Merge conflicts.

This is cunning doublespeak for "use vendor code".
This commit is contained in:
markm 2003-01-28 22:34:21 +00:00
parent ad7148cc98
commit 3f245d6325
29 changed files with 1738 additions and 1093 deletions

View File

@ -2,7 +2,6 @@
# OpenSSL example configuration file.
# This is mostly being used for generation of certificate requests.
#
# $FreeBSD$
# This definition stops the following lines choking if HOME isn't
# defined.
@ -49,6 +48,14 @@ RANDFILE = $dir/private/.rand # private random number file
x509_extensions = usr_cert # The extentions to add to the cert
# Comment out the following two lines for the "traditional"
# (and highly broken) format.
name_opt = ca_default # Subject Name options
cert_opt = ca_default # Certificate field options
# Extension copying option: use with caution.
# copy_extensions = copy
# Extensions to add to a CRL. Note: Netscape communicator chokes on V2 CRLs
# so this is commented out by default to leave a V1 CRL.
# crl_extensions = crl_ext
@ -133,7 +140,7 @@ commonName = Common Name (eg, YOUR name)
commonName_max = 64
emailAddress = Email Address
emailAddress_max = 40
emailAddress_max = 64
# SET-ex3 = SET extension number 3
@ -181,6 +188,9 @@ authorityKeyIdentifier=keyid,issuer:always
# This stuff is for subjectAltName and issuerAltname.
# Import the email address.
# subjectAltName=email:copy
# An alternative to produce certificates that aren't
# deprecated according to PKIX.
# subjectAltName=email:move
# Copy subject details
# issuerAltName=issuer:copy

File diff suppressed because it is too large Load Diff

View File

@ -54,45 +54,55 @@
* derivative of this code cannot be changed. i.e. this code cannot simply be
* copied and put under another distribution licence
* [including the GNU Public Licence.]
* $FreeBSD$
*/
#ifndef HEADER_DES_H
#define HEADER_DES_H
#ifndef HEADER_NEW_DES_H
#define HEADER_NEW_DES_H
#ifdef NO_DES
#ifdef OPENSSL_NO_DES
#error DES is disabled.
#endif
#ifdef _KERBEROS_DES_H
#error <openssl/des.h> replaces <kerberos/des.h>.
#endif
#include <openssl/opensslconf.h> /* DES_LONG */
#include <openssl/e_os2.h> /* OPENSSL_EXTERN */
#ifdef OPENSSL_BUILD_SHLIBCRYPTO
# undef OPENSSL_EXTERN
# define OPENSSL_EXTERN OPENSSL_EXPORT
#endif
#ifdef __cplusplus
extern "C" {
#endif
typedef unsigned char des_cblock[8];
typedef /* const */ unsigned char const_des_cblock[8];
/* With "const", gcc 2.8.1 on Solaris thinks that des_cblock *
* and const_des_cblock * are incompatible pointer types. */
typedef unsigned char DES_cblock[8];
typedef /* const */ unsigned char const_DES_cblock[8];
/* With "const", gcc 2.8.1 on Solaris thinks that DES_cblock *
* and const_DES_cblock * are incompatible pointer types. */
typedef struct des_ks_struct
typedef struct DES_ks
{
union
{
union {
des_cblock cblock;
/* make sure things are correct size on machines with
* 8 byte longs */
DES_LONG deslong[2];
} ks;
int weak_key;
} des_key_schedule[16];
DES_cblock cblock;
/* make sure things are correct size on machines with
* 8 byte longs */
DES_LONG deslong[2];
} ks[16];
} DES_key_schedule;
#define DES_KEY_SZ (sizeof(des_cblock))
#define DES_SCHEDULE_SZ (sizeof(des_key_schedule))
#ifndef OPENSSL_DISABLE_OLD_DES_SUPPORT
# ifndef OPENSSL_ENABLE_OLD_DES_SUPPORT
# define OPENSSL_ENABLE_OLD_DES_SUPPORT
# endif
#endif
#ifdef OPENSSL_ENABLE_OLD_DES_SUPPORT
# include <openssl/des_old.h>
#endif
#define DES_KEY_SZ (sizeof(DES_cblock))
#define DES_SCHEDULE_SZ (sizeof(DES_key_schedule))
#define DES_ENCRYPT 1
#define DES_DECRYPT 0
@ -100,44 +110,45 @@ typedef struct des_ks_struct
#define DES_CBC_MODE 0
#define DES_PCBC_MODE 1
#define des_ecb2_encrypt(i,o,k1,k2,e) \
des_ecb3_encrypt((i),(o),(k1),(k2),(k1),(e))
#define DES_ecb2_encrypt(i,o,k1,k2,e) \
DES_ecb3_encrypt((i),(o),(k1),(k2),(k1),(e))
#define des_ede2_cbc_encrypt(i,o,l,k1,k2,iv,e) \
des_ede3_cbc_encrypt((i),(o),(l),(k1),(k2),(k1),(iv),(e))
#define DES_ede2_cbc_encrypt(i,o,l,k1,k2,iv,e) \
DES_ede3_cbc_encrypt((i),(o),(l),(k1),(k2),(k1),(iv),(e))
#define des_ede2_cfb64_encrypt(i,o,l,k1,k2,iv,n,e) \
des_ede3_cfb64_encrypt((i),(o),(l),(k1),(k2),(k1),(iv),(n),(e))
#define DES_ede2_cfb64_encrypt(i,o,l,k1,k2,iv,n,e) \
DES_ede3_cfb64_encrypt((i),(o),(l),(k1),(k2),(k1),(iv),(n),(e))
#define des_ede2_ofb64_encrypt(i,o,l,k1,k2,iv,n) \
des_ede3_ofb64_encrypt((i),(o),(l),(k1),(k2),(k1),(iv),(n))
#define DES_ede2_ofb64_encrypt(i,o,l,k1,k2,iv,n) \
DES_ede3_ofb64_encrypt((i),(o),(l),(k1),(k2),(k1),(iv),(n))
OPENSSL_EXTERN int des_check_key; /* defaults to false */
OPENSSL_EXTERN int des_rw_mode; /* defaults to DES_PCBC_MODE */
OPENSSL_EXTERN int des_set_weak_key_flag; /* set the weak key flag */
OPENSSL_DECLARE_GLOBAL(int,DES_check_key); /* defaults to false */
#define DES_check_key OPENSSL_GLOBAL_REF(DES_check_key)
OPENSSL_DECLARE_GLOBAL(int,DES_rw_mode); /* defaults to DES_PCBC_MODE */
#define DES_rw_mode OPENSSL_GLOBAL_REF(DES_rw_mode)
const char *des_options(void);
void des_ecb3_encrypt(const_des_cblock *input, des_cblock *output,
des_key_schedule ks1,des_key_schedule ks2,
des_key_schedule ks3, int enc);
DES_LONG des_cbc_cksum(const unsigned char *input,des_cblock *output,
long length,des_key_schedule schedule,
const_des_cblock *ivec);
/* des_cbc_encrypt does not update the IV! Use des_ncbc_encrypt instead. */
void des_cbc_encrypt(const unsigned char *input,unsigned char *output,
long length,des_key_schedule schedule,des_cblock *ivec,
const char *DES_options(void);
void DES_ecb3_encrypt(const_DES_cblock *input, DES_cblock *output,
DES_key_schedule *ks1,DES_key_schedule *ks2,
DES_key_schedule *ks3, int enc);
DES_LONG DES_cbc_cksum(const unsigned char *input,DES_cblock *output,
long length,DES_key_schedule *schedule,
const_DES_cblock *ivec);
/* DES_cbc_encrypt does not update the IV! Use DES_ncbc_encrypt instead. */
void DES_cbc_encrypt(const unsigned char *input,unsigned char *output,
long length,DES_key_schedule *schedule,DES_cblock *ivec,
int enc);
void des_ncbc_encrypt(const unsigned char *input,unsigned char *output,
long length,des_key_schedule schedule,des_cblock *ivec,
void DES_ncbc_encrypt(const unsigned char *input,unsigned char *output,
long length,DES_key_schedule *schedule,DES_cblock *ivec,
int enc);
void des_xcbc_encrypt(const unsigned char *input,unsigned char *output,
long length,des_key_schedule schedule,des_cblock *ivec,
const_des_cblock *inw,const_des_cblock *outw,int enc);
void des_cfb_encrypt(const unsigned char *in,unsigned char *out,int numbits,
long length,des_key_schedule schedule,des_cblock *ivec,
void DES_xcbc_encrypt(const unsigned char *input,unsigned char *output,
long length,DES_key_schedule *schedule,DES_cblock *ivec,
const_DES_cblock *inw,const_DES_cblock *outw,int enc);
void DES_cfb_encrypt(const unsigned char *in,unsigned char *out,int numbits,
long length,DES_key_schedule *schedule,DES_cblock *ivec,
int enc);
void des_ecb_encrypt(const_des_cblock *input,des_cblock *output,
des_key_schedule ks,int enc);
void DES_ecb_encrypt(const_DES_cblock *input,DES_cblock *output,
DES_key_schedule *ks,int enc);
/* This is the DES encryption function that gets called by just about
every other DES routine in the library. You should not use this
@ -146,122 +157,81 @@ void des_ecb_encrypt(const_des_cblock *input,des_cblock *output,
long, and this needs to be done to make sure 'non-aligned' memory
access do not occur. The characters are loaded 'little endian'.
Data is a pointer to 2 unsigned long's and ks is the
des_key_schedule to use. enc, is non zero specifies encryption,
DES_key_schedule to use. enc, is non zero specifies encryption,
zero if decryption. */
void des_encrypt1(DES_LONG *data,des_key_schedule ks, int enc);
void DES_encrypt1(DES_LONG *data,DES_key_schedule *ks, int enc);
/* This functions is the same as des_encrypt1() except that the DES
/* This functions is the same as DES_encrypt1() except that the DES
initial permutation (IP) and final permutation (FP) have been left
out. As for des_encrypt1(), you should not use this function.
out. As for DES_encrypt1(), you should not use this function.
It is used by the routines in the library that implement triple DES.
IP() des_encrypt2() des_encrypt2() des_encrypt2() FP() is the same
as des_encrypt1() des_encrypt1() des_encrypt1() except faster :-). */
void des_encrypt2(DES_LONG *data,des_key_schedule ks, int enc);
IP() DES_encrypt2() DES_encrypt2() DES_encrypt2() FP() is the same
as DES_encrypt1() DES_encrypt1() DES_encrypt1() except faster :-). */
void DES_encrypt2(DES_LONG *data,DES_key_schedule *ks, int enc);
void des_encrypt3(DES_LONG *data, des_key_schedule ks1,
des_key_schedule ks2, des_key_schedule ks3);
void des_decrypt3(DES_LONG *data, des_key_schedule ks1,
des_key_schedule ks2, des_key_schedule ks3);
void des_ede3_cbc_encrypt(const unsigned char *input,unsigned char *output,
void DES_encrypt3(DES_LONG *data, DES_key_schedule *ks1,
DES_key_schedule *ks2, DES_key_schedule *ks3);
void DES_decrypt3(DES_LONG *data, DES_key_schedule *ks1,
DES_key_schedule *ks2, DES_key_schedule *ks3);
void DES_ede3_cbc_encrypt(const unsigned char *input,unsigned char *output,
long length,
des_key_schedule ks1,des_key_schedule ks2,
des_key_schedule ks3,des_cblock *ivec,int enc);
void des_ede3_cbcm_encrypt(const unsigned char *in,unsigned char *out,
DES_key_schedule *ks1,DES_key_schedule *ks2,
DES_key_schedule *ks3,DES_cblock *ivec,int enc);
void DES_ede3_cbcm_encrypt(const unsigned char *in,unsigned char *out,
long length,
des_key_schedule ks1,des_key_schedule ks2,
des_key_schedule ks3,
des_cblock *ivec1,des_cblock *ivec2,
DES_key_schedule *ks1,DES_key_schedule *ks2,
DES_key_schedule *ks3,
DES_cblock *ivec1,DES_cblock *ivec2,
int enc);
void des_ede3_cfb64_encrypt(const unsigned char *in,unsigned char *out,
long length,des_key_schedule ks1,
des_key_schedule ks2,des_key_schedule ks3,
des_cblock *ivec,int *num,int enc);
void des_ede3_ofb64_encrypt(const unsigned char *in,unsigned char *out,
long length,des_key_schedule ks1,
des_key_schedule ks2,des_key_schedule ks3,
des_cblock *ivec,int *num);
void DES_ede3_cfb64_encrypt(const unsigned char *in,unsigned char *out,
long length,DES_key_schedule *ks1,
DES_key_schedule *ks2,DES_key_schedule *ks3,
DES_cblock *ivec,int *num,int enc);
void DES_ede3_ofb64_encrypt(const unsigned char *in,unsigned char *out,
long length,DES_key_schedule *ks1,
DES_key_schedule *ks2,DES_key_schedule *ks3,
DES_cblock *ivec,int *num);
void des_xwhite_in2out(const_des_cblock *des_key,const_des_cblock *in_white,
des_cblock *out_white);
void DES_xwhite_in2out(const_DES_cblock *DES_key,const_DES_cblock *in_white,
DES_cblock *out_white);
int des_enc_read(int fd,void *buf,int len,des_key_schedule sched,
des_cblock *iv);
int des_enc_write(int fd,const void *buf,int len,des_key_schedule sched,
des_cblock *iv);
char *des_fcrypt(const char *buf,const char *salt, char *ret);
char *des_crypt(const char *buf,const char *salt);
#if !defined(PERL5) && !defined(__FreeBSD__) && !defined(NeXT) && !defined(_UWIN)
char *crypt(const char *buf,const char *salt);
#endif
void des_ofb_encrypt(const unsigned char *in,unsigned char *out,int numbits,
long length,des_key_schedule schedule,des_cblock *ivec);
void des_pcbc_encrypt(const unsigned char *input,unsigned char *output,
long length,des_key_schedule schedule,des_cblock *ivec,
int DES_enc_read(int fd,void *buf,int len,DES_key_schedule *sched,
DES_cblock *iv);
int DES_enc_write(int fd,const void *buf,int len,DES_key_schedule *sched,
DES_cblock *iv);
char *DES_fcrypt(const char *buf,const char *salt, char *ret);
char *DES_crypt(const char *buf,const char *salt);
void DES_ofb_encrypt(const unsigned char *in,unsigned char *out,int numbits,
long length,DES_key_schedule *schedule,DES_cblock *ivec);
void DES_pcbc_encrypt(const unsigned char *input,unsigned char *output,
long length,DES_key_schedule *schedule,DES_cblock *ivec,
int enc);
DES_LONG des_quad_cksum(const unsigned char *input,des_cblock output[],
long length,int out_count,des_cblock *seed);
void des_random_seed(des_cblock *key);
int des_new_random_key(des_cblock *key);
void des_init_random_number_generator(des_cblock *seed);
void des_rand_data(unsigned char *data, int size);
int des_random_key(des_cblock *ret);
int des_read_password(des_cblock *key,const char *_prompt,int verify);
int des_read_2passwords(des_cblock *key1,des_cblock *key2,
const char *_prompt,int verify);
int des_read_pw_string(char *buf,int length,const char *_prompt,int verify);
void des_set_odd_parity(des_cblock *key);
int des_check_key_parity(const_des_cblock *key);
int des_is_weak_key(const_des_cblock *key);
/* des_set_key (= set_key = des_key_sched = key_sched) calls
* des_set_key_checked if global variable des_check_key is set,
* des_set_key_unchecked otherwise. */
int des_set_key(const_des_cblock *key,des_key_schedule schedule);
int des_key_sched(const_des_cblock *key,des_key_schedule schedule);
int des_set_key_checked(const_des_cblock *key,des_key_schedule schedule);
void des_set_key_unchecked(const_des_cblock *key,des_key_schedule schedule);
void des_string_to_key(const char *str,des_cblock *key);
void des_string_to_2keys(const char *str,des_cblock *key1,des_cblock *key2);
void des_cfb64_encrypt(const unsigned char *in,unsigned char *out,long length,
des_key_schedule schedule,des_cblock *ivec,int *num,
DES_LONG DES_quad_cksum(const unsigned char *input,DES_cblock output[],
long length,int out_count,DES_cblock *seed);
int DES_random_key(DES_cblock *ret);
void DES_set_odd_parity(DES_cblock *key);
int DES_check_key_parity(const_DES_cblock *key);
int DES_is_weak_key(const_DES_cblock *key);
/* DES_set_key (= set_key = DES_key_sched = key_sched) calls
* DES_set_key_checked if global variable DES_check_key is set,
* DES_set_key_unchecked otherwise. */
int DES_set_key(const_DES_cblock *key,DES_key_schedule *schedule);
int DES_key_sched(const_DES_cblock *key,DES_key_schedule *schedule);
int DES_set_key_checked(const_DES_cblock *key,DES_key_schedule *schedule);
void DES_set_key_unchecked(const_DES_cblock *key,DES_key_schedule *schedule);
void DES_string_to_key(const char *str,DES_cblock *key);
void DES_string_to_2keys(const char *str,DES_cblock *key1,DES_cblock *key2);
void DES_cfb64_encrypt(const unsigned char *in,unsigned char *out,long length,
DES_key_schedule *schedule,DES_cblock *ivec,int *num,
int enc);
void des_ofb64_encrypt(const unsigned char *in,unsigned char *out,long length,
des_key_schedule schedule,des_cblock *ivec,int *num);
int des_read_pw(char *buf,char *buff,int size,const char *_prompt,int verify);
void DES_ofb64_encrypt(const unsigned char *in,unsigned char *out,long length,
DES_key_schedule *schedule,DES_cblock *ivec,int *num);
/* The following definitions provide compatibility with the MIT Kerberos
* library. The des_key_schedule structure is not binary compatible. */
int DES_read_password(DES_cblock *key, const char *prompt, int verify);
int DES_read_2passwords(DES_cblock *key1, DES_cblock *key2, const char *prompt,
int verify);
#define _KERBEROS_DES_H
#define KRBDES_ENCRYPT DES_ENCRYPT
#define KRBDES_DECRYPT DES_DECRYPT
#ifdef KERBEROS
# define ENCRYPT DES_ENCRYPT
# define DECRYPT DES_DECRYPT
#endif
#ifndef NCOMPAT
# define C_Block des_cblock
# define Key_schedule des_key_schedule
# define KEY_SZ DES_KEY_SZ
# define string_to_key des_string_to_key
# define read_pw_string des_read_pw_string
# define random_key des_random_key
# define pcbc_encrypt des_pcbc_encrypt
# define set_key des_set_key
# define key_sched des_key_sched
# define ecb_encrypt des_ecb_encrypt
# define cbc_encrypt des_cbc_encrypt
# define ncbc_encrypt des_ncbc_encrypt
# define xcbc_encrypt des_xcbc_encrypt
# define cbc_cksum des_cbc_cksum
# define quad_cksum des_quad_cksum
# define check_parity des_check_key_parity
#endif
typedef des_key_schedule bit_64;
#define des_fixup_key_parity des_set_odd_parity
#define DES_fixup_key_parity DES_set_odd_parity
#ifdef __cplusplus
}

View File

@ -1,5 +1,4 @@
/* crypto/err/err_all.c */
/* $FreeBSD$ */
/* Copyright (C) 1995-1998 Eric Young (eay@cryptsoft.com)
* All rights reserved.
*
@ -60,18 +59,18 @@
#include <stdio.h>
#include <openssl/asn1.h>
#include <openssl/bn.h>
#ifndef OPENSSL_NO_EC
#include <openssl/ec.h>
#endif
#include <openssl/buffer.h>
#include <openssl/bio.h>
#ifndef NO_RSA
#ifndef OPENSSL_NO_RSA
#include <openssl/rsa.h>
#endif
#ifdef RSAref
#include <openssl/rsaref.h>
#endif
#ifndef NO_DH
#ifndef OPENSSL_NO_DH
#include <openssl/dh.h>
#endif
#ifndef NO_DSA
#ifndef OPENSSL_NO_DSA
#include <openssl/dsa.h>
#endif
#include <openssl/evp.h>
@ -82,8 +81,10 @@
#include <openssl/conf.h>
#include <openssl/pkcs12.h>
#include <openssl/rand.h>
#include <openssl/err.h>
#include <openssl/dso.h>
#include <openssl/engine.h>
#include <openssl/ocsp.h>
#include <openssl/err.h>
void ERR_load_crypto_strings(void)
{
@ -91,35 +92,38 @@ void ERR_load_crypto_strings(void)
if (done) return;
done=1;
#ifndef NO_ERR
ERR_load_ASN1_strings();
#ifndef OPENSSL_NO_ERR
ERR_load_ERR_strings(); /* include error strings for SYSerr */
ERR_load_BN_strings();
ERR_load_BUF_strings();
ERR_load_BIO_strings();
ERR_load_CONF_strings();
#ifndef NO_RSA
#ifdef RSAref
ERR_load_RSAREF_strings();
#else
#ifndef OPENSSL_NO_RSA
ERR_load_RSA_strings();
#endif
#endif
#ifndef NO_DH
#ifndef OPENSSL_NO_DH
ERR_load_DH_strings();
#endif
#ifndef NO_DSA
ERR_load_DSA_strings();
#endif
ERR_load_ERR_strings();
ERR_load_EVP_strings();
ERR_load_BUF_strings();
ERR_load_OBJ_strings();
ERR_load_PEM_strings();
#ifndef OPENSSL_NO_DSA
ERR_load_DSA_strings();
#endif
ERR_load_X509_strings();
ERR_load_X509V3_strings();
ERR_load_ASN1_strings();
ERR_load_CONF_strings();
ERR_load_CRYPTO_strings();
ERR_load_PKCS7_strings();
#ifndef OPENSSL_NO_EC
ERR_load_EC_strings();
#endif
/* skip ERR_load_SSL_strings() because it is not in this library */
ERR_load_BIO_strings();
ERR_load_PKCS7_strings();
ERR_load_X509V3_strings();
ERR_load_PKCS12_strings();
ERR_load_RAND_strings();
ERR_load_DSO_strings();
ERR_load_ENGINE_strings();
ERR_load_OCSP_strings();
ERR_load_UI_strings();
#endif
}

View File

@ -54,8 +54,6 @@
* derivative of this code cannot be changed. i.e. this code cannot simply be
* copied and put under another distribution licence
* [including the GNU Public Licence.]
*
* $FreeBSD$
*/
#ifndef HEADER_ENVELOPE_H
@ -69,71 +67,81 @@
# undef OPENSSL_ALGORITHM_DEFINES
#endif
#ifndef NO_BIO
#include <openssl/ossl_typ.h>
#include <openssl/symhacks.h>
#ifndef OPENSSL_NO_BIO
#include <openssl/bio.h>
#endif
#ifndef NO_MD2
#ifndef OPENSSL_NO_MD2
#include <openssl/md2.h>
#endif
#ifndef NO_MD4
#ifndef OPENSSL_NO_MD4
#include <openssl/md4.h>
#endif
#ifndef NO_MD5
#ifndef OPENSSL_NO_MD5
#include <openssl/md5.h>
#endif
#ifndef NO_SHA
#ifndef OPENSSL_NO_SHA
#include <openssl/sha.h>
#endif
#ifndef NO_RIPEMD
#ifndef OPENSSL_NO_RIPEMD
#include <openssl/ripemd.h>
#endif
#ifndef NO_DES
#ifndef OPENSSL_NO_DES
#include <openssl/des.h>
#endif
#ifndef NO_RC4
#ifndef OPENSSL_NO_RC4
#include <openssl/rc4.h>
#endif
#ifndef NO_RC2
#ifndef OPENSSL_NO_RC2
#include <openssl/rc2.h>
#endif
#ifndef NO_RC5
#ifndef OPENSSL_NO_RC5
#include <openssl/rc5.h>
#endif
#ifndef NO_BF
#ifndef OPENSSL_NO_BF
#include <openssl/blowfish.h>
#endif
#ifndef NO_CAST
#ifndef OPENSSL_NO_CAST
#include <openssl/cast.h>
#endif
#ifndef NO_IDEA
#ifndef OPENSSL_NO_IDEA
#include <openssl/idea.h>
#endif
#ifndef NO_MDC2
#ifndef OPENSSL_NO_MDC2
#include <openssl/mdc2.h>
#endif
#ifndef OPENSSL_NO_AES
#include <openssl/aes.h>
#endif
/*
#define EVP_RC2_KEY_SIZE 16
#define EVP_RC4_KEY_SIZE 16
#define EVP_BLOWFISH_KEY_SIZE 16
#define EVP_CAST5_KEY_SIZE 16
#define EVP_RC5_32_12_16_KEY_SIZE 16
*/
#define EVP_MAX_MD_SIZE (16+20) /* The SSLv3 md5+sha1 type */
#define EVP_MAX_KEY_LENGTH 24
#define EVP_MAX_IV_LENGTH 8
#define EVP_MAX_KEY_LENGTH 32
#define EVP_MAX_IV_LENGTH 16
#define EVP_MAX_BLOCK_LENGTH 32
#define PKCS5_SALT_LEN 8
/* Default PKCS#5 iteration count */
#define PKCS5_DEFAULT_ITER 2048
#ifndef NO_RSA
#ifndef OPENSSL_NO_RSA
#include <openssl/rsa.h>
#endif
#ifndef NO_DSA
#ifndef OPENSSL_NO_DSA
#include <openssl/dsa.h>
#endif
#ifndef NO_DH
#ifndef OPENSSL_NO_DH
#include <openssl/dh.h>
#endif
@ -166,26 +174,26 @@ extern "C" {
/* Type needs to be a bit field
* Sub-type needs to be for variations on the method, as in, can it do
* arbitrary encryption.... */
typedef struct evp_pkey_st
struct evp_pkey_st
{
int type;
int save_type;
int references;
union {
char *ptr;
#ifndef NO_RSA
#ifndef OPENSSL_NO_RSA
struct rsa_st *rsa; /* RSA */
#endif
#ifndef NO_DSA
#ifndef OPENSSL_NO_DSA
struct dsa_st *dsa; /* DSA */
#endif
#ifndef NO_DH
#ifndef OPENSSL_NO_DH
struct dh_st *dh; /* DH */
#endif
} pkey;
int save_parameters;
STACK_OF(X509_ATTRIBUTE) *attributes; /* [ 0 ] */
} EVP_PKEY;
} /* EVP_PKEY */;
#define EVP_PKEY_MO_SIGN 0x0001
#define EVP_PKEY_MO_VERIFY 0x0002
@ -246,7 +254,6 @@ typedef struct evp_pkey_method_st
int (*sign)();
int (*verify)();
struct {
int
int (*set)(); /* get and/or set the underlying type */
int (*get)();
int (*encrypt)();
@ -261,27 +268,32 @@ typedef struct evp_pkey_method_st
#endif
#ifndef EVP_MD
typedef struct env_md_st
struct env_md_st
{
int type;
int pkey_type;
int md_size;
void (*init)();
void (*update)();
void (*final)();
unsigned long flags;
int (*init)(EVP_MD_CTX *ctx);
int (*update)(EVP_MD_CTX *ctx,const void *data,unsigned long count);
int (*final)(EVP_MD_CTX *ctx,unsigned char *md);
int (*copy)(EVP_MD_CTX *to,const EVP_MD_CTX *from);
int (*cleanup)(EVP_MD_CTX *ctx);
/* FIXME: prototype these some day */
int (*sign)();
int (*verify)();
int required_pkey_type[5]; /*EVP_PKEY_xxx */
int block_size;
int ctx_size; /* how big does the ctx need to be */
} EVP_MD;
int ctx_size; /* how big does the ctx->md_data need to be */
} /* EVP_MD */;
#define EVP_MD_FLAG_ONESHOT 0x0001 /* digest can only handle a single
* block */
#define EVP_PKEY_NULL_method NULL,NULL,{0,0,0,0}
#ifndef NO_DSA
#ifndef OPENSSL_NO_DSA
#define EVP_PKEY_DSA_method DSA_sign,DSA_verify, \
{EVP_PKEY_DSA,EVP_PKEY_DSA2,EVP_PKEY_DSA3, \
EVP_PKEY_DSA4,0}
@ -289,7 +301,7 @@ typedef struct env_md_st
#define EVP_PKEY_DSA_method EVP_PKEY_NULL_method
#endif
#ifndef NO_RSA
#ifndef OPENSSL_NO_RSA
#define EVP_PKEY_RSA_method RSA_sign,RSA_verify, \
{EVP_PKEY_RSA,EVP_PKEY_RSA2,0,0}
#define EVP_PKEY_RSA_ASN1_OCTET_STRING_method \
@ -303,34 +315,20 @@ typedef struct env_md_st
#endif /* !EVP_MD */
typedef struct env_md_ctx_st
struct env_md_ctx_st
{
const EVP_MD *digest;
union {
unsigned char base[4];
#ifndef NO_MD2
MD2_CTX md2;
#endif
#ifndef NO_MD5
MD5_CTX md5;
#endif
#ifndef NO_MD4
MD4_CTX md4;
#endif
#ifndef NO_RIPEMD
RIPEMD160_CTX ripemd160;
#endif
#ifndef NO_SHA
SHA_CTX sha;
#endif
#ifndef NO_MDC2
MDC2_CTX mdc2;
#endif
} md;
} EVP_MD_CTX;
ENGINE *engine; /* functional reference if 'digest' is ENGINE-provided */
unsigned long flags;
void *md_data;
} /* EVP_MD_CTX */;
typedef struct evp_cipher_st EVP_CIPHER;
typedef struct evp_cipher_ctx_st EVP_CIPHER_CTX;
/* values for EVP_MD_CTX flags */
#define EVP_MD_CTX_FLAG_ONESHOT 0x0001 /* digest update will be called
* once only */
#define EVP_MD_CTX_FLAG_CLEANED 0x0002 /* context has already been
* cleaned */
struct evp_cipher_st
{
@ -344,12 +342,12 @@ struct evp_cipher_st
int (*do_cipher)(EVP_CIPHER_CTX *ctx, unsigned char *out,
const unsigned char *in, unsigned int inl);/* encrypt/decrypt data */
int (*cleanup)(EVP_CIPHER_CTX *); /* cleanup ctx */
int ctx_size; /* how big the ctx needs to be */
int ctx_size; /* how big ctx->cipher_data needs to be */
int (*set_asn1_parameters)(EVP_CIPHER_CTX *, ASN1_TYPE *); /* Populate a ASN1_TYPE with parameters */
int (*get_asn1_parameters)(EVP_CIPHER_CTX *, ASN1_TYPE *); /* Get parameters from a ASN1_TYPE */
int (*ctrl)(EVP_CIPHER_CTX *, int type, int arg, void *ptr); /* Miscellaneous operations */
void *app_data; /* Application data */
};
} /* EVP_CIPHER */;
/* Values for cipher flags */
@ -371,6 +369,8 @@ struct evp_cipher_st
#define EVP_CIPH_CTRL_INIT 0x40
/* Don't use standard key length function */
#define EVP_CIPH_CUSTOM_KEY_LENGTH 0x80
/* Don't use standard block padding */
#define EVP_CIPH_NO_PADDING 0x100
/* ctrl() values */
@ -390,62 +390,23 @@ typedef struct evp_cipher_info_st
struct evp_cipher_ctx_st
{
const EVP_CIPHER *cipher;
ENGINE *engine; /* functional reference if 'cipher' is ENGINE-provided */
int encrypt; /* encrypt or decrypt */
int buf_len; /* number we have left */
unsigned char oiv[EVP_MAX_IV_LENGTH]; /* original iv */
unsigned char iv[EVP_MAX_IV_LENGTH]; /* working iv */
unsigned char buf[EVP_MAX_IV_LENGTH]; /* saved partial block */
unsigned char buf[EVP_MAX_BLOCK_LENGTH];/* saved partial block */
int num; /* used by cfb/ofb mode */
void *app_data; /* application stuff */
int key_len; /* May change for variable length cipher */
union {
#ifndef NO_RC4
struct
{
unsigned char key[EVP_RC4_KEY_SIZE];
RC4_KEY ks; /* working key */
} rc4;
#endif
#ifndef NO_DES
des_key_schedule des_ks;/* key schedule */
struct
{
des_key_schedule ks;/* key schedule */
des_cblock inw;
des_cblock outw;
} desx_cbc;
struct
{
des_key_schedule ks1;/* key schedule */
des_key_schedule ks2;/* key schedule (for ede) */
des_key_schedule ks3;/* key schedule (for ede3) */
} des_ede;
#endif
#ifndef NO_IDEA
IDEA_KEY_SCHEDULE idea_ks;/* key schedule */
#endif
#ifndef NO_RC2
struct {
int key_bits; /* effective key bits */
RC2_KEY ks;/* key schedule */
} rc2;
#endif
#ifndef NO_RC5
struct {
int rounds; /* number of rounds */
RC5_32_KEY ks;/* key schedule */
} rc5;
#endif
#ifndef NO_BF
BF_KEY bf_ks;/* key schedule */
#endif
#ifndef NO_CAST
CAST_KEY cast_ks;/* key schedule */
#endif
} c;
};
unsigned long flags; /* Various flags */
void *cipher_data; /* per EVP data */
int final_used;
int block_mask;
unsigned char final[EVP_MAX_BLOCK_LENGTH];/* possible final block */
} /* EVP_CIPHER_CTX */;
typedef struct evp_Encode_Ctx_st
{
@ -462,20 +423,20 @@ typedef struct evp_Encode_Ctx_st
/* Password based encryption function */
typedef int (EVP_PBE_KEYGEN)(EVP_CIPHER_CTX *ctx, const char *pass, int passlen,
ASN1_TYPE *param, EVP_CIPHER *cipher,
EVP_MD *md, int en_de);
ASN1_TYPE *param, const EVP_CIPHER *cipher,
const EVP_MD *md, int en_de);
#ifndef NO_RSA
#ifndef OPENSSL_NO_RSA
#define EVP_PKEY_assign_RSA(pkey,rsa) EVP_PKEY_assign((pkey),EVP_PKEY_RSA,\
(char *)(rsa))
#endif
#ifndef NO_DSA
#ifndef OPENSSL_NO_DSA
#define EVP_PKEY_assign_DSA(pkey,dsa) EVP_PKEY_assign((pkey),EVP_PKEY_DSA,\
(char *)(dsa))
#endif
#ifndef NO_DH
#ifndef OPENSSL_NO_DH
#define EVP_PKEY_assign_DH(pkey,dh) EVP_PKEY_assign((pkey),EVP_PKEY_DH,\
(char *)(dh))
#endif
@ -487,6 +448,8 @@ typedef int (EVP_PBE_KEYGEN)(EVP_CIPHER_CTX *ctx, const char *pass, int passlen,
#define EVP_get_cipherbyobj(a) EVP_get_cipherbynid(OBJ_obj2nid(a))
#define EVP_MD_type(e) ((e)->type)
#define EVP_MD_nid(e) EVP_MD_type(e)
#define EVP_MD_name(e) OBJ_nid2sn(EVP_MD_nid(e))
#define EVP_MD_pkey_type(e) ((e)->pkey_type)
#define EVP_MD_size(e) ((e)->md_size)
#define EVP_MD_block_size(e) ((e)->block_size)
@ -497,6 +460,7 @@ typedef int (EVP_PBE_KEYGEN)(EVP_CIPHER_CTX *ctx, const char *pass, int passlen,
#define EVP_MD_CTX_type(e) EVP_MD_type((e)->digest)
#define EVP_CIPHER_nid(e) ((e)->nid)
#define EVP_CIPHER_name(e) OBJ_nid2sn(EVP_CIPHER_nid(e))
#define EVP_CIPHER_block_size(e) ((e)->block_size)
#define EVP_CIPHER_key_length(e) ((e)->key_len)
#define EVP_CIPHER_iv_length(e) ((e)->iv_len)
@ -517,8 +481,10 @@ typedef int (EVP_PBE_KEYGEN)(EVP_CIPHER_CTX *ctx, const char *pass, int passlen,
#define EVP_ENCODE_LENGTH(l) (((l+2)/3*4)+(l/48+1)*2+80)
#define EVP_DECODE_LENGTH(l) ((l+3)/4*3+80)
#define EVP_SignInit_ex(a,b,c) EVP_DigestInit_ex(a,b,c)
#define EVP_SignInit(a,b) EVP_DigestInit(a,b)
#define EVP_SignUpdate(a,b,c) EVP_DigestUpdate(a,b,c)
#define EVP_VerifyInit_ex(a,b,c) EVP_DigestInit_ex(a,b,c)
#define EVP_VerifyInit(a,b) EVP_DigestInit(a,b)
#define EVP_VerifyUpdate(a,b,c) EVP_DigestUpdate(a,b,c)
#define EVP_OpenUpdate(a,b,c,d,e) EVP_DecryptUpdate(a,b,c,d,e)
@ -545,38 +511,61 @@ void BIO_set_md(BIO *,const EVP_MD *md);
#define EVP_delete_digest_alias(alias) \
OBJ_NAME_remove(alias,OBJ_NAME_TYPE_MD_METH|OBJ_NAME_ALIAS);
int EVP_MD_CTX_copy(EVP_MD_CTX *out,EVP_MD_CTX *in);
void EVP_DigestInit(EVP_MD_CTX *ctx, const EVP_MD *type);
void EVP_DigestUpdate(EVP_MD_CTX *ctx,const void *d,
void EVP_MD_CTX_init(EVP_MD_CTX *ctx);
int EVP_MD_CTX_cleanup(EVP_MD_CTX *ctx);
EVP_MD_CTX *EVP_MD_CTX_create(void);
void EVP_MD_CTX_destroy(EVP_MD_CTX *ctx);
int EVP_MD_CTX_copy_ex(EVP_MD_CTX *out,const EVP_MD_CTX *in);
#define EVP_MD_CTX_set_flags(ctx,flgs) ((ctx)->flags|=(flgs))
#define EVP_MD_CTX_clear_flags(ctx,flgs) ((ctx)->flags&=~(flgs))
#define EVP_MD_CTX_test_flags(ctx,flgs) ((ctx)->flags&(flgs))
int EVP_DigestInit_ex(EVP_MD_CTX *ctx, const EVP_MD *type, ENGINE *impl);
int EVP_DigestUpdate(EVP_MD_CTX *ctx,const void *d,
unsigned int cnt);
void EVP_DigestFinal(EVP_MD_CTX *ctx,unsigned char *md,unsigned int *s);
int EVP_DigestFinal_ex(EVP_MD_CTX *ctx,unsigned char *md,unsigned int *s);
int EVP_Digest(void *data, unsigned int count,
unsigned char *md, unsigned int *size, const EVP_MD *type, ENGINE *impl);
int EVP_MD_CTX_copy(EVP_MD_CTX *out,const EVP_MD_CTX *in);
int EVP_DigestInit(EVP_MD_CTX *ctx, const EVP_MD *type);
int EVP_DigestFinal(EVP_MD_CTX *ctx,unsigned char *md,unsigned int *s);
int EVP_read_pw_string(char *buf,int length,const char *prompt,int verify);
void EVP_set_pw_prompt(char *prompt);
char * EVP_get_pw_prompt(void);
int EVP_BytesToKey(const EVP_CIPHER *type, EVP_MD *md,
const unsigned char *salt, const unsigned char *data, int datal,
int count, unsigned char *key, unsigned char *iv);
int EVP_BytesToKey(const EVP_CIPHER *type,const EVP_MD *md,
const unsigned char *salt, const unsigned char *data,
int datal, int count, unsigned char *key,unsigned char *iv);
int EVP_EncryptInit(EVP_CIPHER_CTX *ctx,const EVP_CIPHER *type,
unsigned char *key, unsigned char *iv);
int EVP_EncryptInit(EVP_CIPHER_CTX *ctx,const EVP_CIPHER *cipher,
const unsigned char *key, const unsigned char *iv);
int EVP_EncryptInit_ex(EVP_CIPHER_CTX *ctx,const EVP_CIPHER *cipher, ENGINE *impl,
const unsigned char *key, const unsigned char *iv);
int EVP_EncryptUpdate(EVP_CIPHER_CTX *ctx, unsigned char *out,
int *outl, unsigned char *in, int inl);
int *outl, const unsigned char *in, int inl);
int EVP_EncryptFinal_ex(EVP_CIPHER_CTX *ctx, unsigned char *out, int *outl);
int EVP_EncryptFinal(EVP_CIPHER_CTX *ctx, unsigned char *out, int *outl);
int EVP_DecryptInit(EVP_CIPHER_CTX *ctx,const EVP_CIPHER *type,
unsigned char *key, unsigned char *iv);
int EVP_DecryptInit(EVP_CIPHER_CTX *ctx,const EVP_CIPHER *cipher,
const unsigned char *key, const unsigned char *iv);
int EVP_DecryptInit_ex(EVP_CIPHER_CTX *ctx,const EVP_CIPHER *cipher, ENGINE *impl,
const unsigned char *key, const unsigned char *iv);
int EVP_DecryptUpdate(EVP_CIPHER_CTX *ctx, unsigned char *out,
int *outl, unsigned char *in, int inl);
int *outl, const unsigned char *in, int inl);
int EVP_DecryptFinal(EVP_CIPHER_CTX *ctx, unsigned char *outm, int *outl);
int EVP_DecryptFinal_ex(EVP_CIPHER_CTX *ctx, unsigned char *outm, int *outl);
int EVP_CipherInit(EVP_CIPHER_CTX *ctx,const EVP_CIPHER *type,
unsigned char *key,unsigned char *iv,int enc);
int EVP_CipherInit(EVP_CIPHER_CTX *ctx,const EVP_CIPHER *cipher,
const unsigned char *key,const unsigned char *iv,
int enc);
int EVP_CipherInit_ex(EVP_CIPHER_CTX *ctx,const EVP_CIPHER *cipher, ENGINE *impl,
const unsigned char *key,const unsigned char *iv,
int enc);
int EVP_CipherUpdate(EVP_CIPHER_CTX *ctx, unsigned char *out,
int *outl, unsigned char *in, int inl);
int *outl, const unsigned char *in, int inl);
int EVP_CipherFinal(EVP_CIPHER_CTX *ctx, unsigned char *outm, int *outl);
int EVP_CipherFinal_ex(EVP_CIPHER_CTX *ctx, unsigned char *outm, int *outl);
int EVP_SignFinal(EVP_MD_CTX *ctx,unsigned char *md,unsigned int *s,
EVP_PKEY *pkey);
@ -584,13 +573,13 @@ int EVP_SignFinal(EVP_MD_CTX *ctx,unsigned char *md,unsigned int *s,
int EVP_VerifyFinal(EVP_MD_CTX *ctx,unsigned char *sigbuf,
unsigned int siglen,EVP_PKEY *pkey);
int EVP_OpenInit(EVP_CIPHER_CTX *ctx,EVP_CIPHER *type,unsigned char *ek,
int EVP_OpenInit(EVP_CIPHER_CTX *ctx,const EVP_CIPHER *type,unsigned char *ek,
int ekl,unsigned char *iv,EVP_PKEY *priv);
int EVP_OpenFinal(EVP_CIPHER_CTX *ctx, unsigned char *out, int *outl);
int EVP_SealInit(EVP_CIPHER_CTX *ctx, EVP_CIPHER *type, unsigned char **ek,
int EVP_SealInit(EVP_CIPHER_CTX *ctx, const EVP_CIPHER *type, unsigned char **ek,
int *ekl, unsigned char *iv,EVP_PKEY **pubk, int npubk);
void EVP_SealFinal(EVP_CIPHER_CTX *ctx,unsigned char *out,int *outl);
int EVP_SealFinal(EVP_CIPHER_CTX *ctx,unsigned char *out,int *outl);
void EVP_EncodeInit(EVP_ENCODE_CTX *ctx);
void EVP_EncodeUpdate(EVP_ENCODE_CTX *ctx,unsigned char *out,
@ -608,9 +597,10 @@ int EVP_DecodeBlock(unsigned char *t, const unsigned char *f, int n);
void EVP_CIPHER_CTX_init(EVP_CIPHER_CTX *a);
int EVP_CIPHER_CTX_cleanup(EVP_CIPHER_CTX *a);
int EVP_CIPHER_CTX_set_key_length(EVP_CIPHER_CTX *x, int keylen);
int EVP_CIPHER_CTX_set_padding(EVP_CIPHER_CTX *c, int pad);
int EVP_CIPHER_CTX_ctrl(EVP_CIPHER_CTX *ctx, int type, int arg, void *ptr);
#ifndef NO_BIO
#ifndef OPENSSL_NO_BIO
BIO_METHOD *BIO_f_md(void);
BIO_METHOD *BIO_f_base64(void);
BIO_METHOD *BIO_f_cipher(void);
@ -619,89 +609,134 @@ void BIO_set_cipher(BIO *b,const EVP_CIPHER *c,unsigned char *k,
unsigned char *i, int enc);
#endif
EVP_MD *EVP_md_null(void);
#ifndef NO_MD2
EVP_MD *EVP_md2(void);
const EVP_MD *EVP_md_null(void);
#ifndef OPENSSL_NO_MD2
const EVP_MD *EVP_md2(void);
#endif
#ifndef NO_MD4
EVP_MD *EVP_md4(void);
#ifndef OPENSSL_NO_MD4
const EVP_MD *EVP_md4(void);
#endif
#ifndef NO_MD5
EVP_MD *EVP_md5(void);
#ifndef OPENSSL_NO_MD5
const EVP_MD *EVP_md5(void);
#endif
#ifndef NO_SHA
EVP_MD *EVP_sha(void);
EVP_MD *EVP_sha1(void);
EVP_MD *EVP_dss(void);
EVP_MD *EVP_dss1(void);
#ifndef OPENSSL_NO_SHA
const EVP_MD *EVP_sha(void);
const EVP_MD *EVP_sha1(void);
const EVP_MD *EVP_dss(void);
const EVP_MD *EVP_dss1(void);
#endif
#ifndef NO_MDC2
EVP_MD *EVP_mdc2(void);
#ifndef OPENSSL_NO_MDC2
const EVP_MD *EVP_mdc2(void);
#endif
#ifndef NO_RIPEMD
EVP_MD *EVP_ripemd160(void);
#ifndef OPENSSL_NO_RIPEMD
const EVP_MD *EVP_ripemd160(void);
#endif
EVP_CIPHER *EVP_enc_null(void); /* does nothing :-) */
#ifndef NO_DES
EVP_CIPHER *EVP_des_ecb(void);
EVP_CIPHER *EVP_des_ede(void);
EVP_CIPHER *EVP_des_ede3(void);
EVP_CIPHER *EVP_des_cfb(void);
EVP_CIPHER *EVP_des_ede_cfb(void);
EVP_CIPHER *EVP_des_ede3_cfb(void);
EVP_CIPHER *EVP_des_ofb(void);
EVP_CIPHER *EVP_des_ede_ofb(void);
EVP_CIPHER *EVP_des_ede3_ofb(void);
EVP_CIPHER *EVP_des_cbc(void);
EVP_CIPHER *EVP_des_ede_cbc(void);
EVP_CIPHER *EVP_des_ede3_cbc(void);
EVP_CIPHER *EVP_desx_cbc(void);
const EVP_CIPHER *EVP_enc_null(void); /* does nothing :-) */
#ifndef OPENSSL_NO_DES
const EVP_CIPHER *EVP_des_ecb(void);
const EVP_CIPHER *EVP_des_ede(void);
const EVP_CIPHER *EVP_des_ede3(void);
const EVP_CIPHER *EVP_des_ede_ecb(void);
const EVP_CIPHER *EVP_des_ede3_ecb(void);
const EVP_CIPHER *EVP_des_cfb(void);
const EVP_CIPHER *EVP_des_ede_cfb(void);
const EVP_CIPHER *EVP_des_ede3_cfb(void);
const EVP_CIPHER *EVP_des_ofb(void);
const EVP_CIPHER *EVP_des_ede_ofb(void);
const EVP_CIPHER *EVP_des_ede3_ofb(void);
const EVP_CIPHER *EVP_des_cbc(void);
const EVP_CIPHER *EVP_des_ede_cbc(void);
const EVP_CIPHER *EVP_des_ede3_cbc(void);
const EVP_CIPHER *EVP_desx_cbc(void);
/* This should now be supported through the dev_crypto ENGINE. But also, why are
* rc4 and md5 declarations made here inside a "NO_DES" precompiler branch? */
#if 0
# ifdef OPENSSL_OPENBSD_DEV_CRYPTO
const EVP_CIPHER *EVP_dev_crypto_des_ede3_cbc(void);
const EVP_CIPHER *EVP_dev_crypto_rc4(void);
const EVP_MD *EVP_dev_crypto_md5(void);
# endif
#endif
#ifndef NO_RC4
EVP_CIPHER *EVP_rc4(void);
EVP_CIPHER *EVP_rc4_40(void);
#endif
#ifndef NO_IDEA
EVP_CIPHER *EVP_idea_ecb(void);
EVP_CIPHER *EVP_idea_cfb(void);
EVP_CIPHER *EVP_idea_ofb(void);
EVP_CIPHER *EVP_idea_cbc(void);
#ifndef OPENSSL_NO_RC4
const EVP_CIPHER *EVP_rc4(void);
const EVP_CIPHER *EVP_rc4_40(void);
#endif
#ifndef NO_RC2
EVP_CIPHER *EVP_rc2_ecb(void);
EVP_CIPHER *EVP_rc2_cbc(void);
EVP_CIPHER *EVP_rc2_40_cbc(void);
EVP_CIPHER *EVP_rc2_64_cbc(void);
EVP_CIPHER *EVP_rc2_cfb(void);
EVP_CIPHER *EVP_rc2_ofb(void);
#ifndef OPENSSL_NO_IDEA
const EVP_CIPHER *EVP_idea_ecb(void);
const EVP_CIPHER *EVP_idea_cfb(void);
const EVP_CIPHER *EVP_idea_ofb(void);
const EVP_CIPHER *EVP_idea_cbc(void);
#endif
#ifndef NO_BF
EVP_CIPHER *EVP_bf_ecb(void);
EVP_CIPHER *EVP_bf_cbc(void);
EVP_CIPHER *EVP_bf_cfb(void);
EVP_CIPHER *EVP_bf_ofb(void);
#ifndef OPENSSL_NO_RC2
const EVP_CIPHER *EVP_rc2_ecb(void);
const EVP_CIPHER *EVP_rc2_cbc(void);
const EVP_CIPHER *EVP_rc2_40_cbc(void);
const EVP_CIPHER *EVP_rc2_64_cbc(void);
const EVP_CIPHER *EVP_rc2_cfb(void);
const EVP_CIPHER *EVP_rc2_ofb(void);
#endif
#ifndef NO_CAST
EVP_CIPHER *EVP_cast5_ecb(void);
EVP_CIPHER *EVP_cast5_cbc(void);
EVP_CIPHER *EVP_cast5_cfb(void);
EVP_CIPHER *EVP_cast5_ofb(void);
#ifndef OPENSSL_NO_BF
const EVP_CIPHER *EVP_bf_ecb(void);
const EVP_CIPHER *EVP_bf_cbc(void);
const EVP_CIPHER *EVP_bf_cfb(void);
const EVP_CIPHER *EVP_bf_ofb(void);
#endif
#ifndef NO_RC5
EVP_CIPHER *EVP_rc5_32_12_16_cbc(void);
EVP_CIPHER *EVP_rc5_32_12_16_ecb(void);
EVP_CIPHER *EVP_rc5_32_12_16_cfb(void);
EVP_CIPHER *EVP_rc5_32_12_16_ofb(void);
#ifndef OPENSSL_NO_CAST
const EVP_CIPHER *EVP_cast5_ecb(void);
const EVP_CIPHER *EVP_cast5_cbc(void);
const EVP_CIPHER *EVP_cast5_cfb(void);
const EVP_CIPHER *EVP_cast5_ofb(void);
#endif
void OpenSSL_add_all_algorithms(void);
#ifndef OPENSSL_NO_RC5
const EVP_CIPHER *EVP_rc5_32_12_16_cbc(void);
const EVP_CIPHER *EVP_rc5_32_12_16_ecb(void);
const EVP_CIPHER *EVP_rc5_32_12_16_cfb(void);
const EVP_CIPHER *EVP_rc5_32_12_16_ofb(void);
#endif
#ifndef OPENSSL_NO_AES
const EVP_CIPHER *EVP_aes_128_ecb(void);
const EVP_CIPHER *EVP_aes_128_cbc(void);
const EVP_CIPHER *EVP_aes_128_cfb(void);
const EVP_CIPHER *EVP_aes_128_ofb(void);
#if 0
const EVP_CIPHER *EVP_aes_128_ctr(void);
#endif
const EVP_CIPHER *EVP_aes_192_ecb(void);
const EVP_CIPHER *EVP_aes_192_cbc(void);
const EVP_CIPHER *EVP_aes_192_cfb(void);
const EVP_CIPHER *EVP_aes_192_ofb(void);
#if 0
const EVP_CIPHER *EVP_aes_192_ctr(void);
#endif
const EVP_CIPHER *EVP_aes_256_ecb(void);
const EVP_CIPHER *EVP_aes_256_cbc(void);
const EVP_CIPHER *EVP_aes_256_cfb(void);
const EVP_CIPHER *EVP_aes_256_ofb(void);
#if 0
const EVP_CIPHER *EVP_aes_256_ctr(void);
#endif
#endif
void OPENSSL_add_all_algorithms_noconf(void);
void OPENSSL_add_all_algorithms_conf(void);
#ifdef OPENSSL_LOAD_CONF
#define OpenSSL_add_all_algorithms() \
OPENSSL_add_all_algorithms_conf()
#else
#define OpenSSL_add_all_algorithms() \
OPENSSL_add_all_algorithms_noconf()
#endif
void OpenSSL_add_all_ciphers(void);
void OpenSSL_add_all_digests(void);
#define SSLeay_add_all_algorithms() OpenSSL_add_all_algorithms()
#define SSLeay_add_all_ciphers() OpenSSL_add_all_ciphers()
#define SSLeay_add_all_digests() OpenSSL_add_all_digests()
int EVP_add_cipher(EVP_CIPHER *cipher);
int EVP_add_digest(EVP_MD *digest);
int EVP_add_cipher(const EVP_CIPHER *cipher);
int EVP_add_digest(const EVP_MD *digest);
const EVP_CIPHER *EVP_get_cipherbyname(const char *name);
const EVP_MD *EVP_get_digestbyname(const char *name);
@ -715,18 +750,24 @@ int EVP_PKEY_type(int type);
int EVP_PKEY_bits(EVP_PKEY *pkey);
int EVP_PKEY_size(EVP_PKEY *pkey);
int EVP_PKEY_assign(EVP_PKEY *pkey,int type,char *key);
#ifndef NO_RSA
int EVP_PKEY_set1_RSA(EVP_PKEY *pkey,RSA *key);
RSA * EVP_PKEY_get1_RSA(EVP_PKEY *pkey);
#ifndef OPENSSL_NO_RSA
struct rsa_st;
int EVP_PKEY_set1_RSA(EVP_PKEY *pkey,struct rsa_st *key);
struct rsa_st *EVP_PKEY_get1_RSA(EVP_PKEY *pkey);
#endif
#ifndef NO_DSA
int EVP_PKEY_set1_DSA(EVP_PKEY *pkey,DSA *key);
DSA * EVP_PKEY_get1_DSA(EVP_PKEY *pkey);
#ifndef OPENSSL_NO_DSA
struct dsa_st;
int EVP_PKEY_set1_DSA(EVP_PKEY *pkey,struct dsa_st *key);
struct dsa_st *EVP_PKEY_get1_DSA(EVP_PKEY *pkey);
#endif
#ifndef NO_DH
int EVP_PKEY_set1_DH(EVP_PKEY *pkey,DH *key);
DH * EVP_PKEY_get1_DH(EVP_PKEY *pkey);
#ifndef OPENSSL_NO_DH
struct dh_st;
int EVP_PKEY_set1_DH(EVP_PKEY *pkey,struct dh_st *key);
struct dh_st *EVP_PKEY_get1_DH(EVP_PKEY *pkey);
#endif
EVP_PKEY * EVP_PKEY_new(void);
void EVP_PKEY_free(EVP_PKEY *pkey);
EVP_PKEY * d2i_PublicKey(int type,EVP_PKEY **a, unsigned char **pp,
@ -756,20 +797,20 @@ int EVP_CIPHER_get_asn1_iv(EVP_CIPHER_CTX *c,ASN1_TYPE *type);
/* PKCS5 password based encryption */
int PKCS5_PBE_keyivgen(EVP_CIPHER_CTX *ctx, const char *pass, int passlen,
ASN1_TYPE *param, EVP_CIPHER *cipher, EVP_MD *md,
ASN1_TYPE *param, const EVP_CIPHER *cipher, const EVP_MD *md,
int en_de);
int PKCS5_PBKDF2_HMAC_SHA1(const char *pass, int passlen,
unsigned char *salt, int saltlen, int iter,
int keylen, unsigned char *out);
int PKCS5_v2_PBE_keyivgen(EVP_CIPHER_CTX *ctx, const char *pass, int passlen,
ASN1_TYPE *param, EVP_CIPHER *cipher, EVP_MD *md,
ASN1_TYPE *param, const EVP_CIPHER *cipher, const EVP_MD *md,
int en_de);
void PKCS5_PBE_add(void);
int EVP_PBE_CipherInit (ASN1_OBJECT *pbe_obj, const char *pass, int passlen,
ASN1_TYPE *param, EVP_CIPHER_CTX *ctx, int en_de);
int EVP_PBE_alg_add(int nid, EVP_CIPHER *cipher, EVP_MD *md,
int EVP_PBE_alg_add(int nid, const EVP_CIPHER *cipher, const EVP_MD *md,
EVP_PBE_KEYGEN *keygen);
void EVP_PBE_cleanup(void);
@ -787,6 +828,8 @@ void ERR_load_EVP_strings(void);
#define EVP_F_EVP_CIPHER_CTX_CTRL 124
#define EVP_F_EVP_CIPHER_CTX_SET_KEY_LENGTH 122
#define EVP_F_EVP_DECRYPTFINAL 101
#define EVP_F_EVP_DIGESTINIT 128
#define EVP_F_EVP_ENCRYPTFINAL 127
#define EVP_F_EVP_MD_CTX_COPY 110
#define EVP_F_EVP_OPENINIT 102
#define EVP_F_EVP_PBE_ALG_ADD 115
@ -801,6 +844,7 @@ void ERR_load_EVP_strings(void);
#define EVP_F_EVP_PKEY_GET1_DSA 120
#define EVP_F_EVP_PKEY_GET1_RSA 121
#define EVP_F_EVP_PKEY_NEW 106
#define EVP_F_EVP_RIJNDAEL 126
#define EVP_F_EVP_SIGNFINAL 107
#define EVP_F_EVP_VERIFYFINAL 108
#define EVP_F_PKCS5_PBE_KEYIVGEN 117
@ -809,12 +853,15 @@ void ERR_load_EVP_strings(void);
#define EVP_F_RC5_CTRL 125
/* Reason codes. */
#define EVP_R_BAD_BLOCK_LENGTH 136
#define EVP_R_BAD_DECRYPT 100
#define EVP_R_BAD_KEY_LENGTH 137
#define EVP_R_BN_DECODE_ERROR 112
#define EVP_R_BN_PUBKEY_ERROR 113
#define EVP_R_CIPHER_PARAMETER_ERROR 122
#define EVP_R_CTRL_NOT_IMPLEMENTED 132
#define EVP_R_CTRL_OPERATION_NOT_IMPLEMENTED 133
#define EVP_R_DATA_NOT_MULTIPLE_OF_BLOCK_LENGTH 138
#define EVP_R_DECODE_ERROR 114
#define EVP_R_DIFFERENT_KEY_TYPES 101
#define EVP_R_ENCODE_ERROR 115
@ -829,6 +876,7 @@ void ERR_load_EVP_strings(void);
#define EVP_R_KEYGEN_FAILURE 120
#define EVP_R_MISSING_PARAMETERS 103
#define EVP_R_NO_CIPHER_SET 131
#define EVP_R_NO_DIGEST_SET 139
#define EVP_R_NO_DSA_PARAMETERS 116
#define EVP_R_NO_SIGN_FUNCTION_CONFIGURED 104
#define EVP_R_NO_VERIFY_FUNCTION_CONFIGURED 105

View File

@ -1,6 +1,5 @@
#
# SSLeay/crypto/idea/Makefile
# $FreeBSD$
#
DIR= idea
@ -12,7 +11,8 @@ INSTALL_PREFIX=
OPENSSLDIR= /usr/local/ssl
INSTALLTOP=/usr/local/ssl
MAKE= make -f Makefile.ssl
MAKEDEPEND= $(TOP)/util/domd $(TOP)
MAKEDEPPROG= makedepend
MAKEDEPEND= $(TOP)/util/domd $(TOP) -MD $(MAKEDEPPROG)
MAKEFILE= Makefile.ssl
AR= ar r
@ -40,8 +40,7 @@ all: lib
lib: $(LIBOBJ)
$(AR) $(LIB) $(LIBOBJ)
@echo You may get an error following this line. Please ignore.
- $(RANLIB) $(LIB)
$(RANLIB) $(LIB) || echo Never mind.
@touch lib
files:
@ -69,7 +68,7 @@ lint:
lint -DLINT $(INCLUDES) $(SRC)>fluff
depend:
$(MAKEDEPEND) $(INCLUDES) $(DEPFLAG) $(PROGS) $(LIBSRC)
$(MAKEDEPEND) -- $(CFLAG) $(INCLUDES) $(DEPFLAG) -- $(PROGS) $(LIBSRC)
dclean:
$(PERL) -pe 'if (/^# DO NOT DELETE THIS LINE/) {print; exit(0);}' $(MAKEFILE) >Makefile.new
@ -81,12 +80,12 @@ clean:
# DO NOT DELETE THIS LINE -- make depend depends on it.
i_cbc.o: ../../include/openssl/idea.h ../../include/openssl/opensslconf.h
i_cbc.o: idea_lcl.h
i_cbc.o: i_cbc.c idea_lcl.h
i_cfb64.o: ../../include/openssl/idea.h ../../include/openssl/opensslconf.h
i_cfb64.o: idea_lcl.h
i_cfb64.o: i_cfb64.c idea_lcl.h
i_ecb.o: ../../include/openssl/idea.h ../../include/openssl/opensslconf.h
i_ecb.o: ../../include/openssl/opensslv.h idea_lcl.h
i_ecb.o: ../../include/openssl/opensslv.h i_ecb.c idea_lcl.h
i_ofb64.o: ../../include/openssl/idea.h ../../include/openssl/opensslconf.h
i_ofb64.o: idea_lcl.h
i_ofb64.o: i_ofb64.c idea_lcl.h
i_skey.o: ../../include/openssl/idea.h ../../include/openssl/opensslconf.h
i_skey.o: idea_lcl.h
i_skey.o: i_skey.c idea_lcl.h

View File

@ -54,7 +54,6 @@
* derivative of this code cannot be changed. i.e. this code cannot simply be
* copied and put under another distribution licence
* [including the GNU Public Licence.]
* $FreeBSD$
*/
#include <openssl/idea.h>

View File

@ -54,7 +54,6 @@
* derivative of this code cannot be changed. i.e. this code cannot simply be
* copied and put under another distribution licence
* [including the GNU Public Licence.]
* $FreeBSD$
*/
#include <openssl/idea.h>

View File

@ -54,7 +54,6 @@
* derivative of this code cannot be changed. i.e. this code cannot simply be
* copied and put under another distribution licence
* [including the GNU Public Licence.]
* $FreeBSD$
*/
#include <openssl/idea.h>

View File

@ -54,7 +54,6 @@
* derivative of this code cannot be changed. i.e. this code cannot simply be
* copied and put under another distribution licence
* [including the GNU Public Licence.]
* $FreeBSD$
*/
#include <openssl/idea.h>

View File

@ -54,7 +54,6 @@
* derivative of this code cannot be changed. i.e. this code cannot simply be
* copied and put under another distribution licence
* [including the GNU Public Licence.]
* $FreeBSD$
*/
#include <openssl/idea.h>

View File

@ -54,13 +54,12 @@
* derivative of this code cannot be changed. i.e. this code cannot simply be
* copied and put under another distribution licence
* [including the GNU Public Licence.]
* $FreeBSD$
*/
#ifndef HEADER_IDEA_H
#define HEADER_IDEA_H
#ifdef NO_IDEA
#ifdef OPENSSL_NO_IDEA
#error IDEA is disabled.
#endif

View File

@ -54,7 +54,6 @@
* derivative of this code cannot be changed. i.e. this code cannot simply be
* copied and put under another distribution licence
* [including the GNU Public Licence.]
* $FreeBSD$
*/
/* The new form of this macro (check if the a*b == 0) was suggested by

View File

@ -54,13 +54,12 @@
* derivative of this code cannot be changed. i.e. this code cannot simply be
* copied and put under another distribution licence
* [including the GNU Public Licence.]
* $FreeBSD$
*/
/* 11-Sep-92 Andrew Daviel Support for Silicon Graphics IRIX added */
/* 06-Apr-92 Luke Brennan Support for VMS and add extra signal calls */
#if !defined(MSDOS) && (!defined(VMS) || defined(__DECC))
#if !defined(OPENSSL_SYS_MSDOS) && (!defined(OPENSSL_SYS_VMS) || defined(__DECC)) && !defined(OPENSSL_SYS_MACOSX)
#define TIMES
#endif
@ -83,7 +82,7 @@ OPENSSL_DECLARE_EXIT
The __TMS macro will show if it was. If it wasn't defined, we should
undefine TIMES, since that tells the rest of the program how things
should be handled. -- Richard Levitte */
#if defined(VMS) && defined(__DECC) && !defined(__TMS)
#if defined(OPENSSL_SYS_VMS_DECC) && !defined(__TMS)
#undef TIMES
#endif
@ -290,7 +289,7 @@ int main(int argc, char **argv)
printf("IDEA raw ecb bytes per sec = %12.2f (%9.3fuS)\n",b,8.0e6/b);
printf("IDEA cbc bytes per sec = %12.2f (%9.3fuS)\n",c,8.0e6/c);
exit(0);
#if defined(LINT) || defined(MSDOS)
#if defined(LINT) || defined(OPENSSL_SYS_MSDOS)
return(0);
#endif
}

View File

@ -54,14 +54,15 @@
* derivative of this code cannot be changed. i.e. this code cannot simply be
* copied and put under another distribution licence
* [including the GNU Public Licence.]
* $FreeBSD$
*/
#include <stdio.h>
#include <string.h>
#include <stdlib.h>
#ifdef NO_IDEA
#include "../e_os.h"
#ifdef OPENSSL_NO_IDEA
int main(int argc, char *argv[])
{
printf("No IDEA support\n");
@ -168,7 +169,7 @@ int main(int argc, char *argv[])
else
printf("ok\n");
exit(err);
EXIT(err);
return(err);
}

View File

@ -1,4 +1,3 @@
# $FreeBSD$
1.1 07/12/95 - eay
Many thanks to Rhys Weatherley <rweather@us.oracle.com>
for pointing out that I was assuming little endian byte

View File

@ -1,5 +1,4 @@
/* crypto/rsa/rsa.h */
/* $FreeBSD$ */
/* Copyright (C) 1995-1998 Eric Young (eay@cryptsoft.com)
* All rights reserved.
*
@ -60,13 +59,16 @@
#ifndef HEADER_RSA_H
#define HEADER_RSA_H
#ifndef NO_BIO
#include <openssl/asn1.h>
#ifndef OPENSSL_NO_BIO
#include <openssl/bio.h>
#endif
#include <openssl/bn.h>
#include <openssl/crypto.h>
#include <openssl/ossl_typ.h>
#ifdef NO_RSA
#ifdef OPENSSL_NO_RSA
#error RSA is disabled.
#endif
@ -79,16 +81,20 @@ typedef struct rsa_st RSA;
typedef struct rsa_meth_st
{
const char *name;
int (*rsa_pub_enc)(int flen,unsigned char *from,unsigned char *to,
int (*rsa_pub_enc)(int flen,const unsigned char *from,
unsigned char *to,
RSA *rsa,int padding);
int (*rsa_pub_dec)(int flen,unsigned char *from,unsigned char *to,
int (*rsa_pub_dec)(int flen,const unsigned char *from,
unsigned char *to,
RSA *rsa,int padding);
int (*rsa_priv_enc)(int flen,unsigned char *from,unsigned char *to,
int (*rsa_priv_enc)(int flen,const unsigned char *from,
unsigned char *to,
RSA *rsa,int padding);
int (*rsa_priv_dec)(int flen,unsigned char *from,unsigned char *to,
int (*rsa_priv_dec)(int flen,const unsigned char *from,
unsigned char *to,
RSA *rsa,int padding);
int (*rsa_mod_exp)(BIGNUM *r0,BIGNUM *I,RSA *rsa); /* Can be null */
int (*bn_mod_exp)(BIGNUM *r, BIGNUM *a, const BIGNUM *p,
int (*rsa_mod_exp)(BIGNUM *r0,const BIGNUM *I,RSA *rsa); /* Can be null */
int (*bn_mod_exp)(BIGNUM *r, const BIGNUM *a, const BIGNUM *p,
const BIGNUM *m, BN_CTX *ctx,
BN_MONT_CTX *m_ctx); /* Can be null */
int (*init)(RSA *rsa); /* called at new */
@ -102,15 +108,12 @@ typedef struct rsa_meth_st
* compatibility this functionality is only enabled if the RSA_FLAG_SIGN_VER
* option is set in 'flags'.
*/
/* changed m_len to m_length to avoid a conflict with a #define in
vxworks for m_len for the mbuf code. This only shows up in apps
that have USE_SOCKETS defined */
int (*rsa_sign)(int type, unsigned char *m, unsigned int m_length,
unsigned char *sigret, unsigned int *siglen, RSA *rsa);
int (*rsa_verify)(int dtype, unsigned char *m, unsigned int m_length,
unsigned char *sigbuf, unsigned int siglen, RSA *rsa);
int (*rsa_sign)(int type,
const unsigned char *m, unsigned int m_length,
unsigned char *sigret, unsigned int *siglen, const RSA *rsa);
int (*rsa_verify)(int dtype,
const unsigned char *m, unsigned int m_length,
unsigned char *sigbuf, unsigned int siglen, const RSA *rsa);
} RSA_METHOD;
@ -119,8 +122,10 @@ struct rsa_st
/* The first parameter is used to pickup errors where
* this is passed instead of aEVP_PKEY, it is set to 0 */
int pad;
int version;
RSA_METHOD *meth;
long version;
const RSA_METHOD *meth;
/* functional reference if 'meth' is ENGINE-provided */
ENGINE *engine;
BIGNUM *n;
BIGNUM *e;
BIGNUM *d;
@ -170,110 +175,111 @@ struct rsa_st
#define RSA_NO_PADDING 3
#define RSA_PKCS1_OAEP_PADDING 4
#define RSA_PKCS1_PADDING_SIZE 11
#define RSA_set_app_data(s,arg) RSA_set_ex_data(s,0,arg)
#define RSA_get_app_data(s) RSA_get_ex_data(s,0)
RSA * RSA_new(void);
RSA * RSA_new_method(RSA_METHOD *method);
int RSA_size(RSA *);
RSA * RSA_new_method(ENGINE *engine);
int RSA_size(const RSA *);
RSA * RSA_generate_key(int bits, unsigned long e,void
(*callback)(int,int,void *),void *cb_arg);
int RSA_check_key(RSA *);
int RSA_check_key(const RSA *);
/* next 4 return -1 on error */
int RSA_public_encrypt(int flen, unsigned char *from,
int RSA_public_encrypt(int flen, const unsigned char *from,
unsigned char *to, RSA *rsa,int padding);
int RSA_private_encrypt(int flen, unsigned char *from,
int RSA_private_encrypt(int flen, const unsigned char *from,
unsigned char *to, RSA *rsa,int padding);
int RSA_public_decrypt(int flen, unsigned char *from,
int RSA_public_decrypt(int flen, const unsigned char *from,
unsigned char *to, RSA *rsa,int padding);
int RSA_private_decrypt(int flen, unsigned char *from,
int RSA_private_decrypt(int flen, const unsigned char *from,
unsigned char *to, RSA *rsa,int padding);
void RSA_free (RSA *r);
/* "up" the RSA object's reference count */
int RSA_up_ref(RSA *r);
int RSA_flags(RSA *r);
int RSA_flags(const RSA *r);
void RSA_set_default_method(RSA_METHOD *meth);
RSA_METHOD *RSA_get_default_method(void);
RSA_METHOD *RSA_get_method(RSA *rsa);
RSA_METHOD *RSA_set_method(RSA *rsa, RSA_METHOD *meth);
void RSA_set_default_method(const RSA_METHOD *meth);
const RSA_METHOD *RSA_get_default_method(void);
const RSA_METHOD *RSA_get_method(const RSA *rsa);
int RSA_set_method(RSA *rsa, const RSA_METHOD *meth);
/* This function needs the memory locking malloc callbacks to be installed */
int RSA_memory_lock(RSA *r);
/* If you have RSAref compiled in. */
RSA_METHOD *RSA_PKCS1_RSAref(void);
/* these are the actual SSLeay RSA functions */
RSA_METHOD *RSA_PKCS1_SSLeay(void);
const RSA_METHOD *RSA_PKCS1_SSLeay(void);
RSA_METHOD *RSA_null_method(void);
const RSA_METHOD *RSA_null_method(void);
RSA * d2i_RSAPublicKey(RSA **a, unsigned char **pp, long length);
int i2d_RSAPublicKey(RSA *a, unsigned char **pp);
RSA * d2i_RSAPrivateKey(RSA **a, unsigned char **pp, long length);
int i2d_RSAPrivateKey(RSA *a, unsigned char **pp);
#ifndef NO_FP_API
int RSA_print_fp(FILE *fp, RSA *r,int offset);
DECLARE_ASN1_ENCODE_FUNCTIONS_const(RSA, RSAPublicKey)
DECLARE_ASN1_ENCODE_FUNCTIONS_const(RSA, RSAPrivateKey)
#ifndef OPENSSL_NO_FP_API
int RSA_print_fp(FILE *fp, const RSA *r,int offset);
#endif
#ifndef NO_BIO
int RSA_print(BIO *bp, RSA *r,int offset);
#ifndef OPENSSL_NO_BIO
int RSA_print(BIO *bp, const RSA *r,int offset);
#endif
int i2d_RSA_NET(RSA *a, unsigned char **pp, int (*cb)(), int sgckey);
RSA *d2i_RSA_NET(RSA **a, unsigned char **pp, long length, int (*cb)(), int sgckey);
RSA *d2i_RSA_NET_2(RSA **a, unsigned char **pp, long length, int (*cb)(), int sgckey);
int i2d_RSA_NET(const RSA *a, unsigned char **pp, int (*cb)(), int sgckey);
RSA *d2i_RSA_NET(RSA **a, const unsigned char **pp, long length, int (*cb)(), int sgckey);
int i2d_Netscape_RSA(RSA *a, unsigned char **pp, int (*cb)());
RSA *d2i_Netscape_RSA(RSA **a, unsigned char **pp, long length, int (*cb)());
/* Naughty internal function required elsewhere, to handle a MS structure
* that is the same as the netscape one :-) */
RSA *d2i_Netscape_RSA_2(RSA **a, unsigned char **pp, long length, int (*cb)());
int i2d_Netscape_RSA(const RSA *a, unsigned char **pp, int (*cb)());
RSA *d2i_Netscape_RSA(RSA **a, const unsigned char **pp, long length, int (*cb)());
/* The following 2 functions sign and verify a X509_SIG ASN1 object
* inside PKCS#1 padded RSA encryption */
int RSA_sign(int type, unsigned char *m, unsigned int m_length,
int RSA_sign(int type, const unsigned char *m, unsigned int m_length,
unsigned char *sigret, unsigned int *siglen, RSA *rsa);
int RSA_verify(int type, unsigned char *m, unsigned int m_length,
int RSA_verify(int type, const unsigned char *m, unsigned int m_length,
unsigned char *sigbuf, unsigned int siglen, RSA *rsa);
/* The following 2 function sign and verify a ASN1_OCTET_STRING
* object inside PKCS#1 padded RSA encryption */
int RSA_sign_ASN1_OCTET_STRING(int type, unsigned char *m, unsigned int m_length,
int RSA_sign_ASN1_OCTET_STRING(int type,
const unsigned char *m, unsigned int m_length,
unsigned char *sigret, unsigned int *siglen, RSA *rsa);
int RSA_verify_ASN1_OCTET_STRING(int type, unsigned char *m, unsigned int m_length,
int RSA_verify_ASN1_OCTET_STRING(int type,
const unsigned char *m, unsigned int m_length,
unsigned char *sigbuf, unsigned int siglen, RSA *rsa);
int RSA_blinding_on(RSA *rsa, BN_CTX *ctx);
void RSA_blinding_off(RSA *rsa);
int RSA_padding_add_PKCS1_type_1(unsigned char *to,int tlen,
unsigned char *f,int fl);
const unsigned char *f,int fl);
int RSA_padding_check_PKCS1_type_1(unsigned char *to,int tlen,
unsigned char *f,int fl,int rsa_len);
const unsigned char *f,int fl,int rsa_len);
int RSA_padding_add_PKCS1_type_2(unsigned char *to,int tlen,
unsigned char *f,int fl);
const unsigned char *f,int fl);
int RSA_padding_check_PKCS1_type_2(unsigned char *to,int tlen,
unsigned char *f,int fl,int rsa_len);
const unsigned char *f,int fl,int rsa_len);
int RSA_padding_add_PKCS1_OAEP(unsigned char *to,int tlen,
unsigned char *f,int fl,unsigned char *p,
int pl);
const unsigned char *f,int fl,
const unsigned char *p,int pl);
int RSA_padding_check_PKCS1_OAEP(unsigned char *to,int tlen,
unsigned char *f,int fl,int rsa_len,
unsigned char *p,int pl);
const unsigned char *f,int fl,int rsa_len,
const unsigned char *p,int pl);
int RSA_padding_add_SSLv23(unsigned char *to,int tlen,
unsigned char *f,int fl);
const unsigned char *f,int fl);
int RSA_padding_check_SSLv23(unsigned char *to,int tlen,
unsigned char *f,int fl,int rsa_len);
const unsigned char *f,int fl,int rsa_len);
int RSA_padding_add_none(unsigned char *to,int tlen,
unsigned char *f,int fl);
const unsigned char *f,int fl);
int RSA_padding_check_none(unsigned char *to,int tlen,
unsigned char *f,int fl,int rsa_len);
const unsigned char *f,int fl,int rsa_len);
int RSA_get_ex_new_index(long argl, void *argp, CRYPTO_EX_new *new_func,
CRYPTO_EX_dup *dup_func, CRYPTO_EX_free *free_func);
int RSA_set_ex_data(RSA *r,int idx,void *arg);
void *RSA_get_ex_data(RSA *r, int idx);
void *RSA_get_ex_data(const RSA *r, int idx);
RSA *RSAPublicKey_dup(RSA *rsa);
RSA *RSAPrivateKey_dup(RSA *rsa);
/* BEGIN ERROR CODES */
/* The following lines are auto generated by the script mkerr.pl. Any changes

View File

@ -1,5 +1,4 @@
/* crypto/rsa/rsa_eay.c */
/* $FreeBSD$ */
/* Copyright (C) 1995-1998 Eric Young (eay@cryptsoft.com)
* All rights reserved.
*
@ -62,18 +61,19 @@
#include <openssl/bn.h>
#include <openssl/rsa.h>
#include <openssl/rand.h>
#include <openssl/engine.h>
#ifndef RSA_NULL
static int RSA_eay_public_encrypt(int flen, unsigned char *from,
static int RSA_eay_public_encrypt(int flen, const unsigned char *from,
unsigned char *to, RSA *rsa,int padding);
static int RSA_eay_private_encrypt(int flen, unsigned char *from,
static int RSA_eay_private_encrypt(int flen, const unsigned char *from,
unsigned char *to, RSA *rsa,int padding);
static int RSA_eay_public_decrypt(int flen, unsigned char *from,
static int RSA_eay_public_decrypt(int flen, const unsigned char *from,
unsigned char *to, RSA *rsa,int padding);
static int RSA_eay_private_decrypt(int flen, unsigned char *from,
static int RSA_eay_private_decrypt(int flen, const unsigned char *from,
unsigned char *to, RSA *rsa,int padding);
static int RSA_eay_mod_exp(BIGNUM *r0, BIGNUM *i, RSA *rsa);
static int RSA_eay_mod_exp(BIGNUM *r0, const BIGNUM *i, RSA *rsa);
static int RSA_eay_init(RSA *rsa);
static int RSA_eay_finish(RSA *rsa);
static RSA_METHOD rsa_pkcs1_eay_meth={
@ -83,19 +83,21 @@ static RSA_METHOD rsa_pkcs1_eay_meth={
RSA_eay_private_encrypt, /* signing */
RSA_eay_private_decrypt,
RSA_eay_mod_exp,
BN_mod_exp_mont,
BN_mod_exp_mont, /* XXX probably we should not use Montgomery if e == 3 */
RSA_eay_init,
RSA_eay_finish,
0,
0, /* flags */
NULL,
0, /* rsa_sign */
0 /* rsa_verify */
};
RSA_METHOD *RSA_PKCS1_SSLeay(void)
const RSA_METHOD *RSA_PKCS1_SSLeay(void)
{
return(&rsa_pkcs1_eay_meth);
}
static int RSA_eay_public_encrypt(int flen, unsigned char *from,
static int RSA_eay_public_encrypt(int flen, const unsigned char *from,
unsigned char *to, RSA *rsa, int padding)
{
BIGNUM f,ret;
@ -118,7 +120,7 @@ static int RSA_eay_public_encrypt(int flen, unsigned char *from,
case RSA_PKCS1_PADDING:
i=RSA_padding_add_PKCS1_type_2(buf,num,from,flen);
break;
#ifndef NO_SHA
#ifndef OPENSSL_NO_SHA
case RSA_PKCS1_OAEP_PADDING:
i=RSA_padding_add_PKCS1_OAEP(buf,num,from,flen,NULL,0);
break;
@ -185,14 +187,14 @@ err:
BN_clear_free(&ret);
if (buf != NULL)
{
memset(buf,0,num);
OPENSSL_cleanse(buf,num);
OPENSSL_free(buf);
}
return(r);
}
/* signing */
static int RSA_eay_private_encrypt(int flen, unsigned char *from,
static int RSA_eay_private_encrypt(int flen, const unsigned char *from,
unsigned char *to, RSA *rsa, int padding)
{
BIGNUM f,ret;
@ -269,13 +271,13 @@ err:
BN_clear_free(&f);
if (buf != NULL)
{
memset(buf,0,num);
OPENSSL_cleanse(buf,num);
OPENSSL_free(buf);
}
return(r);
}
static int RSA_eay_private_decrypt(int flen, unsigned char *from,
static int RSA_eay_private_decrypt(int flen, const unsigned char *from,
unsigned char *to, RSA *rsa, int padding)
{
BIGNUM f,ret;
@ -344,7 +346,7 @@ static int RSA_eay_private_decrypt(int flen, unsigned char *from,
case RSA_PKCS1_PADDING:
r=RSA_padding_check_PKCS1_type_2(to,num,buf,j,num);
break;
#ifndef NO_SHA
#ifndef OPENSSL_NO_SHA
case RSA_PKCS1_OAEP_PADDING:
r=RSA_padding_check_PKCS1_OAEP(to,num,buf,j,num,NULL,0);
break;
@ -368,14 +370,14 @@ err:
BN_clear_free(&ret);
if (buf != NULL)
{
memset(buf,0,num);
OPENSSL_cleanse(buf,num);
OPENSSL_free(buf);
}
return(r);
}
/* signature verification */
static int RSA_eay_public_decrypt(int flen, unsigned char *from,
static int RSA_eay_public_decrypt(int flen, const unsigned char *from,
unsigned char *to, RSA *rsa, int padding)
{
BIGNUM f,ret;
@ -465,13 +467,13 @@ err:
BN_clear_free(&ret);
if (buf != NULL)
{
memset(buf,0,num);
OPENSSL_cleanse(buf,num);
OPENSSL_free(buf);
}
return(r);
}
static int RSA_eay_mod_exp(BIGNUM *r0, BIGNUM *I, RSA *rsa)
static int RSA_eay_mod_exp(BIGNUM *r0, const BIGNUM *I, RSA *rsa)
{
BIGNUM r1,m1,vrfy;
int ret=0;
@ -564,10 +566,19 @@ static int RSA_eay_mod_exp(BIGNUM *r0, BIGNUM *I, RSA *rsa)
if (rsa->e && rsa->n)
{
if (!rsa->meth->bn_mod_exp(&vrfy,r0,rsa->e,rsa->n,ctx,NULL)) goto err;
if (BN_cmp(I, &vrfy) != 0)
{
/* If 'I' was greater than (or equal to) rsa->n, the operation
* will be equivalent to using 'I mod n'. However, the result of
* the verify will *always* be less than 'n' so we don't check
* for absolute equality, just congruency. */
if (!BN_sub(&vrfy, &vrfy, I)) goto err;
if (!BN_mod(&vrfy, &vrfy, rsa->n, ctx)) goto err;
if (vrfy.neg)
if (!BN_add(&vrfy, &vrfy, rsa->n)) goto err;
if (!BN_is_zero(&vrfy))
/* 'I' and 'vrfy' aren't congruent mod n. Don't leak
* miscalculated CRT output, just do a raw (slower)
* mod_exp and return that instead. */
if (!rsa->meth->bn_mod_exp(r0,I,rsa->d,rsa->n,ctx,NULL)) goto err;
}
}
ret=1;
err:

View File

@ -1,5 +1,4 @@
/* crypto/rsa/rsa_lib.c */
/* $FreeBSD$ */
/* Copyright (C) 1995-1998 Eric Young (eay@cryptsoft.com)
* All rights reserved.
*
@ -63,31 +62,30 @@
#include <openssl/lhash.h>
#include <openssl/bn.h>
#include <openssl/rsa.h>
#include <openssl/engine.h>
const char *RSA_version="RSA" OPENSSL_VERSION_PTEXT;
static RSA_METHOD *default_RSA_meth=NULL;
static int rsa_meth_num=0;
static STACK_OF(CRYPTO_EX_DATA_FUNCS) *rsa_meth=NULL;
static const RSA_METHOD *default_RSA_meth=NULL;
RSA *RSA_new(void)
{
return(RSA_new_method(NULL));
}
void RSA_set_default_method(RSA_METHOD *meth)
void RSA_set_default_method(const RSA_METHOD *meth)
{
default_RSA_meth=meth;
default_RSA_meth = meth;
}
RSA_METHOD *RSA_get_default_method(void)
{
const RSA_METHOD *RSA_get_default_method(void)
{
if (default_RSA_meth == NULL)
{
#ifdef RSA_NULL
default_RSA_meth=RSA_null_method();
#else
#ifdef RSAref
#if 0 /* was: #ifdef RSAref */
default_RSA_meth=RSA_PKCS1_RSAref();
#else
default_RSA_meth=RSA_PKCS1_SSLeay();
@ -96,24 +94,31 @@ RSA_METHOD *RSA_get_default_method(void)
}
return default_RSA_meth;
}
}
RSA_METHOD *RSA_get_method(RSA *rsa)
{
const RSA_METHOD *RSA_get_method(const RSA *rsa)
{
return rsa->meth;
}
}
RSA_METHOD *RSA_set_method(RSA *rsa, RSA_METHOD *meth)
{
RSA_METHOD *mtmp;
int RSA_set_method(RSA *rsa, const RSA_METHOD *meth)
{
/* NB: The caller is specifically setting a method, so it's not up to us
* to deal with which ENGINE it comes from. */
const RSA_METHOD *mtmp;
mtmp = rsa->meth;
if (mtmp->finish) mtmp->finish(rsa);
if (rsa->engine)
{
ENGINE_finish(rsa->engine);
rsa->engine = NULL;
}
rsa->meth = meth;
if (meth->init) meth->init(rsa);
return mtmp;
}
return 1;
}
RSA *RSA_new_method(RSA_METHOD *meth)
RSA *RSA_new_method(ENGINE *engine)
{
RSA *ret;
@ -121,13 +126,34 @@ RSA *RSA_new_method(RSA_METHOD *meth)
if (ret == NULL)
{
RSAerr(RSA_F_RSA_NEW_METHOD,ERR_R_MALLOC_FAILURE);
return(NULL);
return NULL;
}
if (meth == NULL)
ret->meth=RSA_get_default_method();
ret->meth = RSA_get_default_method();
if (engine)
{
if (!ENGINE_init(engine))
{
RSAerr(RSA_F_RSA_NEW_METHOD, ERR_R_ENGINE_LIB);
OPENSSL_free(ret);
return NULL;
}
ret->engine = engine;
}
else
ret->meth=meth;
ret->engine = ENGINE_get_default_RSA();
if(ret->engine)
{
ret->meth = ENGINE_get_RSA(ret->engine);
if(!ret->meth)
{
RSAerr(RSA_F_RSA_NEW_METHOD,
ERR_R_ENGINE_LIB);
ENGINE_finish(ret->engine);
OPENSSL_free(ret);
return NULL;
}
}
ret->pad=0;
ret->version=0;
@ -146,10 +172,12 @@ RSA *RSA_new_method(RSA_METHOD *meth)
ret->blinding=NULL;
ret->bignum_data=NULL;
ret->flags=ret->meth->flags;
CRYPTO_new_ex_data(rsa_meth,ret,&ret->ex_data);
CRYPTO_new_ex_data(CRYPTO_EX_INDEX_RSA, ret, &ret->ex_data);
if ((ret->meth->init != NULL) && !ret->meth->init(ret))
{
CRYPTO_free_ex_data(rsa_meth,ret,&ret->ex_data);
if (ret->engine)
ENGINE_finish(ret->engine);
CRYPTO_free_ex_data(CRYPTO_EX_INDEX_RSA, ret, &ret->ex_data);
OPENSSL_free(ret);
ret=NULL;
}
@ -175,10 +203,12 @@ void RSA_free(RSA *r)
}
#endif
if (r->meth->finish != NULL)
if (r->meth->finish)
r->meth->finish(r);
if (r->engine)
ENGINE_finish(r->engine);
CRYPTO_free_ex_data(rsa_meth,r,&r->ex_data);
CRYPTO_free_ex_data(CRYPTO_EX_INDEX_RSA, r, &r->ex_data);
if (r->n != NULL) BN_clear_free(r->n);
if (r->e != NULL) BN_clear_free(r->e);
@ -193,12 +223,27 @@ void RSA_free(RSA *r)
OPENSSL_free(r);
}
int RSA_up_ref(RSA *r)
{
int i = CRYPTO_add(&r->references, 1, CRYPTO_LOCK_RSA);
#ifdef REF_PRINT
REF_PRINT("RSA",r);
#endif
#ifdef REF_CHECK
if (i < 2)
{
fprintf(stderr, "RSA_up_ref, bad reference count\n");
abort();
}
#endif
return ((i > 1) ? 1 : 0);
}
int RSA_get_ex_new_index(long argl, void *argp, CRYPTO_EX_new *new_func,
CRYPTO_EX_dup *dup_func, CRYPTO_EX_free *free_func)
{
rsa_meth_num++;
return(CRYPTO_get_ex_new_index(rsa_meth_num-1,
&rsa_meth,argl,argp,new_func,dup_func,free_func));
return CRYPTO_get_ex_new_index(CRYPTO_EX_INDEX_RSA, argl, argp,
new_func, dup_func, free_func);
}
int RSA_set_ex_data(RSA *r, int idx, void *arg)
@ -206,41 +251,41 @@ int RSA_set_ex_data(RSA *r, int idx, void *arg)
return(CRYPTO_set_ex_data(&r->ex_data,idx,arg));
}
void *RSA_get_ex_data(RSA *r, int idx)
void *RSA_get_ex_data(const RSA *r, int idx)
{
return(CRYPTO_get_ex_data(&r->ex_data,idx));
}
int RSA_size(RSA *r)
int RSA_size(const RSA *r)
{
return(BN_num_bytes(r->n));
}
int RSA_public_encrypt(int flen, unsigned char *from, unsigned char *to,
int RSA_public_encrypt(int flen, const unsigned char *from, unsigned char *to,
RSA *rsa, int padding)
{
return(rsa->meth->rsa_pub_enc(flen, from, to, rsa, padding));
}
int RSA_private_encrypt(int flen, unsigned char *from, unsigned char *to,
int RSA_private_encrypt(int flen, const unsigned char *from, unsigned char *to,
RSA *rsa, int padding)
{
return(rsa->meth->rsa_priv_enc(flen, from, to, rsa, padding));
}
int RSA_private_decrypt(int flen, unsigned char *from, unsigned char *to,
int RSA_private_decrypt(int flen, const unsigned char *from, unsigned char *to,
RSA *rsa, int padding)
{
return(rsa->meth->rsa_priv_dec(flen, from, to, rsa, padding));
}
int RSA_public_decrypt(int flen, unsigned char *from, unsigned char *to,
int RSA_public_decrypt(int flen, const unsigned char *from, unsigned char *to,
RSA *rsa, int padding)
{
return(rsa->meth->rsa_pub_dec(flen, from, to, rsa, padding));
}
int RSA_flags(RSA *r)
int RSA_flags(const RSA *r)
{
return((r == NULL)?0:r->meth->flags);
}
@ -332,4 +377,3 @@ int RSA_memory_lock(RSA *r)
r->bignum_data=p;
return(1);
}

View File

@ -54,23 +54,21 @@
* derivative of this code cannot be changed. i.e. this code cannot simply be
* copied and put under another distribution licence
* [including the GNU Public Licence.]
*
* $FreeBSD$
*/
#include <stdio.h>
#include "ssl_locl.h"
#include <openssl/buffer.h>
#include <openssl/rand.h>
#include <openssl/objects.h>
#include <openssl/evp.h>
#include "ssl_locl.h"
static SSL_METHOD *ssl23_get_client_method(int ver);
static int ssl23_client_hello(SSL *s);
static int ssl23_get_server_hello(SSL *s);
static SSL_METHOD *ssl23_get_client_method(int ver)
{
#ifndef NO_SSL2
#ifndef OPENSSL_NO_SSL2
if (ver == SSL2_VERSION)
return(SSLv2_client_method());
#endif
@ -89,20 +87,27 @@ SSL_METHOD *SSLv23_client_method(void)
if (init)
{
memcpy((char *)&SSLv23_client_data,
(char *)sslv23_base_method(),sizeof(SSL_METHOD));
SSLv23_client_data.ssl_connect=ssl23_connect;
SSLv23_client_data.get_ssl_method=ssl23_get_client_method;
init=0;
CRYPTO_w_lock(CRYPTO_LOCK_SSL_METHOD);
if (init)
{
memcpy((char *)&SSLv23_client_data,
(char *)sslv23_base_method(),sizeof(SSL_METHOD));
SSLv23_client_data.ssl_connect=ssl23_connect;
SSLv23_client_data.get_ssl_method=ssl23_get_client_method;
init=0;
}
CRYPTO_w_unlock(CRYPTO_LOCK_SSL_METHOD);
}
return(&SSLv23_client_data);
}
int ssl23_connect(SSL *s)
{
BUF_MEM *buf;
BUF_MEM *buf=NULL;
unsigned long Time=time(NULL);
void (*cb)()=NULL;
void (*cb)(const SSL *ssl,int type,int val)=NULL;
int ret= -1;
int new_state,state;
@ -154,6 +159,7 @@ int ssl23_connect(SSL *s)
goto end;
}
s->init_buf=buf;
buf=NULL;
}
if (!ssl3_setup_buffers(s)) { ret= -1; goto end; }
@ -202,6 +208,8 @@ int ssl23_connect(SSL *s)
}
end:
s->in_handshake--;
if (buf != NULL)
BUF_MEM_free(buf);
if (cb != NULL)
cb(s,SSL_CB_CONNECT_EXIT,ret);
return(ret);
@ -213,6 +221,7 @@ static int ssl23_client_hello(SSL *s)
unsigned char *buf;
unsigned char *p,*d;
int i,ch_len;
int ret;
buf=(unsigned char *)s->init_buf->data;
if (s->state == SSL23_ST_CW_CLNT_HELLO_A)
@ -304,7 +313,11 @@ static int ssl23_client_hello(SSL *s)
}
/* SSL3_ST_CW_CLNT_HELLO_B */
return(ssl23_write_bytes(s));
ret = ssl23_write_bytes(s);
if (ret >= 2)
if (s->msg_callback)
s->msg_callback(1, SSL2_VERSION, 0, s->init_buf->data+2, ret-2, s, s->msg_callback_arg); /* CLIENT-HELLO */
return ret;
}
static int ssl23_get_server_hello(SSL *s)
@ -324,7 +337,7 @@ static int ssl23_get_server_hello(SSL *s)
if ((p[0] & 0x80) && (p[2] == SSL2_MT_SERVER_HELLO) &&
(p[5] == 0x00) && (p[6] == 0x02))
{
#ifdef NO_SSL2
#ifdef OPENSSL_NO_SSL2
SSLerr(SSL_F_SSL23_GET_SERVER_HELLO,SSL_R_UNSUPPORTED_PROTOCOL);
goto err;
#else
@ -360,7 +373,7 @@ static int ssl23_get_server_hello(SSL *s)
if (s->s3 != NULL) ssl3_free(s);
if (!BUF_MEM_grow(s->init_buf,
if (!BUF_MEM_grow_clean(s->init_buf,
SSL2_MAX_RECORD_LENGTH_3_BYTE_HEADER))
{
SSLerr(SSL_F_SSL23_GET_SERVER_HELLO,ERR_R_BUF_LIB);
@ -437,7 +450,7 @@ static int ssl23_get_server_hello(SSL *s)
(p[3] == 0) &&
(p[4] == 2))
{
void (*cb)()=NULL;
void (*cb)(const SSL *ssl,int type,int val)=NULL;
int j;
/* An alert */

View File

@ -54,8 +54,6 @@
* derivative of this code cannot be changed. i.e. this code cannot simply be
* copied and put under another distribution licence
* [including the GNU Public Licence.]
*
* $FreeBSD$
*/
#include <stdio.h>
@ -113,7 +111,7 @@ SSL_METHOD *sslv23_base_method(void)
static int ssl23_num_ciphers(void)
{
return(ssl3_num_ciphers()
#ifndef NO_SSL2
#ifndef OPENSSL_NO_SSL2
+ ssl2_num_ciphers()
#endif
);
@ -126,7 +124,7 @@ static SSL_CIPHER *ssl23_get_cipher(unsigned int u)
if (u < uu)
return(ssl3_get_cipher(u));
else
#ifndef NO_SSL2
#ifndef OPENSSL_NO_SSL2
return(ssl2_get_cipher(u-uu));
#else
return(NULL);
@ -146,7 +144,7 @@ static SSL_CIPHER *ssl23_get_cipher_by_char(const unsigned char *p)
((unsigned long)p[1]<<8L)|(unsigned long)p[2];
c.id=id;
cp=ssl3_get_cipher_by_char(p);
#ifndef NO_SSL2
#ifndef OPENSSL_NO_SSL2
if (cp == NULL)
cp=ssl2_get_cipher_by_char(p);
#endif

View File

@ -54,8 +54,6 @@
* derivative of this code cannot be changed. i.e. this code cannot simply be
* copied and put under another distribution licence
* [including the GNU Public Licence.]
*
* $FreeBSD$
*/
/* ====================================================================
* Copyright (c) 1998-2001 The OpenSSL Project. All rights reserved.
@ -112,17 +110,17 @@
*/
#include <stdio.h>
#include "ssl_locl.h"
#include <openssl/buffer.h>
#include <openssl/rand.h>
#include <openssl/objects.h>
#include <openssl/evp.h>
#include "ssl_locl.h"
static SSL_METHOD *ssl23_get_server_method(int ver);
int ssl23_get_client_hello(SSL *s);
static SSL_METHOD *ssl23_get_server_method(int ver)
{
#ifndef NO_SSL2
#ifndef OPENSSL_NO_SSL2
if (ver == SSL2_VERSION)
return(SSLv2_server_method());
#endif
@ -141,11 +139,18 @@ SSL_METHOD *SSLv23_server_method(void)
if (init)
{
memcpy((char *)&SSLv23_server_data,
(char *)sslv23_base_method(),sizeof(SSL_METHOD));
SSLv23_server_data.ssl_accept=ssl23_accept;
SSLv23_server_data.get_ssl_method=ssl23_get_server_method;
init=0;
CRYPTO_w_lock(CRYPTO_LOCK_SSL_METHOD);
if (init)
{
memcpy((char *)&SSLv23_server_data,
(char *)sslv23_base_method(),sizeof(SSL_METHOD));
SSLv23_server_data.ssl_accept=ssl23_accept;
SSLv23_server_data.get_ssl_method=ssl23_get_server_method;
init=0;
}
CRYPTO_w_unlock(CRYPTO_LOCK_SSL_METHOD);
}
return(&SSLv23_server_data);
}
@ -154,7 +159,7 @@ int ssl23_accept(SSL *s)
{
BUF_MEM *buf;
unsigned long Time=time(NULL);
void (*cb)()=NULL;
void (*cb)(const SSL *ssl,int type,int val)=NULL;
int ret= -1;
int new_state,state;
@ -257,13 +262,13 @@ int ssl23_get_client_hello(SSL *s)
* 9/10 client_version /
*/
char *buf= &(buf_space[0]);
unsigned char *p,*d,*dd;
unsigned char *p,*d,*d_len,*dd;
unsigned int i;
unsigned int csl,sil,cl;
int n=0,j;
int type=0;
int v[2];
#ifndef NO_RSA
#ifndef OPENSSL_NO_RSA
int use_sslv2_strong=0;
#endif
@ -325,72 +330,6 @@ int ssl23_get_client_hello(SSL *s)
else if (!(s->options & SSL_OP_NO_SSLv2))
type=1;
if (s->options & SSL_OP_NON_EXPORT_FIRST)
/* Not only utterly confusing, but broken
* ('fractured programming'?) -- the details
* of this block nearly make it work
* as intended in this environment, but on one
* of the fine points (w.r.t. restarts) it fails.
* The obvious fix would be even more devastating
* to program structure; if you want the functionality,
* throw this away and implement it in a way
* that makes sense */
{
#if 0
STACK_OF(SSL_CIPHER) *sk;
SSL_CIPHER *c;
int ne2,ne3;
j=((p[0]&0x7f)<<8)|p[1];
if (j > (1024*4))
{
SSLerr(SSL_F_SSL23_GET_CLIENT_HELLO,SSL_R_RECORD_TOO_LARGE);
goto err;
}
n=ssl23_read_bytes(s,j+2);
if (n <= 0) return(n);
p=s->packet;
if ((buf=OPENSSL_malloc(n)) == NULL)
{
SSLerr(SSL_F_SSL23_GET_CLIENT_HELLO,ERR_R_MALLOC_FAILURE);
goto err;
}
memcpy(buf,p,n);
p+=5;
n2s(p,csl);
p+=4;
sk=ssl_bytes_to_cipher_list(
s,p,csl,NULL);
if (sk != NULL)
{
ne2=ne3=0;
for (j=0; j<sk_SSL_CIPHER_num(sk); j++)
{
c=sk_SSL_CIPHER_value(sk,j);
if (!SSL_C_IS_EXPORT(c))
{
if ((c->id>>24L) == 2L)
ne2=1;
else
ne3=1;
}
}
if (ne2 && !ne3)
{
type=1;
use_sslv2_strong=1;
goto next_bit;
}
}
#else
SSLerr(SSL_F_SSL23_GET_CLIENT_HELLO,SSL_R_UNSUPPORTED_OPTION);
goto err;
#endif
}
}
}
else if ((p[0] == SSL3_RT_HANDSHAKE) &&
@ -488,7 +427,9 @@ int ssl23_get_client_hello(SSL *s)
j=ssl23_read_bytes(s,n+2);
if (j <= 0) return(j);
ssl3_finish_mac(s,&(s->packet[2]),s->packet_length-2);
ssl3_finish_mac(s, s->packet+2, s->packet_length-2);
if (s->msg_callback)
s->msg_callback(0, SSL2_VERSION, 0, s->packet+2, s->packet_length-2, s, s->msg_callback_arg); /* CLIENT-HELLO */
p=s->packet;
p+=5;
@ -502,6 +443,13 @@ int ssl23_get_client_hello(SSL *s)
goto err;
}
/* record header: msg_type ... */
*(d++) = SSL3_MT_CLIENT_HELLO;
/* ... and length (actual value will be written later) */
d_len = d;
d += 3;
/* client_version */
*(d++) = SSL3_VERSION_MAJOR; /* == v[0] */
*(d++) = v[1];
@ -532,7 +480,8 @@ int ssl23_get_client_hello(SSL *s)
*(d++)=1;
*(d++)=0;
i=(d-(unsigned char *)s->init_buf->data);
i = (d-(unsigned char *)s->init_buf->data) - 4;
l2n3((long)i, d_len);
/* get the data reused from the init_buf */
s->s3->tmp.reuse_message=1;
@ -545,7 +494,7 @@ int ssl23_get_client_hello(SSL *s)
if (type == 1)
{
#ifdef NO_SSL2
#ifdef OPENSSL_NO_SSL2
SSLerr(SSL_F_SSL23_GET_CLIENT_HELLO,SSL_R_UNSUPPORTED_PROTOCOL);
goto err;
#else
@ -563,7 +512,7 @@ int ssl23_get_client_hello(SSL *s)
if (s->s3 != NULL) ssl3_free(s);
if (!BUF_MEM_grow(s->init_buf,
if (!BUF_MEM_grow_clean(s->init_buf,
SSL2_MAX_RECORD_LENGTH_3_BYTE_HEADER))
{
goto err;

View File

@ -107,11 +107,10 @@
* (eay@cryptsoft.com). This product includes software written by Tim
* Hudson (tjh@cryptsoft.com).
*
* $FreeBSD$
*/
#include "ssl_locl.h"
#ifndef NO_SSL2
#ifndef OPENSSL_NO_SSL2
#include <stdio.h>
#include <openssl/rand.h>
#include <openssl/buffer.h>
@ -146,11 +145,18 @@ SSL_METHOD *SSLv2_client_method(void)
if (init)
{
memcpy((char *)&SSLv2_client_data,(char *)sslv2_base_method(),
sizeof(SSL_METHOD));
SSLv2_client_data.ssl_connect=ssl2_connect;
SSLv2_client_data.get_ssl_method=ssl2_get_client_method;
init=0;
CRYPTO_w_lock(CRYPTO_LOCK_SSL_METHOD);
if (init)
{
memcpy((char *)&SSLv2_client_data,(char *)sslv2_base_method(),
sizeof(SSL_METHOD));
SSLv2_client_data.ssl_connect=ssl2_connect;
SSLv2_client_data.get_ssl_method=ssl2_get_client_method;
init=0;
}
CRYPTO_w_unlock(CRYPTO_LOCK_SSL_METHOD);
}
return(&SSLv2_client_data);
}
@ -160,7 +166,7 @@ int ssl2_connect(SSL *s)
unsigned long l=time(NULL);
BUF_MEM *buf=NULL;
int ret= -1;
void (*cb)()=NULL;
void (*cb)(const SSL *ssl,int type,int val)=NULL;
int new_state,state;
RAND_add(&l,sizeof(l),0);
@ -202,10 +208,13 @@ int ssl2_connect(SSL *s)
if (!BUF_MEM_grow(buf,
SSL2_MAX_RECORD_LENGTH_3_BYTE_HEADER))
{
if (buf == s->init_buf)
buf=NULL;
ret= -1;
goto end;
}
s->init_buf=buf;
buf=NULL;
s->init_num=0;
s->state=SSL2_ST_SEND_CLIENT_HELLO_A;
s->ctx->stats.sess_connect++;
@ -332,6 +341,8 @@ int ssl2_connect(SSL *s)
}
end:
s->in_handshake--;
if (buf != NULL)
BUF_MEM_free(buf);
if (cb != NULL)
cb(s,SSL_CB_CONNECT_EXIT,ret);
return(ret);
@ -343,7 +354,7 @@ static int get_server_hello(SSL *s)
unsigned char *p;
int i,j;
unsigned long len;
STACK_OF(SSL_CIPHER) *sk=NULL,*cl;
STACK_OF(SSL_CIPHER) *sk=NULL,*cl, *prio, *allow;
buf=(unsigned char *)s->init_buf->data;
p=buf;
@ -393,6 +404,8 @@ static int get_server_hello(SSL *s)
j = (int)len - s->init_num;
i = ssl2_read(s,(char *)&(buf[s->init_num]),j);
if (i != j) return(ssl2_part_read(s,SSL_F_GET_SERVER_HELLO,i));
if (s->msg_callback)
s->msg_callback(0, s->version, 0, buf, (size_t)len, s, s->msg_callback_arg); /* SERVER-HELLO */
/* things are looking good */
@ -475,33 +488,49 @@ static int get_server_hello(SSL *s)
sk_SSL_CIPHER_set_cmp_func(sk,ssl_cipher_ptr_id_cmp);
/* get the array of ciphers we will accept */
cl=ssl_get_ciphers_by_id(s);
cl=SSL_get_ciphers(s);
sk_SSL_CIPHER_set_cmp_func(cl,ssl_cipher_ptr_id_cmp);
/*
* If server preference flag set, choose the first
* (highest priority) cipher the server sends, otherwise
* client preference has priority.
*/
if (s->options & SSL_OP_CIPHER_SERVER_PREFERENCE)
{
prio = sk;
allow = cl;
}
else
{
prio = cl;
allow = sk;
}
/* In theory we could have ciphers sent back that we
* don't want to use but that does not matter since we
* will check against the list we originally sent and
* for performance reasons we should not bother to match
* the two lists up just to check. */
for (i=0; i<sk_SSL_CIPHER_num(cl); i++)
for (i=0; i<sk_SSL_CIPHER_num(prio); i++)
{
if (sk_SSL_CIPHER_find(sk,
sk_SSL_CIPHER_value(cl,i)) >= 0)
if (sk_SSL_CIPHER_find(allow,
sk_SSL_CIPHER_value(prio,i)) >= 0)
break;
}
if (i >= sk_SSL_CIPHER_num(cl))
if (i >= sk_SSL_CIPHER_num(prio))
{
ssl2_return_error(s,SSL2_PE_NO_CIPHER);
SSLerr(SSL_F_GET_SERVER_HELLO,SSL_R_NO_CIPHER_MATCH);
return(-1);
}
s->session->cipher=sk_SSL_CIPHER_value(cl,i);
s->session->cipher=sk_SSL_CIPHER_value(prio,i);
if (s->session->peer != NULL) /* can't happen*/
{
ssl2_return_error(s, SSL2_PE_UNDEFINED_ERROR);
SSLerr(SSL_F_GET_SERVER_HELLO, SSL_R_INTERNAL_ERROR);
SSLerr(SSL_F_GET_SERVER_HELLO, ERR_R_INTERNAL_ERROR);
return(-1);
}
@ -514,7 +543,7 @@ static int get_server_hello(SSL *s)
/* can't happen */
{
ssl2_return_error(s, SSL2_PE_UNDEFINED_ERROR);
SSLerr(SSL_F_GET_SERVER_HELLO, SSL_R_INTERNAL_ERROR);
SSLerr(SSL_F_GET_SERVER_HELLO, ERR_R_INTERNAL_ERROR);
return(-1);
}
@ -629,7 +658,7 @@ static int client_master_key(SSL *s)
if (i > SSL_MAX_KEY_ARG_LENGTH)
{
ssl2_return_error(s, SSL2_PE_UNDEFINED_ERROR);
SSLerr(SSL_F_CLIENT_MASTER_KEY, SSL_R_INTERNAL_ERROR);
SSLerr(SSL_F_CLIENT_MASTER_KEY, ERR_R_INTERNAL_ERROR);
return -1;
}
if (i > 0) RAND_pseudo_bytes(sess->key_arg,i);
@ -642,7 +671,7 @@ static int client_master_key(SSL *s)
if (i > sizeof sess->master_key)
{
ssl2_return_error(s, SSL2_PE_UNDEFINED_ERROR);
SSLerr(SSL_F_CLIENT_MASTER_KEY, SSL_R_INTERNAL_ERROR);
SSLerr(SSL_F_CLIENT_MASTER_KEY, ERR_R_INTERNAL_ERROR);
return -1;
}
if (RAND_bytes(sess->master_key,i) <= 0)
@ -691,7 +720,7 @@ static int client_master_key(SSL *s)
if (karg > sizeof sess->key_arg)
{
ssl2_return_error(s,SSL2_PE_UNDEFINED_ERROR);
SSLerr(SSL_F_CLIENT_MASTER_KEY, SSL_R_INTERNAL_ERROR);
SSLerr(SSL_F_CLIENT_MASTER_KEY, ERR_R_INTERNAL_ERROR);
return -1;
}
memcpy(d,sess->key_arg,(unsigned int)karg);
@ -716,7 +745,7 @@ static int client_finished(SSL *s)
*(p++)=SSL2_MT_CLIENT_FINISHED;
if (s->s2->conn_id_length > sizeof s->s2->conn_id)
{
SSLerr(SSL_F_CLIENT_FINISHED, SSL_R_INTERNAL_ERROR);
SSLerr(SSL_F_CLIENT_FINISHED, ERR_R_INTERNAL_ERROR);
return -1;
}
memcpy(p,s->s2->conn_id,(unsigned int)s->s2->conn_id_length);
@ -746,10 +775,12 @@ static int client_certificate(SSL *s)
if (s->state == SSL2_ST_SEND_CLIENT_CERTIFICATE_A)
{
i=ssl2_read(s,(char *)&(buf[s->init_num]),
SSL2_MAX_CERT_CHALLENGE_LENGTH+1-s->init_num);
if (i<(SSL2_MIN_CERT_CHALLENGE_LENGTH+1-s->init_num))
SSL2_MAX_CERT_CHALLENGE_LENGTH+2-s->init_num);
if (i<(SSL2_MIN_CERT_CHALLENGE_LENGTH+2-s->init_num))
return(ssl2_part_read(s,SSL_F_CLIENT_CERTIFICATE,i));
s->init_num += i;
if (s->msg_callback)
s->msg_callback(0, s->version, 0, buf, (size_t)s->init_num, s, s->msg_callback_arg); /* REQUEST-CERTIFICATE */
/* type=buf[0]; */
/* type eq x509 */
@ -842,9 +873,10 @@ static int client_certificate(SSL *s)
/* ok, now we calculate the checksum
* do it first so we can reuse buf :-) */
p=buf;
EVP_SignInit(&ctx,s->ctx->rsa_md5);
EVP_MD_CTX_init(&ctx);
EVP_SignInit_ex(&ctx,s->ctx->rsa_md5, NULL);
EVP_SignUpdate(&ctx,s->s2->key_material,
(unsigned int)s->s2->key_material_length);
s->s2->key_material_length);
EVP_SignUpdate(&ctx,cert_ch,(unsigned int)cert_ch_len);
n=i2d_X509(s->session->sess_cert->peer_key->x509,&p);
EVP_SignUpdate(&ctx,buf,(unsigned int)n);
@ -863,7 +895,7 @@ static int client_certificate(SSL *s)
* We will continue with a 0 length signature
*/
}
memset(&ctx,0,sizeof(ctx));
EVP_MD_CTX_cleanup(&ctx);
s2n(n,p);
d+=n;
@ -898,8 +930,12 @@ static int get_server_verify(SSL *s)
SSL_R_READ_WRONG_PACKET_TYPE);
}
else
SSLerr(SSL_F_GET_SERVER_VERIFY,
SSL_R_PEER_ERROR);
{
SSLerr(SSL_F_GET_SERVER_VERIFY,SSL_R_PEER_ERROR);
/* try to read the error message */
i=ssl2_read(s,(char *)&(p[s->init_num]),3-s->init_num);
return ssl2_part_read(s,SSL_F_GET_SERVER_VERIFY,i);
}
return(-1);
}
}
@ -910,9 +946,11 @@ static int get_server_verify(SSL *s)
i = ssl2_read(s,(char *)&(p[s->init_num]),n);
if (i < n)
return(ssl2_part_read(s,SSL_F_GET_SERVER_VERIFY,i));
if (s->msg_callback)
s->msg_callback(0, s->version, 0, p, len, s, s->msg_callback_arg); /* SERVER-VERIFY */
p += 1;
if (memcmp(p,s->s2->challenge,(unsigned int)s->s2->challenge_length) != 0)
if (memcmp(p,s->s2->challenge,s->s2->challenge_length) != 0)
{
ssl2_return_error(s,SSL2_PE_UNDEFINED_ERROR);
SSLerr(SSL_F_GET_SERVER_VERIFY,SSL_R_CHALLENGE_IS_DIFFERENT);
@ -949,7 +987,12 @@ static int get_server_finished(SSL *s)
SSLerr(SSL_F_GET_SERVER_FINISHED,SSL_R_READ_WRONG_PACKET_TYPE);
}
else
{
SSLerr(SSL_F_GET_SERVER_FINISHED,SSL_R_PEER_ERROR);
/* try to read the error message */
i=ssl2_read(s,(char *)&(p[s->init_num]),3-s->init_num);
return ssl2_part_read(s,SSL_F_GET_SERVER_VERIFY,i);
}
return(-1);
}
s->state=SSL2_ST_GET_SERVER_FINISHED_B;
@ -961,6 +1004,8 @@ static int get_server_finished(SSL *s)
if (i < n) /* XXX could be shorter than SSL2_SSL_SESSION_ID_LENGTH, that's the maximum */
return(ssl2_part_read(s,SSL_F_GET_SERVER_FINISHED,i));
s->init_num += i;
if (s->msg_callback)
s->msg_callback(0, s->version, 0, buf, (size_t)s->init_num, s, s->msg_callback_arg); /* SERVER-FINISHED */
if (!s->hit) /* new session */
{
@ -969,7 +1014,7 @@ static int get_server_finished(SSL *s)
* or bad things can happen */
/* ZZZZZZZZZZZZZ */
s->session->session_id_length=SSL2_SSL_SESSION_ID_LENGTH;
memcpy(s->session->session_id,p,SSL2_SSL_SESSION_ID_LENGTH);
memcpy(s->session->session_id,p+1,SSL2_SSL_SESSION_ID_LENGTH);
}
else
{
@ -1084,7 +1129,7 @@ end:
EVP_PKEY_free(pkey);
return(i);
}
#else /* !NO_SSL2 */
#else /* !OPENSSL_NO_SSL2 */
# if PEDANTIC
static void *dummy=&dummy;

View File

@ -54,13 +54,12 @@
* derivative of this code cannot be changed. i.e. this code cannot simply be
* copied and put under another distribution licence
* [including the GNU Public Licence.]
*
* $FreeBSD$
*/
#include "ssl_locl.h"
#ifndef NO_SSL2
#ifndef OPENSSL_NO_SSL2
#include <stdio.h>
#include "cryptlib.h"
int ssl2_enc_init(SSL *s, int client)
{
@ -97,13 +96,15 @@ int ssl2_enc_init(SSL *s, int client)
num=c->key_len;
s->s2->key_material_length=num*2;
OPENSSL_assert(s->s2->key_material_length <= sizeof s->s2->key_material);
if (ssl2_generate_key_material(s) <= 0)
return 0;
EVP_EncryptInit(ws,c,&(s->s2->key_material[(client)?num:0]),
OPENSSL_assert(c->iv_len <= sizeof s->session->key_arg);
EVP_EncryptInit_ex(ws,c,NULL,&(s->s2->key_material[(client)?num:0]),
s->session->key_arg);
EVP_DecryptInit(rs,c,&(s->s2->key_material[(client)?0:num]),
EVP_DecryptInit_ex(rs,c,NULL,&(s->s2->key_material[(client)?0:num]),
s->session->key_arg);
s->s2->read_key= &(s->s2->key_material[(client)?0:num]);
s->s2->write_key= &(s->s2->key_material[(client)?num:0]);
@ -172,16 +173,17 @@ void ssl2_mac(SSL *s, unsigned char *md, int send)
l2n(seq,p);
/* There has to be a MAC algorithm. */
EVP_DigestInit(&c,s->read_hash);
EVP_MD_CTX_init(&c);
EVP_DigestInit_ex(&c, s->read_hash, NULL);
EVP_DigestUpdate(&c,sec,
EVP_CIPHER_CTX_key_length(s->enc_read_ctx));
EVP_DigestUpdate(&c,act,len);
/* the above line also does the pad data */
EVP_DigestUpdate(&c,sequence,4);
EVP_DigestFinal(&c,md,NULL);
/* some would say I should zero the md context */
EVP_DigestFinal_ex(&c,md,NULL);
EVP_MD_CTX_cleanup(&c);
}
#else /* !NO_SSL2 */
#else /* !OPENSSL_NO_SSL2 */
# if PEDANTIC
static void *dummy=&dummy;

View File

@ -54,15 +54,14 @@
* derivative of this code cannot be changed. i.e. this code cannot simply be
* copied and put under another distribution licence
* [including the GNU Public Licence.]
*
* $FreeBSD$
*/
#include "ssl_locl.h"
#ifndef NO_SSL2
#ifndef OPENSSL_NO_SSL2
#include <stdio.h>
#include <openssl/rsa.h>
#include <openssl/objects.h>
#include <openssl/evp.h>
#include <openssl/md5.h>
#include "cryptlib.h"
@ -309,7 +308,7 @@ void ssl2_free(SSL *s)
s2=s->s2;
if (s2->rbuf != NULL) OPENSSL_free(s2->rbuf);
if (s2->wbuf != NULL) OPENSSL_free(s2->wbuf);
memset(s2,0,sizeof *s2);
OPENSSL_cleanse(s2,sizeof *s2);
OPENSSL_free(s2);
s->s2=NULL;
}
@ -334,7 +333,7 @@ void ssl2_clear(SSL *s)
s->packet_length=0;
}
long ssl2_ctrl(SSL *s, int cmd, long larg, char *parg)
long ssl2_ctrl(SSL *s, int cmd, long larg, void *parg)
{
int ret=0;
@ -354,7 +353,7 @@ long ssl2_callback_ctrl(SSL *s, int cmd, void (*fp)())
return(0);
}
long ssl2_ctx_ctrl(SSL_CTX *ctx, int cmd, long larg, char *parg)
long ssl2_ctx_ctrl(SSL_CTX *ctx, int cmd, long larg, void *parg)
{
return(0);
}
@ -378,15 +377,19 @@ SSL_CIPHER *ssl2_get_cipher_by_char(const unsigned char *p)
{
CRYPTO_w_lock(CRYPTO_LOCK_SSL);
for (i=0; i<SSL2_NUM_CIPHERS; i++)
sorted[i]= &(ssl2_ciphers[i]);
if (init)
{
for (i=0; i<SSL2_NUM_CIPHERS; i++)
sorted[i]= &(ssl2_ciphers[i]);
qsort( (char *)sorted,
SSL2_NUM_CIPHERS,sizeof(SSL_CIPHER *),
FP_ICC ssl_cipher_ptr_id_cmp);
qsort((char *)sorted,
SSL2_NUM_CIPHERS,sizeof(SSL_CIPHER *),
FP_ICC ssl_cipher_ptr_id_cmp);
init=0;
}
CRYPTO_w_unlock(CRYPTO_LOCK_SSL);
init=0;
}
id=0x02000000L|((unsigned long)p[0]<<16L)|
@ -420,43 +423,50 @@ int ssl2_put_cipher_by_char(const SSL_CIPHER *c, unsigned char *p)
int ssl2_generate_key_material(SSL *s)
{
unsigned int i;
MD5_CTX ctx;
EVP_MD_CTX ctx;
unsigned char *km;
unsigned char c='0';
const EVP_MD *md5;
md5 = EVP_md5();
#ifdef CHARSET_EBCDIC
c = os_toascii['0']; /* Must be an ASCII '0', not EBCDIC '0',
see SSLv2 docu */
#endif
EVP_MD_CTX_init(&ctx);
km=s->s2->key_material;
if (s->session->master_key_length < 0 || s->session->master_key_length > sizeof s->session->master_key)
{
SSLerr(SSL_F_SSL2_GENERATE_KEY_MATERIAL, SSL_R_INTERNAL_ERROR);
return 0;
}
if (s->session->master_key_length < 0 || s->session->master_key_length > sizeof s->session->master_key)
{
SSLerr(SSL_F_SSL2_GENERATE_KEY_MATERIAL, ERR_R_INTERNAL_ERROR);
return 0;
}
for (i=0; i<s->s2->key_material_length; i+=MD5_DIGEST_LENGTH)
for (i=0; i<s->s2->key_material_length; i += EVP_MD_size(md5))
{
if (((km - s->s2->key_material) + MD5_DIGEST_LENGTH) > sizeof s->s2->key_material)
if (((km - s->s2->key_material) + EVP_MD_size(md5)) > sizeof s->s2->key_material)
{
/* MD5_Final() below would write beyond buffer */
SSLerr(SSL_F_SSL2_GENERATE_KEY_MATERIAL, SSL_R_INTERNAL_ERROR);
/* EVP_DigestFinal_ex() below would write beyond buffer */
SSLerr(SSL_F_SSL2_GENERATE_KEY_MATERIAL, ERR_R_INTERNAL_ERROR);
return 0;
}
MD5_Init(&ctx);
EVP_DigestInit_ex(&ctx, md5, NULL);
MD5_Update(&ctx,s->session->master_key,s->session->master_key_length);
MD5_Update(&ctx,&c,1);
OPENSSL_assert(s->session->master_key_length >= 0
&& s->session->master_key_length
< sizeof s->session->master_key);
EVP_DigestUpdate(&ctx,s->session->master_key,s->session->master_key_length);
EVP_DigestUpdate(&ctx,&c,1);
c++;
MD5_Update(&ctx,s->s2->challenge,s->s2->challenge_length);
MD5_Update(&ctx,s->s2->conn_id,s->s2->conn_id_length);
MD5_Final(km,&ctx);
km+=MD5_DIGEST_LENGTH;
EVP_DigestUpdate(&ctx,s->s2->challenge,s->s2->challenge_length);
EVP_DigestUpdate(&ctx,s->s2->conn_id,s->s2->conn_id_length);
EVP_DigestFinal_ex(&ctx,km,NULL);
km += EVP_MD_size(md5);
}
EVP_MD_CTX_cleanup(&ctx);
return 1;
}
@ -485,17 +495,21 @@ void ssl2_write_error(SSL *s)
error=s->error; /* number of bytes left to write */
s->error=0;
if (error < 0 || error > sizeof buf) /* can't happen */
return;
OPENSSL_assert(error >= 0 && error <= sizeof buf);
i=ssl2_write(s,&(buf[3-error]),error);
/* if (i == error) s->rwstate=state; */
if (i < 0)
s->error=error;
else if (i != s->error)
else
{
s->error=error-i;
if (s->error == 0)
if (s->msg_callback)
s->msg_callback(1, s->version, 0, buf, 3, s, s->msg_callback_arg); /* ERROR */
}
}
int ssl2_shutdown(SSL *s)
@ -503,7 +517,7 @@ int ssl2_shutdown(SSL *s)
s->shutdown=(SSL_SENT_SHUTDOWN|SSL_RECEIVED_SHUTDOWN);
return(1);
}
#else /* !NO_SSL2 */
#else /* !OPENSSL_NO_SSL2 */
# if PEDANTIC
static void *dummy=&dummy;

View File

@ -54,12 +54,10 @@
* derivative of this code cannot be changed. i.e. this code cannot simply be
* copied and put under another distribution licence
* [including the GNU Public Licence.]
*
* $FreeBSD$
*/
#include "ssl_locl.h"
#ifndef NO_SSL2
#ifndef OPENSSL_NO_SSL2
#include <stdio.h>
#include <openssl/objects.h>
@ -79,16 +77,23 @@ SSL_METHOD *SSLv2_method(void)
if (init)
{
memcpy((char *)&SSLv2_data,(char *)sslv2_base_method(),
sizeof(SSL_METHOD));
SSLv2_data.ssl_connect=ssl2_connect;
SSLv2_data.ssl_accept=ssl2_accept;
SSLv2_data.get_ssl_method=ssl2_get_method;
init=0;
CRYPTO_w_lock(CRYPTO_LOCK_SSL_METHOD);
if (init)
{
memcpy((char *)&SSLv2_data,(char *)sslv2_base_method(),
sizeof(SSL_METHOD));
SSLv2_data.ssl_connect=ssl2_connect;
SSLv2_data.ssl_accept=ssl2_accept;
SSLv2_data.get_ssl_method=ssl2_get_method;
init=0;
}
CRYPTO_w_unlock(CRYPTO_LOCK_SSL_METHOD);
}
return(&SSLv2_data);
}
#else /* !NO_SSL2 */
#else /* !OPENSSL_NO_SSL2 */
# if PEDANTIC
static void *dummy=&dummy;

View File

@ -107,13 +107,13 @@
* (eay@cryptsoft.com). This product includes software written by Tim
* Hudson (tjh@cryptsoft.com).
*
* $FreeBSD$
*/
#include "ssl_locl.h"
#ifndef NO_SSL2
#ifndef OPENSSL_NO_SSL2
#include <stdio.h>
#include <errno.h>
#include "cryptlib.h"
#define USE_SOCKETS
static int read_n(SSL *s,unsigned int n,unsigned int max,unsigned int extend);
@ -248,6 +248,7 @@ static int ssl2_read_internal(SSL *s, void *buf, int len, int peek)
else
{
mac_size=EVP_MD_size(s->read_hash);
OPENSSL_assert(mac_size <= MAX_MAC_SIZE);
s->s2->mac_data=p;
s->s2->ract_data= &p[mac_size];
if (s->s2->padding + mac_size > s->s2->rlength)
@ -693,6 +694,8 @@ int ssl2_do_write(SSL *s)
ret=ssl2_write(s,&s->init_buf->data[s->init_off],s->init_num);
if (ret == s->init_num)
{
if (s->msg_callback)
s->msg_callback(1, s->version, 0, s->init_buf->data, (size_t)(s->init_off + s->init_num), s, s->msg_callback_arg);
return(1);
}
if (ret < 0)
@ -726,7 +729,7 @@ static int ssl_mt_error(int n)
}
return(ret);
}
#else /* !NO_SSL2 */
#else /* !OPENSSL_NO_SSL2 */
# if PEDANTIC
static void *dummy=&dummy;

View File

@ -107,11 +107,10 @@
* (eay@cryptsoft.com). This product includes software written by Tim
* Hudson (tjh@cryptsoft.com).
*
* $FreeBSD$
*/
#include "ssl_locl.h"
#ifndef NO_SSL2
#ifndef OPENSSL_NO_SSL2
#include <stdio.h>
#include <openssl/bio.h>
#include <openssl/rand.h>
@ -146,11 +145,18 @@ SSL_METHOD *SSLv2_server_method(void)
if (init)
{
memcpy((char *)&SSLv2_server_data,(char *)sslv2_base_method(),
sizeof(SSL_METHOD));
SSLv2_server_data.ssl_accept=ssl2_accept;
SSLv2_server_data.get_ssl_method=ssl2_get_server_method;
init=0;
CRYPTO_w_lock(CRYPTO_LOCK_SSL_METHOD);
if (init)
{
memcpy((char *)&SSLv2_server_data,(char *)sslv2_base_method(),
sizeof(SSL_METHOD));
SSLv2_server_data.ssl_accept=ssl2_accept;
SSLv2_server_data.get_ssl_method=ssl2_get_server_method;
init=0;
}
CRYPTO_w_unlock(CRYPTO_LOCK_SSL_METHOD);
}
return(&SSLv2_server_data);
}
@ -161,7 +167,7 @@ int ssl2_accept(SSL *s)
BUF_MEM *buf=NULL;
int ret= -1;
long num1;
void (*cb)()=NULL;
void (*cb)(const SSL *ssl,int type,int val)=NULL;
int new_state,state;
RAND_add(&l,sizeof(l),0);
@ -431,7 +437,7 @@ static int get_client_master_key(SSL *s)
if (s->init_buf->length < SSL2_MAX_RECORD_LENGTH_3_BYTE_HEADER)
{
ssl2_return_error(s,SSL2_PE_UNDEFINED_ERROR);
SSLerr(SSL_F_GET_CLIENT_MASTER_KEY, SSL_R_INTERNAL_ERROR);
SSLerr(SSL_F_GET_CLIENT_MASTER_KEY, ERR_R_INTERNAL_ERROR);
return -1;
}
keya=s->session->key_arg_length;
@ -445,6 +451,8 @@ static int get_client_master_key(SSL *s)
n = (int)len - s->init_num;
i = ssl2_read(s,(char *)&(p[s->init_num]),n);
if (i != n) return(ssl2_part_read(s,SSL_F_GET_CLIENT_MASTER_KEY,i));
if (s->msg_callback)
s->msg_callback(0, s->version, 0, p, (size_t)len, s, s->msg_callback_arg); /* CLIENT-MASTER-KEY */
p += 10;
memcpy(s->session->key_arg,&(p[s->s2->tmp.clear+s->s2->tmp.enc]),
@ -519,7 +527,7 @@ static int get_client_master_key(SSL *s)
if (i > SSL_MAX_MASTER_KEY_LENGTH)
{
ssl2_return_error(s,SSL2_PE_UNDEFINED_ERROR);
SSLerr(SSL_F_GET_CLIENT_MASTER_KEY, SSL_R_INTERNAL_ERROR);
SSLerr(SSL_F_GET_CLIENT_MASTER_KEY, ERR_R_INTERNAL_ERROR);
return -1;
}
s->session->master_key_length=i;
@ -534,6 +542,7 @@ static int get_client_hello(SSL *s)
unsigned char *p;
STACK_OF(SSL_CIPHER) *cs; /* a stack of SSL_CIPHERS */
STACK_OF(SSL_CIPHER) *cl; /* the ones we want to use */
STACK_OF(SSL_CIPHER) *prio, *allow;
int z;
/* This is a bit of a hack to check for the correct packet
@ -590,6 +599,8 @@ static int get_client_hello(SSL *s)
n = (int)len - s->init_num;
i = ssl2_read(s,(char *)&(p[s->init_num]),n);
if (i != n) return(ssl2_part_read(s,SSL_F_GET_CLIENT_HELLO,i));
if (s->msg_callback)
s->msg_callback(0, s->version, 0, p, (size_t)len, s, s->msg_callback_arg); /* CLIENT-HELLO */
p += 9;
/* get session-id before cipher stuff so we can get out session
@ -647,21 +658,37 @@ static int get_client_hello(SSL *s)
&s->session->ciphers);
if (cs == NULL) goto mem_err;
cl=ssl_get_ciphers_by_id(s);
cl=SSL_get_ciphers(s);
for (z=0; z<sk_SSL_CIPHER_num(cs); z++)
if (s->options & SSL_OP_CIPHER_SERVER_PREFERENCE)
{
prio=sk_SSL_CIPHER_dup(cl);
if (prio == NULL) goto mem_err;
allow = cs;
}
else
{
prio = cs;
allow = cl;
}
for (z=0; z<sk_SSL_CIPHER_num(prio); z++)
{
if (sk_SSL_CIPHER_find(cl,sk_SSL_CIPHER_value(cs,z)) < 0)
if (sk_SSL_CIPHER_find(allow,sk_SSL_CIPHER_value(prio,z)) < 0)
{
sk_SSL_CIPHER_delete(cs,z);
sk_SSL_CIPHER_delete(prio,z);
z--;
}
}
if (s->options & SSL_OP_CIPHER_SERVER_PREFERENCE)
{
sk_SSL_CIPHER_free(s->session->ciphers);
s->session->ciphers = prio;
}
/* s->session->ciphers should now have a list of
* ciphers that are on both the client and server.
* This list is ordered by the order the client sent
* the ciphers.
* the ciphers or in the order of the server's preference
* if SSL_OP_CIPHER_SERVER_PREFERENCE was set.
*/
}
p+=s->s2->tmp.cipher_spec_length;
@ -674,7 +701,7 @@ static int get_client_hello(SSL *s)
if (s->s2->challenge_length > sizeof s->s2->challenge)
{
ssl2_return_error(s,SSL2_PE_UNDEFINED_ERROR);
SSLerr(SSL_F_GET_CLIENT_HELLO, SSL_R_INTERNAL_ERROR);
SSLerr(SSL_F_GET_CLIENT_HELLO, ERR_R_INTERNAL_ERROR);
return -1;
}
memcpy(s->s2->challenge,p,(unsigned int)s->s2->challenge_length);
@ -821,7 +848,12 @@ static int get_client_finished(SSL *s)
SSLerr(SSL_F_GET_CLIENT_FINISHED,SSL_R_READ_WRONG_PACKET_TYPE);
}
else
{
SSLerr(SSL_F_GET_CLIENT_FINISHED,SSL_R_PEER_ERROR);
/* try to read the error message */
i=ssl2_read(s,(char *)&(p[s->init_num]),3-s->init_num);
return ssl2_part_read(s,SSL_F_GET_SERVER_VERIFY,i);
}
return(-1);
}
s->state=SSL2_ST_GET_CLIENT_FINISHED_B;
@ -831,7 +863,7 @@ static int get_client_finished(SSL *s)
if (s->s2->conn_id_length > sizeof s->s2->conn_id)
{
ssl2_return_error(s,SSL2_PE_UNDEFINED_ERROR);
SSLerr(SSL_F_GET_CLIENT_FINISHED, SSL_R_INTERNAL_ERROR);
SSLerr(SSL_F_GET_CLIENT_FINISHED, ERR_R_INTERNAL_ERROR);
return -1;
}
len = 1 + (unsigned long)s->s2->conn_id_length;
@ -841,8 +873,10 @@ static int get_client_finished(SSL *s)
{
return(ssl2_part_read(s,SSL_F_GET_CLIENT_FINISHED,i));
}
if (s->msg_callback)
s->msg_callback(0, s->version, 0, p, len, s, s->msg_callback_arg); /* CLIENT-FINISHED */
p += 1;
if (memcmp(p,s->s2->conn_id,(unsigned int)s->s2->conn_id_length) != 0)
if (memcmp(p,s->s2->conn_id,s->s2->conn_id_length) != 0)
{
ssl2_return_error(s,SSL2_PE_UNDEFINED_ERROR);
SSLerr(SSL_F_GET_CLIENT_FINISHED,SSL_R_CONNECTION_ID_IS_DIFFERENT);
@ -861,7 +895,7 @@ static int server_verify(SSL *s)
*(p++)=SSL2_MT_SERVER_VERIFY;
if (s->s2->challenge_length > sizeof s->s2->challenge)
{
SSLerr(SSL_F_SERVER_VERIFY, SSL_R_INTERNAL_ERROR);
SSLerr(SSL_F_SERVER_VERIFY, ERR_R_INTERNAL_ERROR);
return -1;
}
memcpy(p,s->s2->challenge,(unsigned int)s->s2->challenge_length);
@ -885,7 +919,7 @@ static int server_finish(SSL *s)
if (s->session->session_id_length > sizeof s->session->session_id)
{
SSLerr(SSL_F_SERVER_FINISH, SSL_R_INTERNAL_ERROR);
SSLerr(SSL_F_SERVER_FINISH, ERR_R_INTERNAL_ERROR);
return -1;
}
memcpy(p,s->session->session_id, (unsigned int)s->session->session_id_length);
@ -960,6 +994,9 @@ static int request_certificate(SSL *s)
goto end;
}
if (s->msg_callback)
s->msg_callback(0, s->version, 0, p, 3, s, s->msg_callback_arg); /* ERROR */
/* this is the one place where we can recover from an SSL 2.0 error */
if (s->verify_mode & SSL_VERIFY_FAIL_IF_NO_PEER_CERT)
@ -979,7 +1016,7 @@ static int request_certificate(SSL *s)
}
if (s->init_num != 6)
{
SSLerr(SSL_F_REQUEST_CERTIFICATE, SSL_R_INTERNAL_ERROR);
SSLerr(SSL_F_REQUEST_CERTIFICATE, ERR_R_INTERNAL_ERROR);
goto end;
}
@ -1002,7 +1039,7 @@ static int request_certificate(SSL *s)
len = 6 + (unsigned long)s->s2->tmp.clen + (unsigned long)s->s2->tmp.rlen;
if (len > SSL2_MAX_RECORD_LENGTH_3_BYTE_HEADER)
{
SSLerr(SSL_F_GET_CLIENT_MASTER_KEY,SSL_R_MESSAGE_TOO_LONG);
SSLerr(SSL_F_REQUEST_CERTIFICATE,SSL_R_MESSAGE_TOO_LONG);
goto end;
}
j = (int)len - s->init_num;
@ -1012,6 +1049,8 @@ static int request_certificate(SSL *s)
ret=ssl2_part_read(s,SSL_F_REQUEST_CERTIFICATE,i);
goto end;
}
if (s->msg_callback)
s->msg_callback(0, s->version, 0, p, len, s, s->msg_callback_arg); /* CLIENT-CERTIFICATE */
p += 6;
x509=(X509 *)d2i_X509(NULL,&p,(long)s->s2->tmp.clen);
@ -1034,9 +1073,10 @@ static int request_certificate(SSL *s)
EVP_MD_CTX ctx;
EVP_PKEY *pkey=NULL;
EVP_VerifyInit(&ctx,s->ctx->rsa_md5);
EVP_MD_CTX_init(&ctx);
EVP_VerifyInit_ex(&ctx,s->ctx->rsa_md5, NULL);
EVP_VerifyUpdate(&ctx,s->s2->key_material,
(unsigned int)s->s2->key_material_length);
s->s2->key_material_length);
EVP_VerifyUpdate(&ctx,ccd,SSL2_MIN_CERT_CHALLENGE_LENGTH);
i=i2d_X509(s->cert->pkeys[SSL_PKEY_RSA_ENC].x509,NULL);
@ -1055,7 +1095,7 @@ static int request_certificate(SSL *s)
if (pkey == NULL) goto end;
i=EVP_VerifyFinal(&ctx,p,s->s2->tmp.rlen,pkey);
EVP_PKEY_free(pkey);
memset(&ctx,0,sizeof(ctx));
EVP_MD_CTX_cleanup(&ctx);
if (i)
{
@ -1108,7 +1148,7 @@ static int ssl_rsa_private_decrypt(CERT *c, int len, unsigned char *from,
SSLerr(SSL_F_SSL_RSA_PRIVATE_DECRYPT,ERR_R_RSA_LIB);
return(i);
}
#else /* !NO_SSL2 */
#else /* !OPENSSL_NO_SSL2 */
# if PEDANTIC
static void *dummy=&dummy;

View File

@ -1,7 +1,6 @@
#!/usr/local/bin/perl
#
# Mingw32.pl -- Mingw32 with GNU cp (Mingw32f.pl uses DOS tools)
# $FreeBSD$
#
$o='/';
@ -26,6 +25,8 @@ if ($gaswin and !$no_asm)
{
$bn_asm_obj='$(OBJ_D)/bn-win32.o';
$bn_asm_src='crypto/bn/asm/bn-win32.s';
$bnco_asm_obj='$(OBJ_D)/co-win32.o';
$bnco_asm_src='crypto/bn/asm/co-win32.s';
$des_enc_obj='$(OBJ_D)/d-win32.o $(OBJ_D)/y-win32.o';
$des_enc_src='crypto/des/asm/d-win32.s crypto/des/asm/y-win32.s';
$bf_enc_obj='$(OBJ_D)/b-win32.o';
@ -67,12 +68,12 @@ $lfile='';
$asm='as';
$afile='-o ';
$bn_asm_obj="";
$bn_asm_src="";
$des_enc_obj="";
$des_enc_src="";
$bf_enc_obj="";
$bf_enc_src="";
#$bn_asm_obj="";
#$bn_asm_src="";
#$des_enc_obj="";
#$des_enc_src="";
#$bf_enc_obj="";
#$bf_enc_src="";
sub do_lib_rule
{