms();
args = argv + 1;
while (!badarg && *args && *args[0] == '-')
{
if (!strcmp(*args,"-outform"))
{
if (args[1])
{
args++;
outformat=str2fmt(*args);
}
else badarg = 1;
}
else if (!strcmp(*args,"-pass"))
{
if (!args[1]) goto bad;
passarg= *(++args);
}
#ifndef OPENSSL_NO_ENGINE
else if (strcmp(*args,"-engine") == 0)
{
if (!args[1])
goto bad;
e = setup_engine(bio_err, *(++args), 0);
}
#endif
else if (!strcmp (*args, "-paramfile"))
{
if (!args[1])
goto bad;
args++;
if (do_param == 1)
goto bad;
if (!init_keygen_file(bio_err, &ctx, *args, e))
goto end;
}
else if (!strcmp (*args, "-out"))
{
if (args[1])
{
args++;
outfile = *args;
}
else badarg = 1;
}
else if (strcmp(*args,"-algorithm") == 0)
{
if (!args[1])
goto bad;
if (!init_gen_str(bio_err, &ctx, *(++args),e, do_param))
goto end;
}
else if (strcmp(*args,"-pkeyopt") == 0)
{
if (!args[1])
goto bad;
if (!ctx)
{
BIO_puts(bio_err, "No keytype specified\n");
goto bad;
}
else if (pkey_ctrl_string(ctx, *(++args)) <= 0)
{
BIO_puts(bio_err, "parameter setting error\n");
ERR_print_errors(bio_err);
goto end;
}
}
else if (strcmp(*args,"-genparam") == 0)
{
if (ctx)
goto bad;
do_param = 1;
}
else if (strcmp(*args,"-text") == 0)
text=1;
else
{
cipher = EVP_get_cipherbyname(*args + 1);
if (!cipher)
{
BIO_printf(bio_err, "Unknown cipher %s\n",
*args + 1);
badarg = 1;
}
if (do_param == 1)
badarg = 1;
}
args++;
}
if (!ctx)
badarg = 1;
if (badarg)
{
bad:
BIO_printf(bio_err, "Usage: genpkey [options]\n");
BIO_printf(bio_err, "where options may be\n");
BIO_printf(bio_err, "-out file output file\n");
BIO_printf(bio_err, "-outform X output format (DER or PEM)\n");
BIO_printf(bio_err, "-pass arg output file pass phrase source\n");
BIO_printf(bio_err, "-<cipher> use cipher <cipher> to encrypt the key\n");
#ifndef OPENSSL_NO_ENGINE
BIO_printf(bio_err, "-engine e use engine e, possibly a hardware device.\n");
#endif
BIO_printf(bio_err, "-paramfile file parameters file\n");
BIO_printf(bio_err, "-algorithm alg the public key algorithm\n");
BIO_printf(bio_err, "-pkeyopt opt:value set the public key algorithm option <opt>\n"
" to value <value>\n");
BIO_printf(bio_err, "-genparam generate parameters, not key\n");
BIO_printf(bio_err, "-text print the in text\n");
BIO_printf(bio_err, "NB: options order may be important! See the manual page.\n");
goto end;
}
if (!app_passwd(bio_err, passarg, NULL, &pass, NULL))
{
BIO_puts(bio_err, "Error getting password\n");
goto end;
}
if (outfile)
{
if (!(out = BIO_new_file (outfile, "wb")))
{
BIO_printf(bio_err,
"Can't open output file %s\n", outfile);
goto end;
}
}
else
{
out = BIO_new_fp (stdout, BIO_NOCLOSE);
#ifdef OPENSSL_SYS_VMS
{
BIO *tmpbio = BIO_new(BIO_f_linebuffer());
out = BIO_push(tmpbio, out);
}
#endif
}
EVP_PKEY_CTX_set_cb(ctx, genpkey_cb);
EVP_PKEY_CTX_set_app_data(ctx, bio_err);
if (do_param)
{
if (EVP_PKEY_paramgen(ctx, &pkey) <= 0)
{
BIO_puts(bio_err, "Error generating parameters\n");
ERR_print_errors(bio_err);
goto end;
}
}
else
{
if (EVP_PKEY_keygen(ctx, &pkey) <= 0)
{
BIO_puts(bio_err, "Error generating key\n");
ERR_print_errors(bio_err);
goto end;
}
}
if (do_param)
rv = PEM_write_bio_Parameters(out, pkey);
else if (outformat == FORMAT_PEM)
rv = PEM_write_bio_PrivateKey(out, pkey, cipher, NULL, 0,
NULL, pass);
else if (outformat == FORMAT_ASN1)
rv = i2d_PrivateKey_bio(out, pkey);
else
{
BIO_printf(bio_err, "Bad format specified for key\n");
goto end;
}
if (rv <= 0)
{
BIO_puts(bio_err, "Error writing key\n");
ERR_print_errors(bio_err);
}
if (text)
{
if (do_param)
rv = EVP_PKEY_print_params(out, pkey, 0, NULL);
else
rv = EVP_PKEY_print_private(out, pkey, 0, NULL);
if (rv <= 0)
{
BIO_puts(bio_err, "Error printing key\n");
ERR_print_errors(bio_err);
}
}
ret = 0;
end:
if (pkey)
EVP_PKEY_free(pkey);
if (ctx)
EVP_PKEY_CTX_free(ctx);
if (out)
BIO_free_all(out);
BIO_free(in);
if (pass)
OPENSSL_free(pass);
return ret;
}
static int init_keygen_file(BIO *err, EVP_PKEY_CTX **pctx,
const char *file, ENGINE *e)
{
BIO *pbio;
EVP_PKEY *pkey = NULL;
EVP_PKEY_CTX *ctx = NULL;
if (*pctx)
{
BIO_puts(err, "Parameters already set!\n");
return 0;
}
pbio = BIO_new_file(file, "r");
if (!pbio)
{
BIO_printf(err, "Can't open parameter file %s\n", file);
return 0;
}
pkey = PEM_read_bio_Parameters(pbio, NULL);
BIO_free(pbio);
if (!pkey)
{
BIO_printf(bio_err, "Error reading parameter file %s\n", file);
return 0;
}
ctx = EVP_PKEY_CTX_new(pkey, e);
if (!ctx)
goto err;
if (EVP_PKEY_keygen_init(ctx) <= 0)
goto err;
EVP_PKEY_free(pkey);
*pctx = ctx;
return 1;
err:
BIO_puts(err, "Error initializing context\n");
ERR_print_errors(err);
if (ctx)
EVP_PKEY_CTX_free(ctx);
if (pkey)
EVP_PKEY_free(pkey);
return 0;
}
int init_gen_str(BIO *err, EVP_PKEY_CTX **pctx,
const char *algname, ENGINE *e, int do_param)
{
EVP_PKEY_CTX *ctx = NULL;
const EVP_PKEY_ASN1_METHOD *ameth;
ENGINE *tmpeng = NULL;
int pkey_id;
if (*pctx)
{
BIO_puts(err, "Algorithm already set!\n");
return 0;
}
ameth = EVP_PKEY_asn1_find_str(&tmpeng, algname, -1);
#ifndef OPENSSL_NO_ENGINE
if (!ameth && e)
ameth = ENGINE_get_pkey_asn1_meth_str(e, algname, -1);
#endif
if (!ameth)
{
BIO_printf(bio_err, "Algorithm %s not found\n", algname);
return 0;
}
ERR_clear_error();
EVP_PKEY_asn1_get0_info(&pkey_id, NULL, NULL, NULL, NULL, ameth);
#ifndef OPENSSL_NO_ENGINE
if (tmpeng)
ENGINE_finish(tmpeng);
#endif
ctx = EVP_PKEY_CTX_new_id(pkey_id, e);
if (!ctx)
goto err;
if (do_param)
{
if (EVP_PKEY_paramgen_init(ctx) <= 0)
goto err;
}
else
{
if (EVP_PKEY_keygen_init(ctx) <= 0)
goto err;
}
*pctx = ctx;
return 1;
err:
BIO_printf(err, "Error initializing %s context\n", algname);
ERR_print_errors(err);
if (ctx)
EVP_PKEY_CTX_free(ctx);
return 0;
}
static int genpkey_cb(EVP_PKEY_CTX *ctx)
{
char c='*';
BIO *b = EVP_PKEY_CTX_get_app_data(ctx);
int p;
p = EVP_PKEY_CTX_get_keygen_info(ctx, 0);
if (p == 0) c='.';
if (p == 1) c='+';
if (p == 2) c='*';
if (p == 3) c='\n';
BIO_write(b,&c,1);
(void)BIO_flush(b);
#ifdef LINT
p=n;
#endif
return 1;
}

15
apps/genrsa.c

@ -95,6 +95,7 @@ int MAIN(int argc, char **argv)
int ret=1;
int i,num=DEFBITS;
long l;
int use_x931 = 0;
const EVP_CIPHER *enc=NULL;
unsigned long f4=RSA_F4;
char *outfile=NULL;
@ -138,6 +139,8 @@ int MAIN(int argc, char **argv)
f4=3;
else if (strcmp(*argv,"-F4") == 0 || strcmp(*argv,"-f4") == 0)
f4=RSA_F4;
else if (strcmp(*argv,"-x931") == 0)
use_x931 = 1;
#ifndef OPENSSL_NO_ENGINE
else if (strcmp(*argv,"-engine") == 0)
{
@ -266,7 +269,17 @@ bad:
BIO_printf(bio_err,"Generating RSA private key, %d bit long modulus\n",
num);
if(!BN_set_word(bn, f4) || !RSA_generate_key_ex(rsa, num, bn, &cb))
if (use_x931)
{
BIGNUM *pubexp;
pubexp = BN_new();
if (!BN_set_word(pubexp, f4))
goto err;
if (!RSA_X931_generate_key_ex(rsa, num, pubexp, &cb))
goto err;
BN_free(pubexp);
}
else if(!BN_set_word(bn, f4) || !RSA_generate_key_ex(rsa, num, bn, &cb))
goto err;
app_RAND_write_file(NULL, bio_err);

1
apps/md4.c Symbolic link

@ -0,0 +1 @@
../crypto/md4/md4.c

2
apps/nseq.c

@ -1,5 +1,5 @@
/* nseq.c */
/* Written by Dr Stephen N Henson (shenson@bigfoot.com) for the OpenSSL
/* Written by Dr Stephen N Henson (steve@openssl.org) for the OpenSSL
* project 1999.
*/
/* ====================================================================

2
apps/ocsp.c

@ -1,5 +1,5 @@
/* ocsp.c */
/* Written by Dr Stephen N Henson (shenson@bigfoot.com) for the OpenSSL
/* Written by Dr Stephen N Henson (steve@openssl.org) for the OpenSSL
* project 2000.
*/
/* ====================================================================

32
apps/openssl.c

@ -147,6 +147,7 @@ char *default_config_file=NULL;
#ifdef MONOLITH
CONF *config=NULL;
BIO *bio_err=NULL;
int in_FIPS_mode=0;
#endif
@ -232,6 +233,19 @@ int main(int Argc, char *Argv[])
arg.data=NULL;
arg.count=0;
in_FIPS_mode = 0;
#ifdef OPENSSL_FIPS
if(getenv("OPENSSL_FIPS")) {
if (!FIPS_mode_set(1)) {
ERR_load_crypto_strings();
ERR_print_errors(BIO_new_fp(stderr,BIO_NOCLOSE));
EXIT(1);
}
in_FIPS_mode = 1;
}
#endif
if (bio_err == NULL)
if ((bio_err=BIO_new(BIO_s_file())) != NULL)
BIO_set_fp(bio_err,stderr,BIO_NOCLOSE|BIO_FP_TEXT);
@ -273,21 +287,9 @@ int main(int Argc, char *Argv[])
i=NCONF_load(config,p,&errline);
if (i == 0)
{
if (ERR_GET_REASON(ERR_peek_last_error())
== CONF_R_NO_SUCH_FILE)
{
BIO_printf(bio_err,
"WARNING: can't open config file: %s\n",p);
ERR_clear_error();
NCONF_free(config);
config = NULL;
}
else
{
ERR_print_errors(bio_err);
NCONF_free(config);
exit(1);
}
NCONF_free(config);
config = NULL;
ERR_clear_error();
}
prog=prog_init();

11
apps/pkcs12.c

@ -1,5 +1,5 @@
/* pkcs12.c */
/* Written by Dr Stephen N Henson (shenson@bigfoot.com) for the OpenSSL
/* Written by Dr Stephen N Henson (steve@openssl.org) for the OpenSSL
* project.
*/
/* ====================================================================
@ -111,7 +111,7 @@ int MAIN(int argc, char **argv)
int maciter = PKCS12_DEFAULT_ITER;
int twopass = 0;
int keytype = 0;
int cert_pbe = NID_pbe_WithSHA1And40BitRC2_CBC;
int cert_pbe;
int key_pbe = NID_pbe_WithSHA1And3_Key_TripleDES_CBC;
int ret = 1;
int macver = 1;
@ -128,6 +128,13 @@ int MAIN(int argc, char **argv)
apps_startup();
#ifdef OPENSSL_FIPS
if (FIPS_mode())
cert_pbe = NID_pbe_WithSHA1And3_Key_TripleDES_CBC;
else
#endif
cert_pbe = NID_pbe_WithSHA1And40BitRC2_CBC;
enc = EVP_des_ede3_cbc();
if (bio_err == NULL ) bio_err = BIO_new_fp (stderr, BIO_NOCLOSE);

2
apps/pkcs8.c

@ -1,5 +1,5 @@
/* pkcs8.c */
/* Written by Dr Stephen N Henson (shenson@bigfoot.com) for the OpenSSL
/* Written by Dr Stephen N Henson (steve@openssl.org) for the OpenSSL
* project 1999-2004.
*/
/* ====================================================================

284
apps/pkey.c Normal file

@ -0,0 +1,284 @@
/* apps/pkey.c */
/* Written by Dr Stephen N Henson (steve@openssl.org) for the OpenSSL
* project 2006
*/
/* ====================================================================
* Copyright (c) 2006 The OpenSSL Project. All rights reserved.
*
* Redistribution and use in source and binary forms, with or without
* modification, are permitted provided that the following conditions
* are met:
*
* 1. Redistributions of source code must retain the above copyright
* notice, this list of conditions and the following disclaimer.
*
* 2. Redistributions in binary form must reproduce the above copyright
* notice, this list of conditions and the following disclaimer in
* the documentation and/or other materials provided with the
* distribution.
*
* 3. All advertising materials mentioning features or use of this
* software must display the following acknowledgment:
* "This product includes software developed by the OpenSSL Project
* for use in the OpenSSL Toolkit. (http://www.OpenSSL.org/)"
*
* 4. The names "OpenSSL Toolkit" and "OpenSSL Project" must not be used to
* endorse or promote products derived from this software without
* prior written permission. For written permission, please contact
* licensing@OpenSSL.org.
*
* 5. Products derived from this software may not be called "OpenSSL"
* nor may "OpenSSL" appear in their names without prior written
* permission of the OpenSSL Project.
*
* 6. Redistributions of any form whatsoever must retain the following
* acknowledgment:
* "This product includes software developed by the OpenSSL Project
* for use in the OpenSSL Toolkit (http://www.OpenSSL.org/)"
*
* THIS SOFTWARE IS PROVIDED BY THE OpenSSL PROJECT ``AS IS'' AND ANY
* EXPRESSED OR IMPLIED WARRANTIES, INCLUDING, BUT NOT LIMITED TO, THE
* IMPLIED WARRANTIES OF MERCHANTABILITY AND FITNESS FOR A PARTICULAR
* PURPOSE ARE DISCLAIMED. IN NO EVENT SHALL THE OpenSSL PROJECT OR
* ITS CONTRIBUTORS BE LIABLE FOR ANY DIRECT, INDIRECT, INCIDENTAL,
* SPECIAL, EXEMPLARY, OR CONSEQUENTIAL DAMAGES (INCLUDING, BUT
* NOT LIMITED TO, PROCUREMENT OF SUBSTITUTE GOODS OR SERVICES;
* LOSS OF USE, DATA, OR PROFITS; OR BUSINESS INTERRUPTION)
* HOWEVER CAUSED AND ON ANY THEORY OF LIABILITY, WHETHER IN CONTRACT,
* STRICT LIABILITY, OR TORT (INCLUDING NEGLIGENCE OR OTHERWISE)
* ARISING IN ANY WAY OUT OF THE USE OF THIS SOFTWARE, EVEN IF ADVISED
* OF THE POSSIBILITY OF SUCH DAMAGE.
* ====================================================================
*
* This product includes cryptographic software written by Eric Young
* (eay@cryptsoft.com). This product includes software written by Tim
* Hudson (tjh@cryptsoft.com).
*
*/
#include <stdio.h>
#include <string.h>
#include "apps.h"
#include <openssl/pem.h>
#include <openssl/err.h>
#include <openssl/evp.h>
#define PROG pkey_main
int MAIN(int, char **);
int MAIN(int argc, char **argv)
{
ENGINE *e = NULL;
char **args, *infile = NULL, *outfile = NULL;
char *passargin = NULL, *passargout = NULL;
BIO *in = NULL, *out = NULL;
const EVP_CIPHER *cipher = NULL;
int informat, outformat;
int pubin = 0, pubout = 0, pubtext = 0, text = 0, noout = 0;
EVP_PKEY *pkey=NULL;
char *passin = NULL, *passout = NULL;
int badarg = 0;
#ifndef OPENSSL_NO_ENGINE
char *engine=NULL;
#endif
int ret = 1;
if (bio_err == NULL)
bio_err = BIO_new_fp (stderr, BIO_NOCLOSE);
if (!load_config(bio_err, NULL))
goto end;
informat=FORMAT_PEM;
outformat=FORMAT_PEM;
ERR_load_crypto_strings();
OpenSSL_add_all_algorithms();
args = argv + 1;
while (!badarg && *args && *args[0] == '-')
{
if (!strcmp(*args,"-inform"))
{
if (args[1])
{
args++;
informat=str2fmt(*args);
}
else badarg = 1;
}
else if (!strcmp(*args,"-outform"))
{
if (args[1])
{
args++;
outformat=str2fmt(*args);
}
else badarg = 1;
}
else if (!strcmp(*args,"-passin"))
{
if (!args[1]) goto bad;
passargin= *(++args);
}
else if (!strcmp(*args,"-passout"))
{
if (!args[1]) goto bad;
passargout= *(++args);
}
#ifndef OPENSSL_NO_ENGINE
else if (strcmp(*args,"-engine") == 0)
{
if (!args[1]) goto bad;
engine= *(++args);
}
#endif
else if (!strcmp (*args, "-in"))
{
if (args[1])
{
args++;
infile = *args;
}
else badarg = 1;
}
else if (!strcmp (*args, "-out"))
{
if (args[1])
{
args++;
outfile = *args;
}
else badarg = 1;
}
else if (strcmp(*args,"-pubin") == 0)
{
pubin=1;
pubout=1;
pubtext=1;
}
else if (strcmp(*args,"-pubout") == 0)
pubout=1;
else if (strcmp(*args,"-text_pub") == 0)
{
pubtext=1;
text=1;
}
else if (strcmp(*args,"-text") == 0)
text=1;
else if (strcmp(*args,"-noout") == 0)
noout=1;
else
{
cipher = EVP_get_cipherbyname(*args + 1);
if (!cipher)
{
BIO_printf(bio_err, "Unknown cipher %s\n",
*args + 1);
badarg = 1;
}
}
args++;
}
if (badarg)
{
bad:
BIO_printf(bio_err, "Usage pkey [options]\n");
BIO_printf(bio_err, "where options are\n");
BIO_printf(bio_err, "-in file input file\n");
BIO_printf(bio_err, "-inform X input format (DER or PEM)\n");
BIO_printf(bio_err, "-passin arg input file pass phrase source\n");
BIO_printf(bio_err, "-outform X output format (DER or PEM)\n");
BIO_printf(bio_err, "-out file output file\n");
BIO_printf(bio_err, "-passout arg output file pass phrase source\n");
#ifndef OPENSSL_NO_ENGINE
BIO_printf(bio_err, "-engine e use engine e, possibly a hardware device.\n");
#endif
return 1;
}
#ifndef OPENSSL_NO_ENGINE
e = setup_engine(bio_err, engine, 0);
#endif
if (!app_passwd(bio_err, passargin, passargout, &passin, &passout))
{
BIO_printf(bio_err, "Error getting passwords\n");
goto end;
}
if (outfile)
{
if (!(out = BIO_new_file (outfile, "wb")))
{
BIO_printf(bio_err,
"Can't open output file %s\n", outfile);
goto end;
}
}
else
{
out = BIO_new_fp (stdout, BIO_NOCLOSE);
#ifdef OPENSSL_SYS_VMS
{
BIO *tmpbio = BIO_new(BIO_f_linebuffer());
out = BIO_push(tmpbio, out);
}
#endif
}
if (pubin)
pkey = load_pubkey(bio_err, infile, informat, 1,
passin, e, "Public Key");
else
pkey = load_key(bio_err, infile, informat, 1,
passin, e, "key");
if (!pkey)
goto end;
if (!noout)
{
if (outformat == FORMAT_PEM)
{
if (pubout)
PEM_write_bio_PUBKEY(out,pkey);
else
PEM_write_bio_PrivateKey(out, pkey, cipher,
NULL, 0, NULL, passout);
}
else if (outformat == FORMAT_ASN1)
{
if (pubout)
i2d_PUBKEY_bio(out, pkey);
else
i2d_PrivateKey_bio(out, pkey);
}
else
{
BIO_printf(bio_err, "Bad format specified for key\n");
goto end;
}
}
if (text)
{
if (pubtext)
EVP_PKEY_print_public(out, pkey, 0, NULL);
else
EVP_PKEY_print_private(out, pkey, 0, NULL);
}
ret = 0;
end:
EVP_PKEY_free(pkey);
BIO_free_all(out);
BIO_free(in);
if (passin)
OPENSSL_free(passin);
if (passout)
OPENSSL_free(passout);
return ret;
}

201
apps/pkeyparam.c Normal file

@ -0,0 +1,201 @@
/* apps/pkeyparam.c */
/* Written by Dr Stephen N Henson (steve@openssl.org) for the OpenSSL
* project 2006
*/
/* ====================================================================
* Copyright (c) 2006 The OpenSSL Project. All rights reserved.
*
* Redistribution and use in source and binary forms, with or without
* modification, are permitted provided that the following conditions
* are met:
*
* 1. Redistributions of source code must retain the above copyright
* notice, this list of conditions and the following disclaimer.
*
* 2. Redistributions in binary form must reproduce the above copyright
* notice, this list of conditions and the following disclaimer in
* the documentation and/or other materials provided with the
* distribution.
*
* 3. All advertising materials mentioning features or use of this
* software must display the following acknowledgment:
* "This product includes software developed by the OpenSSL Project
* for use in the OpenSSL Toolkit. (http://www.OpenSSL.org/)"
*
* 4. The names "OpenSSL Toolkit" and "OpenSSL Project" must not be used to
* endorse or promote products derived from this software without
* prior written permission. For written permission, please contact
* licensing@OpenSSL.org.
*
* 5. Products derived from this software may not be called "OpenSSL"
* nor may "OpenSSL" appear in their names without prior written
* permission of the OpenSSL Project.
*
* 6. Redistributions of any form whatsoever must retain the following
* acknowledgment:
* "This product includes software developed by the OpenSSL Project
* for use in the OpenSSL Toolkit (http://www.OpenSSL.org/)"
*
* THIS SOFTWARE IS PROVIDED BY THE OpenSSL PROJECT ``AS IS'' AND ANY
* EXPRESSED OR IMPLIED WARRANTIES, INCLUDING, BUT NOT LIMITED TO, THE
* IMPLIED WARRANTIES OF MERCHANTABILITY AND FITNESS FOR A PARTICULAR
* PURPOSE ARE DISCLAIMED. IN NO EVENT SHALL THE OpenSSL PROJECT OR
* ITS CONTRIBUTORS BE LIABLE FOR ANY DIRECT, INDIRECT, INCIDENTAL,
* SPECIAL, EXEMPLARY, OR CONSEQUENTIAL DAMAGES (INCLUDING, BUT
* NOT LIMITED TO, PROCUREMENT OF SUBSTITUTE GOODS OR SERVICES;
* LOSS OF USE, DATA, OR PROFITS; OR BUSINESS INTERRUPTION)
* HOWEVER CAUSED AND ON ANY THEORY OF LIABILITY, WHETHER IN CONTRACT,
* STRICT LIABILITY, OR TORT (INCLUDING NEGLIGENCE OR OTHERWISE)
* ARISING IN ANY WAY OUT OF THE USE OF THIS SOFTWARE, EVEN IF ADVISED
* OF THE POSSIBILITY OF SUCH DAMAGE.
* ====================================================================
*
* This product includes cryptographic software written by Eric Young
* (eay@cryptsoft.com). This product includes software written by Tim
* Hudson (tjh@cryptsoft.com).
*
*/
#include <stdio.h>
#include <string.h>
#include "apps.h"
#include <openssl/pem.h>
#include <openssl/err.h>
#include <openssl/evp.h>
#define PROG pkeyparam_main
int MAIN(int, char **);
int MAIN(int argc, char **argv)
{
char **args, *infile = NULL, *outfile = NULL;
BIO *in = NULL, *out = NULL;
int text = 0, noout = 0;
EVP_PKEY *pkey=NULL;
int badarg = 0;
#ifndef OPENSSL_NO_ENGINE
ENGINE *e = NULL;
char *engine=NULL;
#endif
int ret = 1;
if (bio_err == NULL)
bio_err = BIO_new_fp (stderr, BIO_NOCLOSE);
if (!load_config(bio_err, NULL))
goto end;
ERR_load_crypto_strings();
OpenSSL_add_all_algorithms();
args = argv + 1;
while (!badarg && *args && *args[0] == '-')
{
if (!strcmp (*args, "-in"))
{
if (args[1])
{
args++;
infile = *args;
}
else badarg = 1;
}
else if (!strcmp (*args, "-out"))
{
if (args[1])
{
args++;
outfile = *args;
}
else badarg = 1;
}
#ifndef OPENSSL_NO_ENGINE
else if (strcmp(*args,"-engine") == 0)
{
if (!args[1]) goto bad;
engine= *(++args);
}
#endif
else if (strcmp(*args,"-text") == 0)
text=1;
else if (strcmp(*args,"-noout") == 0)
noout=1;
args++;
}
if (badarg)
{
#ifndef OPENSSL_NO_ENGINE
bad:
#endif
BIO_printf(bio_err, "Usage pkeyparam [options]\n");
BIO_printf(bio_err, "where options are\n");
BIO_printf(bio_err, "-in file input file\n");
BIO_printf(bio_err, "-out file output file\n");
BIO_printf(bio_err, "-text print parameters as text\n");
BIO_printf(bio_err, "-noout don't output encoded parameters\n");
#ifndef OPENSSL_NO_ENGINE
BIO_printf(bio_err, "-engine e use engine e, possibly a hardware device.\n");
#endif
return 1;
}
#ifndef OPENSSL_NO_ENGINE
e = setup_engine(bio_err, engine, 0);
#endif
if (infile)
{
if (!(in = BIO_new_file (infile, "r")))
{
BIO_printf(bio_err,
"Can't open input file %s\n", infile);
goto end;
}
}
else
in = BIO_new_fp (stdin, BIO_NOCLOSE);
if (outfile)
{
if (!(out = BIO_new_file (outfile, "w")))
{
BIO_printf(bio_err,
"Can't open output file %s\n", outfile);
goto end;
}
}
else
{
out = BIO_new_fp (stdout, BIO_NOCLOSE);
#ifdef OPENSSL_SYS_VMS
{
BIO *tmpbio = BIO_new(BIO_f_linebuffer());
out = BIO_push(tmpbio, out);
}
#endif
}
pkey = PEM_read_bio_Parameters(in, NULL);
if (!pkey)
{
BIO_printf(bio_err, "Error reading paramters\n");
ERR_print_errors(bio_err);
goto end;
}
if (!noout)
PEM_write_bio_Parameters(out,pkey);
if (text)
EVP_PKEY_print_params(out, pkey, 0, NULL);
ret = 0;
end:
EVP_PKEY_free(pkey);
BIO_free_all(out);
BIO_free(in);
return ret;
}

570
apps/pkeyutl.c Normal file

@ -0,0 +1,570 @@
/* Written by Dr Stephen N Henson (steve@openssl.org) for the OpenSSL
* project 2006.
*/
/* ====================================================================
* Copyright (c) 2006 The OpenSSL Project. All rights reserved.
*
* Redistribution and use in source and binary forms, with or without
* modification, are permitted provided that the following conditions
* are met:
*
* 1. Redistributions of source code must retain the above copyright
* notice, this list of conditions and the following disclaimer.
*
* 2. Redistributions in binary form must reproduce the above copyright
* notice, this list of conditions and the following disclaimer in
* the documentation and/or other materials provided with the
* distribution.
*
* 3. All advertising materials mentioning features or use of this
* software must display the following acknowledgment:
* "This product includes software developed by the OpenSSL Project
* for use in the OpenSSL Toolkit. (http://www.OpenSSL.org/)"
*
* 4. The names "OpenSSL Toolkit" and "OpenSSL Project" must not be used to
* endorse or promote products derived from this software without
* prior written permission. For written permission, please contact
* licensing@OpenSSL.org.
*
* 5. Products derived from this software may not be called "OpenSSL"
* nor may "OpenSSL" appear in their names without prior written
* permission of the OpenSSL Project.
*
* 6. Redistributions of any form whatsoever must retain the following
* acknowledgment:
* "This product includes software developed by the OpenSSL Project
* for use in the OpenSSL Toolkit (http://www.OpenSSL.org/)"
*
* THIS SOFTWARE IS PROVIDED BY THE OpenSSL PROJECT ``AS IS'' AND ANY
* EXPRESSED OR IMPLIED WARRANTIES, INCLUDING, BUT NOT LIMITED TO, THE
* IMPLIED WARRANTIES OF MERCHANTABILITY AND FITNESS FOR A PARTICULAR
* PURPOSE ARE DISCLAIMED. IN NO EVENT SHALL THE OpenSSL PROJECT OR
* ITS CONTRIBUTORS BE LIABLE FOR ANY DIRECT, INDIRECT, INCIDENTAL,
* SPECIAL, EXEMPLARY, OR CONSEQUENTIAL DAMAGES (INCLUDING, BUT
* NOT LIMITED TO, PROCUREMENT OF SUBSTITUTE GOODS OR SERVICES;
* LOSS OF USE, DATA, OR PROFITS; OR BUSINESS INTERRUPTION)
* HOWEVER CAUSED AND ON ANY THEORY OF LIABILITY, WHETHER IN CONTRACT,
* STRICT LIABILITY, OR TORT (INCLUDING NEGLIGENCE OR OTHERWISE)
* ARISING IN ANY WAY OUT OF THE USE OF THIS SOFTWARE, EVEN IF ADVISED
* OF THE POSSIBILITY OF SUCH DAMAGE.
* ====================================================================
*
* This product includes cryptographic software written by Eric Young
* (eay@cryptsoft.com). This product includes software written by Tim
* Hudson (tjh@cryptsoft.com).
*
*/
#include "apps.h"
#include <string.h>
#include <openssl/err.h>
#include <openssl/pem.h>
#include <openssl/evp.h>
#define KEY_PRIVKEY 1
#define KEY_PUBKEY 2
#define KEY_CERT 3
static void usage(void);
#undef PROG
#define PROG pkeyutl_main
static EVP_PKEY_CTX *init_ctx(int *pkeysize,
char *keyfile, int keyform, int key_type,
char *passargin, int pkey_op, ENGINE *e);
static int setup_peer(BIO *err, EVP_PKEY_CTX *ctx, int peerform,
const char *file);
static int do_keyop(EVP_PKEY_CTX *ctx, int pkey_op,
unsigned char *out, size_t *poutlen,
unsigned char *in, size_t inlen);
int MAIN(int argc, char **);
int MAIN(int argc, char **argv)
{
BIO *in = NULL, *out = NULL;
char *infile = NULL, *outfile = NULL, *sigfile = NULL;
ENGINE *e = NULL;
int pkey_op = EVP_PKEY_OP_SIGN, key_type = KEY_PRIVKEY;
int keyform = FORMAT_PEM, peerform = FORMAT_PEM;
char badarg = 0, rev = 0;
char hexdump = 0, asn1parse = 0;
EVP_PKEY_CTX *ctx = NULL;
char *passargin = NULL;
int keysize = -1;
unsigned char *buf_in = NULL, *buf_out = NULL, *sig = NULL;
size_t buf_outlen;
int buf_inlen = 0, siglen = -1;
int ret = 1, rv = -1;
argc--;
argv++;
if(!bio_err) bio_err = BIO_new_fp(stderr, BIO_NOCLOSE);
if (!load_config(bio_err, NULL))
goto end;
ERR_load_crypto_strings();
OpenSSL_add_all_algorithms();
while(argc >= 1)
{
if (!strcmp(*argv,"-in"))
{
if (--argc < 1) badarg = 1;
infile= *(++argv);
}
else if (!strcmp(*argv,"-out"))
{
if (--argc < 1) badarg = 1;
outfile= *(++argv);
}
else if (!strcmp(*argv,"-sigfile"))
{
if (--argc < 1) badarg = 1;
sigfile= *(++argv);
}
else if(!strcmp(*argv, "-inkey"))
{
if (--argc < 1)
badarg = 1;
else
{
ctx = init_ctx(&keysize,
*(++argv), keyform, key_type,
passargin, pkey_op, e);
if (!ctx)
{
BIO_puts(bio_err,
"Error initializing context\n");
ERR_print_errors(bio_err);
badarg = 1;
}
}
}
else if (!strcmp(*argv,"-peerkey"))
{
if (--argc < 1)
badarg = 1;
else if (!setup_peer(bio_err, ctx, peerform, *(++argv)))
badarg = 1;
}
else if (!strcmp(*argv,"-passin"))
{
if (--argc < 1) badarg = 1;
passargin= *(++argv);
}
else if (strcmp(*argv,"-peerform") == 0)
{
if (--argc < 1) badarg = 1;
peerform=str2fmt(*(++argv));
}
else if (strcmp(*argv,"-keyform") == 0)
{
if (--argc < 1) badarg = 1;
keyform=str2fmt(*(++argv));
}
#ifndef OPENSSL_NO_ENGINE
else if(!strcmp(*argv, "-engine"))
{
if (--argc < 1)
badarg = 1;
else
e = setup_engine(bio_err, *(++argv), 0);
}
#endif
else if(!strcmp(*argv, "-pubin"))
key_type = KEY_PUBKEY;
else if(!strcmp(*argv, "-certin"))
key_type = KEY_CERT;
else if(!strcmp(*argv, "-asn1parse"))
asn1parse = 1;
else if(!strcmp(*argv, "-hexdump"))
hexdump = 1;
else if(!strcmp(*argv, "-sign"))
pkey_op = EVP_PKEY_OP_SIGN;
else if(!strcmp(*argv, "-verify"))
pkey_op = EVP_PKEY_OP_VERIFY;
else if(!strcmp(*argv, "-verifyrecover"))
pkey_op = EVP_PKEY_OP_VERIFYRECOVER;
else if(!strcmp(*argv, "-rev"))
rev = 1;
else if(!strcmp(*argv, "-encrypt"))
pkey_op = EVP_PKEY_OP_ENCRYPT;
else if(!strcmp(*argv, "-decrypt"))
pkey_op = EVP_PKEY_OP_DECRYPT;
else if(!strcmp(*argv, "-derive"))
pkey_op = EVP_PKEY_OP_DERIVE;
else if (strcmp(*argv,"-pkeyopt") == 0)
{
if (--argc < 1)
badarg = 1;
else if (!ctx)
{
BIO_puts(bio_err,
"-pkeyopt command before -inkey\n");
badarg = 1;
}
else if (pkey_ctrl_string(ctx, *(++argv)) <= 0)
{
BIO_puts(bio_err, "parameter setting error\n");
ERR_print_errors(bio_err);
goto end;
}
}
else badarg = 1;
if(badarg)
{
usage();
goto end;
}
argc--;
argv++;
}
if (!ctx)
{
usage();
goto end;
}
if (sigfile && (pkey_op != EVP_PKEY_OP_VERIFY))
{
BIO_puts(bio_err, "Signature file specified for non verify\n");
goto end;
}
if (!sigfile && (pkey_op == EVP_PKEY_OP_VERIFY))
{
BIO_puts(bio_err, "No signature file specified for verify\n");
goto end;
}
/* FIXME: seed PRNG only if needed */
app_RAND_load_file(NULL, bio_err, 0);
if (pkey_op != EVP_PKEY_OP_DERIVE)
{
if(infile)
{
if(!(in = BIO_new_file(infile, "rb")))
{
BIO_puts(bio_err,
"Error Opening Input File\n");
ERR_print_errors(bio_err);
goto end;
}
}
else
in = BIO_new_fp(stdin, BIO_NOCLOSE);
}
if(outfile)
{
if(!(out = BIO_new_file(outfile, "wb")))
{
BIO_printf(bio_err, "Error Creating Output File\n");
ERR_print_errors(bio_err);
goto end;
}
}
else
{
out = BIO_new_fp(stdout, BIO_NOCLOSE);
#ifdef OPENSSL_SYS_VMS
{
BIO *tmpbio = BIO_new(BIO_f_linebuffer());
out = BIO_push(tmpbio, out);
}
#endif
}
if (sigfile)
{
BIO *sigbio = BIO_new_file(sigfile, "rb");
if (!sigbio)
{
BIO_printf(bio_err, "Can't open signature file %s\n",
sigfile);
goto end;
}
siglen = bio_to_mem(&sig, keysize * 10, sigbio);
BIO_free(sigbio);
if (siglen <= 0)
{
BIO_printf(bio_err, "Error reading signature data\n");
goto end;
}
}
if (in)
{
/* Read the input data */
buf_inlen = bio_to_mem(&buf_in, keysize * 10, in);
if(buf_inlen <= 0)
{
BIO_printf(bio_err, "Error reading input Data\n");
exit(1);
}
if(rev)
{
size_t i;
unsigned char ctmp;
size_t l = (size_t)buf_inlen;
for(i = 0; i < l/2; i++)
{
ctmp = buf_in[i];
buf_in[i] = buf_in[l - 1 - i];
buf_in[l - 1 - i] = ctmp;
}
}
}
if(pkey_op == EVP_PKEY_OP_VERIFY)
{
rv = EVP_PKEY_verify(ctx, sig, (size_t)siglen,
buf_in, (size_t)buf_inlen);
if (rv == 0)
BIO_puts(out, "Signature Verification Failure\n");
else if (rv == 1)
BIO_puts(out, "Signature Verified Successfully\n");
if (rv >= 0)
goto end;
}
else
{
rv = do_keyop(ctx, pkey_op, NULL, (size_t *)&buf_outlen,
buf_in, (size_t)buf_inlen);
if (rv > 0)
{
buf_out = OPENSSL_malloc(buf_outlen);
if (!buf_out)
rv = -1;
else
rv = do_keyop(ctx, pkey_op,
buf_out, (size_t *)&buf_outlen,
buf_in, (size_t)buf_inlen);
}
}
if(rv <= 0)
{
BIO_printf(bio_err, "Public Key operation error\n");
ERR_print_errors(bio_err);
goto end;
}
ret = 0;
if(asn1parse)
{
if(!ASN1_parse_dump(out, buf_out, buf_outlen, 1, -1))
ERR_print_errors(bio_err);
}
else if(hexdump)
BIO_dump(out, (char *)buf_out, buf_outlen);
else
BIO_write(out, buf_out, buf_outlen);
end:
if (ctx)
EVP_PKEY_CTX_free(ctx);
BIO_free(in);
BIO_free_all(out);
if (buf_in)
OPENSSL_free(buf_in);
if (buf_out)
OPENSSL_free(buf_out);
if (sig)
OPENSSL_free(sig);
return ret;
}
static void usage()
{
BIO_printf(bio_err, "Usage: pkeyutl [options]\n");
BIO_printf(bio_err, "-in file input file\n");
BIO_printf(bio_err, "-out file output file\n");
BIO_printf(bio_err, "-signature file signature file (verify operation only)\n");
BIO_printf(bio_err, "-inkey file input key\n");
BIO_printf(bio_err, "-keyform arg private key format - default PEM\n");
BIO_printf(bio_err, "-pubin input is a public key\n");
BIO_printf(bio_err, "-certin input is a certificate carrying a public key\n");
BIO_printf(bio_err, "-pkeyopt X:Y public key options\n");
BIO_printf(bio_err, "-sign sign with private key\n");
BIO_printf(bio_err, "-verify verify with public key\n");
BIO_printf(bio_err, "-verifyrecover verify with public key, recover original data\n");
BIO_printf(bio_err, "-encrypt encrypt with public key\n");
BIO_printf(bio_err, "-decrypt decrypt with private key\n");
BIO_printf(bio_err, "-derive derive shared secret\n");
BIO_printf(bio_err, "-hexdump hex dump output\n");
#ifndef OPENSSL_NO_ENGINE
BIO_printf(bio_err, "-engine e use engine e, possibly a hardware device.\n");
#endif
BIO_printf(bio_err, "-passin arg pass phrase source\n");
}
static EVP_PKEY_CTX *init_ctx(int *pkeysize,
char *keyfile, int keyform, int key_type,
char *passargin, int pkey_op, ENGINE *e)
{
EVP_PKEY *pkey = NULL;
EVP_PKEY_CTX *ctx = NULL;
char *passin = NULL;
int rv = -1;
X509 *x;
if(((pkey_op == EVP_PKEY_OP_SIGN) || (pkey_op == EVP_PKEY_OP_DECRYPT)
|| (pkey_op == EVP_PKEY_OP_DERIVE))
&& (key_type != KEY_PRIVKEY))
{
BIO_printf(bio_err, "A private key is needed for this operation\n");
goto end;
}
if(!app_passwd(bio_err, passargin, NULL, &passin, NULL))
{
BIO_printf(bio_err, "Error getting password\n");
goto end;
}
switch(key_type)
{
case KEY_PRIVKEY:
pkey = load_key(bio_err, keyfile, keyform, 0,
passin, e, "Private Key");
break;
case KEY_PUBKEY:
pkey = load_pubkey(bio_err, keyfile, keyform, 0,
NULL, e, "Public Key");
break;
case KEY_CERT:
x = load_cert(bio_err, keyfile, keyform,
NULL, e, "Certificate");
if(x)
{
pkey = X509_get_pubkey(x);
X509_free(x);
}
break;
}
*pkeysize = EVP_PKEY_size(pkey);
if (!pkey)
goto end;
ctx = EVP_PKEY_CTX_new(pkey, e);
EVP_PKEY_free(pkey);
if (!ctx)
goto end;
switch(pkey_op)
{
case EVP_PKEY_OP_SIGN:
rv = EVP_PKEY_sign_init(ctx);
break;
case EVP_PKEY_OP_VERIFY:
rv = EVP_PKEY_verify_init(ctx);
break;
case EVP_PKEY_OP_VERIFYRECOVER:
rv = EVP_PKEY_verify_recover_init(ctx);
break;
case EVP_PKEY_OP_ENCRYPT:
rv = EVP_PKEY_encrypt_init(ctx);
break;
case EVP_PKEY_OP_DECRYPT:
rv = EVP_PKEY_decrypt_init(ctx);
break;
case EVP_PKEY_OP_DERIVE:
rv = EVP_PKEY_derive_init(ctx);
break;
}
if (rv <= 0)
{
EVP_PKEY_CTX_free(ctx);
ctx = NULL;
}
end:
if (passin)
OPENSSL_free(passin);
return ctx;
}
static int setup_peer(BIO *err, EVP_PKEY_CTX *ctx, int peerform,
const char *file)
{
EVP_PKEY *peer = NULL;
int ret;
if (!ctx)
{
BIO_puts(err, "-peerkey command before -inkey\n");
return 0;
}
peer = load_pubkey(bio_err, file, peerform, 0, NULL, NULL, "Peer Key");
if (!peer)
{
BIO_printf(bio_err, "Error reading peer key %s\n", file);
ERR_print_errors(err);
return 0;
}
ret = EVP_PKEY_derive_set_peer(ctx, peer);
EVP_PKEY_free(peer);
if (ret <= 0)
ERR_print_errors(err);
return ret;
}
static int do_keyop(EVP_PKEY_CTX *ctx, int pkey_op,
unsigned char *out, size_t *poutlen,
unsigned char *in, size_t inlen)
{
int rv = 0;
switch(pkey_op)
{
case EVP_PKEY_OP_VERIFYRECOVER:
rv = EVP_PKEY_verify_recover(ctx, out, poutlen, in, inlen);
break;
case EVP_PKEY_OP_SIGN:
rv = EVP_PKEY_sign(ctx, out, poutlen, in, inlen);
break;
case EVP_PKEY_OP_ENCRYPT:
rv = EVP_PKEY_encrypt(ctx, out, poutlen, in, inlen);
break;
case EVP_PKEY_OP_DECRYPT:
rv = EVP_PKEY_decrypt(ctx, out, poutlen, in, inlen);
break;
case EVP_PKEY_OP_DERIVE:
rv = EVP_PKEY_derive(ctx, out, poutlen);
break;
}
return rv;
}

27
apps/rand.c

@ -68,7 +68,8 @@
/* -out file - write to file
* -rand file:file - PRNG seed files
* -base64 - encode output
* -base64 - base64 encode output
* -hex - hex encode output
* num - write 'num' bytes
*/
@ -84,6 +85,7 @@ int MAIN(int argc, char **argv)
char *outfile = NULL;
char *inrand = NULL;
int base64 = 0;
int hex = 0;
BIO *out = NULL;
int num = -1;
#ifndef OPENSSL_NO_ENGINE
@ -133,6 +135,13 @@ int MAIN(int argc, char **argv)
else
badopt = 1;
}
else if (strcmp(argv[i], "-hex") == 0)
{
if (!hex)
hex = 1;
else
badopt = 1;
}
else if (isdigit((unsigned char)argv[i][0]))
{
if (num < 0)
@ -148,6 +157,9 @@ int MAIN(int argc, char **argv)
badopt = 1;
}
if (hex && base64)
badopt = 1;
if (num < 0)
badopt = 1;
@ -160,7 +172,8 @@ int MAIN(int argc, char **argv)
BIO_printf(bio_err, "-engine e - use engine e, possibly a hardware device.\n");
#endif
BIO_printf(bio_err, "-rand file%cfile%c... - seed PRNG from files\n", LIST_SEPARATOR_CHAR, LIST_SEPARATOR_CHAR);
BIO_printf(bio_err, "-base64 - encode output\n");
BIO_printf(bio_err, "-base64 - base64 encode output\n");
BIO_printf(bio_err, "-hex - hex encode output\n");
goto err;
}
@ -210,9 +223,17 @@ int MAIN(int argc, char **argv)
r = RAND_bytes(buf, chunk);
if (r <= 0)
goto err;
BIO_write(out, buf, chunk);
if (!hex)
BIO_write(out, buf, chunk);
else
{
for (i = 0; i < chunk; i++)
BIO_printf(out, "%02x", buf[i]);
}
num -= chunk;
}
if (hex)
BIO_puts(out, "\n");
(void)BIO_flush(out);
app_RAND_write_file(NULL, bio_err);

2
apps/rsautl.c

@ -1,5 +1,5 @@
/* rsautl.c */
/* Written by Dr Stephen N Henson (shenson@bigfoot.com) for the OpenSSL
/* Written by Dr Stephen N Henson (steve@openssl.org) for the OpenSSL
* project 2000.
*/
/* ====================================================================

52
apps/s_client.c

@ -221,6 +221,7 @@ static void sc_usage(void)
BIO_printf(bio_err," -crlf - convert LF from terminal into CRLF\n");
BIO_printf(bio_err," -quiet - no s_client output\n");
BIO_printf(bio_err," -ign_eof - ignore input eof (default when -quiet)\n");
BIO_printf(bio_err," -no_ign_eof - don't ignore input eof\n");
BIO_printf(bio_err," -ssl2 - just use SSLv2\n");
BIO_printf(bio_err," -ssl3 - just use SSLv3\n");
BIO_printf(bio_err," -tls1 - just use TLSv1\n");
@ -234,7 +235,8 @@ static void sc_usage(void)
BIO_printf(bio_err," -starttls prot - use the STARTTLS command before starting TLS\n");
BIO_printf(bio_err," for those protocols that support it, where\n");
BIO_printf(bio_err," 'prot' defines which one to assume. Currently,\n");
BIO_printf(bio_err," only \"smtp\", \"pop3\", \"imap\", and \"ftp\" are supported.\n");
BIO_printf(bio_err," only \"smtp\", \"pop3\", \"imap\", \"ftp\" and \"xmpp\"\n");
BIO_printf(bio_err," are supported.\n");
#ifndef OPENSSL_NO_ENGINE
BIO_printf(bio_err," -engine id - Initialise and use the specified engine\n");
#endif
@ -276,7 +278,8 @@ enum
PROTO_SMTP,
PROTO_POP3,
PROTO_IMAP,
PROTO_FTP
PROTO_FTP,
PROTO_XMPP
};
int MAIN(int, char **);
@ -318,8 +321,9 @@ int MAIN(int argc, char **argv)
#ifndef OPENSSL_NO_ENGINE
char *engine_id=NULL;
char *ssl_client_engine_id=NULL;
ENGINE *e=NULL, *ssl_client_engine=NULL;
ENGINE *ssl_client_engine=NULL;
#endif
ENGINE *e=NULL;
#if defined(OPENSSL_SYS_WINDOWS) || defined(OPENSSL_SYS_MSDOS) || defined(OPENSSL_SYS_NETWARE)
struct timeval tv;
#endif
@ -335,6 +339,9 @@ int MAIN(int argc, char **argv)
int peerlen = sizeof(peer);
int enable_timeouts = 0 ;
long mtu = 0;
#ifndef OPENSSL_NO_JPAKE
char *jpake_secret = NULL;
#endif
#if !defined(OPENSSL_NO_SSL2) && !defined(OPENSSL_NO_SSL3)
meth=SSLv23_client_method();
@ -435,6 +442,8 @@ int MAIN(int argc, char **argv)
}
else if (strcmp(*argv,"-ign_eof") == 0)
c_ign_eof=1;
else if (strcmp(*argv,"-no_ign_eof") == 0)
c_ign_eof=0;
else if (strcmp(*argv,"-pause") == 0)
c_Pause=1;
else if (strcmp(*argv,"-debug") == 0)
@ -547,6 +556,8 @@ int MAIN(int argc, char **argv)
starttls_proto = PROTO_IMAP;
else if (strcmp(*argv,"ftp") == 0)
starttls_proto = PROTO_FTP;
else if (strcmp(*argv, "xmpp") == 0)
starttls_proto = PROTO_XMPP;
else
goto bad;
}
@ -574,6 +585,13 @@ int MAIN(int argc, char **argv)
servername= *(++argv);
/* meth=TLSv1_client_method(); */
}
#endif
#ifndef OPENSSL_NO_JPAKE
else if (strcmp(*argv,"-jpake") == 0)
{
if (--argc < 1) goto bad;
jpake_secret = *++argv;
}
#endif
else
{
@ -837,8 +855,6 @@ re_start:
else
sbio=BIO_new_socket(s,BIO_NOCLOSE);
if (nbio_test)
{
BIO *test;
@ -882,6 +898,10 @@ SSL_set_tlsext_status_ids(con, ids);
#endif
}
#endif
#ifndef OPENSSL_NO_JPAKE
if (jpake_secret)
jpake_client_auth(bio_c_out, sbio, jpake_secret);
#endif
SSL_set_bio(con,sbio,sbio);
SSL_set_connect_state(con);
@ -988,6 +1008,28 @@ SSL_set_tlsext_status_ids(con, ids);
BIO_printf(sbio,"AUTH TLS\r\n");
BIO_read(sbio,sbuf,BUFSIZZ);
}
if (starttls_proto == PROTO_XMPP)
{
int seen = 0;
BIO_printf(sbio,"<stream:stream "
"xmlns:stream='http://etherx.jabber.org/streams' "
"xmlns='jabber:client' to='%s' version='1.0'>", host);
seen = BIO_read(sbio,mbuf,BUFSIZZ);
mbuf[seen] = 0;
while (!strstr(mbuf, "<starttls xmlns='urn:ietf:params:xml:ns:xmpp-tls'"))
{
if (strstr(mbuf, "/stream:features>"))
goto shut;
seen = BIO_read(sbio,mbuf,BUFSIZZ);
mbuf[seen] = 0;
}
BIO_printf(sbio, "<starttls xmlns='urn:ietf:params:xml:ns:xmpp-tls'/>");
seen = BIO_read(sbio,sbuf,BUFSIZZ);
sbuf[seen] = 0;
if (!strstr(sbuf, "<proceed"))
goto shut;
mbuf[0] = 0;
}
for (;;)
{

20
apps/s_server.c

@ -742,6 +742,10 @@ BIO_printf(err, "cert_status: received %d ids\n", sk_OCSP_RESPID_num(ids));
#endif
int MAIN(int, char **);
#ifndef OPENSSL_NO_JPAKE
static char *jpake_secret = NULL;
#endif
int MAIN(int argc, char *argv[])
{
X509_STORE *store = NULL;
@ -760,9 +764,7 @@ int MAIN(int argc, char *argv[])
int state=0;
SSL_METHOD *meth=NULL;
int socket_type=SOCK_STREAM;
#ifndef OPENSSL_NO_ENGINE
ENGINE *e=NULL;
#endif
char *inrand=NULL;
int s_cert_format = FORMAT_PEM, s_key_format = FORMAT_PEM;
char *passarg = NULL, *pass = NULL;
@ -774,7 +776,6 @@ int MAIN(int argc, char *argv[])
EVP_PKEY *s_key2 = NULL;
X509 *s_cert2 = NULL;
#endif
#ifndef OPENSSL_NO_TLSEXT
tlsextctx tlsextcbp = {NULL, NULL, SSL_TLSEXT_ERR_ALERT_WARNING};
#endif
@ -1071,6 +1072,14 @@ int MAIN(int argc, char *argv[])
if (--argc < 1) goto bad;
s_key_file2= *(++argv);
}
#endif
#ifndef OPENSSL_NO_JPAKE
else if (strcmp(*argv,"-jpake") == 0)
{
if (--argc < 1) goto bad;
jpake_secret = *(++argv);
}
#endif
else
{
@ -1673,6 +1682,11 @@ static int sv_body(char *hostname, int s, unsigned char *context)
test=BIO_new(BIO_f_nbio_test());
sbio=BIO_push(test,sbio);
}
#ifndef OPENSSL_NO_JPAKE
if(jpake_secret)
jpake_server_auth(bio_s_out, sbio, jpake_secret);
#endif
SSL_set_bio(con,sbio,sbio);
SSL_set_accept_state(con);
/* SSL_set_fd(con,s); */

2
apps/smime.c

@ -1,5 +1,5 @@
/* smime.c */
/* Written by Dr Stephen N Henson (shenson@bigfoot.com) for the OpenSSL
/* Written by Dr Stephen N Henson (steve@openssl.org) for the OpenSSL
* project.
*/
/* ====================================================================

4
apps/speed.c

@ -2132,7 +2132,7 @@ int MAIN(int argc, char **argv)
{
ret=RSA_verify(NID_md5_sha1, buf,36, buf2,
rsa_num, rsa_key[j]);
if (ret == 0)
if (ret <= 0)
{
BIO_printf(bio_err,
"RSA verify failure\n");
@ -2760,6 +2760,8 @@ static int do_multi(int multi)
for(n=0 ; n < multi ; ++n)
{
pipe(fd);
fflush(stdout);
fflush(stderr);
if(fork())
{
close(fd[1]);

4
apps/spkac.c

@ -1,6 +1,6 @@
/* apps/spkac.c */
/* Written by Dr Stephen N Henson (shenson@bigfoot.com) for the OpenSSL
/* Written by Dr Stephen N Henson (steve@openssl.org) for the OpenSSL
* project 1999. Based on an original idea by Massimiliano Pala
* (madwolf@openca.org).
*/
@ -285,7 +285,7 @@ bad:
pkey = NETSCAPE_SPKI_get_pubkey(spki);
if(verify) {
i = NETSCAPE_SPKI_verify(spki, pkey);
if(i) BIO_printf(bio_err, "Signature OK\n");
if (i > 0) BIO_printf(bio_err, "Signature OK\n");
else {
BIO_printf(bio_err, "Signature Failure\n");
ERR_print_errors(bio_err);

1144
apps/ts.c Normal file

File diff suppressed because it is too large Load Diff

195
apps/tsget Normal file

@ -0,0 +1,195 @@
#!/usr/bin/perl -w
# Written by Zoltan Glozik <zglozik@stones.com>.
# Copyright (c) 2002 The OpenTSA Project. All rights reserved.
$::version = '$Id: tsget,v 1.1 2006/02/12 23:11:21 ulf Exp $';
use strict;
use IO::Handle;
use Getopt::Std;
use File::Basename;
use WWW::Curl::easy;
use vars qw(%options);
# Callback for reading the body.
sub read_body {
my ($maxlength, $state) = @_;
my $return_data = "";
my $data_len = length ${$state->{data}};
if ($state->{bytes} < $data_len) {
$data_len = $data_len - $state->{bytes};
$data_len = $maxlength if $data_len > $maxlength;
$return_data = substr ${$state->{data}}, $state->{bytes}, $data_len;
$state->{bytes} += $data_len;
}
return $return_data;
}
# Callback for writing the body into a variable.
sub write_body {
my ($data, $pointer) = @_;
${$pointer} .= $data;
return length($data);
}
# Initialise a new Curl object.
sub create_curl {
my $url = shift;
# Create Curl object.
my $curl = WWW::Curl::easy::new();
# Error-handling related options.
$curl->setopt(CURLOPT_VERBOSE, 1) if $options{d};
$curl->setopt(CURLOPT_FAILONERROR, 1);
$curl->setopt(CURLOPT_USERAGENT, "OpenTSA tsget.pl/" . (split / /, $::version)[2]);
# Options for POST method.
$curl->setopt(CURLOPT_UPLOAD, 1);
$curl->setopt(CURLOPT_CUSTOMREQUEST, "POST");
$curl->setopt(CURLOPT_HTTPHEADER,
["Content-Type: application/timestamp-query",
"Accept: application/timestamp-reply"]);
$curl->setopt(CURLOPT_READFUNCTION, \&read_body);
$curl->setopt(CURLOPT_HEADERFUNCTION, sub { return length($_[0]); });
# Options for getting the result.
$curl->setopt(CURLOPT_WRITEFUNCTION, \&write_body);
# SSL related options.
$curl->setopt(CURLOPT_SSLKEYTYPE, "PEM");
$curl->setopt(CURLOPT_SSL_VERIFYPEER, 1); # Verify server's certificate.
$curl->setopt(CURLOPT_SSL_VERIFYHOST, 2); # Check server's CN.
$curl->setopt(CURLOPT_SSLKEY, $options{k}) if defined($options{k});
$curl->setopt(CURLOPT_SSLKEYPASSWD, $options{p}) if defined($options{p});
$curl->setopt(CURLOPT_SSLCERT, $options{c}) if defined($options{c});
$curl->setopt(CURLOPT_CAINFO, $options{C}) if defined($options{C});
$curl->setopt(CURLOPT_CAPATH, $options{P}) if defined($options{P});
$curl->setopt(CURLOPT_RANDOM_FILE, $options{r}) if defined($options{r});
$curl->setopt(CURLOPT_EGDSOCKET, $options{g}) if defined($options{g});
# Setting destination.
$curl->setopt(CURLOPT_URL, $url);
return $curl;
}
# Send a request and returns the body back.
sub get_timestamp {
my $curl = shift;
my $body = shift;
my $ts_body;
local $::error_buf;
# Error-handling related options.
$curl->setopt(CURLOPT_ERRORBUFFER, "::error_buf");
# Options for POST method.
$curl->setopt(CURLOPT_INFILE, {data => $body, bytes => 0});
$curl->setopt(CURLOPT_INFILESIZE, length(${$body}));
# Options for getting the result.
$curl->setopt(CURLOPT_FILE, \$ts_body);
# Send the request...
my $error_code = $curl->perform();
my $error_string;
if ($error_code != 0) {
my $http_code = $curl->getinfo(CURLINFO_HTTP_CODE);
$error_string = "could not get timestamp";
$error_string .= ", http code: $http_code" unless $http_code == 0;
$error_string .= ", curl code: $error_code";
$error_string .= " ($::error_buf)" if defined($::error_buf);
} else {
my $ct = $curl->getinfo(CURLINFO_CONTENT_TYPE);
if (lc($ct) ne "application/timestamp-reply") {
$error_string = "unexpected content type returned: $ct";
}
}
return ($ts_body, $error_string);
}
# Print usage information and exists.
sub usage {
print STDERR "usage: $0 -h <server_url> [-e <extension>] [-o <output>] ";
print STDERR "[-v] [-d] [-k <private_key.pem>] [-p <key_password>] ";
print STDERR "[-c <client_cert.pem>] [-C <CA_certs.pem>] [-P <CA_path>] ";
print STDERR "[-r <file:file...>] [-g <EGD_socket>] [<request>]...\n";
exit 1;
}
# ----------------------------------------------------------------------
# Main program
# ----------------------------------------------------------------------
# Getting command-line options (default comes from TSGET environment variable).
my $getopt_arg = "h:e:o:vdk:p:c:C:P:r:g:";
if (exists $ENV{TSGET}) {
my @old_argv = @ARGV;
@ARGV = split /\s+/, $ENV{TSGET};
getopts($getopt_arg, \%options) or usage;
@ARGV = @old_argv;
}
getopts($getopt_arg, \%options) or usage;
# Checking argument consistency.
if (!exists($options{h}) || (@ARGV == 0 && !exists($options{o}))
|| (@ARGV > 1 && exists($options{o}))) {
print STDERR "Inconsistent command line options.\n";
usage;
}
# Setting defaults.
@ARGV = ("-") unless @ARGV != 0;
$options{e} = ".tsr" unless defined($options{e});
# Processing requests.
my $curl = create_curl $options{h};
undef $/; # For reading whole files.
REQUEST: foreach (@ARGV) {
my $input = $_;
my ($base, $path) = fileparse($input, '\.[^.]*');
my $output_base = $base . $options{e};
my $output = defined($options{o}) ? $options{o} : $path . $output_base;
STDERR->printflush("$input: ") if $options{v};
# Read request.
my $body;
if ($input eq "-") {
# Read the request from STDIN;
$body = <STDIN>;
} else {
# Read the request from file.
open INPUT, "<" . $input
or warn("$input: could not open input file: $!\n"), next REQUEST;
$body = <INPUT>;
close INPUT
or warn("$input: could not close input file: $!\n"), next REQUEST;
}
# Send request.
STDERR->printflush("sending request") if $options{v};
my ($ts_body, $error) = get_timestamp $curl, \$body;
if (defined($error)) {
die "$input: fatal error: $error\n";
}
STDERR->printflush(", reply received") if $options{v};
# Write response.
if ($output eq "-") {
# Write to STDOUT.
print $ts_body;
} else {
# Write to file.
open OUTPUT, ">", $output
or warn("$output: could not open output file: $!\n"), next REQUEST;
print OUTPUT $ts_body;
close OUTPUT
or warn("$output: could not close output file: $!\n"), next REQUEST;
}
STDERR->printflush(", $output written.\n") if $options{v};
}
$curl->cleanup();
WWW::Curl::easy::global_cleanup();

3
apps/verify.c

@ -266,7 +266,7 @@ static int check(X509_STORE *ctx, char *file, STACK_OF(X509) *uchain, STACK_OF(X
ret=0;
end:
if (i)
if (i > 0)
{
fprintf(stdout,"OK\n");
ret=1;
@ -367,4 +367,3 @@ static int MS_CALLBACK cb(int ok, X509_STORE_CTX *ctx)
ERR_clear_error();
return(ok);
}

2
apps/version.c

@ -167,7 +167,7 @@ int MAIN(int argc, char **argv)
date=version=cflags=options=platform=dir=1;
else
{
BIO_printf(bio_err,"usage:version -[avbofp]\n");
BIO_printf(bio_err,"usage:version -[avbofpd]\n");
ret=1;
goto end;
}

4
apps/x509.c

@ -114,7 +114,7 @@ static const char *x509_usage[]={
" -alias - output certificate alias\n",
" -noout - no certificate output\n",
" -ocspid - print OCSP hash values for the subject name and public key\n",
" -ocspurl - print OCSP Responder URL(s)\n",
" -ocsp_uri - print OCSP Responder URL(s)\n",
" -trustout - output a \"trusted\" certificate\n",
" -clrtrust - clear all trusted purposes\n",
" -clrreject - clear all rejected purposes\n",
@ -1151,7 +1151,7 @@ static int x509_certify(X509_STORE *ctx, char *CAfile, const EVP_MD *digest,
/* NOTE: this certificate can/should be self signed, unless it was
* a certificate request in which case it is not. */
X509_STORE_CTX_set_cert(&xsc,x);
if (!reqfile && !X509_verify_cert(&xsc))
if (!reqfile && X509_verify_cert(&xsc) <= 0)
goto end;
if (!X509_check_private_key(xca,pkey))

18
config

@ -29,7 +29,7 @@ EXE=""
for i
do
case "$i" in
-d*) PREFIX="debug-";;
-d) PREFIX="debug-";;
-t*) TEST="true";;
-h*) TEST="true"; cat <<EOF
Usage: config [options]
@ -399,11 +399,8 @@ exit 0
# this is where the translation occurs into SSLeay terms
# ---------------------------------------------------------------------------
# figure out if gcc is available and if so we use it otherwise
# we fallback to whatever cc does on the system
GCCVER=`(gcc -dumpversion) 2>/dev/null`
if [ "$GCCVER" != "" ]; then
CC=gcc
# then strip off whatever prefix egcs prepends the number with...
# Hopefully, this will work for any future prefixes as well.
GCCVER=`echo $GCCVER | LC_ALL=C sed 's/^[a-zA-Z]*\-//'`
@ -412,8 +409,17 @@ if [ "$GCCVER" != "" ]; then
# major and minor version numbers.
# peak single digit before and after first dot, e.g. 2.95.1 gives 29
GCCVER=`echo $GCCVER | sed 's/\([0-9]\)\.\([0-9]\).*/\1\2/'`
else
CC=cc
fi
# Only set CC if not supplied already
if [ -z "$CC" ]; then
# figure out if gcc is available and if so we use it otherwise
# we fallback to whatever cc does on the system
if [ "$GCCVER" != "" ]; then
CC=gcc
else
CC=cc
fi
fi
GCCVER=${GCCVER:-0}
if [ "$SYSTEM" = "HP-UX" ];then

30
crypto/Makefile

@ -33,8 +33,8 @@ GENERAL=Makefile README crypto-lib.com install.com
LIB= $(TOP)/libcrypto.a
SHARED_LIB= libcrypto$(SHLIB_EXT)
LIBSRC= cryptlib.c mem.c mem_clr.c mem_dbg.c cversion.c ex_data.c tmdiff.c cpt_err.c ebcdic.c uid.c o_time.c o_str.c o_dir.c
LIBOBJ= cryptlib.o mem.o mem_clr.o mem_dbg.o cversion.o ex_data.o tmdiff.o cpt_err.o ebcdic.o uid.o o_time.o o_str.o o_dir.o $(CPUID_OBJ)
LIBSRC= cryptlib.c dyn_lck.c mem.c mem_clr.c mem_dbg.c cversion.c ex_data.c tmdiff.c cpt_err.c ebcdic.c uid.c o_time.c o_str.c o_dir.c o_init.c fips_err.c
LIBOBJ= cryptlib.o dyn_lck.o mem.o mem_clr.o mem_dbg.o cversion.o ex_data.o tmdiff.o cpt_err.o ebcdic.o uid.o o_time.o o_str.o o_dir.o o_init.o fips_err.o $(CPUID_OBJ)
SRC= $(LIBSRC)
@ -47,7 +47,7 @@ ALL= $(GENERAL) $(SRC) $(HEADER)
top:
@(cd ..; $(MAKE) DIRS=$(DIR) all)
all: shared
all: lib
buildinf.h: ../Makefile
( echo "#ifndef MK1MF_BUILD"; \
@ -95,10 +95,10 @@ links:
@target=links; $(RECURSIVE_MAKE)
# lib: and $(LIB): are splitted to avoid end-less loop
lib: $(LIB)
lib: buildinf.h $(LIB) subdirs
@touch lib
$(LIB): $(LIBOBJ)
$(AR) $(LIB) $(LIBOBJ)
$(ARX) $(LIB) $(LIBOBJ)
$(RANLIB) $(LIB) || echo Never mind.
shared: buildinf.h lib subdirs
@ -159,6 +159,13 @@ cversion.o: ../include/openssl/opensslconf.h ../include/openssl/opensslv.h
cversion.o: ../include/openssl/ossl_typ.h ../include/openssl/safestack.h
cversion.o: ../include/openssl/stack.h ../include/openssl/symhacks.h buildinf.h
cversion.o: cryptlib.h cversion.c
dyn_lck.o: ../e_os.h ../include/openssl/bio.h ../include/openssl/buffer.h
dyn_lck.o: ../include/openssl/crypto.h ../include/openssl/e_os2.h
dyn_lck.o: ../include/openssl/err.h ../include/openssl/lhash.h
dyn_lck.o: ../include/openssl/opensslconf.h ../include/openssl/opensslv.h
dyn_lck.o: ../include/openssl/ossl_typ.h ../include/openssl/safestack.h
dyn_lck.o: ../include/openssl/stack.h ../include/openssl/symhacks.h cryptlib.h
dyn_lck.o: dyn_lck.c
ebcdic.o: ../include/openssl/e_os2.h ../include/openssl/opensslconf.h ebcdic.c
ex_data.o: ../e_os.h ../include/openssl/bio.h ../include/openssl/buffer.h
ex_data.o: ../include/openssl/crypto.h ../include/openssl/e_os2.h
@ -167,6 +174,13 @@ ex_data.o: ../include/openssl/opensslconf.h ../include/openssl/opensslv.h
ex_data.o: ../include/openssl/ossl_typ.h ../include/openssl/safestack.h
ex_data.o: ../include/openssl/stack.h ../include/openssl/symhacks.h cryptlib.h
ex_data.o: ex_data.c
fips_err.o: ../include/openssl/bio.h ../include/openssl/crypto.h
fips_err.o: ../include/openssl/e_os2.h ../include/openssl/err.h
fips_err.o: ../include/openssl/fips.h ../include/openssl/lhash.h
fips_err.o: ../include/openssl/opensslconf.h ../include/openssl/opensslv.h
fips_err.o: ../include/openssl/ossl_typ.h ../include/openssl/safestack.h
fips_err.o: ../include/openssl/stack.h ../include/openssl/symhacks.h fips_err.c
fips_err.o: fips_err.h
mem.o: ../e_os.h ../include/openssl/bio.h ../include/openssl/buffer.h
mem.o: ../include/openssl/crypto.h ../include/openssl/e_os2.h
mem.o: ../include/openssl/err.h ../include/openssl/lhash.h
@ -187,6 +201,12 @@ mem_dbg.o: ../include/openssl/stack.h ../include/openssl/symhacks.h cryptlib.h
mem_dbg.o: mem_dbg.c
o_dir.o: ../e_os.h ../include/openssl/e_os2.h ../include/openssl/opensslconf.h
o_dir.o: LPdir_unix.c o_dir.c o_dir.h
o_init.o: ../e_os.h ../include/openssl/bio.h ../include/openssl/crypto.h
o_init.o: ../include/openssl/e_os2.h ../include/openssl/err.h
o_init.o: ../include/openssl/lhash.h ../include/openssl/opensslconf.h
o_init.o: ../include/openssl/opensslv.h ../include/openssl/ossl_typ.h
o_init.o: ../include/openssl/safestack.h ../include/openssl/stack.h
o_init.o: ../include/openssl/symhacks.h o_init.c
o_str.o: ../e_os.h ../include/openssl/e_os2.h ../include/openssl/opensslconf.h
o_str.o: o_str.c o_str.h
o_time.o: ../include/openssl/e_os2.h ../include/openssl/opensslconf.h o_time.c

5
crypto/aes/Makefile

@ -41,7 +41,7 @@ top:
all: lib
lib: $(LIBOBJ)
$(AR) $(LIB) $(LIBOBJ)
$(ARX) $(LIB) $(LIBOBJ)
$(RANLIB) $(LIB) || echo Never mind.
@touch lib
@ -103,7 +103,8 @@ aes_cfb.o: ../../e_os.h ../../include/openssl/aes.h
aes_cfb.o: ../../include/openssl/e_os2.h ../../include/openssl/opensslconf.h
aes_cfb.o: aes_cfb.c aes_locl.h
aes_core.o: ../../include/openssl/aes.h ../../include/openssl/e_os2.h
aes_core.o: ../../include/openssl/opensslconf.h aes_core.c aes_locl.h
aes_core.o: ../../include/openssl/fips.h ../../include/openssl/opensslconf.h
aes_core.o: aes_core.c aes_locl.h
aes_ctr.o: ../../include/openssl/aes.h ../../include/openssl/e_os2.h
aes_ctr.o: ../../include/openssl/opensslconf.h aes_ctr.c aes_locl.h
aes_ecb.o: ../../include/openssl/aes.h ../../include/openssl/e_os2.h

4
crypto/aes/aes.h

@ -66,6 +66,10 @@
#define AES_MAXNR 14
#define AES_BLOCK_SIZE 16
#ifdef OPENSSL_FIPS
#define FIPS_AES_SIZE_T int
#endif
#ifdef __cplusplus
extern "C" {
#endif

2
crypto/aes/aes_cbc.c

@ -59,6 +59,7 @@
#include <openssl/aes.h>
#include "aes_locl.h"
#if !defined(OPENSSL_FIPS_AES_ASM)
void AES_cbc_encrypt(const unsigned char *in, unsigned char *out,
const unsigned long length, const AES_KEY *key,
unsigned char *ivec, const int enc) {
@ -129,3 +130,4 @@ void AES_cbc_encrypt(const unsigned char *in, unsigned char *out,
}
}
}
#endif

8
crypto/aes/aes_core.c

@ -37,6 +37,10 @@
#include <stdlib.h>
#include <openssl/aes.h>
#ifdef OPENSSL_FIPS
#include <openssl/fips.h>
#endif
#include "aes_locl.h"
/*
@ -631,6 +635,10 @@ int AES_set_encrypt_key(const unsigned char *userKey, const int bits,
int i = 0;
u32 temp;
#ifdef OPENSSL_FIPS
FIPS_selftest_check();
#endif
if (!userKey || !key)
return -1;
if (bits != 128 && bits != 192 && bits != 256)

1063
crypto/aes/aes_x86core.c Normal file

File diff suppressed because it is too large Load Diff

3
crypto/aes/asm/aes-586.pl

@ -955,8 +955,9 @@ my $mark=&DWP(60+240,"esp"); #copy of aes_key->rounds
&align (4);
&set_label("enc_tail");
&push ($key eq "edi" ? $key : ""); # push ivp
&mov ($s0,$key eq "edi" ? $key : "");
&mov ($key,$_out); # load out
&push ($s0); # push ivp
&mov ($s1,16);
&sub ($s1,$s2);
&cmp ($key,$acc); # compare with inp

1030
crypto/aes/asm/aes-armv4.pl Executable file

File diff suppressed because it is too large Load Diff

1176
crypto/aes/asm/aes-ppc.pl Executable file

File diff suppressed because it is too large Load Diff

1333
crypto/aes/asm/aes-s390x.pl Executable file

File diff suppressed because it is too large Load Diff

1181
crypto/aes/asm/aes-sparcv9.pl Executable file

File diff suppressed because it is too large Load Diff

7
crypto/aes/asm/aes-x86_64.pl

@ -1198,19 +1198,20 @@ AES_cbc_encrypt:
ret
.align 4
.Lcbc_enc_tail:
cmp $inp,$out
je .Lcbc_enc_in_place
mov %rax,%r11
mov %rcx,%r12
mov %r10,%rcx
mov $inp,%rsi
mov $out,%rdi
.long 0xF689A4F3 # rep movsb
.Lcbc_enc_in_place:
mov \$16,%rcx # zero tail
sub %r10,%rcx
xor %rax,%rax
.long 0xF689AAF3 # rep stosb
mov $out,$inp # this is not a mistake!
movq \$16,$_len # len=16
mov %r11,%rax
mov %r12,%rcx
jmp .Lcbc_enc_loop # one more spin...
#----------------------------- DECRYPT -----------------------------#
.align 16

469
crypto/asn1/Makefile

@ -63,7 +63,7 @@ pk: pk.c
all: lib
lib: $(LIBOBJ)
$(AR) $(LIB) $(LIBOBJ)
$(ARX) $(LIB) $(LIBOBJ)
$(RANLIB) $(LIB) || echo Never mind.
@touch lib
@ -142,9 +142,9 @@ a_digest.o: ../../include/openssl/bio.h ../../include/openssl/buffer.h
a_digest.o: ../../include/openssl/crypto.h ../../include/openssl/e_os2.h
a_digest.o: ../../include/openssl/ec.h ../../include/openssl/ecdh.h
a_digest.o: ../../include/openssl/ecdsa.h ../../include/openssl/err.h
a_digest.o: ../../include/openssl/evp.h ../../include/openssl/lhash.h
a_digest.o: ../../include/openssl/obj_mac.h ../../include/openssl/objects.h
a_digest.o: ../../include/openssl/opensslconf.h
a_digest.o: ../../include/openssl/evp.h ../../include/openssl/fips.h
a_digest.o: ../../include/openssl/lhash.h ../../include/openssl/obj_mac.h
a_digest.o: ../../include/openssl/objects.h ../../include/openssl/opensslconf.h
a_digest.o: ../../include/openssl/opensslv.h ../../include/openssl/ossl_typ.h
a_digest.o: ../../include/openssl/pkcs7.h ../../include/openssl/safestack.h
a_digest.o: ../../include/openssl/sha.h ../../include/openssl/stack.h
@ -250,27 +250,27 @@ a_sign.o: ../../include/openssl/bn.h ../../include/openssl/buffer.h
a_sign.o: ../../include/openssl/crypto.h ../../include/openssl/e_os2.h
a_sign.o: ../../include/openssl/ec.h ../../include/openssl/ecdh.h
a_sign.o: ../../include/openssl/ecdsa.h ../../include/openssl/err.h
a_sign.o: ../../include/openssl/evp.h ../../include/openssl/lhash.h
a_sign.o: ../../include/openssl/obj_mac.h ../../include/openssl/objects.h
a_sign.o: ../../include/openssl/opensslconf.h ../../include/openssl/opensslv.h
a_sign.o: ../../include/openssl/ossl_typ.h ../../include/openssl/pkcs7.h
a_sign.o: ../../include/openssl/safestack.h ../../include/openssl/sha.h
a_sign.o: ../../include/openssl/stack.h ../../include/openssl/symhacks.h
a_sign.o: ../../include/openssl/x509.h ../../include/openssl/x509_vfy.h
a_sign.o: ../cryptlib.h a_sign.c
a_sign.o: ../../include/openssl/evp.h ../../include/openssl/fips.h
a_sign.o: ../../include/openssl/lhash.h ../../include/openssl/obj_mac.h
a_sign.o: ../../include/openssl/objects.h ../../include/openssl/opensslconf.h
a_sign.o: ../../include/openssl/opensslv.h ../../include/openssl/ossl_typ.h
a_sign.o: ../../include/openssl/pkcs7.h ../../include/openssl/safestack.h
a_sign.o: ../../include/openssl/sha.h ../../include/openssl/stack.h
a_sign.o: ../../include/openssl/symhacks.h ../../include/openssl/x509.h
a_sign.o: ../../include/openssl/x509_vfy.h ../cryptlib.h a_sign.c
a_strex.o: ../../e_os.h ../../include/openssl/asn1.h
a_strex.o: ../../include/openssl/bio.h ../../include/openssl/buffer.h
a_strex.o: ../../include/openssl/crypto.h ../../include/openssl/e_os2.h
a_strex.o: ../../include/openssl/ec.h ../../include/openssl/ecdh.h
a_strex.o: ../../include/openssl/ecdsa.h ../../include/openssl/err.h
a_strex.o: ../../include/openssl/evp.h ../../include/openssl/lhash.h
a_strex.o: ../../include/openssl/obj_mac.h ../../include/openssl/objects.h
a_strex.o: ../../include/openssl/opensslconf.h ../../include/openssl/opensslv.h
a_strex.o: ../../include/openssl/ossl_typ.h ../../include/openssl/pkcs7.h
a_strex.o: ../../include/openssl/safestack.h ../../include/openssl/sha.h
a_strex.o: ../../include/openssl/stack.h ../../include/openssl/symhacks.h
a_strex.o: ../../include/openssl/x509.h ../../include/openssl/x509_vfy.h
a_strex.o: ../cryptlib.h a_strex.c charmap.h
a_strex.o: ../../include/openssl/evp.h ../../include/openssl/fips.h
a_strex.o: ../../include/openssl/lhash.h ../../include/openssl/obj_mac.h
a_strex.o: ../../include/openssl/objects.h ../../include/openssl/opensslconf.h
a_strex.o: ../../include/openssl/opensslv.h ../../include/openssl/ossl_typ.h
a_strex.o: ../../include/openssl/pkcs7.h ../../include/openssl/safestack.h
a_strex.o: ../../include/openssl/sha.h ../../include/openssl/stack.h
a_strex.o: ../../include/openssl/symhacks.h ../../include/openssl/x509.h
a_strex.o: ../../include/openssl/x509_vfy.h ../cryptlib.h a_strex.c charmap.h
a_strnid.o: ../../e_os.h ../../include/openssl/asn1.h
a_strnid.o: ../../include/openssl/bio.h ../../include/openssl/buffer.h
a_strnid.o: ../../include/openssl/crypto.h ../../include/openssl/e_os2.h
@ -318,8 +318,9 @@ a_verify.o: ../../include/openssl/buffer.h ../../include/openssl/crypto.h
a_verify.o: ../../include/openssl/e_os2.h ../../include/openssl/ec.h
a_verify.o: ../../include/openssl/ecdh.h ../../include/openssl/ecdsa.h
a_verify.o: ../../include/openssl/err.h ../../include/openssl/evp.h
a_verify.o: ../../include/openssl/lhash.h ../../include/openssl/obj_mac.h
a_verify.o: ../../include/openssl/objects.h ../../include/openssl/opensslconf.h
a_verify.o: ../../include/openssl/fips.h ../../include/openssl/lhash.h
a_verify.o: ../../include/openssl/obj_mac.h ../../include/openssl/objects.h
a_verify.o: ../../include/openssl/opensslconf.h
a_verify.o: ../../include/openssl/opensslv.h ../../include/openssl/ossl_typ.h
a_verify.o: ../../include/openssl/pkcs7.h ../../include/openssl/safestack.h
a_verify.o: ../../include/openssl/sha.h ../../include/openssl/stack.h
@ -338,8 +339,9 @@ asn1_gen.o: ../../include/openssl/conf.h ../../include/openssl/crypto.h
asn1_gen.o: ../../include/openssl/e_os2.h ../../include/openssl/ec.h
asn1_gen.o: ../../include/openssl/ecdh.h ../../include/openssl/ecdsa.h
asn1_gen.o: ../../include/openssl/err.h ../../include/openssl/evp.h
asn1_gen.o: ../../include/openssl/lhash.h ../../include/openssl/obj_mac.h
asn1_gen.o: ../../include/openssl/objects.h ../../include/openssl/opensslconf.h
asn1_gen.o: ../../include/openssl/fips.h ../../include/openssl/lhash.h
asn1_gen.o: ../../include/openssl/obj_mac.h ../../include/openssl/objects.h
asn1_gen.o: ../../include/openssl/opensslconf.h
asn1_gen.o: ../../include/openssl/opensslv.h ../../include/openssl/ossl_typ.h
asn1_gen.o: ../../include/openssl/pkcs7.h ../../include/openssl/safestack.h
asn1_gen.o: ../../include/openssl/sha.h ../../include/openssl/stack.h
@ -369,8 +371,9 @@ asn_mime.o: ../../include/openssl/buffer.h ../../include/openssl/crypto.h
asn_mime.o: ../../include/openssl/e_os2.h ../../include/openssl/ec.h
asn_mime.o: ../../include/openssl/ecdh.h ../../include/openssl/ecdsa.h
asn_mime.o: ../../include/openssl/err.h ../../include/openssl/evp.h
asn_mime.o: ../../include/openssl/lhash.h ../../include/openssl/obj_mac.h
asn_mime.o: ../../include/openssl/objects.h ../../include/openssl/opensslconf.h
asn_mime.o: ../../include/openssl/fips.h ../../include/openssl/lhash.h
asn_mime.o: ../../include/openssl/obj_mac.h ../../include/openssl/objects.h
asn_mime.o: ../../include/openssl/opensslconf.h
asn_mime.o: ../../include/openssl/opensslv.h ../../include/openssl/ossl_typ.h
asn_mime.o: ../../include/openssl/pkcs7.h ../../include/openssl/rand.h
asn_mime.o: ../../include/openssl/safestack.h ../../include/openssl/sha.h
@ -383,9 +386,9 @@ asn_moid.o: ../../include/openssl/conf.h ../../include/openssl/crypto.h
asn_moid.o: ../../include/openssl/dso.h ../../include/openssl/e_os2.h
asn_moid.o: ../../include/openssl/ec.h ../../include/openssl/ecdh.h
asn_moid.o: ../../include/openssl/ecdsa.h ../../include/openssl/err.h
asn_moid.o: ../../include/openssl/evp.h ../../include/openssl/lhash.h
asn_moid.o: ../../include/openssl/obj_mac.h ../../include/openssl/objects.h
asn_moid.o: ../../include/openssl/opensslconf.h
asn_moid.o: ../../include/openssl/evp.h ../../include/openssl/fips.h
asn_moid.o: ../../include/openssl/lhash.h ../../include/openssl/obj_mac.h
asn_moid.o: ../../include/openssl/objects.h ../../include/openssl/opensslconf.h
asn_moid.o: ../../include/openssl/opensslv.h ../../include/openssl/ossl_typ.h
asn_moid.o: ../../include/openssl/pkcs7.h ../../include/openssl/safestack.h
asn_moid.o: ../../include/openssl/sha.h ../../include/openssl/stack.h
@ -404,23 +407,23 @@ d2i_pr.o: ../../include/openssl/bn.h ../../include/openssl/buffer.h
d2i_pr.o: ../../include/openssl/crypto.h ../../include/openssl/dsa.h
d2i_pr.o: ../../include/openssl/e_os2.h ../../include/openssl/ec.h
d2i_pr.o: ../../include/openssl/err.h ../../include/openssl/evp.h
d2i_pr.o: ../../include/openssl/lhash.h ../../include/openssl/obj_mac.h
d2i_pr.o: ../../include/openssl/objects.h ../../include/openssl/opensslconf.h
d2i_pr.o: ../../include/openssl/opensslv.h ../../include/openssl/ossl_typ.h
d2i_pr.o: ../../include/openssl/rsa.h ../../include/openssl/safestack.h
d2i_pr.o: ../../include/openssl/stack.h ../../include/openssl/symhacks.h
d2i_pr.o: ../cryptlib.h d2i_pr.c
d2i_pr.o: ../../include/openssl/fips.h ../../include/openssl/lhash.h
d2i_pr.o: ../../include/openssl/obj_mac.h ../../include/openssl/objects.h
d2i_pr.o: ../../include/openssl/opensslconf.h ../../include/openssl/opensslv.h
d2i_pr.o: ../../include/openssl/ossl_typ.h ../../include/openssl/rsa.h
d2i_pr.o: ../../include/openssl/safestack.h ../../include/openssl/stack.h
d2i_pr.o: ../../include/openssl/symhacks.h ../cryptlib.h d2i_pr.c
d2i_pu.o: ../../e_os.h ../../include/openssl/asn1.h ../../include/openssl/bio.h
d2i_pu.o: ../../include/openssl/bn.h ../../include/openssl/buffer.h
d2i_pu.o: ../../include/openssl/crypto.h ../../include/openssl/dsa.h
d2i_pu.o: ../../include/openssl/e_os2.h ../../include/openssl/ec.h
d2i_pu.o: ../../include/openssl/err.h ../../include/openssl/evp.h
d2i_pu.o: ../../include/openssl/lhash.h ../../include/openssl/obj_mac.h
d2i_pu.o: ../../include/openssl/objects.h ../../include/openssl/opensslconf.h
d2i_pu.o: ../../include/openssl/opensslv.h ../../include/openssl/ossl_typ.h
d2i_pu.o: ../../include/openssl/rsa.h ../../include/openssl/safestack.h
d2i_pu.o: ../../include/openssl/stack.h ../../include/openssl/symhacks.h
d2i_pu.o: ../cryptlib.h d2i_pu.c
d2i_pu.o: ../../include/openssl/fips.h ../../include/openssl/lhash.h
d2i_pu.o: ../../include/openssl/obj_mac.h ../../include/openssl/objects.h
d2i_pu.o: ../../include/openssl/opensslconf.h ../../include/openssl/opensslv.h
d2i_pu.o: ../../include/openssl/ossl_typ.h ../../include/openssl/rsa.h
d2i_pu.o: ../../include/openssl/safestack.h ../../include/openssl/stack.h
d2i_pu.o: ../../include/openssl/symhacks.h ../cryptlib.h d2i_pu.c
evp_asn1.o: ../../e_os.h ../../include/openssl/asn1.h
evp_asn1.o: ../../include/openssl/asn1_mac.h ../../include/openssl/bio.h
evp_asn1.o: ../../include/openssl/buffer.h ../../include/openssl/crypto.h
@ -456,71 +459,73 @@ i2d_pr.o: ../../include/openssl/bn.h ../../include/openssl/buffer.h
i2d_pr.o: ../../include/openssl/crypto.h ../../include/openssl/dsa.h
i2d_pr.o: ../../include/openssl/e_os2.h ../../include/openssl/ec.h
i2d_pr.o: ../../include/openssl/err.h ../../include/openssl/evp.h
i2d_pr.o: ../../include/openssl/lhash.h ../../include/openssl/obj_mac.h
i2d_pr.o: ../../include/openssl/objects.h ../../include/openssl/opensslconf.h
i2d_pr.o: ../../include/openssl/opensslv.h ../../include/openssl/ossl_typ.h
i2d_pr.o: ../../include/openssl/rsa.h ../../include/openssl/safestack.h
i2d_pr.o: ../../include/openssl/stack.h ../../include/openssl/symhacks.h
i2d_pr.o: ../cryptlib.h i2d_pr.c
i2d_pr.o: ../../include/openssl/fips.h ../../include/openssl/lhash.h
i2d_pr.o: ../../include/openssl/obj_mac.h ../../include/openssl/objects.h
i2d_pr.o: ../../include/openssl/opensslconf.h ../../include/openssl/opensslv.h
i2d_pr.o: ../../include/openssl/ossl_typ.h ../../include/openssl/rsa.h
i2d_pr.o: ../../include/openssl/safestack.h ../../include/openssl/stack.h
i2d_pr.o: ../../include/openssl/symhacks.h ../cryptlib.h i2d_pr.c
i2d_pu.o: ../../e_os.h ../../include/openssl/asn1.h ../../include/openssl/bio.h
i2d_pu.o: ../../include/openssl/bn.h ../../include/openssl/buffer.h
i2d_pu.o: ../../include/openssl/crypto.h ../../include/openssl/dsa.h
i2d_pu.o: ../../include/openssl/e_os2.h ../../include/openssl/ec.h
i2d_pu.o: ../../include/openssl/err.h ../../include/openssl/evp.h
i2d_pu.o: ../../include/openssl/lhash.h ../../include/openssl/obj_mac.h
i2d_pu.o: ../../include/openssl/objects.h ../../include/openssl/opensslconf.h
i2d_pu.o: ../../include/openssl/opensslv.h ../../include/openssl/ossl_typ.h
i2d_pu.o: ../../include/openssl/rsa.h ../../include/openssl/safestack.h
i2d_pu.o: ../../include/openssl/stack.h ../../include/openssl/symhacks.h
i2d_pu.o: ../cryptlib.h i2d_pu.c
i2d_pu.o: ../../include/openssl/fips.h ../../include/openssl/lhash.h
i2d_pu.o: ../../include/openssl/obj_mac.h ../../include/openssl/objects.h
i2d_pu.o: ../../include/openssl/opensslconf.h ../../include/openssl/opensslv.h
i2d_pu.o: ../../include/openssl/ossl_typ.h ../../include/openssl/rsa.h
i2d_pu.o: ../../include/openssl/safestack.h ../../include/openssl/stack.h
i2d_pu.o: ../../include/openssl/symhacks.h ../cryptlib.h i2d_pu.c
n_pkey.o: ../../e_os.h ../../include/openssl/asn1.h
n_pkey.o: ../../include/openssl/asn1_mac.h ../../include/openssl/asn1t.h
n_pkey.o: ../../include/openssl/bio.h ../../include/openssl/buffer.h
n_pkey.o: ../../include/openssl/crypto.h ../../include/openssl/e_os2.h
n_pkey.o: ../../include/openssl/ec.h ../../include/openssl/ecdh.h
n_pkey.o: ../../include/openssl/ecdsa.h ../../include/openssl/err.h
n_pkey.o: ../../include/openssl/evp.h ../../include/openssl/lhash.h
n_pkey.o: ../../include/openssl/obj_mac.h ../../include/openssl/objects.h
n_pkey.o: ../../include/openssl/opensslconf.h ../../include/openssl/opensslv.h
n_pkey.o: ../../include/openssl/ossl_typ.h ../../include/openssl/pkcs7.h
n_pkey.o: ../../include/openssl/rsa.h ../../include/openssl/safestack.h
n_pkey.o: ../../include/openssl/sha.h ../../include/openssl/stack.h
n_pkey.o: ../../include/openssl/symhacks.h ../../include/openssl/x509.h
n_pkey.o: ../../include/openssl/x509_vfy.h ../cryptlib.h n_pkey.c
n_pkey.o: ../../include/openssl/evp.h ../../include/openssl/fips.h
n_pkey.o: ../../include/openssl/lhash.h ../../include/openssl/obj_mac.h
n_pkey.o: ../../include/openssl/objects.h ../../include/openssl/opensslconf.h
n_pkey.o: ../../include/openssl/opensslv.h ../../include/openssl/ossl_typ.h
n_pkey.o: ../../include/openssl/pkcs7.h ../../include/openssl/rsa.h
n_pkey.o: ../../include/openssl/safestack.h ../../include/openssl/sha.h
n_pkey.o: ../../include/openssl/stack.h ../../include/openssl/symhacks.h
n_pkey.o: ../../include/openssl/x509.h ../../include/openssl/x509_vfy.h
n_pkey.o: ../cryptlib.h n_pkey.c
nsseq.o: ../../include/openssl/asn1.h ../../include/openssl/asn1t.h
nsseq.o: ../../include/openssl/bio.h ../../include/openssl/buffer.h
nsseq.o: ../../include/openssl/crypto.h ../../include/openssl/e_os2.h
nsseq.o: ../../include/openssl/ec.h ../../include/openssl/ecdh.h
nsseq.o: ../../include/openssl/ecdsa.h ../../include/openssl/evp.h
nsseq.o: ../../include/openssl/lhash.h ../../include/openssl/obj_mac.h
nsseq.o: ../../include/openssl/objects.h ../../include/openssl/opensslconf.h
nsseq.o: ../../include/openssl/opensslv.h ../../include/openssl/ossl_typ.h
nsseq.o: ../../include/openssl/pkcs7.h ../../include/openssl/safestack.h
nsseq.o: ../../include/openssl/sha.h ../../include/openssl/stack.h
nsseq.o: ../../include/openssl/symhacks.h ../../include/openssl/x509.h
nsseq.o: ../../include/openssl/x509_vfy.h nsseq.c
nsseq.o: ../../include/openssl/fips.h ../../include/openssl/lhash.h
nsseq.o: ../../include/openssl/obj_mac.h ../../include/openssl/objects.h
nsseq.o: ../../include/openssl/opensslconf.h ../../include/openssl/opensslv.h
nsseq.o: ../../include/openssl/ossl_typ.h ../../include/openssl/pkcs7.h
nsseq.o: ../../include/openssl/safestack.h ../../include/openssl/sha.h
nsseq.o: ../../include/openssl/stack.h ../../include/openssl/symhacks.h
nsseq.o: ../../include/openssl/x509.h ../../include/openssl/x509_vfy.h nsseq.c
p5_pbe.o: ../../e_os.h ../../include/openssl/asn1.h
p5_pbe.o: ../../include/openssl/asn1t.h ../../include/openssl/bio.h
p5_pbe.o: ../../include/openssl/buffer.h ../../include/openssl/crypto.h
p5_pbe.o: ../../include/openssl/e_os2.h ../../include/openssl/ec.h
p5_pbe.o: ../../include/openssl/ecdh.h ../../include/openssl/ecdsa.h
p5_pbe.o: ../../include/openssl/err.h ../../include/openssl/evp.h
p5_pbe.o: ../../include/openssl/lhash.h ../../include/openssl/obj_mac.h
p5_pbe.o: ../../include/openssl/objects.h ../../include/openssl/opensslconf.h
p5_pbe.o: ../../include/openssl/opensslv.h ../../include/openssl/ossl_typ.h
p5_pbe.o: ../../include/openssl/pkcs7.h ../../include/openssl/rand.h
p5_pbe.o: ../../include/openssl/safestack.h ../../include/openssl/sha.h
p5_pbe.o: ../../include/openssl/stack.h ../../include/openssl/symhacks.h
p5_pbe.o: ../../include/openssl/x509.h ../../include/openssl/x509_vfy.h
p5_pbe.o: ../cryptlib.h p5_pbe.c
p5_pbe.o: ../../include/openssl/fips.h ../../include/openssl/lhash.h
p5_pbe.o: ../../include/openssl/obj_mac.h ../../include/openssl/objects.h
p5_pbe.o: ../../include/openssl/opensslconf.h ../../include/openssl/opensslv.h
p5_pbe.o: ../../include/openssl/ossl_typ.h ../../include/openssl/pkcs7.h
p5_pbe.o: ../../include/openssl/rand.h ../../include/openssl/safestack.h
p5_pbe.o: ../../include/openssl/sha.h ../../include/openssl/stack.h
p5_pbe.o: ../../include/openssl/symhacks.h ../../include/openssl/x509.h
p5_pbe.o: ../../include/openssl/x509_vfy.h ../cryptlib.h p5_pbe.c
p5_pbev2.o: ../../e_os.h ../../include/openssl/asn1.h
p5_pbev2.o: ../../include/openssl/asn1t.h ../../include/openssl/bio.h
p5_pbev2.o: ../../include/openssl/buffer.h ../../include/openssl/crypto.h
p5_pbev2.o: ../../include/openssl/e_os2.h ../../include/openssl/ec.h
p5_pbev2.o: ../../include/openssl/ecdh.h ../../include/openssl/ecdsa.h
p5_pbev2.o: ../../include/openssl/err.h ../../include/openssl/evp.h
p5_pbev2.o: ../../include/openssl/lhash.h ../../include/openssl/obj_mac.h
p5_pbev2.o: ../../include/openssl/objects.h ../../include/openssl/opensslconf.h
p5_pbev2.o: ../../include/openssl/fips.h ../../include/openssl/lhash.h
p5_pbev2.o: ../../include/openssl/obj_mac.h ../../include/openssl/objects.h
p5_pbev2.o: ../../include/openssl/opensslconf.h
p5_pbev2.o: ../../include/openssl/opensslv.h ../../include/openssl/ossl_typ.h
p5_pbev2.o: ../../include/openssl/pkcs7.h ../../include/openssl/rand.h
p5_pbev2.o: ../../include/openssl/safestack.h ../../include/openssl/sha.h
@ -533,41 +538,42 @@ p8_pkey.o: ../../include/openssl/buffer.h ../../include/openssl/crypto.h
p8_pkey.o: ../../include/openssl/e_os2.h ../../include/openssl/ec.h
p8_pkey.o: ../../include/openssl/ecdh.h ../../include/openssl/ecdsa.h
p8_pkey.o: ../../include/openssl/err.h ../../include/openssl/evp.h
p8_pkey.o: ../../include/openssl/lhash.h ../../include/openssl/obj_mac.h
p8_pkey.o: ../../include/openssl/objects.h ../../include/openssl/opensslconf.h
p8_pkey.o: ../../include/openssl/opensslv.h ../../include/openssl/ossl_typ.h
p8_pkey.o: ../../include/openssl/pkcs7.h ../../include/openssl/safestack.h
p8_pkey.o: ../../include/openssl/sha.h ../../include/openssl/stack.h
p8_pkey.o: ../../include/openssl/symhacks.h ../../include/openssl/x509.h
p8_pkey.o: ../../include/openssl/x509_vfy.h ../cryptlib.h p8_pkey.c
p8_pkey.o: ../../include/openssl/fips.h ../../include/openssl/lhash.h
p8_pkey.o: ../../include/openssl/obj_mac.h ../../include/openssl/objects.h
p8_pkey.o: ../../include/openssl/opensslconf.h ../../include/openssl/opensslv.h
p8_pkey.o: ../../include/openssl/ossl_typ.h ../../include/openssl/pkcs7.h
p8_pkey.o: ../../include/openssl/safestack.h ../../include/openssl/sha.h
p8_pkey.o: ../../include/openssl/stack.h ../../include/openssl/symhacks.h
p8_pkey.o: ../../include/openssl/x509.h ../../include/openssl/x509_vfy.h
p8_pkey.o: ../cryptlib.h p8_pkey.c
t_bitst.o: ../../e_os.h ../../include/openssl/asn1.h
t_bitst.o: ../../include/openssl/bio.h ../../include/openssl/buffer.h
t_bitst.o: ../../include/openssl/conf.h ../../include/openssl/crypto.h
t_bitst.o: ../../include/openssl/e_os2.h ../../include/openssl/ec.h
t_bitst.o: ../../include/openssl/ecdh.h ../../include/openssl/ecdsa.h
t_bitst.o: ../../include/openssl/err.h ../../include/openssl/evp.h
t_bitst.o: ../../include/openssl/lhash.h ../../include/openssl/obj_mac.h
t_bitst.o: ../../include/openssl/objects.h ../../include/openssl/opensslconf.h
t_bitst.o: ../../include/openssl/opensslv.h ../../include/openssl/ossl_typ.h
t_bitst.o: ../../include/openssl/pkcs7.h ../../include/openssl/safestack.h
t_bitst.o: ../../include/openssl/sha.h ../../include/openssl/stack.h
t_bitst.o: ../../include/openssl/symhacks.h ../../include/openssl/x509.h
t_bitst.o: ../../include/openssl/x509_vfy.h ../../include/openssl/x509v3.h
t_bitst.o: ../cryptlib.h t_bitst.c
t_bitst.o: ../../include/openssl/fips.h ../../include/openssl/lhash.h
t_bitst.o: ../../include/openssl/obj_mac.h ../../include/openssl/objects.h
t_bitst.o: ../../include/openssl/opensslconf.h ../../include/openssl/opensslv.h
t_bitst.o: ../../include/openssl/ossl_typ.h ../../include/openssl/pkcs7.h
t_bitst.o: ../../include/openssl/safestack.h ../../include/openssl/sha.h
t_bitst.o: ../../include/openssl/stack.h ../../include/openssl/symhacks.h
t_bitst.o: ../../include/openssl/x509.h ../../include/openssl/x509_vfy.h
t_bitst.o: ../../include/openssl/x509v3.h ../cryptlib.h t_bitst.c
t_crl.o: ../../e_os.h ../../include/openssl/asn1.h ../../include/openssl/bio.h
t_crl.o: ../../include/openssl/bn.h ../../include/openssl/buffer.h
t_crl.o: ../../include/openssl/conf.h ../../include/openssl/crypto.h
t_crl.o: ../../include/openssl/e_os2.h ../../include/openssl/ec.h
t_crl.o: ../../include/openssl/ecdh.h ../../include/openssl/ecdsa.h
t_crl.o: ../../include/openssl/err.h ../../include/openssl/evp.h
t_crl.o: ../../include/openssl/lhash.h ../../include/openssl/obj_mac.h
t_crl.o: ../../include/openssl/objects.h ../../include/openssl/opensslconf.h
t_crl.o: ../../include/openssl/opensslv.h ../../include/openssl/ossl_typ.h
t_crl.o: ../../include/openssl/pkcs7.h ../../include/openssl/safestack.h
t_crl.o: ../../include/openssl/sha.h ../../include/openssl/stack.h
t_crl.o: ../../include/openssl/symhacks.h ../../include/openssl/x509.h
t_crl.o: ../../include/openssl/x509_vfy.h ../../include/openssl/x509v3.h
t_crl.o: ../cryptlib.h t_crl.c
t_crl.o: ../../include/openssl/fips.h ../../include/openssl/lhash.h
t_crl.o: ../../include/openssl/obj_mac.h ../../include/openssl/objects.h
t_crl.o: ../../include/openssl/opensslconf.h ../../include/openssl/opensslv.h
t_crl.o: ../../include/openssl/ossl_typ.h ../../include/openssl/pkcs7.h
t_crl.o: ../../include/openssl/safestack.h ../../include/openssl/sha.h
t_crl.o: ../../include/openssl/stack.h ../../include/openssl/symhacks.h
t_crl.o: ../../include/openssl/x509.h ../../include/openssl/x509_vfy.h
t_crl.o: ../../include/openssl/x509v3.h ../cryptlib.h t_crl.c
t_pkey.o: ../../e_os.h ../../include/openssl/asn1.h ../../include/openssl/bio.h
t_pkey.o: ../../include/openssl/bn.h ../../include/openssl/buffer.h
t_pkey.o: ../../include/openssl/crypto.h ../../include/openssl/dh.h
@ -585,57 +591,57 @@ t_req.o: ../../include/openssl/conf.h ../../include/openssl/crypto.h
t_req.o: ../../include/openssl/dsa.h ../../include/openssl/e_os2.h
t_req.o: ../../include/openssl/ec.h ../../include/openssl/ecdh.h
t_req.o: ../../include/openssl/ecdsa.h ../../include/openssl/err.h
t_req.o: ../../include/openssl/evp.h ../../include/openssl/lhash.h
t_req.o: ../../include/openssl/obj_mac.h ../../include/openssl/objects.h
t_req.o: ../../include/openssl/opensslconf.h ../../include/openssl/opensslv.h
t_req.o: ../../include/openssl/ossl_typ.h ../../include/openssl/pkcs7.h
t_req.o: ../../include/openssl/rsa.h ../../include/openssl/safestack.h
t_req.o: ../../include/openssl/sha.h ../../include/openssl/stack.h
t_req.o: ../../include/openssl/symhacks.h ../../include/openssl/x509.h
t_req.o: ../../include/openssl/x509_vfy.h ../../include/openssl/x509v3.h
t_req.o: ../cryptlib.h t_req.c
t_req.o: ../../include/openssl/evp.h ../../include/openssl/fips.h
t_req.o: ../../include/openssl/lhash.h ../../include/openssl/obj_mac.h
t_req.o: ../../include/openssl/objects.h ../../include/openssl/opensslconf.h
t_req.o: ../../include/openssl/opensslv.h ../../include/openssl/ossl_typ.h
t_req.o: ../../include/openssl/pkcs7.h ../../include/openssl/rsa.h
t_req.o: ../../include/openssl/safestack.h ../../include/openssl/sha.h
t_req.o: ../../include/openssl/stack.h ../../include/openssl/symhacks.h
t_req.o: ../../include/openssl/x509.h ../../include/openssl/x509_vfy.h
t_req.o: ../../include/openssl/x509v3.h ../cryptlib.h t_req.c
t_spki.o: ../../e_os.h ../../include/openssl/asn1.h ../../include/openssl/bio.h
t_spki.o: ../../include/openssl/bn.h ../../include/openssl/buffer.h
t_spki.o: ../../include/openssl/crypto.h ../../include/openssl/dsa.h
t_spki.o: ../../include/openssl/e_os2.h ../../include/openssl/ec.h
t_spki.o: ../../include/openssl/ecdh.h ../../include/openssl/ecdsa.h
t_spki.o: ../../include/openssl/err.h ../../include/openssl/evp.h
t_spki.o: ../../include/openssl/lhash.h ../../include/openssl/obj_mac.h
t_spki.o: ../../include/openssl/objects.h ../../include/openssl/opensslconf.h
t_spki.o: ../../include/openssl/opensslv.h ../../include/openssl/ossl_typ.h
t_spki.o: ../../include/openssl/pkcs7.h ../../include/openssl/rsa.h
t_spki.o: ../../include/openssl/safestack.h ../../include/openssl/sha.h
t_spki.o: ../../include/openssl/stack.h ../../include/openssl/symhacks.h
t_spki.o: ../../include/openssl/x509.h ../../include/openssl/x509_vfy.h
t_spki.o: ../cryptlib.h t_spki.c
t_spki.o: ../../include/openssl/fips.h ../../include/openssl/lhash.h
t_spki.o: ../../include/openssl/obj_mac.h ../../include/openssl/objects.h
t_spki.o: ../../include/openssl/opensslconf.h ../../include/openssl/opensslv.h
t_spki.o: ../../include/openssl/ossl_typ.h ../../include/openssl/pkcs7.h
t_spki.o: ../../include/openssl/rsa.h ../../include/openssl/safestack.h
t_spki.o: ../../include/openssl/sha.h ../../include/openssl/stack.h
t_spki.o: ../../include/openssl/symhacks.h ../../include/openssl/x509.h
t_spki.o: ../../include/openssl/x509_vfy.h ../cryptlib.h t_spki.c
t_x509.o: ../../e_os.h ../../include/openssl/asn1.h ../../include/openssl/bio.h
t_x509.o: ../../include/openssl/bn.h ../../include/openssl/buffer.h
t_x509.o: ../../include/openssl/conf.h ../../include/openssl/crypto.h
t_x509.o: ../../include/openssl/dsa.h ../../include/openssl/e_os2.h
t_x509.o: ../../include/openssl/ec.h ../../include/openssl/ecdh.h
t_x509.o: ../../include/openssl/ecdsa.h ../../include/openssl/err.h
t_x509.o: ../../include/openssl/evp.h ../../include/openssl/lhash.h
t_x509.o: ../../include/openssl/obj_mac.h ../../include/openssl/objects.h
t_x509.o: ../../include/openssl/opensslconf.h ../../include/openssl/opensslv.h
t_x509.o: ../../include/openssl/ossl_typ.h ../../include/openssl/pkcs7.h
t_x509.o: ../../include/openssl/rsa.h ../../include/openssl/safestack.h
t_x509.o: ../../include/openssl/sha.h ../../include/openssl/stack.h
t_x509.o: ../../include/openssl/symhacks.h ../../include/openssl/x509.h
t_x509.o: ../../include/openssl/x509_vfy.h ../../include/openssl/x509v3.h
t_x509.o: ../cryptlib.h t_x509.c
t_x509.o: ../../include/openssl/evp.h ../../include/openssl/fips.h
t_x509.o: ../../include/openssl/lhash.h ../../include/openssl/obj_mac.h
t_x509.o: ../../include/openssl/objects.h ../../include/openssl/opensslconf.h
t_x509.o: ../../include/openssl/opensslv.h ../../include/openssl/ossl_typ.h
t_x509.o: ../../include/openssl/pkcs7.h ../../include/openssl/rsa.h
t_x509.o: ../../include/openssl/safestack.h ../../include/openssl/sha.h
t_x509.o: ../../include/openssl/stack.h ../../include/openssl/symhacks.h
t_x509.o: ../../include/openssl/x509.h ../../include/openssl/x509_vfy.h
t_x509.o: ../../include/openssl/x509v3.h ../cryptlib.h t_x509.c
t_x509a.o: ../../e_os.h ../../include/openssl/asn1.h
t_x509a.o: ../../include/openssl/bio.h ../../include/openssl/buffer.h
t_x509a.o: ../../include/openssl/crypto.h ../../include/openssl/e_os2.h
t_x509a.o: ../../include/openssl/ec.h ../../include/openssl/ecdh.h
t_x509a.o: ../../include/openssl/ecdsa.h ../../include/openssl/err.h
t_x509a.o: ../../include/openssl/evp.h ../../include/openssl/lhash.h
t_x509a.o: ../../include/openssl/obj_mac.h ../../include/openssl/objects.h
t_x509a.o: ../../include/openssl/opensslconf.h ../../include/openssl/opensslv.h
t_x509a.o: ../../include/openssl/ossl_typ.h ../../include/openssl/pkcs7.h
t_x509a.o: ../../include/openssl/safestack.h ../../include/openssl/sha.h
t_x509a.o: ../../include/openssl/stack.h ../../include/openssl/symhacks.h
t_x509a.o: ../../include/openssl/x509.h ../../include/openssl/x509_vfy.h
t_x509a.o: ../cryptlib.h t_x509a.c
t_x509a.o: ../../include/openssl/evp.h ../../include/openssl/fips.h
t_x509a.o: ../../include/openssl/lhash.h ../../include/openssl/obj_mac.h
t_x509a.o: ../../include/openssl/objects.h ../../include/openssl/opensslconf.h
t_x509a.o: ../../include/openssl/opensslv.h ../../include/openssl/ossl_typ.h
t_x509a.o: ../../include/openssl/pkcs7.h ../../include/openssl/safestack.h
t_x509a.o: ../../include/openssl/sha.h ../../include/openssl/stack.h
t_x509a.o: ../../include/openssl/symhacks.h ../../include/openssl/x509.h
t_x509a.o: ../../include/openssl/x509_vfy.h ../cryptlib.h t_x509a.c
tasn_dec.o: ../../include/openssl/asn1.h ../../include/openssl/asn1t.h
tasn_dec.o: ../../include/openssl/bio.h ../../include/openssl/buffer.h
tasn_dec.o: ../../include/openssl/crypto.h ../../include/openssl/e_os2.h
@ -688,21 +694,23 @@ x_algor.o: ../../include/openssl/bio.h ../../include/openssl/buffer.h
x_algor.o: ../../include/openssl/crypto.h ../../include/openssl/e_os2.h
x_algor.o: ../../include/openssl/ec.h ../../include/openssl/ecdh.h
x_algor.o: ../../include/openssl/ecdsa.h ../../include/openssl/evp.h
x_algor.o: ../../include/openssl/lhash.h ../../include/openssl/obj_mac.h
x_algor.o: ../../include/openssl/objects.h ../../include/openssl/opensslconf.h
x_algor.o: ../../include/openssl/opensslv.h ../../include/openssl/ossl_typ.h
x_algor.o: ../../include/openssl/pkcs7.h ../../include/openssl/safestack.h
x_algor.o: ../../include/openssl/sha.h ../../include/openssl/stack.h
x_algor.o: ../../include/openssl/symhacks.h ../../include/openssl/x509.h
x_algor.o: ../../include/openssl/x509_vfy.h x_algor.c
x_algor.o: ../../include/openssl/fips.h ../../include/openssl/lhash.h
x_algor.o: ../../include/openssl/obj_mac.h ../../include/openssl/objects.h
x_algor.o: ../../include/openssl/opensslconf.h ../../include/openssl/opensslv.h
x_algor.o: ../../include/openssl/ossl_typ.h ../../include/openssl/pkcs7.h
x_algor.o: ../../include/openssl/safestack.h ../../include/openssl/sha.h
x_algor.o: ../../include/openssl/stack.h ../../include/openssl/symhacks.h
x_algor.o: ../../include/openssl/x509.h ../../include/openssl/x509_vfy.h
x_algor.o: x_algor.c
x_attrib.o: ../../e_os.h ../../include/openssl/asn1.h
x_attrib.o: ../../include/openssl/asn1t.h ../../include/openssl/bio.h
x_attrib.o: ../../include/openssl/buffer.h ../../include/openssl/crypto.h
x_attrib.o: ../../include/openssl/e_os2.h ../../include/openssl/ec.h
x_attrib.o: ../../include/openssl/ecdh.h ../../include/openssl/ecdsa.h
x_attrib.o: ../../include/openssl/err.h ../../include/openssl/evp.h
x_attrib.o: ../../include/openssl/lhash.h ../../include/openssl/obj_mac.h
x_attrib.o: ../../include/openssl/objects.h ../../include/openssl/opensslconf.h
x_attrib.o: ../../include/openssl/fips.h ../../include/openssl/lhash.h
x_attrib.o: ../../include/openssl/obj_mac.h ../../include/openssl/objects.h
x_attrib.o: ../../include/openssl/opensslconf.h
x_attrib.o: ../../include/openssl/opensslv.h ../../include/openssl/ossl_typ.h
x_attrib.o: ../../include/openssl/pkcs7.h ../../include/openssl/safestack.h
x_attrib.o: ../../include/openssl/sha.h ../../include/openssl/stack.h
@ -723,37 +731,40 @@ x_crl.o: ../../include/openssl/buffer.h ../../include/openssl/crypto.h
x_crl.o: ../../include/openssl/e_os2.h ../../include/openssl/ec.h
x_crl.o: ../../include/openssl/ecdh.h ../../include/openssl/ecdsa.h
x_crl.o: ../../include/openssl/err.h ../../include/openssl/evp.h
x_crl.o: ../../include/openssl/lhash.h ../../include/openssl/obj_mac.h
x_crl.o: ../../include/openssl/objects.h ../../include/openssl/opensslconf.h
x_crl.o: ../../include/openssl/opensslv.h ../../include/openssl/ossl_typ.h
x_crl.o: ../../include/openssl/pkcs7.h ../../include/openssl/safestack.h
x_crl.o: ../../include/openssl/sha.h ../../include/openssl/stack.h
x_crl.o: ../../include/openssl/symhacks.h ../../include/openssl/x509.h
x_crl.o: ../../include/openssl/x509_vfy.h ../cryptlib.h x_crl.c
x_crl.o: ../../include/openssl/fips.h ../../include/openssl/lhash.h
x_crl.o: ../../include/openssl/obj_mac.h ../../include/openssl/objects.h
x_crl.o: ../../include/openssl/opensslconf.h ../../include/openssl/opensslv.h
x_crl.o: ../../include/openssl/ossl_typ.h ../../include/openssl/pkcs7.h
x_crl.o: ../../include/openssl/safestack.h ../../include/openssl/sha.h
x_crl.o: ../../include/openssl/stack.h ../../include/openssl/symhacks.h
x_crl.o: ../../include/openssl/x509.h ../../include/openssl/x509_vfy.h
x_crl.o: ../cryptlib.h x_crl.c
x_exten.o: ../../include/openssl/asn1.h ../../include/openssl/asn1t.h
x_exten.o: ../../include/openssl/bio.h ../../include/openssl/buffer.h
x_exten.o: ../../include/openssl/crypto.h ../../include/openssl/e_os2.h
x_exten.o: ../../include/openssl/ec.h ../../include/openssl/ecdh.h
x_exten.o: ../../include/openssl/ecdsa.h ../../include/openssl/evp.h
x_exten.o: ../../include/openssl/lhash.h ../../include/openssl/obj_mac.h
x_exten.o: ../../include/openssl/objects.h ../../include/openssl/opensslconf.h
x_exten.o: ../../include/openssl/opensslv.h ../../include/openssl/ossl_typ.h
x_exten.o: ../../include/openssl/pkcs7.h ../../include/openssl/safestack.h
x_exten.o: ../../include/openssl/sha.h ../../include/openssl/stack.h
x_exten.o: ../../include/openssl/symhacks.h ../../include/openssl/x509.h
x_exten.o: ../../include/openssl/x509_vfy.h x_exten.c
x_exten.o: ../../include/openssl/fips.h ../../include/openssl/lhash.h
x_exten.o: ../../include/openssl/obj_mac.h ../../include/openssl/objects.h
x_exten.o: ../../include/openssl/opensslconf.h ../../include/openssl/opensslv.h
x_exten.o: ../../include/openssl/ossl_typ.h ../../include/openssl/pkcs7.h
x_exten.o: ../../include/openssl/safestack.h ../../include/openssl/sha.h
x_exten.o: ../../include/openssl/stack.h ../../include/openssl/symhacks.h
x_exten.o: ../../include/openssl/x509.h ../../include/openssl/x509_vfy.h
x_exten.o: x_exten.c
x_info.o: ../../e_os.h ../../include/openssl/asn1.h ../../include/openssl/bio.h
x_info.o: ../../include/openssl/buffer.h ../../include/openssl/crypto.h
x_info.o: ../../include/openssl/e_os2.h ../../include/openssl/ec.h
x_info.o: ../../include/openssl/ecdh.h ../../include/openssl/ecdsa.h
x_info.o: ../../include/openssl/err.h ../../include/openssl/evp.h
x_info.o: ../../include/openssl/lhash.h ../../include/openssl/obj_mac.h
x_info.o: ../../include/openssl/objects.h ../../include/openssl/opensslconf.h
x_info.o: ../../include/openssl/opensslv.h ../../include/openssl/ossl_typ.h
x_info.o: ../../include/openssl/pkcs7.h ../../include/openssl/safestack.h
x_info.o: ../../include/openssl/sha.h ../../include/openssl/stack.h
x_info.o: ../../include/openssl/symhacks.h ../../include/openssl/x509.h
x_info.o: ../../include/openssl/x509_vfy.h ../cryptlib.h x_info.c
x_info.o: ../../include/openssl/fips.h ../../include/openssl/lhash.h
x_info.o: ../../include/openssl/obj_mac.h ../../include/openssl/objects.h
x_info.o: ../../include/openssl/opensslconf.h ../../include/openssl/opensslv.h
x_info.o: ../../include/openssl/ossl_typ.h ../../include/openssl/pkcs7.h
x_info.o: ../../include/openssl/safestack.h ../../include/openssl/sha.h
x_info.o: ../../include/openssl/stack.h ../../include/openssl/symhacks.h
x_info.o: ../../include/openssl/x509.h ../../include/openssl/x509_vfy.h
x_info.o: ../cryptlib.h x_info.c
x_long.o: ../../e_os.h ../../include/openssl/asn1.h
x_long.o: ../../include/openssl/asn1t.h ../../include/openssl/bio.h
x_long.o: ../../include/openssl/bn.h ../../include/openssl/buffer.h
@ -769,35 +780,37 @@ x_name.o: ../../include/openssl/buffer.h ../../include/openssl/crypto.h
x_name.o: ../../include/openssl/e_os2.h ../../include/openssl/ec.h
x_name.o: ../../include/openssl/ecdh.h ../../include/openssl/ecdsa.h
x_name.o: ../../include/openssl/err.h ../../include/openssl/evp.h
x_name.o: ../../include/openssl/lhash.h ../../include/openssl/obj_mac.h
x_name.o: ../../include/openssl/objects.h ../../include/openssl/opensslconf.h
x_name.o: ../../include/openssl/opensslv.h ../../include/openssl/ossl_typ.h
x_name.o: ../../include/openssl/pkcs7.h ../../include/openssl/safestack.h
x_name.o: ../../include/openssl/sha.h ../../include/openssl/stack.h
x_name.o: ../../include/openssl/symhacks.h ../../include/openssl/x509.h
x_name.o: ../../include/openssl/x509_vfy.h ../cryptlib.h x_name.c
x_name.o: ../../include/openssl/fips.h ../../include/openssl/lhash.h
x_name.o: ../../include/openssl/obj_mac.h ../../include/openssl/objects.h
x_name.o: ../../include/openssl/opensslconf.h ../../include/openssl/opensslv.h
x_name.o: ../../include/openssl/ossl_typ.h ../../include/openssl/pkcs7.h
x_name.o: ../../include/openssl/safestack.h ../../include/openssl/sha.h
x_name.o: ../../include/openssl/stack.h ../../include/openssl/symhacks.h
x_name.o: ../../include/openssl/x509.h ../../include/openssl/x509_vfy.h
x_name.o: ../cryptlib.h x_name.c
x_pkey.o: ../../e_os.h ../../include/openssl/asn1.h
x_pkey.o: ../../include/openssl/asn1_mac.h ../../include/openssl/bio.h
x_pkey.o: ../../include/openssl/buffer.h ../../include/openssl/crypto.h
x_pkey.o: ../../include/openssl/e_os2.h ../../include/openssl/ec.h
x_pkey.o: ../../include/openssl/ecdh.h ../../include/openssl/ecdsa.h
x_pkey.o: ../../include/openssl/err.h ../../include/openssl/evp.h
x_pkey.o: ../../include/openssl/lhash.h ../../include/openssl/obj_mac.h
x_pkey.o: ../../include/openssl/objects.h ../../include/openssl/opensslconf.h
x_pkey.o: ../../include/openssl/opensslv.h ../../include/openssl/ossl_typ.h
x_pkey.o: ../../include/openssl/pkcs7.h ../../include/openssl/safestack.h
x_pkey.o: ../../include/openssl/sha.h ../../include/openssl/stack.h
x_pkey.o: ../../include/openssl/symhacks.h ../../include/openssl/x509.h
x_pkey.o: ../../include/openssl/x509_vfy.h ../cryptlib.h x_pkey.c
x_pkey.o: ../../include/openssl/fips.h ../../include/openssl/lhash.h
x_pkey.o: ../../include/openssl/obj_mac.h ../../include/openssl/objects.h
x_pkey.o: ../../include/openssl/opensslconf.h ../../include/openssl/opensslv.h
x_pkey.o: ../../include/openssl/ossl_typ.h ../../include/openssl/pkcs7.h
x_pkey.o: ../../include/openssl/safestack.h ../../include/openssl/sha.h
x_pkey.o: ../../include/openssl/stack.h ../../include/openssl/symhacks.h
x_pkey.o: ../../include/openssl/x509.h ../../include/openssl/x509_vfy.h
x_pkey.o: ../cryptlib.h x_pkey.c
x_pubkey.o: ../../e_os.h ../../include/openssl/asn1.h
x_pubkey.o: ../../include/openssl/asn1t.h ../../include/openssl/bio.h
x_pubkey.o: ../../include/openssl/buffer.h ../../include/openssl/crypto.h
x_pubkey.o: ../../include/openssl/dsa.h ../../include/openssl/e_os2.h
x_pubkey.o: ../../include/openssl/ec.h ../../include/openssl/ecdh.h
x_pubkey.o: ../../include/openssl/ecdsa.h ../../include/openssl/err.h
x_pubkey.o: ../../include/openssl/evp.h ../../include/openssl/lhash.h
x_pubkey.o: ../../include/openssl/obj_mac.h ../../include/openssl/objects.h
x_pubkey.o: ../../include/openssl/opensslconf.h
x_pubkey.o: ../../include/openssl/evp.h ../../include/openssl/fips.h
x_pubkey.o: ../../include/openssl/lhash.h ../../include/openssl/obj_mac.h
x_pubkey.o: ../../include/openssl/objects.h ../../include/openssl/opensslconf.h
x_pubkey.o: ../../include/openssl/opensslv.h ../../include/openssl/ossl_typ.h
x_pubkey.o: ../../include/openssl/pkcs7.h ../../include/openssl/rsa.h
x_pubkey.o: ../../include/openssl/safestack.h ../../include/openssl/sha.h
@ -810,76 +823,82 @@ x_req.o: ../../include/openssl/buffer.h ../../include/openssl/crypto.h
x_req.o: ../../include/openssl/e_os2.h ../../include/openssl/ec.h
x_req.o: ../../include/openssl/ecdh.h ../../include/openssl/ecdsa.h
x_req.o: ../../include/openssl/err.h ../../include/openssl/evp.h
x_req.o: ../../include/openssl/lhash.h ../../include/openssl/obj_mac.h
x_req.o: ../../include/openssl/objects.h ../../include/openssl/opensslconf.h
x_req.o: ../../include/openssl/opensslv.h ../../include/openssl/ossl_typ.h
x_req.o: ../../include/openssl/pkcs7.h ../../include/openssl/safestack.h
x_req.o: ../../include/openssl/sha.h ../../include/openssl/stack.h
x_req.o: ../../include/openssl/symhacks.h ../../include/openssl/x509.h
x_req.o: ../../include/openssl/x509_vfy.h ../cryptlib.h x_req.c
x_req.o: ../../include/openssl/fips.h ../../include/openssl/lhash.h
x_req.o: ../../include/openssl/obj_mac.h ../../include/openssl/objects.h
x_req.o: ../../include/openssl/opensslconf.h ../../include/openssl/opensslv.h
x_req.o: ../../include/openssl/ossl_typ.h ../../include/openssl/pkcs7.h
x_req.o: ../../include/openssl/safestack.h ../../include/openssl/sha.h
x_req.o: ../../include/openssl/stack.h ../../include/openssl/symhacks.h
x_req.o: ../../include/openssl/x509.h ../../include/openssl/x509_vfy.h
x_req.o: ../cryptlib.h x_req.c
x_sig.o: ../../e_os.h ../../include/openssl/asn1.h
x_sig.o: ../../include/openssl/asn1t.h ../../include/openssl/bio.h
x_sig.o: ../../include/openssl/buffer.h ../../include/openssl/crypto.h
x_sig.o: ../../include/openssl/e_os2.h ../../include/openssl/ec.h
x_sig.o: ../../include/openssl/ecdh.h ../../include/openssl/ecdsa.h
x_sig.o: ../../include/openssl/err.h ../../include/openssl/evp.h
x_sig.o: ../../include/openssl/lhash.h ../../include/openssl/obj_mac.h
x_sig.o: ../../include/openssl/objects.h ../../include/openssl/opensslconf.h
x_sig.o: ../../include/openssl/opensslv.h ../../include/openssl/ossl_typ.h
x_sig.o: ../../include/openssl/pkcs7.h ../../include/openssl/safestack.h
x_sig.o: ../../include/openssl/sha.h ../../include/openssl/stack.h
x_sig.o: ../../include/openssl/symhacks.h ../../include/openssl/x509.h
x_sig.o: ../../include/openssl/x509_vfy.h ../cryptlib.h x_sig.c
x_sig.o: ../../include/openssl/fips.h ../../include/openssl/lhash.h
x_sig.o: ../../include/openssl/obj_mac.h ../../include/openssl/objects.h
x_sig.o: ../../include/openssl/opensslconf.h ../../include/openssl/opensslv.h
x_sig.o: ../../include/openssl/ossl_typ.h ../../include/openssl/pkcs7.h
x_sig.o: ../../include/openssl/safestack.h ../../include/openssl/sha.h
x_sig.o: ../../include/openssl/stack.h ../../include/openssl/symhacks.h
x_sig.o: ../../include/openssl/x509.h ../../include/openssl/x509_vfy.h
x_sig.o: ../cryptlib.h x_sig.c
x_spki.o: ../../e_os.h ../../include/openssl/asn1.h
x_spki.o: ../../include/openssl/asn1t.h ../../include/openssl/bio.h
x_spki.o: ../../include/openssl/buffer.h ../../include/openssl/crypto.h
x_spki.o: ../../include/openssl/e_os2.h ../../include/openssl/ec.h
x_spki.o: ../../include/openssl/ecdh.h ../../include/openssl/ecdsa.h
x_spki.o: ../../include/openssl/err.h ../../include/openssl/evp.h
x_spki.o: ../../include/openssl/lhash.h ../../include/openssl/obj_mac.h
x_spki.o: ../../include/openssl/objects.h ../../include/openssl/opensslconf.h
x_spki.o: ../../include/openssl/opensslv.h ../../include/openssl/ossl_typ.h
x_spki.o: ../../include/openssl/pkcs7.h ../../include/openssl/safestack.h
x_spki.o: ../../include/openssl/sha.h ../../include/openssl/stack.h
x_spki.o: ../../include/openssl/symhacks.h ../../include/openssl/x509.h
x_spki.o: ../../include/openssl/x509_vfy.h ../cryptlib.h x_spki.c
x_spki.o: ../../include/openssl/fips.h ../../include/openssl/lhash.h
x_spki.o: ../../include/openssl/obj_mac.h ../../include/openssl/objects.h
x_spki.o: ../../include/openssl/opensslconf.h ../../include/openssl/opensslv.h
x_spki.o: ../../include/openssl/ossl_typ.h ../../include/openssl/pkcs7.h
x_spki.o: ../../include/openssl/safestack.h ../../include/openssl/sha.h
x_spki.o: ../../include/openssl/stack.h ../../include/openssl/symhacks.h
x_spki.o: ../../include/openssl/x509.h ../../include/openssl/x509_vfy.h
x_spki.o: ../cryptlib.h x_spki.c
x_val.o: ../../e_os.h ../../include/openssl/asn1.h
x_val.o: ../../include/openssl/asn1t.h ../../include/openssl/bio.h
x_val.o: ../../include/openssl/buffer.h ../../include/openssl/crypto.h
x_val.o: ../../include/openssl/e_os2.h ../../include/openssl/ec.h
x_val.o: ../../include/openssl/ecdh.h ../../include/openssl/ecdsa.h
x_val.o: ../../include/openssl/err.h ../../include/openssl/evp.h
x_val.o: ../../include/openssl/lhash.h ../../include/openssl/obj_mac.h
x_val.o: ../../include/openssl/objects.h ../../include/openssl/opensslconf.h
x_val.o: ../../include/openssl/opensslv.h ../../include/openssl/ossl_typ.h
x_val.o: ../../include/openssl/pkcs7.h ../../include/openssl/safestack.h
x_val.o: ../../include/openssl/sha.h ../../include/openssl/stack.h
x_val.o: ../../include/openssl/symhacks.h ../../include/openssl/x509.h
x_val.o: ../../include/openssl/x509_vfy.h ../cryptlib.h x_val.c
x_val.o: ../../include/openssl/fips.h ../../include/openssl/lhash.h
x_val.o: ../../include/openssl/obj_mac.h ../../include/openssl/objects.h
x_val.o: ../../include/openssl/opensslconf.h ../../include/openssl/opensslv.h
x_val.o: ../../include/openssl/ossl_typ.h ../../include/openssl/pkcs7.h
x_val.o: ../../include/openssl/safestack.h ../../include/openssl/sha.h
x_val.o: ../../include/openssl/stack.h ../../include/openssl/symhacks.h
x_val.o: ../../include/openssl/x509.h ../../include/openssl/x509_vfy.h
x_val.o: ../cryptlib.h x_val.c
x_x509.o: ../../e_os.h ../../include/openssl/asn1.h
x_x509.o: ../../include/openssl/asn1t.h ../../include/openssl/bio.h
x_x509.o: ../../include/openssl/buffer.h ../../include/openssl/conf.h
x_x509.o: ../../include/openssl/crypto.h ../../include/openssl/e_os2.h
x_x509.o: ../../include/openssl/ec.h ../../include/openssl/ecdh.h
x_x509.o: ../../include/openssl/ecdsa.h ../../include/openssl/err.h
x_x509.o: ../../include/openssl/evp.h ../../include/openssl/lhash.h
x_x509.o: ../../include/openssl/obj_mac.h ../../include/openssl/objects.h
x_x509.o: ../../include/openssl/opensslconf.h ../../include/openssl/opensslv.h
x_x509.o: ../../include/openssl/ossl_typ.h ../../include/openssl/pkcs7.h
x_x509.o: ../../include/openssl/safestack.h ../../include/openssl/sha.h
x_x509.o: ../../include/openssl/stack.h ../../include/openssl/symhacks.h
x_x509.o: ../../include/openssl/x509.h ../../include/openssl/x509_vfy.h
x_x509.o: ../../include/openssl/x509v3.h ../cryptlib.h x_x509.c
x_x509.o: ../../include/openssl/evp.h ../../include/openssl/fips.h
x_x509.o: ../../include/openssl/lhash.h ../../include/openssl/obj_mac.h
x_x509.o: ../../include/openssl/objects.h ../../include/openssl/opensslconf.h
x_x509.o: ../../include/openssl/opensslv.h ../../include/openssl/ossl_typ.h
x_x509.o: ../../include/openssl/pkcs7.h ../../include/openssl/safestack.h
x_x509.o: ../../include/openssl/sha.h ../../include/openssl/stack.h
x_x509.o: ../../include/openssl/symhacks.h ../../include/openssl/x509.h
x_x509.o: ../../include/openssl/x509_vfy.h ../../include/openssl/x509v3.h
x_x509.o: ../cryptlib.h x_x509.c
x_x509a.o: ../../e_os.h ../../include/openssl/asn1.h
x_x509a.o: ../../include/openssl/asn1t.h ../../include/openssl/bio.h
x_x509a.o: ../../include/openssl/buffer.h ../../include/openssl/crypto.h
x_x509a.o: ../../include/openssl/e_os2.h ../../include/openssl/ec.h
x_x509a.o: ../../include/openssl/ecdh.h ../../include/openssl/ecdsa.h
x_x509a.o: ../../include/openssl/err.h ../../include/openssl/evp.h
x_x509a.o: ../../include/openssl/lhash.h ../../include/openssl/obj_mac.h
x_x509a.o: ../../include/openssl/objects.h ../../include/openssl/opensslconf.h
x_x509a.o: ../../include/openssl/opensslv.h ../../include/openssl/ossl_typ.h
x_x509a.o: ../../include/openssl/pkcs7.h ../../include/openssl/safestack.h
x_x509a.o: ../../include/openssl/sha.h ../../include/openssl/stack.h
x_x509a.o: ../../include/openssl/symhacks.h ../../include/openssl/x509.h
x_x509a.o: ../../include/openssl/x509_vfy.h ../cryptlib.h x_x509a.c
x_x509a.o: ../../include/openssl/fips.h ../../include/openssl/lhash.h
x_x509a.o: ../../include/openssl/obj_mac.h ../../include/openssl/objects.h
x_x509a.o: ../../include/openssl/opensslconf.h ../../include/openssl/opensslv.h
x_x509a.o: ../../include/openssl/ossl_typ.h ../../include/openssl/pkcs7.h
x_x509a.o: ../../include/openssl/safestack.h ../../include/openssl/sha.h
x_x509a.o: ../../include/openssl/stack.h ../../include/openssl/symhacks.h
x_x509a.o: ../../include/openssl/x509.h ../../include/openssl/x509_vfy.h
x_x509a.o: ../cryptlib.h x_x509a.c

2
crypto/asn1/a_bytes.c

@ -79,7 +79,7 @@ ASN1_STRING *d2i_ASN1_type_bytes(ASN1_STRING **a, const unsigned char **pp,
if (tag >= 32)
{
i=ASN1_R_TAG_VALUE_TOO_HIGH;;
i=ASN1_R_TAG_VALUE_TOO_HIGH;
goto err;
}
if (!(ASN1_tag2bit(tag) & type))

2
crypto/asn1/a_mbstr.c

@ -1,5 +1,5 @@
/* a_mbstr.c */
/* Written by Dr Stephen N Henson (shenson@bigfoot.com) for the OpenSSL
/* Written by Dr Stephen N Henson (steve@openssl.org) for the OpenSSL
* project 1999.
*/
/* ====================================================================

7
crypto/asn1/a_sign.c

@ -267,7 +267,12 @@ int ASN1_item_sign(const ASN1_ITEM *it, X509_ALGOR *algor1, X509_ALGOR *algor2,
goto err;
}
EVP_SignInit_ex(&ctx,type, NULL);
if (!EVP_SignInit_ex(&ctx,type, NULL))
{
outl=0;
ASN1err(ASN1_F_ASN1_ITEM_SIGN,ERR_R_EVP_LIB);
goto err;
}
EVP_SignUpdate(&ctx,(unsigned char *)buf_in,inl);
if (!EVP_SignFinal(&ctx,(unsigned char *)buf_out,
(unsigned int *)&outl,pkey))

2
crypto/asn1/a_strex.c

@ -1,5 +1,5 @@
/* a_strex.c */
/* Written by Dr Stephen N Henson (shenson@bigfoot.com) for the OpenSSL
/* Written by Dr Stephen N Henson (steve@openssl.org) for the OpenSSL
* project 2000.
*/
/* ====================================================================

2
crypto/asn1/a_strnid.c

@ -1,5 +1,5 @@
/* a_strnid.c */
/* Written by Dr Stephen N Henson (shenson@bigfoot.com) for the OpenSSL
/* Written by Dr Stephen N Henson (steve@openssl.org) for the OpenSSL
* project 1999.
*/
/* ====================================================================

7
crypto/asn1/a_verify.c

@ -100,7 +100,12 @@ int ASN1_verify(i2d_of_void *i2d, X509_ALGOR *a, ASN1_BIT_STRING *signature,
p=buf_in;
i2d(data,&p);
EVP_VerifyInit_ex(&ctx,type, NULL);
if (!EVP_VerifyInit_ex(&ctx,type, NULL))
{
ASN1err(ASN1_F_ASN1_VERIFY,ERR_R_EVP_LIB);
ret=0;
goto err;
}
EVP_VerifyUpdate(&ctx,(unsigned char *)buf_in,inl);
OPENSSL_cleanse(buf_in,(unsigned int)inl);

446
crypto/asn1/ameth_lib.c Normal file

@ -0,0 +1,446 @@
/* Written by Dr Stephen N Henson (steve@openssl.org) for the OpenSSL
* project 2006.
*/
/* ====================================================================
* Copyright (c) 2006 The OpenSSL Project. All rights reserved.
*
* Redistribution and use in source and binary forms, with or without
* modification, are permitted provided that the following conditions
* are met:
*
* 1. Redistributions of source code must retain the above copyright
* notice, this list of conditions and the following disclaimer.
*
* 2. Redistributions in binary form must reproduce the above copyright
* notice, this list of conditions and the following disclaimer in
* the documentation and/or other materials provided with the
* distribution.
*
* 3. All advertising materials mentioning features or use of this
* software must display the following acknowledgment:
* "This product includes software developed by the OpenSSL Project
* for use in the OpenSSL Toolkit. (http://www.OpenSSL.org/)"
*
* 4. The names "OpenSSL Toolkit" and "OpenSSL Project" must not be used to
* endorse or promote products derived from this software without
* prior written permission. For written permission, please contact
* licensing@OpenSSL.org.
*
* 5. Products derived from this software may not be called "OpenSSL"
* nor may "OpenSSL" appear in their names without prior written
* permission of the OpenSSL Project.
*
* 6. Redistributions of any form whatsoever must retain the following
* acknowledgment:
* "This product includes software developed by the OpenSSL Project
* for use in the OpenSSL Toolkit (http://www.OpenSSL.org/)"
*
* THIS SOFTWARE IS PROVIDED BY THE OpenSSL PROJECT ``AS IS'' AND ANY
* EXPRESSED OR IMPLIED WARRANTIES, INCLUDING, BUT NOT LIMITED TO, THE
* IMPLIED WARRANTIES OF MERCHANTABILITY AND FITNESS FOR A PARTICULAR
* PURPOSE ARE DISCLAIMED. IN NO EVENT SHALL THE OpenSSL PROJECT OR
* ITS CONTRIBUTORS BE LIABLE FOR ANY DIRECT, INDIRECT, INCIDENTAL,
* SPECIAL, EXEMPLARY, OR CONSEQUENTIAL DAMAGES (INCLUDING, BUT
* NOT LIMITED TO, PROCUREMENT OF SUBSTITUTE GOODS OR SERVICES;
* LOSS OF USE, DATA, OR PROFITS; OR BUSINESS INTERRUPTION)
* HOWEVER CAUSED AND ON ANY THEORY OF LIABILITY, WHETHER IN CONTRACT,
* STRICT LIABILITY, OR TORT (INCLUDING NEGLIGENCE OR OTHERWISE)
* ARISING IN ANY WAY OUT OF THE USE OF THIS SOFTWARE, EVEN IF ADVISED
* OF THE POSSIBILITY OF SUCH DAMAGE.
* ====================================================================
*
* This product includes cryptographic software written by Eric Young
* (eay@cryptsoft.com). This product includes software written by Tim
* Hudson (tjh@cryptsoft.com).
*
*/
#include <stdio.h>
#include "cryptlib.h"
#include <openssl/asn1t.h>
#include <openssl/x509.h>
#ifndef OPENSSL_NO_ENGINE
#include <openssl/engine.h>
#endif
#include "asn1_locl.h"
extern const EVP_PKEY_ASN1_METHOD rsa_asn1_meths[];
extern const EVP_PKEY_ASN1_METHOD dsa_asn1_meths[];
extern const EVP_PKEY_ASN1_METHOD dh_asn1_meth;
extern const EVP_PKEY_ASN1_METHOD eckey_asn1_meth;
extern const EVP_PKEY_ASN1_METHOD hmac_asn1_meth;
/* Keep this sorted in type order !! */
static const EVP_PKEY_ASN1_METHOD *standard_methods[] =
{
#ifndef OPENSSL_NO_RSA
&rsa_asn1_meths[0],
&rsa_asn1_meths[1],
#endif
#ifndef OPENSSL_NO_DH
&dh_asn1_meth,
#endif
#ifndef OPENSSL_NO_DSA
&dsa_asn1_meths[0],
&dsa_asn1_meths[1],
&dsa_asn1_meths[2],
&dsa_asn1_meths[3],
&dsa_asn1_meths[4],
#endif
#ifndef OPENSSL_NO_EC
&eckey_asn1_meth,
#endif
&hmac_asn1_meth
};
typedef int sk_cmp_fn_type(const char * const *a, const char * const *b);
DECLARE_STACK_OF(EVP_PKEY_ASN1_METHOD)
static STACK_OF(EVP_PKEY_ASN1_METHOD) *app_methods = NULL;
#ifdef TEST
void main()
{
int i;
for (i = 0;
i < sizeof(standard_methods)/sizeof(EVP_PKEY_ASN1_METHOD *);
i++)
fprintf(stderr, "Number %d id=%d (%s)\n", i,
standard_methods[i]->pkey_id,
OBJ_nid2sn(standard_methods[i]->pkey_id));
}
#endif
DECLARE_OBJ_BSEARCH_CMP_FN(const EVP_PKEY_ASN1_METHOD *,
const EVP_PKEY_ASN1_METHOD *, ameth);
static int ameth_cmp(const EVP_PKEY_ASN1_METHOD * const *a,
const EVP_PKEY_ASN1_METHOD * const *b)
{
return ((*a)->pkey_id - (*b)->pkey_id);
}
IMPLEMENT_OBJ_BSEARCH_CMP_FN(const EVP_PKEY_ASN1_METHOD *,
const EVP_PKEY_ASN1_METHOD *, ameth);
int EVP_PKEY_asn1_get_count(void)
{
int num = sizeof(standard_methods)/sizeof(EVP_PKEY_ASN1_METHOD *);
if (app_methods)
num += sk_EVP_PKEY_ASN1_METHOD_num(app_methods);
return num;
}
const EVP_PKEY_ASN1_METHOD *EVP_PKEY_asn1_get0(int idx)
{
int num = sizeof(standard_methods)/sizeof(EVP_PKEY_ASN1_METHOD *);
if (idx < 0)
return NULL;
if (idx < num)
return standard_methods[idx];
idx -= num;
return sk_EVP_PKEY_ASN1_METHOD_value(app_methods, idx);
}
static const EVP_PKEY_ASN1_METHOD *pkey_asn1_find(int type)
{
EVP_PKEY_ASN1_METHOD tmp;
const EVP_PKEY_ASN1_METHOD *t = &tmp, **ret;
tmp.pkey_id = type;
if (app_methods)
{
int idx;
idx = sk_EVP_PKEY_ASN1_METHOD_find(app_methods, &tmp);
if (idx >= 0)
return sk_EVP_PKEY_ASN1_METHOD_value(app_methods, idx);
}
ret = OBJ_bsearch_ameth(&t, standard_methods,
sizeof(standard_methods)
/sizeof(EVP_PKEY_ASN1_METHOD *));
if (!ret || !*ret)
return NULL;
return *ret;
}
/* Find an implementation of an ASN1 algorithm. If 'pe' is not NULL
* also search through engines and set *pe to a functional reference
* to the engine implementing 'type' or NULL if no engine implements
* it.
*/
const EVP_PKEY_ASN1_METHOD *EVP_PKEY_asn1_find(ENGINE **pe, int type)
{
const EVP_PKEY_ASN1_METHOD *t;
ENGINE *e;
for (;;)
{
t = pkey_asn1_find(type);
if (!t || !(t->pkey_flags & ASN1_PKEY_ALIAS))
break;
type = t->pkey_base_id;
}
if (pe)
{
#ifndef OPENSSL_NO_ENGINE
/* type will contain the final unaliased type */
e = ENGINE_get_pkey_asn1_meth_engine(type);
if (e)
{
*pe = e;
return ENGINE_get_pkey_asn1_meth(e, type);
}
#endif
*pe = NULL;
}
return t;
}
const EVP_PKEY_ASN1_METHOD *EVP_PKEY_asn1_find_str(ENGINE **pe,
const char *str, int len)
{
int i;
const EVP_PKEY_ASN1_METHOD *ameth;
if (len == -1)
len = strlen(str);
if (pe)
{
#ifndef OPENSSL_NO_ENGINE
ENGINE *e;
ameth = ENGINE_pkey_asn1_find_str(&e, str, len);
if (ameth)
{
/* Convert structural into
* functional reference
*/
if (!ENGINE_init(e))
ameth = NULL;
ENGINE_free(e);
*pe = e;
return ameth;
}
#endif
*pe = NULL;
}
for (i = 0; i < EVP_PKEY_asn1_get_count(); i++)
{
ameth = EVP_PKEY_asn1_get0(i);
if (ameth->pkey_flags & ASN1_PKEY_ALIAS)
continue;
if (((int)strlen(ameth->pem_str) == len) &&
!strncasecmp(ameth->pem_str, str, len))
return ameth;
}
return NULL;
}
int EVP_PKEY_asn1_add0(const EVP_PKEY_ASN1_METHOD *ameth)
{
if (app_methods == NULL)
{
app_methods = sk_EVP_PKEY_ASN1_METHOD_new(ameth_cmp);
if (!app_methods)
return 0;
}
if (!sk_EVP_PKEY_ASN1_METHOD_push(app_methods, ameth))
return 0;
sk_EVP_PKEY_ASN1_METHOD_sort(app_methods);
return 1;
}
int EVP_PKEY_asn1_add_alias(int to, int from)
{
EVP_PKEY_ASN1_METHOD *ameth;
ameth = EVP_PKEY_asn1_new(from, ASN1_PKEY_ALIAS, NULL, NULL);
if (!ameth)
return 0;
ameth->pkey_base_id = to;
return EVP_PKEY_asn1_add0(ameth);
}
int EVP_PKEY_asn1_get0_info(int *ppkey_id, int *ppkey_base_id, int *ppkey_flags,
const char **pinfo, const char **ppem_str,
const EVP_PKEY_ASN1_METHOD *ameth)
{
if (!ameth)
return 0;
if (ppkey_id)
*ppkey_id = ameth->pkey_id;
if (ppkey_base_id)
*ppkey_base_id = ameth->pkey_base_id;
if (ppkey_flags)
*ppkey_flags = ameth->pkey_flags;
if (pinfo)
*pinfo = ameth->info;
if (ppem_str)
*ppem_str = ameth->pem_str;
return 1;
}
const EVP_PKEY_ASN1_METHOD* EVP_PKEY_get0_asn1(EVP_PKEY *pkey)
{
return pkey->ameth;
}
EVP_PKEY_ASN1_METHOD* EVP_PKEY_asn1_new(int id, int flags,
const char *pem_str, const char *info)
{
EVP_PKEY_ASN1_METHOD *ameth;
ameth = OPENSSL_malloc(sizeof(EVP_PKEY_ASN1_METHOD));
if (!ameth)
return NULL;
ameth->pkey_id = id;
ameth->pkey_base_id = id;
ameth->pkey_flags = flags | ASN1_PKEY_DYNAMIC;
if (info)
{
ameth->info = BUF_strdup(info);
if (!ameth->info)
goto err;
}
if (pem_str)
{
ameth->pem_str = BUF_strdup(pem_str);
if (!ameth->pem_str)
goto err;
}
ameth->pub_decode = 0;
ameth->pub_encode = 0;
ameth->pub_cmp = 0;
ameth->pub_print = 0;
ameth->priv_decode = 0;
ameth->priv_encode = 0;
ameth->priv_print = 0;
ameth->old_priv_encode = 0;
ameth->old_priv_decode = 0;
ameth->pkey_size = 0;
ameth->pkey_bits = 0;
ameth->param_decode = 0;
ameth->param_encode = 0;
ameth->param_missing = 0;
ameth->param_copy = 0;
ameth->param_cmp = 0;
ameth->param_print = 0;
ameth->pkey_free = 0;
ameth->pkey_ctrl = 0;
return ameth;
err:
EVP_PKEY_asn1_free(ameth);
return NULL;
}
void EVP_PKEY_asn1_copy(EVP_PKEY_ASN1_METHOD *dst,
const EVP_PKEY_ASN1_METHOD *src)
{
dst->pub_decode = src->pub_decode;
dst->pub_encode = src->pub_encode;
dst->pub_cmp = src->pub_cmp;
dst->pub_print = src->pub_print;
dst->priv_decode = src->priv_decode;
dst->priv_encode = src->priv_encode;
dst->priv_print = src->priv_print;
dst->old_priv_encode = src->old_priv_encode;
dst->old_priv_decode = src->old_priv_decode;
dst->pkey_size = src->pkey_size;
dst->pkey_bits = src->pkey_bits;
dst->param_decode = src->param_decode;
dst->param_encode = src->param_encode;
dst->param_missing = src->param_missing;
dst->param_copy = src->param_copy;
dst->param_cmp = src->param_cmp;
dst->param_print = src->param_print;
dst->pkey_free = src->pkey_free;
dst->pkey_ctrl = src->pkey_ctrl;
}
void EVP_PKEY_asn1_free(EVP_PKEY_ASN1_METHOD *ameth)
{
if (ameth && (ameth->pkey_flags & ASN1_PKEY_DYNAMIC))
{
if (ameth->pem_str)
OPENSSL_free(ameth->pem_str);
if (ameth->info)
OPENSSL_free(ameth->info);
OPENSSL_free(ameth);
}
}
void EVP_PKEY_asn1_set_public(EVP_PKEY_ASN1_METHOD *ameth,
int (*pub_decode)(EVP_PKEY *pk, X509_PUBKEY *pub),
int (*pub_encode)(X509_PUBKEY *pub, const EVP_PKEY *pk),
int (*pub_cmp)(const EVP_PKEY *a, const EVP_PKEY *b),
int (*pub_print)(BIO *out, const EVP_PKEY *pkey, int indent,
ASN1_PCTX *pctx),
int (*pkey_size)(const EVP_PKEY *pk),
int (*pkey_bits)(const EVP_PKEY *pk))
{
ameth->pub_decode = pub_decode;
ameth->pub_encode = pub_encode;
ameth->pub_cmp = pub_cmp;
ameth->pub_print = pub_print;
ameth->pkey_size = pkey_size;
ameth->pkey_bits = pkey_bits;
}
void EVP_PKEY_asn1_set_private(EVP_PKEY_ASN1_METHOD *ameth,
int (*priv_decode)(EVP_PKEY *pk, PKCS8_PRIV_KEY_INFO *p8inf),
int (*priv_encode)(PKCS8_PRIV_KEY_INFO *p8, const EVP_PKEY *pk),
int (*priv_print)(BIO *out, const EVP_PKEY *pkey, int indent,
ASN1_PCTX *pctx))
{
ameth->priv_decode = priv_decode;
ameth->priv_encode = priv_encode;
ameth->priv_print = priv_print;
}
void EVP_PKEY_asn1_set_param(EVP_PKEY_ASN1_METHOD *ameth,
int (*param_decode)(EVP_PKEY *pkey,
const unsigned char **pder, int derlen),
int (*param_encode)(const EVP_PKEY *pkey, unsigned char **pder),
int (*param_missing)(const EVP_PKEY *pk),
int (*param_copy)(EVP_PKEY *to, const EVP_PKEY *from),
int (*param_cmp)(const EVP_PKEY *a, const EVP_PKEY *b),
int (*param_print)(BIO *out, const EVP_PKEY *pkey, int indent,
ASN1_PCTX *pctx))
{
ameth->param_decode = param_decode;
ameth->param_encode = param_encode;
ameth->param_missing = param_missing;
ameth->param_copy = param_copy;
ameth->param_cmp = param_cmp;
ameth->param_print = param_print;
}
void EVP_PKEY_asn1_set_free(EVP_PKEY_ASN1_METHOD *ameth,
void (*pkey_free)(EVP_PKEY *pkey))
{
ameth->pkey_free = pkey_free;
}
void EVP_PKEY_asn1_set_ctrl(EVP_PKEY_ASN1_METHOD *ameth,
int (*pkey_ctrl)(EVP_PKEY *pkey, int op,
long arg1, void *arg2))
{
ameth->pkey_ctrl = pkey_ctrl;
}

3
crypto/asn1/asn1.h

@ -612,6 +612,7 @@ typedef struct BIT_STRING_BITNAME_st {
B_ASN1_GENERALIZEDTIME
#define B_ASN1_PRINTABLE \
B_ASN1_NUMERICSTRING| \
B_ASN1_PRINTABLESTRING| \
B_ASN1_T61STRING| \
B_ASN1_IA5STRING| \
@ -1217,6 +1218,7 @@ void ERR_load_ASN1_strings(void);
#define ASN1_R_BAD_OBJECT_HEADER 102
#define ASN1_R_BAD_PASSWORD_READ 103
#define ASN1_R_BAD_TAG 104
#define ASN1_R_BMPSTRING_IS_WRONG_LENGTH 210
#define ASN1_R_BN_LIB 105
#define ASN1_R_BOOLEAN_IS_WRONG_LENGTH 106
#define ASN1_R_BUFFER_TOO_SMALL 107
@ -1306,6 +1308,7 @@ void ERR_load_ASN1_strings(void);
#define ASN1_R_UNABLE_TO_DECODE_RSA_KEY 157
#define ASN1_R_UNABLE_TO_DECODE_RSA_PRIVATE_KEY 158
#define ASN1_R_UNEXPECTED_EOC 159
#define ASN1_R_UNIVERSALSTRING_IS_WRONG_LENGTH 211
#define ASN1_R_UNKNOWN_FORMAT 160
#define ASN1_R_UNKNOWN_MESSAGE_DIGEST_ALGORITHM 161
#define ASN1_R_UNKNOWN_OBJECT_TYPE 162

2
crypto/asn1/asn1_err.c

@ -195,6 +195,7 @@ static ERR_STRING_DATA ASN1_str_reasons[]=
{ERR_REASON(ASN1_R_BAD_OBJECT_HEADER) ,"bad object header"},
{ERR_REASON(ASN1_R_BAD_PASSWORD_READ) ,"bad password read"},
{ERR_REASON(ASN1_R_BAD_TAG) ,"bad tag"},
{ERR_REASON(ASN1_R_BMPSTRING_IS_WRONG_LENGTH),"bmpstring is wrong length"},
{ERR_REASON(ASN1_R_BN_LIB) ,"bn lib"},
{ERR_REASON(ASN1_R_BOOLEAN_IS_WRONG_LENGTH),"boolean is wrong length"},
{ERR_REASON(ASN1_R_BUFFER_TOO_SMALL) ,"buffer too small"},
@ -284,6 +285,7 @@ static ERR_STRING_DATA ASN1_str_reasons[]=
{ERR_REASON(ASN1_R_UNABLE_TO_DECODE_RSA_KEY),"unable to decode rsa key"},
{ERR_REASON(ASN1_R_UNABLE_TO_DECODE_RSA_PRIVATE_KEY),"unable to decode rsa private key"},
{ERR_REASON(ASN1_R_UNEXPECTED_EOC) ,"unexpected eoc"},
{ERR_REASON(ASN1_R_UNIVERSALSTRING_IS_WRONG_LENGTH),"universalstring is wrong length"},
{ERR_REASON(ASN1_R_UNKNOWN_FORMAT) ,"unknown format"},
{ERR_REASON(ASN1_R_UNKNOWN_MESSAGE_DIGEST_ALGORITHM),"unknown message digest algorithm"},
{ERR_REASON(ASN1_R_UNKNOWN_OBJECT_TYPE) ,"unknown object type"},

2
crypto/asn1/asn1_gen.c

@ -1,5 +1,5 @@
/* asn1_gen.c */
/* Written by Dr Stephen N Henson (shenson@bigfoot.com) for the OpenSSL
/* Written by Dr Stephen N Henson (steve@openssl.org) for the OpenSSL
* project 2002.
*/
/* ====================================================================

134
crypto/asn1/asn1_locl.h Normal file

@ -0,0 +1,134 @@
/* asn1t.h */
/* Written by Dr Stephen N Henson (steve@openssl.org) for the OpenSSL
* project 2006.
*/
/* ====================================================================
* Copyright (c) 2006 The OpenSSL Project. All rights reserved.
*
* Redistribution and use in source and binary forms, with or without
* modification, are permitted provided that the following conditions
* are met:
*
* 1. Redistributions of source code must retain the above copyright
* notice, this list of conditions and the following disclaimer.
*
* 2. Redistributions in binary form must reproduce the above copyright
* notice, this list of conditions and the following disclaimer in
* the documentation and/or other materials provided with the
* distribution.
*
* 3. All advertising materials mentioning features or use of this
* software must display the following acknowledgment:
* "This product includes software developed by the OpenSSL Project
* for use in the OpenSSL Toolkit. (http://www.OpenSSL.org/)"
*
* 4. The names "OpenSSL Toolkit" and "OpenSSL Project" must not be used to
* endorse or promote products derived from this software without
* prior written permission. For written permission, please contact
* licensing@OpenSSL.org.
*
* 5. Products derived from this software may not be called "OpenSSL"
* nor may "OpenSSL" appear in their names without prior written
* permission of the OpenSSL Project.
*
* 6. Redistributions of any form whatsoever must retain the following
* acknowledgment:
* "This product includes software developed by the OpenSSL Project
* for use in the OpenSSL Toolkit (http://www.OpenSSL.org/)"
*
* THIS SOFTWARE IS PROVIDED BY THE OpenSSL PROJECT ``AS IS'' AND ANY
* EXPRESSED OR IMPLIED WARRANTIES, INCLUDING, BUT NOT LIMITED TO, THE
* IMPLIED WARRANTIES OF MERCHANTABILITY AND FITNESS FOR A PARTICULAR
* PURPOSE ARE DISCLAIMED. IN NO EVENT SHALL THE OpenSSL PROJECT OR
* ITS CONTRIBUTORS BE LIABLE FOR ANY DIRECT, INDIRECT, INCIDENTAL,
* SPECIAL, EXEMPLARY, OR CONSEQUENTIAL DAMAGES (INCLUDING, BUT
* NOT LIMITED TO, PROCUREMENT OF SUBSTITUTE GOODS OR SERVICES;
* LOSS OF USE, DATA, OR PROFITS; OR BUSINESS INTERRUPTION)
* HOWEVER CAUSED AND ON ANY THEORY OF LIABILITY, WHETHER IN CONTRACT,
* STRICT LIABILITY, OR TORT (INCLUDING NEGLIGENCE OR OTHERWISE)
* ARISING IN ANY WAY OUT OF THE USE OF THIS SOFTWARE, EVEN IF ADVISED
* OF THE POSSIBILITY OF SUCH DAMAGE.
* ====================================================================
*
* This product includes cryptographic software written by Eric Young
* (eay@cryptsoft.com). This product includes software written by Tim
* Hudson (tjh@cryptsoft.com).
*
*/
/* Internal ASN1 structures and functions: not for application use */
/* ASN1 print context structure */
struct asn1_pctx_st
{
unsigned long flags;
unsigned long nm_flags;
unsigned long cert_flags;
unsigned long oid_flags;
unsigned long str_flags;
} /* ASN1_PCTX */;
/* ASN1 public key method structure */
struct evp_pkey_asn1_method_st
{
int pkey_id;
int pkey_base_id;
unsigned long pkey_flags;
char *pem_str;
char *info;
int (*pub_decode)(EVP_PKEY *pk, X509_PUBKEY *pub);
int (*pub_encode)(X509_PUBKEY *pub, const EVP_PKEY *pk);
int (*pub_cmp)(const EVP_PKEY *a, const EVP_PKEY *b);
int (*pub_print)(BIO *out, const EVP_PKEY *pkey, int indent,
ASN1_PCTX *pctx);
int (*priv_decode)(EVP_PKEY *pk, PKCS8_PRIV_KEY_INFO *p8inf);
int (*priv_encode)(PKCS8_PRIV_KEY_INFO *p8, const EVP_PKEY *pk);
int (*priv_print)(BIO *out, const EVP_PKEY *pkey, int indent,
ASN1_PCTX *pctx);
int (*pkey_size)(const EVP_PKEY *pk);
int (*pkey_bits)(const EVP_PKEY *pk);
int (*param_decode)(EVP_PKEY *pkey,
const unsigned char **pder, int derlen);
int (*param_encode)(const EVP_PKEY *pkey, unsigned char **pder);
int (*param_missing)(const EVP_PKEY *pk);
int (*param_copy)(EVP_PKEY *to, const EVP_PKEY *from);
int (*param_cmp)(const EVP_PKEY *a, const EVP_PKEY *b);
int (*param_print)(BIO *out, const EVP_PKEY *pkey, int indent,
ASN1_PCTX *pctx);
void (*pkey_free)(EVP_PKEY *pkey);
int (*pkey_ctrl)(EVP_PKEY *pkey, int op, long arg1, void *arg2);
/* Legacy functions for old PEM */
int (*old_priv_decode)(EVP_PKEY *pkey,
const unsigned char **pder, int derlen);
int (*old_priv_encode)(const EVP_PKEY *pkey, unsigned char **pder);
} /* EVP_PKEY_ASN1_METHOD */;
/* Method to handle CRL access.
* In general a CRL could be very large (several Mb) and can consume large
* amounts of resources if stored in memory by multiple processes.
* This method allows general CRL operations to be redirected to more
* efficient callbacks: for example a CRL entry database.
*/
#define X509_CRL_METHOD_DYNAMIC 1
struct x509_crl_method_st
{
int flags;
int (*crl_init)(X509_CRL *crl);
int (*crl_free)(X509_CRL *crl);
int (*crl_lookup)(X509_CRL *crl, X509_REVOKED **ret,
ASN1_INTEGER *ser, X509_NAME *issuer);
int (*crl_verify)(X509_CRL *crl, EVP_PKEY *pk);
};

2
crypto/asn1/asn1_par.c

@ -213,6 +213,8 @@ static int asn1_parse2(BIO *bp, const unsigned char **pp, long length, int offse
(tag == V_ASN1_T61STRING) ||
(tag == V_ASN1_IA5STRING) ||
(tag == V_ASN1_VISIBLESTRING) ||
(tag == V_ASN1_NUMERICSTRING) ||
(tag == V_ASN1_UTF8STRING) ||
(tag == V_ASN1_UTCTIME) ||
(tag == V_ASN1_GENERALIZEDTIME))
{

2
crypto/asn1/asn1t.h

@ -1,5 +1,5 @@
/* asn1t.h */
/* Written by Dr Stephen N Henson (shenson@bigfoot.com) for the OpenSSL
/* Written by Dr Stephen N Henson (steve@openssl.org) for the OpenSSL
* project 2000.
*/
/* ====================================================================

2
crypto/asn1/asn_mime.c

@ -152,7 +152,6 @@ static ASN1_VALUE *b64_read_asn1(BIO *bio, const ASN1_ITEM *it)
static int asn1_write_micalg(BIO *out, STACK_OF(X509_ALGOR) *mdalgs)
{
const EVP_MD *md;
int i, have_unknown = 0, write_comma, md_nid;
have_unknown = 0;
write_comma = 0;
@ -162,7 +161,6 @@ static int asn1_write_micalg(BIO *out, STACK_OF(X509_ALGOR) *mdalgs)
BIO_write(out, ",", 1);
write_comma = 1;
md_nid = OBJ_obj2nid(sk_X509_ALGOR_value(mdalgs, i)->algorithm);
md = EVP_get_digestbynid(md_nid);
switch(md_nid)
{
case NID_sha1:

2
crypto/asn1/asn_moid.c

@ -1,5 +1,5 @@
/* asn_moid.c */
/* Written by Stephen Henson (shenson@bigfoot.com) for the OpenSSL
/* Written by Stephen Henson (steve@openssl.org) for the OpenSSL
* project 2001.
*/
/* ====================================================================

2
crypto/asn1/asn_pack.c

@ -1,5 +1,5 @@
/* asn_pack.c */
/* Written by Dr Stephen N Henson (shenson@bigfoot.com) for the OpenSSL
/* Written by Dr Stephen N Henson (steve@openssl.org) for the OpenSSL
* project 1999.
*/
/* ====================================================================

495
crypto/asn1/bio_asn1.c Normal file

@ -0,0 +1,495 @@
/* bio_asn1.c */
/* Written by Dr Stephen N Henson (steve@openssl.org) for the OpenSSL
* project.
*/
/* ====================================================================
* Copyright (c) 2006 The OpenSSL Project. All rights reserved.
*
* Redistribution and use in source and binary forms, with or without
* modification, are permitted provided that the following conditions
* are met:
*
* 1. Redistributions of source code must retain the above copyright
* notice, this list of conditions and the following disclaimer.
*
* 2. Redistributions in binary form must reproduce the above copyright
* notice, this list of conditions and the following disclaimer in
* the documentation and/or other materials provided with the
* distribution.
*
* 3. All advertising materials mentioning features or use of this
* software must display the following acknowledgment:
* "This product includes software developed by the OpenSSL Project
* for use in the OpenSSL Toolkit. (http://www.OpenSSL.org/)"
*
* 4. The names "OpenSSL Toolkit" and "OpenSSL Project" must not be used to
* endorse or promote products derived from this software without
* prior written permission. For written permission, please contact
* licensing@OpenSSL.org.
*
* 5. Products derived from this software may not be called "OpenSSL"
* nor may "OpenSSL" appear in their names without prior written
* permission of the OpenSSL Project.
*
* 6. Redistributions of any form whatsoever must retain the following
* acknowledgment:
* "This product includes software developed by the OpenSSL Project
* for use in the OpenSSL Toolkit (http://www.OpenSSL.org/)"
*
* THIS SOFTWARE IS PROVIDED BY THE OpenSSL PROJECT ``AS IS'' AND ANY
* EXPRESSED OR IMPLIED WARRANTIES, INCLUDING, BUT NOT LIMITED TO, THE
* IMPLIED WARRANTIES OF MERCHANTABILITY AND FITNESS FOR A PARTICULAR
* PURPOSE ARE DISCLAIMED. IN NO EVENT SHALL THE OpenSSL PROJECT OR
* ITS CONTRIBUTORS BE LIABLE FOR ANY DIRECT, INDIRECT, INCIDENTAL,
* SPECIAL, EXEMPLARY, OR CONSEQUENTIAL DAMAGES (INCLUDING, BUT
* NOT LIMITED TO, PROCUREMENT OF SUBSTITUTE GOODS OR SERVICES;
* LOSS OF USE, DATA, OR PROFITS; OR BUSINESS INTERRUPTION)
* HOWEVER CAUSED AND ON ANY THEORY OF LIABILITY, WHETHER IN CONTRACT,
* STRICT LIABILITY, OR TORT (INCLUDING NEGLIGENCE OR OTHERWISE)
* ARISING IN ANY WAY OUT OF THE USE OF THIS SOFTWARE, EVEN IF ADVISED
* OF THE POSSIBILITY OF SUCH DAMAGE.
* ====================================================================
*
* This product includes cryptographic software written by Eric Young
* (eay@cryptsoft.com). This product includes software written by Tim
* Hudson (tjh@cryptsoft.com).
*
*/
/* Experimental ASN1 BIO. When written through the data is converted
* to an ASN1 string type: default is OCTET STRING. Additional functions
* can be provided to add prefix and suffix data.
*/
#include <string.h>
#include <openssl/bio.h>
#include <openssl/asn1.h>
/* Must be large enough for biggest tag+length */
#define DEFAULT_ASN1_BUF_SIZE 20
typedef enum
{
ASN1_STATE_START,
ASN1_STATE_PRE_COPY,
ASN1_STATE_HEADER,
ASN1_STATE_HEADER_COPY,
ASN1_STATE_DATA_COPY,
ASN1_STATE_POST_COPY,
ASN1_STATE_DONE
} asn1_bio_state_t;
typedef struct BIO_ASN1_EX_FUNCS_st
{
asn1_ps_func *ex_func;
asn1_ps_func *ex_free_func;
} BIO_ASN1_EX_FUNCS;
typedef struct BIO_ASN1_BUF_CTX_t
{
/* Internal state */
asn1_bio_state_t state;
/* Internal buffer */
unsigned char *buf;
/* Size of buffer */
int bufsize;
/* Current position in buffer */
int bufpos;
/* Current buffer length */
int buflen;
/* Amount of data to copy */
int copylen;
/* Class and tag to use */
int asn1_class, asn1_tag;
asn1_ps_func *prefix, *prefix_free, *suffix, *suffix_free;
/* Extra buffer for prefix and suffix data */
unsigned char *ex_buf;
int ex_len;
int ex_pos;
void *ex_arg;
} BIO_ASN1_BUF_CTX;
static int asn1_bio_write(BIO *h, const char *buf,int num);
static int asn1_bio_read(BIO *h, char *buf, int size);
static int asn1_bio_puts(BIO *h, const char *str);
static int asn1_bio_gets(BIO *h, char *str, int size);
static long asn1_bio_ctrl(BIO *h, int cmd, long arg1, void *arg2);
static int asn1_bio_new(BIO *h);
static int asn1_bio_free(BIO *data);
static long asn1_bio_callback_ctrl(BIO *h, int cmd, bio_info_cb *fp);
static int asn1_bio_init(BIO_ASN1_BUF_CTX *ctx, int size);
static int asn1_bio_flush_ex(BIO *b, BIO_ASN1_BUF_CTX *ctx,
asn1_ps_func *cleanup, asn1_bio_state_t next);
static int asn1_bio_setup_ex(BIO *b, BIO_ASN1_BUF_CTX *ctx,
asn1_ps_func *setup,
asn1_bio_state_t ex_state,
asn1_bio_state_t other_state);
static BIO_METHOD methods_asn1=
{
BIO_TYPE_ASN1,
"asn1",
asn1_bio_write,
asn1_bio_read,
asn1_bio_puts,
asn1_bio_gets,
asn1_bio_ctrl,
asn1_bio_new,
asn1_bio_free,
asn1_bio_callback_ctrl,
};
BIO_METHOD *BIO_f_asn1(void)
{
return(&methods_asn1);
}
static int asn1_bio_new(BIO *b)
{
BIO_ASN1_BUF_CTX *ctx;
ctx = OPENSSL_malloc(sizeof(BIO_ASN1_BUF_CTX));
if (!ctx)
return 0;
if (!asn1_bio_init(ctx, DEFAULT_ASN1_BUF_SIZE))
return 0;
b->init = 1;
b->ptr = (char *)ctx;
b->flags = 0;
return 1;
}
static int asn1_bio_init(BIO_ASN1_BUF_CTX *ctx, int size)
{
ctx->buf = OPENSSL_malloc(size);
if (!ctx->buf)
return 0;
ctx->bufsize = size;
ctx->bufpos = 0;
ctx->buflen = 0;
ctx->copylen = 0;
ctx->asn1_class = V_ASN1_UNIVERSAL;
ctx->asn1_tag = V_ASN1_OCTET_STRING;
ctx->ex_buf = 0;
ctx->ex_pos = 0;
ctx->ex_len = 0;
ctx->state = ASN1_STATE_START;
return 1;
}
static int asn1_bio_free(BIO *b)
{
BIO_ASN1_BUF_CTX *ctx;
ctx = (BIO_ASN1_BUF_CTX *) b->ptr;
if (ctx == NULL)
return 0;
if (ctx->buf)
OPENSSL_free(ctx->buf);
OPENSSL_free(ctx);
b->init = 0;
b->ptr = NULL;
b->flags = 0;
return 1;
}
static int asn1_bio_write(BIO *b, const char *in , int inl)
{
BIO_ASN1_BUF_CTX *ctx;
int wrmax, wrlen, ret;
unsigned char *p;
if (!in || (inl < 0) || (b->next_bio == NULL))
return 0;
ctx = (BIO_ASN1_BUF_CTX *) b->ptr;
if (ctx == NULL)
return 0;
wrlen = 0;
ret = -1;
for(;;)
{
switch (ctx->state)
{
/* Setup prefix data, call it */
case ASN1_STATE_START:
if (!asn1_bio_setup_ex(b, ctx, ctx->prefix,
ASN1_STATE_PRE_COPY, ASN1_STATE_HEADER))
return 0;
break;
/* Copy any pre data first */
case ASN1_STATE_PRE_COPY:
ret = asn1_bio_flush_ex(b, ctx, ctx->prefix_free,
ASN1_STATE_HEADER);
if (ret <= 0)
goto done;
break;
case ASN1_STATE_HEADER:
ctx->buflen =
ASN1_object_size(0, inl, ctx->asn1_tag) - inl;
OPENSSL_assert(ctx->buflen <= ctx->bufsize);
p = ctx->buf;
ASN1_put_object(&p, 0, inl,
ctx->asn1_tag, ctx->asn1_class);
ctx->copylen = inl;
ctx->state = ASN1_STATE_HEADER_COPY;
break;
case ASN1_STATE_HEADER_COPY:
ret = BIO_write(b->next_bio,
ctx->buf + ctx->bufpos, ctx->buflen);
if (ret <= 0)
goto done;
ctx->buflen -= ret;
if (ctx->buflen)
ctx->bufpos += ret;
else
{
ctx->bufpos = 0;
ctx->state = ASN1_STATE_DATA_COPY;
}
break;
case ASN1_STATE_DATA_COPY:
if (inl > ctx->copylen)
wrmax = ctx->copylen;
else
wrmax = inl;
ret = BIO_write(b->next_bio, in, wrmax);
if (ret <= 0)
break;
wrlen += ret;
ctx->copylen -= ret;
in += ret;
inl -= ret;
if (ctx->copylen == 0)
ctx->state = ASN1_STATE_HEADER;
if (inl == 0)
goto done;
break;
default:
BIO_clear_retry_flags(b);
return 0;
}
}
done:
BIO_clear_retry_flags(b);
BIO_copy_next_retry(b);
return (wrlen > 0) ? wrlen : ret;
}
static int asn1_bio_flush_ex(BIO *b, BIO_ASN1_BUF_CTX *ctx,
asn1_ps_func *cleanup, asn1_bio_state_t next)
{
int ret;
if (ctx->ex_len <= 0)
return 1;
for(;;)
{
ret = BIO_write(b->next_bio, ctx->ex_buf + ctx->ex_pos,
ctx->ex_len);
if (ret <= 0)
break;
ctx->ex_len -= ret;
if (ctx->ex_len > 0)
ctx->ex_pos += ret;
else
{
if(cleanup)
cleanup(b, &ctx->ex_buf, &ctx->ex_len,
&ctx->ex_arg);
ctx->state = next;
ctx->ex_pos = 0;
break;
}
}
return ret;
}
static int asn1_bio_setup_ex(BIO *b, BIO_ASN1_BUF_CTX *ctx,
asn1_ps_func *setup,
asn1_bio_state_t ex_state,
asn1_bio_state_t other_state)
{
if (setup && !setup(b, &ctx->ex_buf, &ctx->ex_len, &ctx->ex_arg))
{
BIO_clear_retry_flags(b);
return 0;
}
if (ctx->ex_len > 0)
ctx->state = ex_state;
else
ctx->state = other_state;
return 1;
}
static int asn1_bio_read(BIO *b, char *in , int inl)
{
if (!b->next_bio)
return 0;
return BIO_read(b->next_bio, in , inl);
}
static int asn1_bio_puts(BIO *b, const char *str)
{
return asn1_bio_write(b, str, strlen(str));
}
static int asn1_bio_gets(BIO *b, char *str, int size)
{
if (!b->next_bio)
return 0;
return BIO_gets(b->next_bio, str , size);
}
static long asn1_bio_callback_ctrl(BIO *b, int cmd, bio_info_cb *fp)
{
if (b->next_bio == NULL) return(0);
return BIO_callback_ctrl(b->next_bio,cmd,fp);
}
static long asn1_bio_ctrl(BIO *b, int cmd, long arg1, void *arg2)
{
BIO_ASN1_BUF_CTX *ctx;
BIO_ASN1_EX_FUNCS *ex_func;
long ret = 1;
ctx = (BIO_ASN1_BUF_CTX *) b->ptr;
if (ctx == NULL)
return 0;
switch(cmd)
{
case BIO_C_SET_PREFIX:
ex_func = arg2;
ctx->prefix = ex_func->ex_func;
ctx->prefix_free = ex_func->ex_free_func;
break;
case BIO_C_GET_PREFIX:
ex_func = arg2;
ex_func->ex_func = ctx->prefix;
ex_func->ex_free_func = ctx->prefix_free;
break;
case BIO_C_SET_SUFFIX:
ex_func = arg2;
ctx->suffix = ex_func->ex_func;
ctx->suffix_free = ex_func->ex_free_func;
break;
case BIO_C_GET_SUFFIX:
ex_func = arg2;
ex_func->ex_func = ctx->suffix;
ex_func->ex_free_func = ctx->suffix_free;
break;
case BIO_C_SET_EX_ARG:
ctx->ex_arg = arg2;
break;
case BIO_C_GET_EX_ARG:
*(void **)arg2 = ctx->ex_arg;
break;
case BIO_CTRL_FLUSH:
if (!b->next_bio)
return 0;
/* Call post function if possible */
if (ctx->state == ASN1_STATE_HEADER)
{
if (!asn1_bio_setup_ex(b, ctx, ctx->suffix,
ASN1_STATE_POST_COPY, ASN1_STATE_DONE))
return 0;
}
if (ctx->state == ASN1_STATE_POST_COPY)
{
ret = asn1_bio_flush_ex(b, ctx, ctx->suffix_free,
ASN1_STATE_DONE);
if (ret <= 0)
return ret;
}
if (ctx->state == ASN1_STATE_DONE)
return BIO_ctrl(b->next_bio, cmd, arg1, arg2);
else
{
BIO_clear_retry_flags(b);
return 0;
}
break;
default:
if (!b->next_bio)
return 0;
return BIO_ctrl(b->next_bio, cmd, arg1, arg2);
}
return ret;
}
static int asn1_bio_set_ex(BIO *b, int cmd,
asn1_ps_func *ex_func, asn1_ps_func *ex_free_func)
{
BIO_ASN1_EX_FUNCS extmp;
extmp.ex_func = ex_func;
extmp.ex_free_func = ex_free_func;
return BIO_ctrl(b, cmd, 0, &extmp);
}
static int asn1_bio_get_ex(BIO *b, int cmd,
asn1_ps_func **ex_func, asn1_ps_func **ex_free_func)
{
BIO_ASN1_EX_FUNCS extmp;
int ret;
ret = BIO_ctrl(b, cmd, 0, &extmp);
if (ret > 0)
{
*ex_func = extmp.ex_func;
*ex_free_func = extmp.ex_free_func;
}
return ret;
}
int BIO_asn1_set_prefix(BIO *b, asn1_ps_func *prefix, asn1_ps_func *prefix_free)
{
return asn1_bio_set_ex(b, BIO_C_SET_PREFIX, prefix, prefix_free);
}
int BIO_asn1_get_prefix(BIO *b, asn1_ps_func **pprefix, asn1_ps_func **pprefix_free)
{
return asn1_bio_get_ex(b, BIO_C_GET_PREFIX, pprefix, pprefix_free);
}
int BIO_asn1_set_suffix(BIO *b, asn1_ps_func *suffix, asn1_ps_func *suffix_free)
{
return asn1_bio_set_ex(b, BIO_C_SET_SUFFIX, suffix, suffix_free);
}
int BIO_asn1_get_suffix(BIO *b, asn1_ps_func **psuffix, asn1_ps_func **psuffix_free)
{
return asn1_bio_get_ex(b, BIO_C_GET_SUFFIX, psuffix, psuffix_free);
}

246
crypto/asn1/bio_ndef.c Normal file

@ -0,0 +1,246 @@
/* bio_ndef.c */
/* Written by Dr Stephen N Henson (steve@openssl.org) for the OpenSSL
* project.
*/
/* ====================================================================
* Copyright (c) 2008 The OpenSSL Project. All rights reserved.
*
* Redistribution and use in source and binary forms, with or without
* modification, are permitted provided that the following conditions
* are met:
*
* 1. Redistributions of source code must retain the above copyright
* notice, this list of conditions and the following disclaimer.
*
* 2. Redistributions in binary form must reproduce the above copyright
* notice, this list of conditions and the following disclaimer in
* the documentation and/or other materials provided with the
* distribution.
*
* 3. All advertising materials mentioning features or use of this
* software must display the following acknowledgment:
* "This product includes software developed by the OpenSSL Project
* for use in the OpenSSL Toolkit. (http://www.OpenSSL.org/)"
*
* 4. The names "OpenSSL Toolkit" and "OpenSSL Project" must not be used to
* endorse or promote products derived from this software without
* prior written permission. For written permission, please contact
* licensing@OpenSSL.org.
*
* 5. Products derived from this software may not be called "OpenSSL"
* nor may "OpenSSL" appear in their names without prior written
* permission of the OpenSSL Project.
*
* 6. Redistributions of any form whatsoever must retain the following
* acknowledgment:
* "This product includes software developed by the OpenSSL Project
* for use in the OpenSSL Toolkit (http://www.OpenSSL.org/)"
*
* THIS SOFTWARE IS PROVIDED BY THE OpenSSL PROJECT ``AS IS'' AND ANY
* EXPRESSED OR IMPLIED WARRANTIES, INCLUDING, BUT NOT LIMITED TO, THE
* IMPLIED WARRANTIES OF MERCHANTABILITY AND FITNESS FOR A PARTICULAR
* PURPOSE ARE DISCLAIMED. IN NO EVENT SHALL THE OpenSSL PROJECT OR
* ITS CONTRIBUTORS BE LIABLE FOR ANY DIRECT, INDIRECT, INCIDENTAL,
* SPECIAL, EXEMPLARY, OR CONSEQUENTIAL DAMAGES (INCLUDING, BUT
* NOT LIMITED TO, PROCUREMENT OF SUBSTITUTE GOODS OR SERVICES;
* LOSS OF USE, DATA, OR PROFITS; OR BUSINESS INTERRUPTION)
* HOWEVER CAUSED AND ON ANY THEORY OF LIABILITY, WHETHER IN CONTRACT,
* STRICT LIABILITY, OR TORT (INCLUDING NEGLIGENCE OR OTHERWISE)
* ARISING IN ANY WAY OUT OF THE USE OF THIS SOFTWARE, EVEN IF ADVISED
* OF THE POSSIBILITY OF SUCH DAMAGE.
* ====================================================================
*
*/
#include <openssl/asn1.h>
#include <openssl/asn1t.h>
#include <openssl/bio.h>
#include <openssl/err.h>
#ifndef OPENSSL_SYSNAME_NETWARE
#include <memory.h>
#endif
#include <stdio.h>
/* Experimental NDEF ASN1 BIO support routines */
/* The usage is quite simple, initialize an ASN1 structure,
* get a BIO from it then any data written through the BIO
* will end up translated to approptiate format on the fly.
* The data is streamed out and does *not* need to be
* all held in memory at once.
*
* When the BIO is flushed the output is finalized and any
* signatures etc written out.
*
* The BIO is a 'proper' BIO and can handle non blocking I/O
* correctly.
*
* The usage is simple. The implementation is *not*...
*/
/* BIO support data stored in the ASN1 BIO ex_arg */
typedef struct ndef_aux_st
{
/* ASN1 structure this BIO refers to */
ASN1_VALUE *val;
const ASN1_ITEM *it;
/* Top of the BIO chain */
BIO *ndef_bio;
/* Output BIO */
BIO *out;
/* Boundary where content is inserted */
unsigned char **boundary;
/* DER buffer start */
unsigned char *derbuf;
} NDEF_SUPPORT;
static int ndef_prefix(BIO *b, unsigned char **pbuf, int *plen, void *parg);
static int ndef_prefix_free(BIO *b, unsigned char **pbuf, int *plen, void *parg);
static int ndef_suffix(BIO *b, unsigned char **pbuf, int *plen, void *parg);
static int ndef_suffix_free(BIO *b, unsigned char **pbuf, int *plen, void *parg);
BIO *BIO_new_NDEF(BIO *out, ASN1_VALUE *val, const ASN1_ITEM *it)
{
NDEF_SUPPORT *ndef_aux = NULL;
BIO *asn_bio = NULL;
const ASN1_AUX *aux = it->funcs;
ASN1_STREAM_ARG sarg;
if (!aux || !aux->asn1_cb)
{
ASN1err(ASN1_F_BIO_NEW_NDEF, ASN1_R_STREAMING_NOT_SUPPORTED);
return NULL;
}
ndef_aux = OPENSSL_malloc(sizeof(NDEF_SUPPORT));
asn_bio = BIO_new(BIO_f_asn1());
/* ASN1 bio needs to be next to output BIO */
out = BIO_push(asn_bio, out);
if (!ndef_aux || !asn_bio || !out)
goto err;
BIO_asn1_set_prefix(asn_bio, ndef_prefix, ndef_prefix_free);
BIO_asn1_set_suffix(asn_bio, ndef_suffix, ndef_suffix_free);
/* Now let callback prepend any digest, cipher etc BIOs
* ASN1 structure needs.
*/
sarg.out = out;
sarg.ndef_bio = NULL;
sarg.boundary = NULL;
if (aux->asn1_cb(ASN1_OP_STREAM_PRE, &val, it, &sarg) <= 0)
goto err;
ndef_aux->val = val;
ndef_aux->it = it;
ndef_aux->ndef_bio = sarg.ndef_bio;
ndef_aux->boundary = sarg.boundary;
ndef_aux->out = out;
BIO_ctrl(asn_bio, BIO_C_SET_EX_ARG, 0, ndef_aux);
return sarg.ndef_bio;
err:
if (asn_bio)
BIO_free(asn_bio);
if (ndef_aux)
OPENSSL_free(ndef_aux);
return NULL;
}
static int ndef_prefix(BIO *b, unsigned char **pbuf, int *plen, void *parg)
{
NDEF_SUPPORT *ndef_aux;
unsigned char *p;
int derlen;
if (!parg)
return 0;
ndef_aux = *(NDEF_SUPPORT **)parg;
derlen = ASN1_item_ndef_i2d(ndef_aux->val, NULL, ndef_aux->it);
p = OPENSSL_malloc(derlen);
ndef_aux->derbuf = p;
*pbuf = p;
derlen = ASN1_item_ndef_i2d(ndef_aux->val, &p, ndef_aux->it);
if (!*ndef_aux->boundary)
return 0;
*plen = *ndef_aux->boundary - *pbuf;
return 1;
}
static int ndef_prefix_free(BIO *b, unsigned char **pbuf, int *plen, void *parg)
{
NDEF_SUPPORT *ndef_aux;
if (!parg)
return 0;
ndef_aux = *(NDEF_SUPPORT **)parg;
if (ndef_aux->derbuf)
OPENSSL_free(ndef_aux->derbuf);
ndef_aux->derbuf = NULL;
*pbuf = NULL;
*plen = 0;
return 1;
}
static int ndef_suffix_free(BIO *b, unsigned char **pbuf, int *plen, void *parg)
{
NDEF_SUPPORT **pndef_aux = (NDEF_SUPPORT **)parg;
if (!ndef_prefix_free(b, pbuf, plen, parg))
return 0;
OPENSSL_free(*pndef_aux);
*pndef_aux = NULL;
return 1;
}
static int ndef_suffix(BIO *b, unsigned char **pbuf, int *plen, void *parg)
{
NDEF_SUPPORT *ndef_aux;
unsigned char *p;
int derlen;
const ASN1_AUX *aux;
ASN1_STREAM_ARG sarg;
if (!parg)
return 0;
ndef_aux = *(NDEF_SUPPORT **)parg;
aux = ndef_aux->it->funcs;
/* Finalize structures */
sarg.ndef_bio = ndef_aux->ndef_bio;
sarg.out = ndef_aux->out;
sarg.boundary = ndef_aux->boundary;
if (aux->asn1_cb(ASN1_OP_STREAM_POST,
&ndef_aux->val, ndef_aux->it, &sarg) <= 0)
return 0;
derlen = ASN1_item_ndef_i2d(ndef_aux->val, NULL, ndef_aux->it);
p = OPENSSL_malloc(derlen);
ndef_aux->derbuf = p;
*pbuf = p;
derlen = ASN1_item_ndef_i2d(ndef_aux->val, &p, ndef_aux->it);
if (!*ndef_aux->boundary)
return 0;
*pbuf = *ndef_aux->boundary;
*plen = derlen - (*ndef_aux->boundary - ndef_aux->derbuf);
return 1;
}

2
crypto/asn1/nsseq.c

@ -1,5 +1,5 @@
/* nsseq.c */
/* Written by Dr Stephen N Henson (shenson@bigfoot.com) for the OpenSSL
/* Written by Dr Stephen N Henson (steve@openssl.org) for the OpenSSL
* project 1999.
*/
/* ====================================================================

2
crypto/asn1/p5_pbe.c

@ -1,5 +1,5 @@
/* p5_pbe.c */
/* Written by Dr Stephen N Henson (shenson@bigfoot.com) for the OpenSSL
/* Written by Dr Stephen N Henson (steve@openssl.org) for the OpenSSL
* project 1999.
*/
/* ====================================================================

2
crypto/asn1/p5_pbev2.c

@ -1,5 +1,5 @@
/* p5_pbev2.c */
/* Written by Dr Stephen N Henson (shenson@bigfoot.com) for the OpenSSL
/* Written by Dr Stephen N Henson (steve@openssl.org) for the OpenSSL
* project 1999-2004.
*/
/* ====================================================================

2
crypto/asn1/p8_pkey.c

@ -1,5 +1,5 @@
/* p8_pkey.c */
/* Written by Dr Stephen N Henson (shenson@bigfoot.com) for the OpenSSL
/* Written by Dr Stephen N Henson (steve@openssl.org) for the OpenSSL
* project 1999.
*/
/* ====================================================================

2
crypto/asn1/t_bitst.c

@ -1,5 +1,5 @@
/* t_bitst.c */
/* Written by Dr Stephen N Henson (shenson@bigfoot.com) for the OpenSSL
/* Written by Dr Stephen N Henson (steve@openssl.org) for the OpenSSL
* project 1999.
*/
/* ====================================================================

2
crypto/asn1/t_crl.c

@ -1,5 +1,5 @@
/* t_crl.c */
/* Written by Dr Stephen N Henson (shenson@bigfoot.com) for the OpenSSL
/* Written by Dr Stephen N Henson (steve@openssl.org) for the OpenSSL
* project 1999.
*/
/* ====================================================================

2
crypto/asn1/t_spki.c

@ -1,5 +1,5 @@
/* t_spki.c */
/* Written by Dr Stephen N Henson (shenson@bigfoot.com) for the OpenSSL
/* Written by Dr Stephen N Henson (steve@openssl.org) for the OpenSSL
* project 1999.
*/
/* ====================================================================

6
crypto/asn1/t_x509.c

@ -332,7 +332,7 @@ int X509_signature_print(BIO *bp, X509_ALGOR *sigalg, ASN1_STRING *sig)
int ASN1_STRING_print(BIO *bp, ASN1_STRING *v)
{
int i,n;
char buf[80],*p;;
char buf[80],*p;
if (v == NULL) return(0);
n=0;
@ -393,7 +393,7 @@ int ASN1_GENERALIZEDTIME_print(BIO *bp, ASN1_GENERALIZEDTIME *tm)
d= (v[6]-'0')*10+(v[7]-'0');
h= (v[8]-'0')*10+(v[9]-'0');
m= (v[10]-'0')*10+(v[11]-'0');
if (i >= 14 &&
if (tm->length >= 14 &&
(v[12] >= '0') && (v[12] <= '9') &&
(v[13] >= '0') && (v[13] <= '9'))
s= (v[12]-'0')*10+(v[13]-'0');
@ -429,7 +429,7 @@ int ASN1_UTCTIME_print(BIO *bp, ASN1_UTCTIME *tm)
d= (v[4]-'0')*10+(v[5]-'0');
h= (v[6]-'0')*10+(v[7]-'0');
m= (v[8]-'0')*10+(v[9]-'0');
if (i >=12 &&
if (tm->length >=12 &&
(v[10] >= '0') && (v[10] <= '9') &&
(v[11] >= '0') && (v[11] <= '9'))
s= (v[10]-'0')*10+(v[11]-'0');

2
crypto/asn1/t_x509a.c

@ -1,5 +1,5 @@
/* t_x509a.c */
/* Written by Dr Stephen N Henson (shenson@bigfoot.com) for the OpenSSL
/* Written by Dr Stephen N Henson (steve@openssl.org) for the OpenSSL
* project 1999.
*/
/* ====================================================================

46
crypto/asn1/tasn_dec.c

@ -1,5 +1,5 @@
/* tasn_dec.c */
/* Written by Dr Stephen N Henson (shenson@bigfoot.com) for the OpenSSL
/* Written by Dr Stephen N Henson (steve@openssl.org) for the OpenSSL
* project 2000.
*/
/* ====================================================================
@ -69,7 +69,7 @@ static int asn1_check_eoc(const unsigned char **in, long len);
static int asn1_find_end(const unsigned char **in, long len, char inf);
static int asn1_collect(BUF_MEM *buf, const unsigned char **in, long len,
char inf, int tag, int aclass);
char inf, int tag, int aclass, int depth);
static int collect_data(BUF_MEM *buf, const unsigned char **p, long plen);
@ -611,7 +611,6 @@ static int asn1_template_ex_d2i(ASN1_VALUE **val,
err:
ASN1_template_free(val, tt);
*val = NULL;
return 0;
}
@ -758,7 +757,6 @@ static int asn1_template_noexp_d2i(ASN1_VALUE **val,
err:
ASN1_template_free(val, tt);
*val = NULL;
return 0;
}
@ -878,7 +876,7 @@ static int asn1_d2i_ex_primitive(ASN1_VALUE **pval,
* internally irrespective of the type. So instead just check
* for UNIVERSAL class and ignore the tag.
*/
if (!asn1_collect(&buf, &p, plen, inf, -1, V_ASN1_UNIVERSAL))
if (!asn1_collect(&buf, &p, plen, inf, -1, V_ASN1_UNIVERSAL, 0))
{
free_cont = 1;
goto err;
@ -1012,6 +1010,18 @@ int asn1_ex_c2i(ASN1_VALUE **pval, const unsigned char *cont, int len,
case V_ASN1_SET:
case V_ASN1_SEQUENCE:
default:
if (utype == V_ASN1_BMPSTRING && (len & 1))
{
ASN1err(ASN1_F_ASN1_EX_C2I,
ASN1_R_BMPSTRING_IS_WRONG_LENGTH);
goto err;
}
if (utype == V_ASN1_UNIVERSALSTRING && (len & 3))
{
ASN1err(ASN1_F_ASN1_EX_C2I,
ASN1_R_UNIVERSALSTRING_IS_WRONG_LENGTH);
goto err;
}
/* All based on ASN1_STRING and handled the same */
if (!*pval)
{
@ -1128,8 +1138,18 @@ static int asn1_find_end(const unsigned char **in, long len, char inf)
* if it is indefinite length.
*/
#ifndef ASN1_MAX_STRING_NEST
/* This determines how many levels of recursion are permitted in ASN1
* string types. If it is not limited stack overflows can occur. If set
* to zero no recursion is allowed at all. Although zero should be adequate
* examples exist that require a value of 1. So 5 should be more than enough.
*/
#define ASN1_MAX_STRING_NEST 5
#endif
static int asn1_collect(BUF_MEM *buf, const unsigned char **in, long len,
char inf, int tag, int aclass)
char inf, int tag, int aclass, int depth)
{
const unsigned char *p, *q;
long plen;
@ -1171,13 +1191,15 @@ static int asn1_collect(BUF_MEM *buf, const unsigned char **in, long len,
/* If indefinite length constructed update max length */
if (cst)
{
#ifdef OPENSSL_ALLOW_NESTED_ASN1_STRINGS
if (!asn1_collect(buf, &p, plen, ininf, tag, aclass))
if (depth >= ASN1_MAX_STRING_NEST)
{
ASN1err(ASN1_F_ASN1_COLLECT,
ASN1_R_NESTED_ASN1_STRING);
return 0;
}
if (!asn1_collect(buf, &p, plen, ininf, tag, aclass,
depth + 1))
return 0;
#else
ASN1err(ASN1_F_ASN1_COLLECT, ASN1_R_NESTED_ASN1_STRING);
return 0;
#endif
}
else if (plen && !collect_data(buf, &p, plen))
return 0;

2
crypto/asn1/tasn_enc.c

@ -1,5 +1,5 @@
/* tasn_enc.c */
/* Written by Dr Stephen N Henson (shenson@bigfoot.com) for the OpenSSL
/* Written by Dr Stephen N Henson (steve@openssl.org) for the OpenSSL
* project 2000.
*/
/* ====================================================================

2
crypto/asn1/tasn_fre.c

@ -1,5 +1,5 @@
/* tasn_fre.c */
/* Written by Dr Stephen N Henson (shenson@bigfoot.com) for the OpenSSL
/* Written by Dr Stephen N Henson (steve@openssl.org) for the OpenSSL
* project 2000.
*/
/* ====================================================================

2
crypto/asn1/tasn_new.c

@ -1,5 +1,5 @@
/* tasn_new.c */
/* Written by Dr Stephen N Henson (shenson@bigfoot.com) for the OpenSSL
/* Written by Dr Stephen N Henson (steve@openssl.org) for the OpenSSL
* project 2000.
*/
/* ====================================================================

2
crypto/asn1/tasn_prn.c

@ -1,5 +1,5 @@
/* tasn_prn.c */
/* Written by Dr Stephen N Henson (shenson@bigfoot.com) for the OpenSSL
/* Written by Dr Stephen N Henson (steve@openssl.org) for the OpenSSL
* project 2000.
*/
/* ====================================================================

2
crypto/asn1/tasn_typ.c

@ -1,5 +1,5 @@
/* tasn_typ.c */
/* Written by Dr Stephen N Henson (shenson@bigfoot.com) for the OpenSSL
/* Written by Dr Stephen N Henson (steve@openssl.org) for the OpenSSL
* project 2000.
*/
/* ====================================================================

2
crypto/asn1/tasn_utl.c

@ -1,5 +1,5 @@
/* tasn_utl.c */
/* Written by Dr Stephen N Henson (shenson@bigfoot.com) for the OpenSSL
/* Written by Dr Stephen N Henson (steve@openssl.org) for the OpenSSL
* project 2000.
*/
/* ====================================================================

2
crypto/asn1/x_algor.c

@ -1,5 +1,5 @@
/* x_algor.c */
/* Written by Dr Stephen N Henson (shenson@bigfoot.com) for the OpenSSL
/* Written by Dr Stephen N Henson (steve@openssl.org) for the OpenSSL
* project 2000.
*/
/* ====================================================================

2
crypto/asn1/x_bignum.c

@ -1,5 +1,5 @@
/* x_bignum.c */
/* Written by Dr Stephen N Henson (shenson@bigfoot.com) for the OpenSSL
/* Written by Dr Stephen N Henson (steve@openssl.org) for the OpenSSL
* project 2000.
*/
/* ====================================================================

2
crypto/asn1/x_exten.c

@ -1,5 +1,5 @@
/* x_exten.c */
/* Written by Dr Stephen N Henson (shenson@bigfoot.com) for the OpenSSL
/* Written by Dr Stephen N Henson (steve@openssl.org) for the OpenSSL
* project 2000.
*/
/* ====================================================================

2
crypto/asn1/x_long.c

@ -1,5 +1,5 @@
/* x_long.c */
/* Written by Dr Stephen N Henson (shenson@bigfoot.com) for the OpenSSL
/* Written by Dr Stephen N Henson (steve@openssl.org) for the OpenSSL
* project 2000.
*/
/* ====================================================================

72
crypto/asn1/x_nx509.c Normal file

@ -0,0 +1,72 @@
/* x_nx509.c */
/* Written by Dr Stephen N Henson (steve@openssl.org) for the OpenSSL
* project 2005.
*/
/* ====================================================================
* Copyright (c) 2005 The OpenSSL Project. All rights reserved.
*
* Redistribution and use in source and binary forms, with or without
* modification, are permitted provided that the following conditions
* are met:
*
* 1. Redistributions of source code must retain the above copyright
* notice, this list of conditions and the following disclaimer.
*
* 2. Redistributions in binary form must reproduce the above copyright
* notice, this list of conditions and the following disclaimer in
* the documentation and/or other materials provided with the
* distribution.
*
* 3. All advertising materials mentioning features or use of this
* software must display the following acknowledgment:
* "This product includes software developed by the OpenSSL Project
* for use in the OpenSSL Toolkit. (http://www.OpenSSL.org/)"
*
* 4. The names "OpenSSL Toolkit" and "OpenSSL Project" must not be used to
* endorse or promote products derived from this software without
* prior written permission. For written permission, please contact
* licensing@OpenSSL.org.
*
* 5. Products derived from this software may not be called "OpenSSL"
* nor may "OpenSSL" appear in their names without prior written
* permission of the OpenSSL Project.
*
* 6. Redistributions of any form whatsoever must retain the following
* acknowledgment:
* "This product includes software developed by the OpenSSL Project
* for use in the OpenSSL Toolkit (http://www.OpenSSL.org/)"
*
* THIS SOFTWARE IS PROVIDED BY THE OpenSSL PROJECT ``AS IS'' AND ANY
* EXPRESSED OR IMPLIED WARRANTIES, INCLUDING, BUT NOT LIMITED TO, THE
* IMPLIED WARRANTIES OF MERCHANTABILITY AND FITNESS FOR A PARTICULAR
* PURPOSE ARE DISCLAIMED. IN NO EVENT SHALL THE OpenSSL PROJECT OR
* ITS CONTRIBUTORS BE LIABLE FOR ANY DIRECT, INDIRECT, INCIDENTAL,
* SPECIAL, EXEMPLARY, OR CONSEQUENTIAL DAMAGES (INCLUDING, BUT
* NOT LIMITED TO, PROCUREMENT OF SUBSTITUTE GOODS OR SERVICES;
* LOSS OF USE, DATA, OR PROFITS; OR BUSINESS INTERRUPTION)
* HOWEVER CAUSED AND ON ANY THEORY OF LIABILITY, WHETHER IN CONTRACT,
* STRICT LIABILITY, OR TORT (INCLUDING NEGLIGENCE OR OTHERWISE)
* ARISING IN ANY WAY OUT OF THE USE OF THIS SOFTWARE, EVEN IF ADVISED
* OF THE POSSIBILITY OF SUCH DAMAGE.
* ====================================================================
*
* This product includes cryptographic software written by Eric Young
* (eay@cryptsoft.com). This product includes software written by Tim
* Hudson (tjh@cryptsoft.com).
*
*/
#include <stddef.h>
#include <openssl/x509.h>
#include <openssl/asn1.h>
#include <openssl/asn1t.h>
/* Old netscape certificate wrapper format */
ASN1_SEQUENCE(NETSCAPE_X509) = {
ASN1_SIMPLE(NETSCAPE_X509, header, ASN1_OCTET_STRING),
ASN1_OPT(NETSCAPE_X509, cert, X509)
} ASN1_SEQUENCE_END(NETSCAPE_X509)
IMPLEMENT_ASN1_FUNCTIONS(NETSCAPE_X509)

2
crypto/asn1/x_x509a.c

@ -1,5 +1,5 @@
/* a_x509a.c */
/* Written by Dr Stephen N Henson (shenson@bigfoot.com) for the OpenSSL
/* Written by Dr Stephen N Henson (steve@openssl.org) for the OpenSSL
* project 1999.
*/
/* ====================================================================

10
crypto/bf/Makefile

@ -40,7 +40,7 @@ top:
all: lib
lib: $(LIBOBJ)
$(AR) $(LIB) $(LIBOBJ)
$(ARX) $(LIB) $(LIBOBJ)
$(RANLIB) $(LIB) || echo Never mind.
@touch lib
@ -103,5 +103,9 @@ bf_enc.o: ../../include/openssl/blowfish.h ../../include/openssl/e_os2.h
bf_enc.o: ../../include/openssl/opensslconf.h bf_enc.c bf_locl.h
bf_ofb64.o: ../../include/openssl/blowfish.h ../../include/openssl/e_os2.h
bf_ofb64.o: ../../include/openssl/opensslconf.h bf_locl.h bf_ofb64.c
bf_skey.o: ../../include/openssl/blowfish.h ../../include/openssl/e_os2.h
bf_skey.o: ../../include/openssl/opensslconf.h bf_locl.h bf_pi.h bf_skey.c
bf_skey.o: ../../include/openssl/blowfish.h ../../include/openssl/crypto.h
bf_skey.o: ../../include/openssl/e_os2.h ../../include/openssl/fips.h
bf_skey.o: ../../include/openssl/opensslconf.h ../../include/openssl/opensslv.h
bf_skey.o: ../../include/openssl/ossl_typ.h ../../include/openssl/safestack.h
bf_skey.o: ../../include/openssl/stack.h ../../include/openssl/symhacks.h
bf_skey.o: bf_locl.h bf_pi.h bf_skey.c

7
crypto/bf/bf_skey.c

@ -59,10 +59,15 @@
#include <stdio.h>
#include <string.h>
#include <openssl/blowfish.h>
#include <openssl/crypto.h>
#ifdef OPENSSL_FIPS
#include <openssl/fips.h>
#endif
#include "bf_locl.h"
#include "bf_pi.h"
void BF_set_key(BF_KEY *key, int len, const unsigned char *data)
FIPS_NON_FIPS_VCIPHER_Init(BF)
{
int i;
BF_LONG *p,ri,in[2];

4
crypto/bf/blowfish.h

@ -104,7 +104,9 @@ typedef struct bf_key_st
BF_LONG S[4*256];
} BF_KEY;
#ifdef OPENSSL_FIPS
void private_BF_set_key(BF_KEY *key, int len, const unsigned char *data);
#endif
void BF_set_key(BF_KEY *key, int len, const unsigned char *data);
void BF_encrypt(BF_LONG *data,const BF_KEY *key);

2
crypto/bio/Makefile

@ -45,7 +45,7 @@ top:
all: lib
lib: $(LIBOBJ)
$(AR) $(LIB) $(LIBOBJ)
$(ARX) $(LIB) $(LIBOBJ)
$(RANLIB) $(LIB) || echo Never mind.
@touch lib

2
crypto/bio/bss_bio.c

@ -919,6 +919,6 @@ int BIO_nwrite(BIO *bio, char **buf, int num)
ret = BIO_ctrl(bio, BIO_C_NWRITE, num, buf);
if (ret > 0)
bio->num_read += ret;
bio->num_write += ret;
return ret;
}

Some files were not shown because too many files have changed in this diff Show More