Merge OpenSSL 0.9.8p into head.
Security: CVE-2010-3864 Security: http://www.openssl.org/news/secadv_20101116.txt
This commit is contained in:
parent
9c043d5908
commit
7a23485c98
@ -2,6 +2,51 @@
|
||||
OpenSSL CHANGES
|
||||
_______________
|
||||
|
||||
Changes between 0.9.8o and 0.9.8p [16 Nov 2010]
|
||||
|
||||
*) Fix extension code to avoid race conditions which can result in a buffer
|
||||
overrun vulnerability: resumed sessions must not be modified as they can
|
||||
be shared by multiple threads. CVE-2010-3864
|
||||
[Steve Henson]
|
||||
|
||||
*) Fix for double free bug in ssl/s3_clnt.c CVE-2010-2939
|
||||
[Steve Henson]
|
||||
|
||||
*) Don't reencode certificate when calculating signature: cache and use
|
||||
the original encoding instead. This makes signature verification of
|
||||
some broken encodings work correctly.
|
||||
[Steve Henson]
|
||||
|
||||
*) ec2_GF2m_simple_mul bugfix: compute correct result if the output EC_POINT
|
||||
is also one of the inputs.
|
||||
[Emilia Käsper <emilia.kasper@esat.kuleuven.be> (Google)]
|
||||
|
||||
*) Don't repeatedly append PBE algorithms to table if they already exist.
|
||||
Sort table on each new add. This effectively makes the table read only
|
||||
after all algorithms are added and subsequent calls to PKCS12_pbe_add
|
||||
etc are non-op.
|
||||
[Steve Henson]
|
||||
|
||||
Changes between 0.9.8n and 0.9.8o [01 Jun 2010]
|
||||
|
||||
[NB: OpenSSL 0.9.8o and later 0.9.8 patch levels were released after
|
||||
OpenSSL 1.0.0.]
|
||||
|
||||
*) Correct a typo in the CMS ASN1 module which can result in invalid memory
|
||||
access or freeing data twice (CVE-2010-0742)
|
||||
[Steve Henson, Ronald Moesbergen <intercommit@gmail.com>]
|
||||
|
||||
*) Add SHA2 algorithms to SSL_library_init(). SHA2 is becoming far more
|
||||
common in certificates and some applications which only call
|
||||
SSL_library_init and not OpenSSL_add_all_algorithms() will fail.
|
||||
[Steve Henson]
|
||||
|
||||
*) VMS fixes:
|
||||
Reduce copying into .apps and .test in makevms.com
|
||||
Don't try to use blank CA certificate in CA.com
|
||||
Allow use of C files from original directories in maketests.com
|
||||
[Steven M. Schweda" <sms@antinode.info>]
|
||||
|
||||
Changes between 0.9.8m and 0.9.8n [24 Mar 2010]
|
||||
|
||||
*) When rejecting SSL/TLS records due to an incorrect version number, never
|
||||
|
@ -1812,11 +1812,11 @@ EOF
|
||||
(system $make_command.$make_targets) == 0 or exit $?
|
||||
if $make_targets ne "";
|
||||
if ( $perl =~ m@^/@) {
|
||||
&dofile("tools/c_rehash",$perl,'^#!/', '#!%s','^my \$dir;$', 'my $dir = "' . $openssldir . '";');
|
||||
&dofile("tools/c_rehash",$perl,'^#!/', '#!%s','^my \$dir;$', 'my $dir = "' . $openssldir . '";', '^my \$prefix;$', 'my $prefix = "' . $prefix . '";');
|
||||
&dofile("apps/CA.pl",$perl,'^#!/', '#!%s');
|
||||
} else {
|
||||
# No path for Perl known ...
|
||||
&dofile("tools/c_rehash",'/usr/local/bin/perl','^#!/', '#!%s','^my \$dir;$', 'my $dir = "' . $openssldir . '";');
|
||||
&dofile("tools/c_rehash",'/usr/local/bin/perl','^#!/', '#!%s','^my \$dir;$', 'my $dir = "' . $openssldir . '";', '^my \$prefix;$', 'my $prefix = "' . $prefix . '";');
|
||||
&dofile("apps/CA.pl",'/usr/local/bin/perl','^#!/', '#!%s');
|
||||
}
|
||||
if ($depflags ne $default_depflags && !$make_depend) {
|
||||
|
@ -70,6 +70,7 @@ OpenSSL - Frequently Asked Questions
|
||||
* I think I've detected a memory leak, is this a bug?
|
||||
* Why does Valgrind complain about the use of uninitialized data?
|
||||
* Why doesn't a memory BIO work when a file does?
|
||||
* Where are the declarations and implementations of d2i_X509() etc?
|
||||
|
||||
===============================================================================
|
||||
|
||||
@ -78,7 +79,7 @@ OpenSSL - Frequently Asked Questions
|
||||
* Which is the current version of OpenSSL?
|
||||
|
||||
The current version is available from <URL: http://www.openssl.org>.
|
||||
OpenSSL 0.9.8n was released on Mar 24th, 2010.
|
||||
OpenSSL 1.0.0b was released on Nov 16th, 2010.
|
||||
|
||||
In addition to the current stable release, you can also access daily
|
||||
snapshots of the OpenSSL development version at <URL:
|
||||
@ -94,14 +95,17 @@ explains how to install this library.
|
||||
|
||||
OpenSSL includes a command line utility that can be used to perform a
|
||||
variety of cryptographic functions. It is described in the openssl(1)
|
||||
manpage. Documentation for developers is currently being written. A
|
||||
few manual pages already are available; overviews over libcrypto and
|
||||
manpage. Documentation for developers is currently being written. Many
|
||||
manual pages are available; overviews over libcrypto and
|
||||
libssl are given in the crypto(3) and ssl(3) manpages.
|
||||
|
||||
The OpenSSL manpages are installed in /usr/local/ssl/man/ (or a
|
||||
different directory if you specified one as described in INSTALL).
|
||||
In addition, you can read the most current versions at
|
||||
<URL: http://www.openssl.org/docs/>.
|
||||
<URL: http://www.openssl.org/docs/>. Note that the online documents refer
|
||||
to the very latest development versions of OpenSSL and may include features
|
||||
not present in released versions. If in doubt refer to the documentation
|
||||
that came with the version of OpenSSL you are using.
|
||||
|
||||
For information on parts of libcrypto that are not yet documented, you
|
||||
might want to read Ariel Glenn's documentation on SSLeay 0.9, OpenSSL's
|
||||
@ -717,8 +721,10 @@ file.
|
||||
|
||||
Multi-threaded applications must provide two callback functions to
|
||||
OpenSSL by calling CRYPTO_set_locking_callback() and
|
||||
CRYPTO_set_id_callback(). This is described in the threads(3)
|
||||
manpage.
|
||||
CRYPTO_set_id_callback(), for all versions of OpenSSL up to and
|
||||
including 0.9.8[abc...]. As of version 1.0.0, CRYPTO_set_id_callback()
|
||||
and associated APIs are deprecated by CRYPTO_THREADID_set_callback()
|
||||
and friends. This is described in the threads(3) manpage.
|
||||
|
||||
* I've compiled a program under Windows and it crashes: why?
|
||||
|
||||
@ -962,4 +968,15 @@ is needed. This must be done by calling:
|
||||
See the manual pages for more details.
|
||||
|
||||
|
||||
* Where are the declarations and implementations of d2i_X509() etc?
|
||||
|
||||
These are defined and implemented by macros of the form:
|
||||
|
||||
|
||||
DECLARE_ASN1_FUNCTIONS(X509) and IMPLEMENT_ASN1_FUNCTIONS(X509)
|
||||
|
||||
The implementation passes an ASN1 "template" defining the structure into an
|
||||
ASN1 interpreter using generalised functions such as ASN1_item_d2i().
|
||||
|
||||
|
||||
===============================================================================
|
||||
|
@ -4,7 +4,7 @@
|
||||
## Makefile for OpenSSL
|
||||
##
|
||||
|
||||
VERSION=0.9.8n
|
||||
VERSION=0.9.8p
|
||||
MAJOR=0
|
||||
MINOR=9.8
|
||||
SHLIB_VERSION_NUMBER=0.9.8
|
||||
|
@ -5,6 +5,18 @@
|
||||
This file gives a brief overview of the major changes between each OpenSSL
|
||||
release. For more details please read the CHANGES file.
|
||||
|
||||
Major changes between OpenSSL 0.9.8o and OpenSSL 0.9.8p:
|
||||
|
||||
o Fix for security issue CVE-2010-3864.
|
||||
|
||||
Major changes between OpenSSL 0.9.8n and OpenSSL 0.9.8o:
|
||||
|
||||
o Fix for security issue CVE-2010-0742.
|
||||
o Various DTLS fixes.
|
||||
o Recognise SHA2 certificates if only SSL algorithms added.
|
||||
o Fix for no-rc4 compilation.
|
||||
o Chil ENGINE unload workaround.
|
||||
|
||||
Major changes between OpenSSL 0.9.8m and OpenSSL 0.9.8n:
|
||||
|
||||
o CFB cipher definition fixes.
|
||||
|
@ -36,7 +36,9 @@ may differ on your machine.
|
||||
|
||||
|
||||
As long as Apple doesn't fix the problem with ld, this problem building
|
||||
OpenSSL will remain as is.
|
||||
OpenSSL will remain as is. Well, the problem was addressed in 0.9.8f by
|
||||
passing -Wl,-search_paths_first, but it's unknown if the flag was
|
||||
supported from the initial MacOS X release.
|
||||
|
||||
|
||||
* Parallell make leads to errors
|
||||
|
@ -1,5 +1,5 @@
|
||||
|
||||
OpenSSL 0.9.8n
|
||||
OpenSSL 0.9.8p 16 Nov 2010
|
||||
|
||||
Copyright (c) 1998-2009 The OpenSSL Project
|
||||
Copyright (c) 1995-1998 Eric A. Young, Tim J. Hudson
|
||||
|
@ -351,13 +351,12 @@ void program_name(char *in, char *out, int size)
|
||||
|
||||
int chopup_args(ARGS *arg, char *buf, int *argc, char **argv[])
|
||||
{
|
||||
int num,len,i;
|
||||
int num,i;
|
||||
char *p;
|
||||
|
||||
*argc=0;
|
||||
*argv=NULL;
|
||||
|
||||
len=strlen(buf);
|
||||
i=0;
|
||||
if (arg->count == 0)
|
||||
{
|
||||
@ -866,10 +865,17 @@ EVP_PKEY *load_key(BIO *err, const char *file, int format, int maybe_stdin,
|
||||
if (format == FORMAT_ENGINE)
|
||||
{
|
||||
if (!e)
|
||||
BIO_printf(bio_err,"no engine specified\n");
|
||||
BIO_printf(err,"no engine specified\n");
|
||||
else
|
||||
{
|
||||
pkey = ENGINE_load_private_key(e, file,
|
||||
ui_method, &cb_data);
|
||||
if (!pkey)
|
||||
{
|
||||
BIO_printf(err,"cannot load %s from engine\n",key_descrip);
|
||||
ERR_print_errors(err);
|
||||
}
|
||||
}
|
||||
goto end;
|
||||
}
|
||||
#endif
|
||||
@ -919,8 +925,11 @@ EVP_PKEY *load_key(BIO *err, const char *file, int format, int maybe_stdin,
|
||||
}
|
||||
end:
|
||||
if (key != NULL) BIO_free(key);
|
||||
if (pkey == NULL)
|
||||
if (pkey == NULL)
|
||||
{
|
||||
BIO_printf(err,"unable to load %s\n", key_descrip);
|
||||
ERR_print_errors(err);
|
||||
}
|
||||
return(pkey);
|
||||
}
|
||||
|
||||
|
@ -88,9 +88,6 @@ int MAIN(int, char **);
|
||||
|
||||
int MAIN(int argc, char **argv)
|
||||
{
|
||||
#ifndef OPENSSL_NO_ENGINE
|
||||
ENGINE *e = NULL;
|
||||
#endif
|
||||
DH *dh=NULL;
|
||||
int i,badops=0,text=0;
|
||||
BIO *in=NULL,*out=NULL;
|
||||
@ -189,7 +186,7 @@ int MAIN(int argc, char **argv)
|
||||
ERR_load_crypto_strings();
|
||||
|
||||
#ifndef OPENSSL_NO_ENGINE
|
||||
e = setup_engine(bio_err, engine, 0);
|
||||
setup_engine(bio_err, engine, 0);
|
||||
#endif
|
||||
|
||||
in=BIO_new(BIO_s_file());
|
||||
|
@ -149,9 +149,6 @@ int MAIN(int, char **);
|
||||
|
||||
int MAIN(int argc, char **argv)
|
||||
{
|
||||
#ifndef OPENSSL_NO_ENGINE
|
||||
ENGINE *e = NULL;
|
||||
#endif
|
||||
DH *dh=NULL;
|
||||
int i,badops=0,text=0;
|
||||
#ifndef OPENSSL_NO_DSA
|
||||
@ -270,7 +267,7 @@ int MAIN(int argc, char **argv)
|
||||
ERR_load_crypto_strings();
|
||||
|
||||
#ifndef OPENSSL_NO_ENGINE
|
||||
e = setup_engine(bio_err, engine, 0);
|
||||
setup_engine(bio_err, engine, 0);
|
||||
#endif
|
||||
|
||||
if (g && !num)
|
||||
|
@ -111,9 +111,6 @@ int MAIN(int, char **);
|
||||
|
||||
int MAIN(int argc, char **argv)
|
||||
{
|
||||
#ifndef OPENSSL_NO_ENGINE
|
||||
ENGINE *e = NULL;
|
||||
#endif
|
||||
DSA *dsa=NULL;
|
||||
int i,badops=0,text=0;
|
||||
BIO *in=NULL,*out=NULL;
|
||||
@ -278,7 +275,7 @@ int MAIN(int argc, char **argv)
|
||||
}
|
||||
|
||||
#ifndef OPENSSL_NO_ENGINE
|
||||
e = setup_engine(bio_err, engine, 0);
|
||||
setup_engine(bio_err, engine, 0);
|
||||
#endif
|
||||
|
||||
if (need_rand)
|
||||
@ -357,12 +354,10 @@ int MAIN(int argc, char **argv)
|
||||
if (C)
|
||||
{
|
||||
unsigned char *data;
|
||||
int l,len,bits_p,bits_q,bits_g;
|
||||
int l,len,bits_p;
|
||||
|
||||
len=BN_num_bytes(dsa->p);
|
||||
bits_p=BN_num_bits(dsa->p);
|
||||
bits_q=BN_num_bits(dsa->q);
|
||||
bits_g=BN_num_bits(dsa->g);
|
||||
data=(unsigned char *)OPENSSL_malloc(len+20);
|
||||
if (data == NULL)
|
||||
{
|
||||
|
@ -85,9 +85,6 @@ int MAIN(int, char **);
|
||||
|
||||
int MAIN(int argc, char **argv)
|
||||
{
|
||||
#ifndef OPENSSL_NO_ENGINE
|
||||
ENGINE *e = NULL;
|
||||
#endif
|
||||
int ret = 1;
|
||||
EC_KEY *eckey = NULL;
|
||||
const EC_GROUP *group;
|
||||
@ -254,7 +251,7 @@ int MAIN(int argc, char **argv)
|
||||
ERR_load_crypto_strings();
|
||||
|
||||
#ifndef OPENSSL_NO_ENGINE
|
||||
e = setup_engine(bio_err, engine, 0);
|
||||
setup_engine(bio_err, engine, 0);
|
||||
#endif
|
||||
|
||||
if(!app_passwd(bio_err, passargin, passargout, &passin, &passout))
|
||||
|
@ -129,9 +129,6 @@ int MAIN(int argc, char **argv)
|
||||
char *infile = NULL, *outfile = NULL, *prog;
|
||||
BIO *in = NULL, *out = NULL;
|
||||
int informat, outformat, noout = 0, C = 0, ret = 1;
|
||||
#ifndef OPENSSL_NO_ENGINE
|
||||
ENGINE *e = NULL;
|
||||
#endif
|
||||
char *engine = NULL;
|
||||
|
||||
BIGNUM *ec_p = NULL, *ec_a = NULL, *ec_b = NULL,
|
||||
@ -340,7 +337,7 @@ int MAIN(int argc, char **argv)
|
||||
}
|
||||
|
||||
#ifndef OPENSSL_NO_ENGINE
|
||||
e = setup_engine(bio_err, engine, 0);
|
||||
setup_engine(bio_err, engine, 0);
|
||||
#endif
|
||||
|
||||
if (list_curves)
|
||||
|
@ -100,9 +100,6 @@ int MAIN(int, char **);
|
||||
|
||||
int MAIN(int argc, char **argv)
|
||||
{
|
||||
#ifndef OPENSSL_NO_ENGINE
|
||||
ENGINE *e = NULL;
|
||||
#endif
|
||||
static const char magic[]="Salted__";
|
||||
char mbuf[sizeof magic-1];
|
||||
char *strbuf=NULL;
|
||||
@ -311,7 +308,7 @@ int MAIN(int argc, char **argv)
|
||||
}
|
||||
|
||||
#ifndef OPENSSL_NO_ENGINE
|
||||
e = setup_engine(bio_err, engine, 0);
|
||||
setup_engine(bio_err, engine, 0);
|
||||
#endif
|
||||
|
||||
if (md && (dgst=EVP_get_digestbyname(md)) == NULL)
|
||||
|
@ -89,9 +89,6 @@ int MAIN(int, char **);
|
||||
int MAIN(int argc, char **argv)
|
||||
{
|
||||
BN_GENCB cb;
|
||||
#ifndef OPENSSL_NO_ENGINE
|
||||
ENGINE *e = NULL;
|
||||
#endif
|
||||
DH *dh=NULL;
|
||||
int ret=1,num=DEFBITS;
|
||||
int g=2;
|
||||
@ -163,7 +160,7 @@ int MAIN(int argc, char **argv)
|
||||
}
|
||||
|
||||
#ifndef OPENSSL_NO_ENGINE
|
||||
e = setup_engine(bio_err, engine, 0);
|
||||
setup_engine(bio_err, engine, 0);
|
||||
#endif
|
||||
|
||||
out=BIO_new(BIO_s_file());
|
||||
|
@ -78,9 +78,6 @@ int MAIN(int, char **);
|
||||
|
||||
int MAIN(int argc, char **argv)
|
||||
{
|
||||
#ifndef OPENSSL_NO_ENGINE
|
||||
ENGINE *e = NULL;
|
||||
#endif
|
||||
DSA *dsa=NULL;
|
||||
int ret=1;
|
||||
char *outfile=NULL;
|
||||
@ -206,7 +203,7 @@ int MAIN(int argc, char **argv)
|
||||
}
|
||||
|
||||
#ifndef OPENSSL_NO_ENGINE
|
||||
e = setup_engine(bio_err, engine, 0);
|
||||
setup_engine(bio_err, engine, 0);
|
||||
#endif
|
||||
|
||||
if(!app_passwd(bio_err, NULL, passargout, NULL, &passout)) {
|
||||
|
@ -89,9 +89,6 @@ int MAIN(int, char **);
|
||||
int MAIN(int argc, char **argv)
|
||||
{
|
||||
BN_GENCB cb;
|
||||
#ifndef OPENSSL_NO_ENGINE
|
||||
ENGINE *e = NULL;
|
||||
#endif
|
||||
int ret=1;
|
||||
int i,num=DEFBITS;
|
||||
long l;
|
||||
@ -235,7 +232,7 @@ int MAIN(int argc, char **argv)
|
||||
}
|
||||
|
||||
#ifndef OPENSSL_NO_ENGINE
|
||||
e = setup_engine(bio_err, engine, 0);
|
||||
setup_engine(bio_err, engine, 0);
|
||||
#endif
|
||||
|
||||
if (outfile == NULL)
|
||||
|
@ -82,9 +82,6 @@ int MAIN(int, char **);
|
||||
|
||||
int MAIN(int argc, char **argv)
|
||||
{
|
||||
#ifndef OPENSSL_NO_ENGINE
|
||||
ENGINE *e = NULL;
|
||||
#endif
|
||||
PKCS7 *p7=NULL;
|
||||
int i,badops=0;
|
||||
BIO *in=NULL,*out=NULL;
|
||||
@ -180,7 +177,7 @@ int MAIN(int argc, char **argv)
|
||||
ERR_load_crypto_strings();
|
||||
|
||||
#ifndef OPENSSL_NO_ENGINE
|
||||
e = setup_engine(bio_err, engine, 0);
|
||||
setup_engine(bio_err, engine, 0);
|
||||
#endif
|
||||
|
||||
in=BIO_new(BIO_s_file());
|
||||
|
@ -77,9 +77,6 @@ int MAIN(int, char **);
|
||||
|
||||
int MAIN(int argc, char **argv)
|
||||
{
|
||||
#ifndef OPENSSL_NO_ENGINE
|
||||
ENGINE *e = NULL;
|
||||
#endif
|
||||
int i, r, ret = 1;
|
||||
int badopt;
|
||||
char *outfile = NULL;
|
||||
@ -178,7 +175,7 @@ int MAIN(int argc, char **argv)
|
||||
}
|
||||
|
||||
#ifndef OPENSSL_NO_ENGINE
|
||||
e = setup_engine(bio_err, engine, 0);
|
||||
setup_engine(bio_err, engine, 0);
|
||||
#endif
|
||||
|
||||
app_RAND_load_file(NULL, bio_err, (inrand != NULL));
|
||||
|
@ -2075,12 +2075,14 @@ static int www_body(char *hostname, int s, unsigned char *context)
|
||||
{
|
||||
char *buf=NULL;
|
||||
int ret=1;
|
||||
int i,j,k,blank,dot;
|
||||
int i,j,k,dot;
|
||||
struct stat st_buf;
|
||||
SSL *con;
|
||||
SSL_CIPHER *c;
|
||||
BIO *io,*ssl_bio,*sbio;
|
||||
#ifdef RENEG
|
||||
long total_bytes;
|
||||
#endif
|
||||
|
||||
buf=OPENSSL_malloc(bufsize);
|
||||
if (buf == NULL) return(0);
|
||||
@ -2151,7 +2153,6 @@ static int www_body(char *hostname, int s, unsigned char *context)
|
||||
SSL_set_msg_callback_arg(con, bio_s_out);
|
||||
}
|
||||
|
||||
blank=0;
|
||||
for (;;)
|
||||
{
|
||||
if (hack)
|
||||
@ -2388,7 +2389,9 @@ static int www_body(char *hostname, int s, unsigned char *context)
|
||||
BIO_puts(io,"HTTP/1.0 200 ok\r\nContent-type: text/plain\r\n\r\n");
|
||||
}
|
||||
/* send the file */
|
||||
#ifdef RENEG
|
||||
total_bytes=0;
|
||||
#endif
|
||||
for (;;)
|
||||
{
|
||||
i=BIO_read(file,buf,bufsize);
|
||||
|
@ -329,7 +329,7 @@ static int init_server_long(int *sock, int port, char *ip, int type)
|
||||
{
|
||||
int ret=0;
|
||||
struct sockaddr_in server;
|
||||
int s= -1,i;
|
||||
int s= -1;
|
||||
|
||||
if (!ssl_sock_init()) return(0);
|
||||
|
||||
@ -368,7 +368,6 @@ static int init_server_long(int *sock, int port, char *ip, int type)
|
||||
}
|
||||
/* Make it 128 for linux */
|
||||
if (type==SOCK_STREAM && listen(s,128) == -1) goto err;
|
||||
i=0;
|
||||
*sock=s;
|
||||
ret=1;
|
||||
err:
|
||||
@ -386,7 +385,7 @@ static int init_server(int *sock, int port, int type)
|
||||
|
||||
static int do_accept(int acc_sock, int *sock, char **host)
|
||||
{
|
||||
int ret,i;
|
||||
int ret;
|
||||
struct hostent *h1,*h2;
|
||||
static struct sockaddr_in from;
|
||||
int len;
|
||||
@ -409,6 +408,7 @@ static int do_accept(int acc_sock, int *sock, char **host)
|
||||
if (ret == INVALID_SOCKET)
|
||||
{
|
||||
#if defined(OPENSSL_SYS_WINDOWS) || (defined(OPENSSL_SYS_NETWARE) && !defined(NETWARE_BSDSOCK))
|
||||
int i;
|
||||
i=WSAGetLastError();
|
||||
BIO_printf(bio_err,"accept error %d\n",i);
|
||||
#else
|
||||
@ -463,7 +463,6 @@ static int do_accept(int acc_sock, int *sock, char **host)
|
||||
BIO_printf(bio_err,"gethostbyname failure\n");
|
||||
return(0);
|
||||
}
|
||||
i=0;
|
||||
if (h2->h_addrtype != AF_INET)
|
||||
{
|
||||
BIO_printf(bio_err,"gethostbyname addr is not AF_INET\n");
|
||||
|
@ -500,9 +500,6 @@ int MAIN(int, char **);
|
||||
|
||||
int MAIN(int argc, char **argv)
|
||||
{
|
||||
#ifndef OPENSSL_NO_ENGINE
|
||||
ENGINE *e = NULL;
|
||||
#endif
|
||||
unsigned char *buf=NULL,*buf2=NULL;
|
||||
int mret=1;
|
||||
long count=0,save_count=0;
|
||||
@ -593,7 +590,6 @@ int MAIN(int argc, char **argv)
|
||||
unsigned char DES_iv[8];
|
||||
unsigned char iv[2*MAX_BLOCK_SIZE/8];
|
||||
#ifndef OPENSSL_NO_DES
|
||||
DES_cblock *buf_as_des_cblock = NULL;
|
||||
static DES_cblock key ={0x12,0x34,0x56,0x78,0x9a,0xbc,0xde,0xf0};
|
||||
static DES_cblock key2={0x34,0x56,0x78,0x9a,0xbc,0xde,0xf0,0x12};
|
||||
static DES_cblock key3={0x56,0x78,0x9a,0xbc,0xde,0xf0,0x12,0x34};
|
||||
@ -806,9 +802,6 @@ int MAIN(int argc, char **argv)
|
||||
BIO_printf(bio_err,"out of memory\n");
|
||||
goto end;
|
||||
}
|
||||
#ifndef OPENSSL_NO_DES
|
||||
buf_as_des_cblock = (DES_cblock *)buf;
|
||||
#endif
|
||||
if ((buf2=(unsigned char *)OPENSSL_malloc((int)BUFSIZE)) == NULL)
|
||||
{
|
||||
BIO_printf(bio_err,"out of memory\n");
|
||||
@ -883,7 +876,7 @@ int MAIN(int argc, char **argv)
|
||||
BIO_printf(bio_err,"no engine given\n");
|
||||
goto end;
|
||||
}
|
||||
e = setup_engine(bio_err, *argv, 0);
|
||||
setup_engine(bio_err, *argv, 0);
|
||||
/* j will be increased again further down. We just
|
||||
don't want speed to confuse an engine with an
|
||||
algorithm, especially when none is given (which
|
||||
@ -1388,7 +1381,8 @@ int MAIN(int argc, char **argv)
|
||||
count*=2;
|
||||
Time_F(START);
|
||||
for (it=count; it; it--)
|
||||
DES_ecb_encrypt(buf_as_des_cblock,buf_as_des_cblock,
|
||||
DES_ecb_encrypt((DES_cblock *)buf,
|
||||
(DES_cblock *)buf,
|
||||
&sch,DES_ENCRYPT);
|
||||
d=Time_F(STOP);
|
||||
} while (d <3);
|
||||
|
@ -539,7 +539,6 @@ int MAIN(int argc, char **argv)
|
||||
if (reqfile)
|
||||
{
|
||||
EVP_PKEY *pkey;
|
||||
X509_CINF *ci;
|
||||
BIO *in;
|
||||
|
||||
if (!sign_flag && !CA_flag)
|
||||
@ -607,7 +606,6 @@ int MAIN(int argc, char **argv)
|
||||
print_name(bio_err, "subject=", X509_REQ_get_subject_name(req), nmflag);
|
||||
|
||||
if ((x=X509_new()) == NULL) goto end;
|
||||
ci=x->cert_info;
|
||||
|
||||
if (sno == NULL)
|
||||
{
|
||||
|
@ -85,9 +85,9 @@ int AES_wrap_key(AES_KEY *key, const unsigned char *iv,
|
||||
A[7] ^= (unsigned char)(t & 0xff);
|
||||
if (t > 0xff)
|
||||
{
|
||||
A[6] ^= (unsigned char)((t & 0xff) >> 8);
|
||||
A[5] ^= (unsigned char)((t & 0xff) >> 16);
|
||||
A[4] ^= (unsigned char)((t & 0xff) >> 24);
|
||||
A[6] ^= (unsigned char)((t >> 8) & 0xff);
|
||||
A[5] ^= (unsigned char)((t >> 16) & 0xff);
|
||||
A[4] ^= (unsigned char)((t >> 24) & 0xff);
|
||||
}
|
||||
memcpy(R, B + 8, 8);
|
||||
}
|
||||
@ -119,9 +119,9 @@ int AES_unwrap_key(AES_KEY *key, const unsigned char *iv,
|
||||
A[7] ^= (unsigned char)(t & 0xff);
|
||||
if (t > 0xff)
|
||||
{
|
||||
A[6] ^= (unsigned char)((t & 0xff) >> 8);
|
||||
A[5] ^= (unsigned char)((t & 0xff) >> 16);
|
||||
A[4] ^= (unsigned char)((t & 0xff) >> 24);
|
||||
A[6] ^= (unsigned char)((t >> 8) & 0xff);
|
||||
A[5] ^= (unsigned char)((t >> 16) & 0xff);
|
||||
A[4] ^= (unsigned char)((t >> 24) & 0xff);
|
||||
}
|
||||
memcpy(B + 8, R, 8);
|
||||
AES_decrypt(B, B, key);
|
||||
|
@ -751,7 +751,19 @@ $code.=<<___;
|
||||
AES_set_encrypt_key:
|
||||
push %rbx
|
||||
push %rbp
|
||||
sub \$8,%rsp
|
||||
|
||||
call _x86_64_AES_set_encrypt_key
|
||||
|
||||
mov 8(%rsp),%rbp
|
||||
mov 16(%rsp),%rbx
|
||||
add \$24,%rsp
|
||||
ret
|
||||
.size AES_set_encrypt_key,.-AES_set_encrypt_key
|
||||
|
||||
.type _x86_64_AES_set_encrypt_key,\@abi-omnipotent
|
||||
.align 16
|
||||
_x86_64_AES_set_encrypt_key:
|
||||
mov %esi,%ecx # %ecx=bits
|
||||
mov %rdi,%rsi # %rsi=userKey
|
||||
mov %rdx,%rdi # %rdi=key
|
||||
@ -938,10 +950,8 @@ $code.=<<___;
|
||||
.Lbadpointer:
|
||||
mov \$-1,%rax
|
||||
.Lexit:
|
||||
pop %rbp
|
||||
pop %rbx
|
||||
ret
|
||||
.size AES_set_encrypt_key,.-AES_set_encrypt_key
|
||||
.byte 0xf3,0xc3 # rep ret
|
||||
.size _x86_64_AES_set_encrypt_key,.-_x86_64_AES_set_encrypt_key
|
||||
___
|
||||
|
||||
sub deckey()
|
||||
@ -973,15 +983,14 @@ $code.=<<___;
|
||||
.type AES_set_decrypt_key,\@function,3
|
||||
.align 16
|
||||
AES_set_decrypt_key:
|
||||
push %rdx
|
||||
call AES_set_encrypt_key
|
||||
cmp \$0,%eax
|
||||
je .Lproceed
|
||||
lea 24(%rsp),%rsp
|
||||
ret
|
||||
.Lproceed:
|
||||
push %rbx
|
||||
push %rbp
|
||||
push %rdx # save key schedule
|
||||
|
||||
call _x86_64_AES_set_encrypt_key
|
||||
mov (%rsp),%r8 # restore key schedule
|
||||
mov %rbx,(%rsp)
|
||||
cmp \$0,%eax
|
||||
jne .Labort
|
||||
|
||||
mov 240(%r8),%ecx # pull number of rounds
|
||||
xor %rdi,%rdi
|
||||
@ -1023,7 +1032,10 @@ $code.=<<___;
|
||||
jnz .Lpermute
|
||||
|
||||
xor %rax,%rax
|
||||
pop %rbx
|
||||
.Labort:
|
||||
mov 8(%rsp),%rbp
|
||||
mov 16(%rsp),%rbx
|
||||
add \$24,%rsp
|
||||
ret
|
||||
.size AES_set_decrypt_key,.-AES_set_decrypt_key
|
||||
___
|
||||
|
@ -273,7 +273,7 @@ ASN1_INTEGER *d2i_ASN1_UINTEGER(ASN1_INTEGER **a, const unsigned char **pp,
|
||||
{
|
||||
ASN1_INTEGER *ret=NULL;
|
||||
const unsigned char *p;
|
||||
unsigned char *to,*s;
|
||||
unsigned char *s;
|
||||
long len;
|
||||
int inf,tag,xclass;
|
||||
int i;
|
||||
@ -308,7 +308,6 @@ ASN1_INTEGER *d2i_ASN1_UINTEGER(ASN1_INTEGER **a, const unsigned char **pp,
|
||||
i=ERR_R_MALLOC_FAILURE;
|
||||
goto err;
|
||||
}
|
||||
to=s;
|
||||
ret->type=V_ASN1_INTEGER;
|
||||
if(len) {
|
||||
if ((*p == 0) && (len != 1))
|
||||
|
@ -242,7 +242,7 @@ RSA *d2i_RSA_NET(RSA **a, const unsigned char **pp, long length,
|
||||
int sgckey)
|
||||
{
|
||||
RSA *ret=NULL;
|
||||
const unsigned char *p, *kp;
|
||||
const unsigned char *p;
|
||||
NETSCAPE_ENCRYPTED_PKEY *enckey = NULL;
|
||||
|
||||
p = *pp;
|
||||
@ -265,7 +265,6 @@ RSA *d2i_RSA_NET(RSA **a, const unsigned char **pp, long length,
|
||||
ASN1err(ASN1_F_D2I_RSA_NET,ASN1_R_UNSUPPORTED_ENCRYPTION_ALGORITHM);
|
||||
goto err;
|
||||
}
|
||||
kp = enckey->enckey->digest->data;
|
||||
if (cb == NULL)
|
||||
cb=EVP_read_pw_string;
|
||||
if ((ret=d2i_RSA_NET_2(a, enckey->enckey->digest,cb, sgckey)) == NULL) goto err;
|
||||
|
@ -87,7 +87,7 @@ int X509_CRL_print(BIO *out, X509_CRL *x)
|
||||
STACK_OF(X509_REVOKED) *rev;
|
||||
X509_REVOKED *r;
|
||||
long l;
|
||||
int i, n;
|
||||
int i;
|
||||
char *p;
|
||||
|
||||
BIO_printf(out, "Certificate Revocation List (CRL):\n");
|
||||
@ -107,7 +107,6 @@ int X509_CRL_print(BIO *out, X509_CRL *x)
|
||||
else BIO_printf(out,"NONE");
|
||||
BIO_printf(out,"\n");
|
||||
|
||||
n=X509_CRL_get_ext_count(x);
|
||||
X509V3_extensions_print(out, "CRL extensions",
|
||||
x->crl->extensions, 0, 8);
|
||||
|
||||
|
@ -166,7 +166,7 @@ int ASN1_item_ex_d2i(ASN1_VALUE **pval, const unsigned char **in, long len,
|
||||
int i;
|
||||
int otag;
|
||||
int ret = 0;
|
||||
ASN1_VALUE *pchval, **pchptr, *ptmpval;
|
||||
ASN1_VALUE **pchptr, *ptmpval;
|
||||
if (!pval)
|
||||
return 0;
|
||||
if (aux && aux->asn1_cb)
|
||||
@ -317,7 +317,6 @@ int ASN1_item_ex_d2i(ASN1_VALUE **pval, const unsigned char **in, long len,
|
||||
goto err;
|
||||
}
|
||||
/* CHOICE type, try each possibility in turn */
|
||||
pchval = NULL;
|
||||
p = *in;
|
||||
for (i = 0, tt=it->templates; i < it->tcount; i++, tt++)
|
||||
{
|
||||
|
@ -63,7 +63,7 @@
|
||||
#include <openssl/x509.h>
|
||||
#include <openssl/x509v3.h>
|
||||
|
||||
ASN1_SEQUENCE(X509_CINF) = {
|
||||
ASN1_SEQUENCE_enc(X509_CINF, enc, 0) = {
|
||||
ASN1_EXP_OPT(X509_CINF, version, ASN1_INTEGER, 0),
|
||||
ASN1_SIMPLE(X509_CINF, serialNumber, ASN1_INTEGER),
|
||||
ASN1_SIMPLE(X509_CINF, signature, X509_ALGOR),
|
||||
@ -74,7 +74,7 @@ ASN1_SEQUENCE(X509_CINF) = {
|
||||
ASN1_IMP_OPT(X509_CINF, issuerUID, ASN1_BIT_STRING, 1),
|
||||
ASN1_IMP_OPT(X509_CINF, subjectUID, ASN1_BIT_STRING, 2),
|
||||
ASN1_EXP_SEQUENCE_OF_OPT(X509_CINF, extensions, X509_EXTENSION, 3)
|
||||
} ASN1_SEQUENCE_END(X509_CINF)
|
||||
} ASN1_SEQUENCE_END_enc(X509_CINF, X509_CINF)
|
||||
|
||||
IMPLEMENT_ASN1_FUNCTIONS(X509_CINF)
|
||||
/* X509 top level structure needs a bit of customisation */
|
||||
|
@ -659,7 +659,14 @@ int BIO_get_accept_socket(char *host, int bind_mode)
|
||||
#ifdef SO_REUSEADDR
|
||||
err_num=get_last_socket_error();
|
||||
if ((bind_mode == BIO_BIND_REUSEADDR_IF_UNUSED) &&
|
||||
#ifdef OPENSSL_SYS_WINDOWS
|
||||
/* Some versions of Windows define EADDRINUSE to
|
||||
* a dummy value.
|
||||
*/
|
||||
(err_num == WSAEADDRINUSE))
|
||||
#else
|
||||
(err_num == EADDRINUSE))
|
||||
#endif
|
||||
{
|
||||
memcpy((char *)&client,(char *)&server,sizeof(server));
|
||||
if (strcmp(h,"*") == 0)
|
||||
|
@ -125,7 +125,6 @@ static int nbiof_free(BIO *a)
|
||||
|
||||
static int nbiof_read(BIO *b, char *out, int outl)
|
||||
{
|
||||
NBIO_TEST *nt;
|
||||
int ret=0;
|
||||
#if 1
|
||||
int num;
|
||||
@ -134,7 +133,6 @@ static int nbiof_read(BIO *b, char *out, int outl)
|
||||
|
||||
if (out == NULL) return(0);
|
||||
if (b->next_bio == NULL) return(0);
|
||||
nt=(NBIO_TEST *)b->ptr;
|
||||
|
||||
BIO_clear_retry_flags(b);
|
||||
#if 1
|
||||
|
@ -110,7 +110,7 @@ int BIO_set(BIO *bio, BIO_METHOD *method)
|
||||
|
||||
int BIO_free(BIO *a)
|
||||
{
|
||||
int ret=0,i;
|
||||
int i;
|
||||
|
||||
if (a == NULL) return(0);
|
||||
|
||||
@ -133,7 +133,7 @@ int BIO_free(BIO *a)
|
||||
CRYPTO_free_ex_data(CRYPTO_EX_INDEX_BIO, a, &a->ex_data);
|
||||
|
||||
if ((a->method == NULL) || (a->method->destroy == NULL)) return(1);
|
||||
ret=a->method->destroy(a);
|
||||
a->method->destroy(a);
|
||||
OPENSSL_free(a);
|
||||
return(1);
|
||||
}
|
||||
|
@ -340,7 +340,6 @@ static int acpt_write(BIO *b, const char *in, int inl)
|
||||
|
||||
static long acpt_ctrl(BIO *b, int cmd, long num, void *ptr)
|
||||
{
|
||||
BIO *dbio;
|
||||
int *ip;
|
||||
long ret=1;
|
||||
BIO_ACCEPT *data;
|
||||
@ -437,8 +436,8 @@ static long acpt_ctrl(BIO *b, int cmd, long num, void *ptr)
|
||||
ret=(long)data->bind_mode;
|
||||
break;
|
||||
case BIO_CTRL_DUP:
|
||||
dbio=(BIO *)ptr;
|
||||
/* if (data->param_port) EAY EAY
|
||||
/* dbio=(BIO *)ptr;
|
||||
if (data->param_port) EAY EAY
|
||||
BIO_set_port(dbio,data->param_port);
|
||||
if (data->param_hostname)
|
||||
BIO_set_hostname(dbio,data->param_hostname);
|
||||
|
@ -172,15 +172,6 @@ static long sock_ctrl(BIO *b, int cmd, long num, void *ptr)
|
||||
|
||||
switch (cmd)
|
||||
{
|
||||
case BIO_CTRL_RESET:
|
||||
num=0;
|
||||
case BIO_C_FILE_SEEK:
|
||||
ret=0;
|
||||
break;
|
||||
case BIO_C_FILE_TELL:
|
||||
case BIO_CTRL_INFO:
|
||||
ret=0;
|
||||
break;
|
||||
case BIO_C_SET_FD:
|
||||
sock_free(b);
|
||||
b->num= *((int *)ptr);
|
||||
@ -203,10 +194,6 @@ static long sock_ctrl(BIO *b, int cmd, long num, void *ptr)
|
||||
case BIO_CTRL_SET_CLOSE:
|
||||
b->shutdown=(int)num;
|
||||
break;
|
||||
case BIO_CTRL_PENDING:
|
||||
case BIO_CTRL_WPENDING:
|
||||
ret=0;
|
||||
break;
|
||||
case BIO_CTRL_DUP:
|
||||
case BIO_CTRL_FLUSH:
|
||||
ret=1;
|
||||
|
@ -301,7 +301,8 @@ int BN_mod_exp2_mont(BIGNUM *rr, const BIGNUM *a1, const BIGNUM *p1,
|
||||
r_is_one = 0;
|
||||
}
|
||||
}
|
||||
BN_from_montgomery(rr,r,mont,ctx);
|
||||
if (!BN_from_montgomery(rr,r,mont,ctx))
|
||||
goto err;
|
||||
ret=1;
|
||||
err:
|
||||
if ((in_mont == NULL) && (mont != NULL)) BN_MONT_CTX_free(mont);
|
||||
|
@ -551,7 +551,7 @@ void bn_mul_part_recursive(BN_ULONG *r, BN_ULONG *a, BN_ULONG *b, int n,
|
||||
int tna, int tnb, BN_ULONG *t)
|
||||
{
|
||||
int i,j,n2=n*2;
|
||||
int c1,c2,neg,zero;
|
||||
int c1,c2,neg;
|
||||
BN_ULONG ln,lo,*p;
|
||||
|
||||
# ifdef BN_COUNT
|
||||
@ -567,7 +567,7 @@ void bn_mul_part_recursive(BN_ULONG *r, BN_ULONG *a, BN_ULONG *b, int n,
|
||||
/* r=(a[0]-a[1])*(b[1]-b[0]) */
|
||||
c1=bn_cmp_part_words(a,&(a[n]),tna,n-tna);
|
||||
c2=bn_cmp_part_words(&(b[n]),b,tnb,tnb-n);
|
||||
zero=neg=0;
|
||||
neg=0;
|
||||
switch (c1*3+c2)
|
||||
{
|
||||
case -4:
|
||||
@ -575,7 +575,6 @@ void bn_mul_part_recursive(BN_ULONG *r, BN_ULONG *a, BN_ULONG *b, int n,
|
||||
bn_sub_part_words(&(t[n]),b, &(b[n]),tnb,n-tnb); /* - */
|
||||
break;
|
||||
case -3:
|
||||
zero=1;
|
||||
/* break; */
|
||||
case -2:
|
||||
bn_sub_part_words(t, &(a[n]),a, tna,tna-n); /* - */
|
||||
@ -585,7 +584,6 @@ void bn_mul_part_recursive(BN_ULONG *r, BN_ULONG *a, BN_ULONG *b, int n,
|
||||
case -1:
|
||||
case 0:
|
||||
case 1:
|
||||
zero=1;
|
||||
/* break; */
|
||||
case 2:
|
||||
bn_sub_part_words(t, a, &(a[n]),tna,n-tna); /* + */
|
||||
@ -593,7 +591,6 @@ void bn_mul_part_recursive(BN_ULONG *r, BN_ULONG *a, BN_ULONG *b, int n,
|
||||
neg=1;
|
||||
break;
|
||||
case 3:
|
||||
zero=1;
|
||||
/* break; */
|
||||
case 4:
|
||||
bn_sub_part_words(t, a, &(a[n]),tna,n-tna);
|
||||
@ -1012,7 +1009,6 @@ int BN_mul(BIGNUM *r, const BIGNUM *a, const BIGNUM *b, BN_CTX *ctx)
|
||||
{
|
||||
if (i >= -1 && i <= 1)
|
||||
{
|
||||
int sav_j =0;
|
||||
/* Find out the power of two lower or equal
|
||||
to the longest of the two numbers */
|
||||
if (i >= 0)
|
||||
@ -1023,7 +1019,6 @@ int BN_mul(BIGNUM *r, const BIGNUM *a, const BIGNUM *b, BN_CTX *ctx)
|
||||
{
|
||||
j = BN_num_bits_word((BN_ULONG)bl);
|
||||
}
|
||||
sav_j = j;
|
||||
j = 1<<(j-1);
|
||||
assert(j <= al || j <= bl);
|
||||
k = j+j;
|
||||
|
@ -130,8 +130,8 @@ ASN1_NDEF_SEQUENCE(CMS_SignedData) = {
|
||||
} ASN1_NDEF_SEQUENCE_END(CMS_SignedData)
|
||||
|
||||
ASN1_SEQUENCE(CMS_OriginatorInfo) = {
|
||||
ASN1_IMP_SET_OF_OPT(CMS_SignedData, certificates, CMS_CertificateChoices, 0),
|
||||
ASN1_IMP_SET_OF_OPT(CMS_SignedData, crls, CMS_RevocationInfoChoice, 1)
|
||||
ASN1_IMP_SET_OF_OPT(CMS_OriginatorInfo, certificates, CMS_CertificateChoices, 0),
|
||||
ASN1_IMP_SET_OF_OPT(CMS_OriginatorInfo, crls, CMS_RevocationInfoChoice, 1)
|
||||
} ASN1_SEQUENCE_END(CMS_OriginatorInfo)
|
||||
|
||||
ASN1_NDEF_SEQUENCE(CMS_EncryptedContentInfo) = {
|
||||
|
@ -213,13 +213,14 @@ static int def_load_bio(CONF *conf, BIO *in, long *line)
|
||||
int bufnum=0,i,ii;
|
||||
BUF_MEM *buff=NULL;
|
||||
char *s,*p,*end;
|
||||
int again,n;
|
||||
int again;
|
||||
long eline=0;
|
||||
char btmp[DECIMAL_SIZE(eline)+1];
|
||||
CONF_VALUE *v=NULL,*tv;
|
||||
CONF_VALUE *sv=NULL;
|
||||
char *section=NULL,*buf;
|
||||
STACK_OF(CONF_VALUE) *section_sk=NULL,*ts;
|
||||
/* STACK_OF(CONF_VALUE) *section_sk=NULL;*/
|
||||
/* STACK_OF(CONF_VALUE) *ts=NULL;*/
|
||||
char *start,*psection,*pname;
|
||||
void *h = (void *)(conf->data);
|
||||
|
||||
@ -250,7 +251,7 @@ static int def_load_bio(CONF *conf, BIO *in, long *line)
|
||||
CONF_R_UNABLE_TO_CREATE_NEW_SECTION);
|
||||
goto err;
|
||||
}
|
||||
section_sk=(STACK_OF(CONF_VALUE) *)sv->value;
|
||||
/* section_sk=(STACK_OF(CONF_VALUE) *)sv->value;*/
|
||||
|
||||
bufnum=0;
|
||||
again=0;
|
||||
@ -309,7 +310,6 @@ static int def_load_bio(CONF *conf, BIO *in, long *line)
|
||||
buf=buff->data;
|
||||
|
||||
clear_comments(conf, buf);
|
||||
n=strlen(buf);
|
||||
s=eat_ws(conf, buf);
|
||||
if (IS_EOF(conf,*s)) continue; /* blank line */
|
||||
if (*s == '[')
|
||||
@ -343,7 +343,7 @@ static int def_load_bio(CONF *conf, BIO *in, long *line)
|
||||
CONF_R_UNABLE_TO_CREATE_NEW_SECTION);
|
||||
goto err;
|
||||
}
|
||||
section_sk=(STACK_OF(CONF_VALUE) *)sv->value;
|
||||
/* section_sk=(STACK_OF(CONF_VALUE) *)sv->value;*/
|
||||
continue;
|
||||
}
|
||||
else
|
||||
@ -406,12 +406,12 @@ static int def_load_bio(CONF *conf, BIO *in, long *line)
|
||||
CONF_R_UNABLE_TO_CREATE_NEW_SECTION);
|
||||
goto err;
|
||||
}
|
||||
ts=(STACK_OF(CONF_VALUE) *)tv->value;
|
||||
/* ts=(STACK_OF(CONF_VALUE) *)tv->value;*/
|
||||
}
|
||||
else
|
||||
{
|
||||
tv=sv;
|
||||
ts=section_sk;
|
||||
/* ts=section_sk;*/
|
||||
}
|
||||
#if 1
|
||||
if (_CONF_add_string(conf, tv, v) == 0)
|
||||
@ -465,9 +465,6 @@ static int def_load_bio(CONF *conf, BIO *in, long *line)
|
||||
|
||||
static void clear_comments(CONF *conf, char *p)
|
||||
{
|
||||
char *to;
|
||||
|
||||
to=p;
|
||||
for (;;)
|
||||
{
|
||||
if (IS_FCOMMENT(conf,*p))
|
||||
|
@ -122,10 +122,10 @@ struct desparams {
|
||||
/*
|
||||
* Encrypt an arbitrary sized buffer
|
||||
*/
|
||||
#define DESIOCBLOCK _IOWR(d, 6, struct desparams)
|
||||
#define DESIOCBLOCK _IOWR('d', 6, struct desparams)
|
||||
|
||||
/*
|
||||
* Encrypt of small amount of data, quickly
|
||||
*/
|
||||
#define DESIOCQUICK _IOWR(d, 7, struct desparams)
|
||||
#define DESIOCQUICK _IOWR('d', 7, struct desparams)
|
||||
|
||||
|
@ -110,7 +110,7 @@ static int dsa_builtin_paramgen(DSA *ret, int bits,
|
||||
BIGNUM *r0,*W,*X,*c,*test;
|
||||
BIGNUM *g=NULL,*q=NULL,*p=NULL;
|
||||
BN_MONT_CTX *mont=NULL;
|
||||
int k,n=0,i,b,m=0;
|
||||
int k,n=0,i,m=0;
|
||||
int counter=0;
|
||||
int r=0;
|
||||
BN_CTX *ctx=NULL;
|
||||
@ -211,7 +211,6 @@ static int dsa_builtin_paramgen(DSA *ret, int bits,
|
||||
/* "offset = 2" */
|
||||
|
||||
n=(bits-1)/160;
|
||||
b=(bits-1)-n*160;
|
||||
|
||||
for (;;)
|
||||
{
|
||||
|
@ -178,7 +178,8 @@ static DSA_SIG *dsa_do_sign(const unsigned char *dgst, int dlen, DSA *dsa)
|
||||
if (!BN_mod_mul(&xr,dsa->priv_key,r,dsa->q,ctx)) goto err;/* s = xr */
|
||||
if (!BN_add(s, &xr, &m)) goto err; /* s = m + xr */
|
||||
if (BN_cmp(s,dsa->q) > 0)
|
||||
BN_sub(s,s,dsa->q);
|
||||
if (!BN_sub(s,s,dsa->q))
|
||||
goto err;
|
||||
if (!BN_mod_mul(s,s,kinv,dsa->q,ctx)) goto err;
|
||||
|
||||
ret=DSA_SIG_new();
|
||||
|
@ -318,6 +318,7 @@ int ec_GF2m_simple_mul(const EC_GROUP *group, EC_POINT *r, const BIGNUM *scalar,
|
||||
int ret = 0;
|
||||
size_t i;
|
||||
EC_POINT *p=NULL;
|
||||
EC_POINT *acc = NULL;
|
||||
|
||||
if (ctx == NULL)
|
||||
{
|
||||
@ -337,15 +338,16 @@ int ec_GF2m_simple_mul(const EC_GROUP *group, EC_POINT *r, const BIGNUM *scalar,
|
||||
}
|
||||
|
||||
if ((p = EC_POINT_new(group)) == NULL) goto err;
|
||||
if ((acc = EC_POINT_new(group)) == NULL) goto err;
|
||||
|
||||
if (!EC_POINT_set_to_infinity(group, r)) goto err;
|
||||
if (!EC_POINT_set_to_infinity(group, acc)) goto err;
|
||||
|
||||
if (scalar)
|
||||
{
|
||||
if (!ec_GF2m_montgomery_point_multiply(group, p, scalar, group->generator, ctx)) goto err;
|
||||
if (BN_is_negative(scalar))
|
||||
if (BN_is_negative(scalar))
|
||||
if (!group->meth->invert(group, p, ctx)) goto err;
|
||||
if (!group->meth->add(group, r, r, p, ctx)) goto err;
|
||||
if (!group->meth->add(group, acc, acc, p, ctx)) goto err;
|
||||
}
|
||||
|
||||
for (i = 0; i < num; i++)
|
||||
@ -353,13 +355,16 @@ int ec_GF2m_simple_mul(const EC_GROUP *group, EC_POINT *r, const BIGNUM *scalar,
|
||||
if (!ec_GF2m_montgomery_point_multiply(group, p, scalars[i], points[i], ctx)) goto err;
|
||||
if (BN_is_negative(scalars[i]))
|
||||
if (!group->meth->invert(group, p, ctx)) goto err;
|
||||
if (!group->meth->add(group, r, r, p, ctx)) goto err;
|
||||
if (!group->meth->add(group, acc, acc, p, ctx)) goto err;
|
||||
}
|
||||
|
||||
if (!EC_POINT_copy(r, acc)) goto err;
|
||||
|
||||
ret = 1;
|
||||
|
||||
err:
|
||||
if (p) EC_POINT_free(p);
|
||||
if (acc) EC_POINT_free(acc);
|
||||
if (new_ctx != NULL)
|
||||
BN_CTX_free(new_ctx);
|
||||
return ret;
|
||||
|
@ -169,11 +169,13 @@ static void ec_pre_comp_clear_free(void *pre_)
|
||||
EC_POINT **p;
|
||||
|
||||
for (p = pre->points; *p != NULL; p++)
|
||||
{
|
||||
EC_POINT_clear_free(*p);
|
||||
OPENSSL_cleanse(pre->points, sizeof pre->points);
|
||||
OPENSSL_cleanse(p, sizeof *p);
|
||||
}
|
||||
OPENSSL_free(pre->points);
|
||||
}
|
||||
OPENSSL_cleanse(pre, sizeof pre);
|
||||
OPENSSL_cleanse(pre, sizeof *pre);
|
||||
OPENSSL_free(pre);
|
||||
}
|
||||
|
||||
|
@ -96,7 +96,6 @@ const ECDH_METHOD *ECDH_get_default_method(void)
|
||||
|
||||
int ECDH_set_method(EC_KEY *eckey, const ECDH_METHOD *meth)
|
||||
{
|
||||
const ECDH_METHOD *mtmp;
|
||||
ECDH_DATA *ecdh;
|
||||
|
||||
ecdh = ecdh_check(eckey);
|
||||
@ -104,11 +103,6 @@ int ECDH_set_method(EC_KEY *eckey, const ECDH_METHOD *meth)
|
||||
if (ecdh == NULL)
|
||||
return 0;
|
||||
|
||||
mtmp = ecdh->meth;
|
||||
#if 0
|
||||
if (mtmp->finish)
|
||||
mtmp->finish(eckey);
|
||||
#endif
|
||||
#ifndef OPENSSL_NO_ENGINE
|
||||
if (ecdh->engine)
|
||||
{
|
||||
|
@ -83,7 +83,6 @@ const ECDSA_METHOD *ECDSA_get_default_method(void)
|
||||
|
||||
int ECDSA_set_method(EC_KEY *eckey, const ECDSA_METHOD *meth)
|
||||
{
|
||||
const ECDSA_METHOD *mtmp;
|
||||
ECDSA_DATA *ecdsa;
|
||||
|
||||
ecdsa = ecdsa_check(eckey);
|
||||
@ -91,7 +90,6 @@ int ECDSA_set_method(EC_KEY *eckey, const ECDSA_METHOD *meth)
|
||||
if (ecdsa == NULL)
|
||||
return 0;
|
||||
|
||||
mtmp = ecdsa->meth;
|
||||
#ifndef OPENSSL_NO_ENGINE
|
||||
if (ecdsa->engine)
|
||||
{
|
||||
|
@ -412,6 +412,7 @@ ENGINE *ENGINE_by_id(const char *id)
|
||||
return iterator;
|
||||
}
|
||||
notfound:
|
||||
ENGINE_free(iterator);
|
||||
ENGINEerr(ENGINE_F_ENGINE_BY_ID,ENGINE_R_NO_SUCH_ENGINE);
|
||||
ERR_add_error_data(2, "id=", id);
|
||||
return NULL;
|
||||
|
@ -79,14 +79,20 @@ void ERR_print_errors_cb(int (*cb)(const char *str, size_t len, void *u),
|
||||
ERR_error_string_n(l, buf, sizeof buf);
|
||||
BIO_snprintf(buf2, sizeof(buf2), "%lu:%s:%s:%d:%s\n", es, buf,
|
||||
file, line, (flags & ERR_TXT_STRING) ? data : "");
|
||||
cb(buf2, strlen(buf2), u);
|
||||
if (cb(buf2, strlen(buf2), u) <= 0)
|
||||
break; /* abort outputting the error report */
|
||||
}
|
||||
}
|
||||
|
||||
#ifndef OPENSSL_NO_FP_API
|
||||
static int print_fp(const char *str, size_t len, void *fp)
|
||||
{
|
||||
return fwrite(str, 1, len, fp);
|
||||
BIO bio;
|
||||
|
||||
BIO_set(&bio,BIO_s_file());
|
||||
BIO_set_fp(&bio,fp,BIO_NOCLOSE);
|
||||
|
||||
return BIO_printf(&bio, "%s", str);
|
||||
}
|
||||
void ERR_print_errors_fp(FILE *fp)
|
||||
{
|
||||
|
@ -64,7 +64,7 @@
|
||||
|
||||
static int b64_write(BIO *h, const char *buf, int num);
|
||||
static int b64_read(BIO *h, char *buf, int size);
|
||||
/*static int b64_puts(BIO *h, const char *str); */
|
||||
static int b64_puts(BIO *h, const char *str);
|
||||
/*static int b64_gets(BIO *h, char *str, int size); */
|
||||
static long b64_ctrl(BIO *h, int cmd, long arg1, void *arg2);
|
||||
static int b64_new(BIO *h);
|
||||
@ -96,7 +96,7 @@ static BIO_METHOD methods_b64=
|
||||
BIO_TYPE_BASE64,"base64 encoding",
|
||||
b64_write,
|
||||
b64_read,
|
||||
NULL, /* b64_puts, */
|
||||
b64_puts,
|
||||
NULL, /* b64_gets, */
|
||||
b64_ctrl,
|
||||
b64_new,
|
||||
@ -127,6 +127,7 @@ static int b64_new(BIO *bi)
|
||||
bi->init=1;
|
||||
bi->ptr=(char *)ctx;
|
||||
bi->flags=0;
|
||||
bi->num = 0;
|
||||
return(1);
|
||||
}
|
||||
|
||||
@ -151,6 +152,8 @@ static int b64_read(BIO *b, char *out, int outl)
|
||||
|
||||
if ((ctx == NULL) || (b->next_bio == NULL)) return(0);
|
||||
|
||||
BIO_clear_retry_flags(b);
|
||||
|
||||
if (ctx->encode != B64_DECODE)
|
||||
{
|
||||
ctx->encode=B64_DECODE;
|
||||
@ -163,6 +166,7 @@ static int b64_read(BIO *b, char *out, int outl)
|
||||
/* First check if there are bytes decoded/encoded */
|
||||
if (ctx->buf_len > 0)
|
||||
{
|
||||
OPENSSL_assert(ctx->buf_len >= ctx->buf_off);
|
||||
i=ctx->buf_len-ctx->buf_off;
|
||||
if (i > outl) i=outl;
|
||||
OPENSSL_assert(ctx->buf_off+i < (int)sizeof(ctx->buf));
|
||||
@ -184,7 +188,6 @@ static int b64_read(BIO *b, char *out, int outl)
|
||||
ret_code=0;
|
||||
while (outl > 0)
|
||||
{
|
||||
|
||||
if (ctx->cont <= 0)
|
||||
break;
|
||||
|
||||
@ -195,7 +198,7 @@ static int b64_read(BIO *b, char *out, int outl)
|
||||
{
|
||||
ret_code=i;
|
||||
|
||||
/* Should be continue next time we are called? */
|
||||
/* Should we continue next time we are called? */
|
||||
if (!BIO_should_retry(b->next_bio))
|
||||
{
|
||||
ctx->cont=i;
|
||||
@ -285,19 +288,27 @@ static int b64_read(BIO *b, char *out, int outl)
|
||||
continue;
|
||||
}
|
||||
else
|
||||
{
|
||||
ctx->tmp_len=0;
|
||||
}
|
||||
/* If buffer isn't full and we can retry then
|
||||
* restart to read in more data.
|
||||
*/
|
||||
}
|
||||
else if ((i < B64_BLOCK_SIZE) && (ctx->cont > 0))
|
||||
{
|
||||
/* If buffer isn't full and we can retry then
|
||||
* restart to read in more data.
|
||||
*/
|
||||
continue;
|
||||
}
|
||||
|
||||
if (BIO_get_flags(b) & BIO_FLAGS_BASE64_NO_NL)
|
||||
{
|
||||
int z,jj;
|
||||
|
||||
#if 0
|
||||
jj=(i>>2)<<2;
|
||||
#else
|
||||
jj = i & ~3; /* process per 4 */
|
||||
#endif
|
||||
z=EVP_DecodeBlock((unsigned char *)ctx->buf,
|
||||
(unsigned char *)ctx->tmp,jj);
|
||||
if (jj > 2)
|
||||
@ -313,18 +324,15 @@ static int b64_read(BIO *b, char *out, int outl)
|
||||
* number consumed */
|
||||
if (jj != i)
|
||||
{
|
||||
memcpy((unsigned char *)ctx->tmp,
|
||||
(unsigned char *)&(ctx->tmp[jj]),i-jj);
|
||||
memmove(ctx->tmp, &ctx->tmp[jj], i-jj);
|
||||
ctx->tmp_len=i-jj;
|
||||
}
|
||||
ctx->buf_len=0;
|
||||
if (z > 0)
|
||||
{
|
||||
ctx->buf_len=z;
|
||||
i=1;
|
||||
}
|
||||
else
|
||||
i=z;
|
||||
i=z;
|
||||
}
|
||||
else
|
||||
{
|
||||
@ -357,14 +365,16 @@ static int b64_read(BIO *b, char *out, int outl)
|
||||
outl-=i;
|
||||
out+=i;
|
||||
}
|
||||
BIO_clear_retry_flags(b);
|
||||
/* BIO_clear_retry_flags(b); */
|
||||
BIO_copy_next_retry(b);
|
||||
return((ret == 0)?ret_code:ret);
|
||||
}
|
||||
|
||||
static int b64_write(BIO *b, const char *in, int inl)
|
||||
{
|
||||
int ret=inl,n,i;
|
||||
int ret=0;
|
||||
int n;
|
||||
int i;
|
||||
BIO_B64_CTX *ctx;
|
||||
|
||||
ctx=(BIO_B64_CTX *)b->ptr;
|
||||
@ -379,6 +389,9 @@ static int b64_write(BIO *b, const char *in, int inl)
|
||||
EVP_EncodeInit(&(ctx->base64));
|
||||
}
|
||||
|
||||
OPENSSL_assert(ctx->buf_off < (int)sizeof(ctx->buf));
|
||||
OPENSSL_assert(ctx->buf_len <= (int)sizeof(ctx->buf));
|
||||
OPENSSL_assert(ctx->buf_len >= ctx->buf_off);
|
||||
n=ctx->buf_len-ctx->buf_off;
|
||||
while (n > 0)
|
||||
{
|
||||
@ -388,7 +401,10 @@ static int b64_write(BIO *b, const char *in, int inl)
|
||||
BIO_copy_next_retry(b);
|
||||
return(i);
|
||||
}
|
||||
OPENSSL_assert(i <= n);
|
||||
ctx->buf_off+=i;
|
||||
OPENSSL_assert(ctx->buf_off <= (int)sizeof(ctx->buf));
|
||||
OPENSSL_assert(ctx->buf_len >= ctx->buf_off);
|
||||
n-=i;
|
||||
}
|
||||
/* at this point all pending data has been written */
|
||||
@ -405,18 +421,19 @@ static int b64_write(BIO *b, const char *in, int inl)
|
||||
{
|
||||
if (ctx->tmp_len > 0)
|
||||
{
|
||||
OPENSSL_assert(ctx->tmp_len <= 3);
|
||||
n=3-ctx->tmp_len;
|
||||
/* There's a teoretical possibility for this */
|
||||
/* There's a theoretical possibility for this */
|
||||
if (n > inl)
|
||||
n=inl;
|
||||
memcpy(&(ctx->tmp[ctx->tmp_len]),in,n);
|
||||
ctx->tmp_len+=n;
|
||||
ret += n;
|
||||
if (ctx->tmp_len < 3)
|
||||
break;
|
||||
ctx->buf_len=EVP_EncodeBlock(
|
||||
(unsigned char *)ctx->buf,
|
||||
(unsigned char *)ctx->tmp,
|
||||
ctx->tmp_len);
|
||||
ctx->buf_len=EVP_EncodeBlock((unsigned char *)ctx->buf,(unsigned char *)ctx->tmp,ctx->tmp_len);
|
||||
OPENSSL_assert(ctx->buf_len <= (int)sizeof(ctx->buf));
|
||||
OPENSSL_assert(ctx->buf_len >= ctx->buf_off);
|
||||
/* Since we're now done using the temporary
|
||||
buffer, the length should be 0'd */
|
||||
ctx->tmp_len=0;
|
||||
@ -425,14 +442,16 @@ static int b64_write(BIO *b, const char *in, int inl)
|
||||
{
|
||||
if (n < 3)
|
||||
{
|
||||
memcpy(&(ctx->tmp[0]),in,n);
|
||||
memcpy(ctx->tmp,in,n);
|
||||
ctx->tmp_len=n;
|
||||
ret += n;
|
||||
break;
|
||||
}
|
||||
n-=n%3;
|
||||
ctx->buf_len=EVP_EncodeBlock(
|
||||
(unsigned char *)ctx->buf,
|
||||
(unsigned char *)in,n);
|
||||
ctx->buf_len=EVP_EncodeBlock((unsigned char *)ctx->buf,(const unsigned char *)in,n);
|
||||
OPENSSL_assert(ctx->buf_len <= (int)sizeof(ctx->buf));
|
||||
OPENSSL_assert(ctx->buf_len >= ctx->buf_off);
|
||||
ret += n;
|
||||
}
|
||||
}
|
||||
else
|
||||
@ -440,6 +459,9 @@ static int b64_write(BIO *b, const char *in, int inl)
|
||||
EVP_EncodeUpdate(&(ctx->base64),
|
||||
(unsigned char *)ctx->buf,&ctx->buf_len,
|
||||
(unsigned char *)in,n);
|
||||
OPENSSL_assert(ctx->buf_len <= (int)sizeof(ctx->buf));
|
||||
OPENSSL_assert(ctx->buf_len >= ctx->buf_off);
|
||||
ret += n;
|
||||
}
|
||||
inl-=n;
|
||||
in+=n;
|
||||
@ -454,8 +476,11 @@ static int b64_write(BIO *b, const char *in, int inl)
|
||||
BIO_copy_next_retry(b);
|
||||
return((ret == 0)?i:ret);
|
||||
}
|
||||
OPENSSL_assert(i <= n);
|
||||
n-=i;
|
||||
ctx->buf_off+=i;
|
||||
OPENSSL_assert(ctx->buf_off <= (int)sizeof(ctx->buf));
|
||||
OPENSSL_assert(ctx->buf_len >= ctx->buf_off);
|
||||
}
|
||||
ctx->buf_len=0;
|
||||
ctx->buf_off=0;
|
||||
@ -486,6 +511,7 @@ static long b64_ctrl(BIO *b, int cmd, long num, void *ptr)
|
||||
ret=BIO_ctrl(b->next_bio,cmd,num,ptr);
|
||||
break;
|
||||
case BIO_CTRL_WPENDING: /* More to write in buffer */
|
||||
OPENSSL_assert(ctx->buf_len >= ctx->buf_off);
|
||||
ret=ctx->buf_len-ctx->buf_off;
|
||||
if ((ret == 0) && (ctx->encode != B64_NONE)
|
||||
&& (ctx->base64.num != 0))
|
||||
@ -494,6 +520,7 @@ static long b64_ctrl(BIO *b, int cmd, long num, void *ptr)
|
||||
ret=BIO_ctrl(b->next_bio,cmd,num,ptr);
|
||||
break;
|
||||
case BIO_CTRL_PENDING: /* More to read in buffer */
|
||||
OPENSSL_assert(ctx->buf_len >= ctx->buf_off);
|
||||
ret=ctx->buf_len-ctx->buf_off;
|
||||
if (ret <= 0)
|
||||
ret=BIO_ctrl(b->next_bio,cmd,num,ptr);
|
||||
@ -565,3 +592,7 @@ static long b64_callback_ctrl(BIO *b, int cmd, bio_info_cb *fp)
|
||||
return(ret);
|
||||
}
|
||||
|
||||
static int b64_puts(BIO *b, const char *str)
|
||||
{
|
||||
return b64_write(b,str,strlen(str));
|
||||
}
|
||||
|
@ -279,6 +279,7 @@ int EVP_CipherInit_ex(EVP_CIPHER_CTX *ctx, const EVP_CIPHER *cipher, ENGINE *imp
|
||||
case EVP_CIPH_OFB_MODE:
|
||||
|
||||
ctx->num = 0;
|
||||
/* fall-through */
|
||||
|
||||
case EVP_CIPH_CBC_MODE:
|
||||
|
||||
|
@ -235,7 +235,7 @@ void EVP_DecodeInit(EVP_ENCODE_CTX *ctx)
|
||||
int EVP_DecodeUpdate(EVP_ENCODE_CTX *ctx, unsigned char *out, int *outl,
|
||||
const unsigned char *in, int inl)
|
||||
{
|
||||
int seof= -1,eof=0,rv= -1,ret=0,i,v,tmp,n,ln,tmp2,exp_nl;
|
||||
int seof= -1,eof=0,rv= -1,ret=0,i,v,tmp,n,ln,exp_nl;
|
||||
unsigned char *d;
|
||||
|
||||
n=ctx->num;
|
||||
@ -319,7 +319,6 @@ int EVP_DecodeUpdate(EVP_ENCODE_CTX *ctx, unsigned char *out, int *outl,
|
||||
* lines. We process the line and then need to
|
||||
* accept the '\n' */
|
||||
if ((v != B64_EOF) && (n >= 64)) exp_nl=1;
|
||||
tmp2=v;
|
||||
if (n > 0)
|
||||
{
|
||||
v=EVP_DecodeBlock(out,d,n);
|
||||
|
@ -116,17 +116,50 @@ static int pbe_cmp(const char * const *a, const char * const *b)
|
||||
int EVP_PBE_alg_add(int nid, const EVP_CIPHER *cipher, const EVP_MD *md,
|
||||
EVP_PBE_KEYGEN *keygen)
|
||||
{
|
||||
EVP_PBE_CTL *pbe_tmp;
|
||||
if (!pbe_algs) pbe_algs = sk_new(pbe_cmp);
|
||||
if (!(pbe_tmp = (EVP_PBE_CTL*) OPENSSL_malloc (sizeof(EVP_PBE_CTL)))) {
|
||||
EVPerr(EVP_F_EVP_PBE_ALG_ADD,ERR_R_MALLOC_FAILURE);
|
||||
return 0;
|
||||
}
|
||||
pbe_tmp->pbe_nid = nid;
|
||||
EVP_PBE_CTL *pbe_tmp = NULL, pbelu;
|
||||
int i;
|
||||
if (!pbe_algs)
|
||||
{
|
||||
pbe_algs = sk_new(pbe_cmp);
|
||||
if (!pbe_algs)
|
||||
{
|
||||
EVPerr(EVP_F_EVP_PBE_ALG_ADD,ERR_R_MALLOC_FAILURE);
|
||||
return 0;
|
||||
}
|
||||
}
|
||||
else
|
||||
{
|
||||
/* Check if already present */
|
||||
pbelu.pbe_nid = nid;
|
||||
i = sk_find(pbe_algs, (char *)&pbelu);
|
||||
if (i >= 0)
|
||||
{
|
||||
pbe_tmp = (EVP_PBE_CTL *)sk_value(pbe_algs, i);
|
||||
/* If everything identical leave alone */
|
||||
if (pbe_tmp->cipher == cipher
|
||||
&& pbe_tmp->md == md
|
||||
&& pbe_tmp->keygen == keygen)
|
||||
return 1;
|
||||
}
|
||||
}
|
||||
|
||||
if (!pbe_tmp)
|
||||
{
|
||||
pbe_tmp = OPENSSL_malloc (sizeof(EVP_PBE_CTL));
|
||||
if (!pbe_tmp)
|
||||
{
|
||||
EVPerr(EVP_F_EVP_PBE_ALG_ADD,ERR_R_MALLOC_FAILURE);
|
||||
return 0;
|
||||
}
|
||||
/* If adding a new PBE, set nid, append and sort */
|
||||
pbe_tmp->pbe_nid = nid;
|
||||
sk_push (pbe_algs, (char *)pbe_tmp);
|
||||
sk_sort(pbe_algs);
|
||||
}
|
||||
|
||||
pbe_tmp->cipher = cipher;
|
||||
pbe_tmp->md = md;
|
||||
pbe_tmp->keygen = keygen;
|
||||
sk_push (pbe_algs, (char *)pbe_tmp);
|
||||
return 1;
|
||||
}
|
||||
|
||||
|
@ -130,12 +130,9 @@ void HMAC_Update(HMAC_CTX *ctx, const unsigned char *data, size_t len)
|
||||
|
||||
void HMAC_Final(HMAC_CTX *ctx, unsigned char *md, unsigned int *len)
|
||||
{
|
||||
int j;
|
||||
unsigned int i;
|
||||
unsigned char buf[EVP_MAX_MD_SIZE];
|
||||
|
||||
j=EVP_MD_block_size(ctx->md);
|
||||
|
||||
EVP_DigestFinal_ex(&ctx->md_ctx,buf,&i);
|
||||
EVP_MD_CTX_copy_ex(&ctx->md_ctx,&ctx->o_ctx);
|
||||
EVP_DigestUpdate(&ctx->md_ctx,buf,i);
|
||||
|
@ -242,7 +242,7 @@
|
||||
# if defined(__GNUC__) && __GNUC__>=2 && !defined(OPENSSL_NO_ASM) && !defined(OPENSSL_NO_INLINE_ASM)
|
||||
# if defined(__s390x__)
|
||||
# define HOST_c2l(c,l) ({ asm ("lrv %0,%1" \
|
||||
:"=d"(l) :"m"(*(const unsigned int *)(c));\
|
||||
:"=d"(l) :"m"(*(const unsigned int *)(c)));\
|
||||
(c)+=4; (l); })
|
||||
# define HOST_l2c(l,c) ({ asm ("strv %1,%0" \
|
||||
:"=m"(*(unsigned int *)(c)) :"d"(l));\
|
||||
|
@ -58,11 +58,16 @@
|
||||
|
||||
#include <e_os.h>
|
||||
#include <openssl/err.h>
|
||||
|
||||
/* Internal only functions: only ever used here */
|
||||
#ifdef OPENSSL_FIPS
|
||||
extern void int_ERR_lib_init(void);
|
||||
# ifndef OPENSSL_NO_ENGINE
|
||||
extern void int_EVP_MD_init_engine_callbacks(void );
|
||||
extern void int_EVP_CIPHER_init_engine_callbacks(void );
|
||||
extern void int_RAND_init_engine_callbacks(void );
|
||||
# endif
|
||||
#endif
|
||||
|
||||
/* Perform any essential OpenSSL initialization operations.
|
||||
* Currently only sets FIPS callbacks
|
||||
|
@ -371,11 +371,12 @@ int OCSP_sendreq_nbio(OCSP_RESPONSE **presp, OCSP_REQ_CTX *rctx)
|
||||
|
||||
|
||||
case OHS_ASN1_HEADER:
|
||||
/* Now reading ASN1 header: can read at least 6 bytes which
|
||||
* is more than enough for any valid ASN1 SEQUENCE header
|
||||
/* Now reading ASN1 header: can read at least 2 bytes which
|
||||
* is enough for ASN1 SEQUENCE header and either length field
|
||||
* or at least the length of the length field.
|
||||
*/
|
||||
n = BIO_get_mem_data(rctx->mem, &p);
|
||||
if (n < 6)
|
||||
if (n < 2)
|
||||
goto next_io;
|
||||
|
||||
/* Check it is an ASN1 SEQUENCE */
|
||||
@ -388,6 +389,11 @@ int OCSP_sendreq_nbio(OCSP_RESPONSE **presp, OCSP_REQ_CTX *rctx)
|
||||
/* Check out length field */
|
||||
if (*p & 0x80)
|
||||
{
|
||||
/* If MSB set on initial length octet we can now
|
||||
* always read 6 octets: make sure we have them.
|
||||
*/
|
||||
if (n < 6)
|
||||
goto next_io;
|
||||
n = *p & 0x7F;
|
||||
/* Not NDEF or excessive length */
|
||||
if (!n || (n > 4))
|
||||
|
@ -182,7 +182,6 @@ int OCSP_RESPONSE_print(BIO *bp, OCSP_RESPONSE* o, unsigned long flags)
|
||||
{
|
||||
int i, ret = 0;
|
||||
long l;
|
||||
unsigned char *p;
|
||||
OCSP_CERTID *cid = NULL;
|
||||
OCSP_BASICRESP *br = NULL;
|
||||
OCSP_RESPID *rid = NULL;
|
||||
@ -207,7 +206,6 @@ int OCSP_RESPONSE_print(BIO *bp, OCSP_RESPONSE* o, unsigned long flags)
|
||||
return 1;
|
||||
}
|
||||
|
||||
p = ASN1_STRING_data(rb->response);
|
||||
i = ASN1_STRING_length(rb->response);
|
||||
if (!(br = OCSP_response_get1_basic(o))) goto err;
|
||||
rd = br->tbsResponseData;
|
||||
|
@ -25,11 +25,11 @@
|
||||
* (Prior to 0.9.5a beta1, a different scheme was used: MMNNFFRBB for
|
||||
* major minor fix final patch/beta)
|
||||
*/
|
||||
#define OPENSSL_VERSION_NUMBER 0x009080efL
|
||||
#define OPENSSL_VERSION_NUMBER 0x0090810f
|
||||
#ifdef OPENSSL_FIPS
|
||||
#define OPENSSL_VERSION_TEXT "OpenSSL 0.9.8n-fips 24 Mar 2010"
|
||||
#define OPENSSL_VERSION_TEXT "OpenSSL 0.9.8p-fips 16 Nov 2010"
|
||||
#else
|
||||
#define OPENSSL_VERSION_TEXT "OpenSSL 0.9.8n 24 Mar 2010"
|
||||
#define OPENSSL_VERSION_TEXT "OpenSSL 0.9.8p 16 Nov 2010"
|
||||
#endif
|
||||
#define OPENSSL_VERSION_PTEXT " part of " OPENSSL_VERSION_TEXT
|
||||
|
||||
|
@ -434,7 +434,6 @@ int PEM_do_header(EVP_CIPHER_INFO *cipher, unsigned char *data, long *plen,
|
||||
|
||||
int PEM_get_EVP_CIPHER_INFO(char *header, EVP_CIPHER_INFO *cipher)
|
||||
{
|
||||
int o;
|
||||
const EVP_CIPHER *enc=NULL;
|
||||
char *p,c;
|
||||
char **header_pp = &header;
|
||||
@ -474,7 +473,6 @@ int PEM_get_EVP_CIPHER_INFO(char *header, EVP_CIPHER_INFO *cipher)
|
||||
header++;
|
||||
}
|
||||
*header='\0';
|
||||
o=OBJ_sn2nid(p);
|
||||
cipher->cipher=enc=EVP_get_cipherbyname(p);
|
||||
*header=c;
|
||||
header++;
|
||||
|
@ -110,6 +110,7 @@ int PKCS12_key_gen_uni(unsigned char *pass, int passlen, unsigned char *salt,
|
||||
unsigned char *B, *D, *I, *p, *Ai;
|
||||
int Slen, Plen, Ilen, Ijlen;
|
||||
int i, j, u, v;
|
||||
int ret = 0;
|
||||
BIGNUM *Ij, *Bpl1; /* These hold Ij and B + 1 */
|
||||
EVP_MD_CTX ctx;
|
||||
#ifdef DEBUG_KEYGEN
|
||||
@ -145,10 +146,8 @@ int PKCS12_key_gen_uni(unsigned char *pass, int passlen, unsigned char *salt,
|
||||
I = OPENSSL_malloc (Ilen);
|
||||
Ij = BN_new();
|
||||
Bpl1 = BN_new();
|
||||
if (!D || !Ai || !B || !I || !Ij || !Bpl1) {
|
||||
PKCS12err(PKCS12_F_PKCS12_KEY_GEN_UNI,ERR_R_MALLOC_FAILURE);
|
||||
return 0;
|
||||
}
|
||||
if (!D || !Ai || !B || !I || !Ij || !Bpl1)
|
||||
goto err;
|
||||
for (i = 0; i < v; i++) D[i] = id;
|
||||
p = I;
|
||||
for (i = 0; i < Slen; i++) *p++ = salt[i % saltlen];
|
||||
@ -165,28 +164,22 @@ int PKCS12_key_gen_uni(unsigned char *pass, int passlen, unsigned char *salt,
|
||||
}
|
||||
memcpy (out, Ai, min (n, u));
|
||||
if (u >= n) {
|
||||
OPENSSL_free (Ai);
|
||||
OPENSSL_free (B);
|
||||
OPENSSL_free (D);
|
||||
OPENSSL_free (I);
|
||||
BN_free (Ij);
|
||||
BN_free (Bpl1);
|
||||
EVP_MD_CTX_cleanup(&ctx);
|
||||
#ifdef DEBUG_KEYGEN
|
||||
fprintf(stderr, "Output KEY (length %d)\n", tmpn);
|
||||
h__dump(tmpout, tmpn);
|
||||
#endif
|
||||
return 1;
|
||||
ret = 1;
|
||||
goto end;
|
||||
}
|
||||
n -= u;
|
||||
out += u;
|
||||
for (j = 0; j < v; j++) B[j] = Ai[j % u];
|
||||
/* Work out B + 1 first then can use B as tmp space */
|
||||
BN_bin2bn (B, v, Bpl1);
|
||||
BN_add_word (Bpl1, 1);
|
||||
if (!BN_bin2bn (B, v, Bpl1)) goto err;
|
||||
if (!BN_add_word (Bpl1, 1)) goto err;
|
||||
for (j = 0; j < Ilen ; j+=v) {
|
||||
BN_bin2bn (I + j, v, Ij);
|
||||
BN_add (Ij, Ij, Bpl1);
|
||||
if (!BN_bin2bn (I + j, v, Ij)) goto err;
|
||||
if (!BN_add (Ij, Ij, Bpl1)) goto err;
|
||||
BN_bn2bin (Ij, B);
|
||||
Ijlen = BN_num_bytes (Ij);
|
||||
/* If more than 2^(v*8) - 1 cut off MSB */
|
||||
@ -202,6 +195,19 @@ int PKCS12_key_gen_uni(unsigned char *pass, int passlen, unsigned char *salt,
|
||||
} else BN_bn2bin (Ij, I + j);
|
||||
}
|
||||
}
|
||||
|
||||
err:
|
||||
PKCS12err(PKCS12_F_PKCS12_KEY_GEN_UNI,ERR_R_MALLOC_FAILURE);
|
||||
|
||||
end:
|
||||
OPENSSL_free (Ai);
|
||||
OPENSSL_free (B);
|
||||
OPENSSL_free (D);
|
||||
OPENSSL_free (I);
|
||||
BN_free (Ij);
|
||||
BN_free (Bpl1);
|
||||
EVP_MD_CTX_cleanup(&ctx);
|
||||
return ret;
|
||||
}
|
||||
#ifdef DEBUG_KEYGEN
|
||||
void h__dump (unsigned char *p, int len)
|
||||
|
@ -120,8 +120,13 @@ static int newpass_p12(PKCS12 *p12, char *oldpass, char *newpass)
|
||||
bags = PKCS12_unpack_p7data(p7);
|
||||
} else if (bagnid == NID_pkcs7_encrypted) {
|
||||
bags = PKCS12_unpack_p7encdata(p7, oldpass, -1);
|
||||
alg_get(p7->d.encrypted->enc_data->algorithm,
|
||||
&pbe_nid, &pbe_iter, &pbe_saltlen);
|
||||
if (!alg_get(p7->d.encrypted->enc_data->algorithm,
|
||||
&pbe_nid, &pbe_iter, &pbe_saltlen))
|
||||
{
|
||||
sk_PKCS12_SAFEBAG_pop_free(bags,
|
||||
PKCS12_SAFEBAG_free);
|
||||
bags = NULL;
|
||||
}
|
||||
} else continue;
|
||||
if (!bags) {
|
||||
sk_PKCS7_pop_free(asafes, PKCS7_free);
|
||||
@ -193,7 +198,9 @@ static int newpass_bag(PKCS12_SAFEBAG *bag, char *oldpass, char *newpass)
|
||||
if(M_PKCS12_bag_type(bag) != NID_pkcs8ShroudedKeyBag) return 1;
|
||||
|
||||
if (!(p8 = PKCS8_decrypt(bag->value.shkeybag, oldpass, -1))) return 0;
|
||||
alg_get(bag->value.shkeybag->algor, &p8_nid, &p8_iter, &p8_saltlen);
|
||||
if (!alg_get(bag->value.shkeybag->algor, &p8_nid, &p8_iter,
|
||||
&p8_saltlen))
|
||||
return 0;
|
||||
if(!(p8new = PKCS8_encrypt(p8_nid, NULL, newpass, -1, NULL, p8_saltlen,
|
||||
p8_iter, p8))) return 0;
|
||||
X509_SIG_free(bag->value.shkeybag);
|
||||
@ -208,9 +215,11 @@ static int alg_get(X509_ALGOR *alg, int *pnid, int *piter, int *psaltlen)
|
||||
|
||||
p = alg->parameter->value.sequence->data;
|
||||
pbe = d2i_PBEPARAM(NULL, &p, alg->parameter->value.sequence->length);
|
||||
if (!pbe)
|
||||
return 0;
|
||||
*pnid = OBJ_obj2nid(alg->algorithm);
|
||||
*piter = ASN1_INTEGER_get(pbe->iter);
|
||||
*psaltlen = pbe->salt->length;
|
||||
PBEPARAM_free(pbe);
|
||||
return 0;
|
||||
return 1;
|
||||
}
|
||||
|
@ -342,7 +342,6 @@ BIO *PKCS7_dataDecode(PKCS7 *p7, EVP_PKEY *pkey, BIO *in_bio, X509 *pcert)
|
||||
X509_ALGOR *enc_alg=NULL;
|
||||
STACK_OF(X509_ALGOR) *md_sk=NULL;
|
||||
STACK_OF(PKCS7_RECIP_INFO) *rsk=NULL;
|
||||
X509_ALGOR *xalg=NULL;
|
||||
PKCS7_RECIP_INFO *ri=NULL;
|
||||
|
||||
i=OBJ_obj2nid(p7->type);
|
||||
@ -365,7 +364,6 @@ BIO *PKCS7_dataDecode(PKCS7 *p7, EVP_PKEY *pkey, BIO *in_bio, X509 *pcert)
|
||||
PKCS7err(PKCS7_F_PKCS7_DATADECODE,PKCS7_R_UNSUPPORTED_CIPHER_TYPE);
|
||||
goto err;
|
||||
}
|
||||
xalg=p7->d.signed_and_enveloped->enc_data->algorithm;
|
||||
break;
|
||||
case NID_pkcs7_enveloped:
|
||||
rsk=p7->d.enveloped->recipientinfo;
|
||||
@ -377,7 +375,6 @@ BIO *PKCS7_dataDecode(PKCS7 *p7, EVP_PKEY *pkey, BIO *in_bio, X509 *pcert)
|
||||
PKCS7err(PKCS7_F_PKCS7_DATADECODE,PKCS7_R_UNSUPPORTED_CIPHER_TYPE);
|
||||
goto err;
|
||||
}
|
||||
xalg=p7->d.enveloped->enc_data->algorithm;
|
||||
break;
|
||||
default:
|
||||
PKCS7err(PKCS7_F_PKCS7_DATADECODE,PKCS7_R_UNSUPPORTED_CONTENT_TYPE);
|
||||
|
@ -558,7 +558,6 @@ X509 *PKCS7_cert_from_signer_info(PKCS7 *p7, PKCS7_SIGNER_INFO *si)
|
||||
int PKCS7_set_cipher(PKCS7 *p7, const EVP_CIPHER *cipher)
|
||||
{
|
||||
int i;
|
||||
ASN1_OBJECT *objtmp;
|
||||
PKCS7_ENC_CONTENT *ec;
|
||||
|
||||
i=OBJ_obj2nid(p7->type);
|
||||
@ -581,7 +580,6 @@ int PKCS7_set_cipher(PKCS7 *p7, const EVP_CIPHER *cipher)
|
||||
PKCS7err(PKCS7_F_PKCS7_SET_CIPHER,PKCS7_R_CIPHER_HAS_NO_OBJECT_IDENTIFIER);
|
||||
return(0);
|
||||
}
|
||||
objtmp = OBJ_nid2obj(i);
|
||||
|
||||
ec->cipher = cipher;
|
||||
return 1;
|
||||
|
@ -73,7 +73,6 @@ static int pk7_output_data(BIO *out, BIO *data, ASN1_VALUE *val, int flags,
|
||||
{
|
||||
PKCS7 *p7 = (PKCS7 *)val;
|
||||
BIO *tmpbio, *p7bio;
|
||||
int r = 0;
|
||||
|
||||
if (!(flags & SMIME_DETACHED))
|
||||
{
|
||||
@ -95,8 +94,6 @@ static int pk7_output_data(BIO *out, BIO *data, ASN1_VALUE *val, int flags,
|
||||
if (PKCS7_dataFinal(p7, p7bio) <= 0)
|
||||
goto err;
|
||||
|
||||
r = 1;
|
||||
|
||||
err:
|
||||
|
||||
/* Now remove any digests prepended to the BIO */
|
||||
|
@ -166,14 +166,13 @@ pqueue_pop(pqueue_s *pq)
|
||||
pitem *
|
||||
pqueue_find(pqueue_s *pq, PQ_64BIT priority)
|
||||
{
|
||||
pitem *next, *prev = NULL;
|
||||
pitem *next;
|
||||
pitem *found = NULL;
|
||||
|
||||
if ( pq->items == NULL)
|
||||
return NULL;
|
||||
|
||||
for ( next = pq->items; next->next != NULL;
|
||||
prev = next, next = next->next)
|
||||
for ( next = pq->items; next->next != NULL; next = next->next)
|
||||
{
|
||||
if ( pq_64bit_eq(&(next->priority), &priority))
|
||||
{
|
||||
@ -189,13 +188,6 @@ pqueue_find(pqueue_s *pq, PQ_64BIT priority)
|
||||
if ( ! found)
|
||||
return NULL;
|
||||
|
||||
#if 0 /* find works in peek mode */
|
||||
if ( prev == NULL)
|
||||
pq->items = next->next;
|
||||
else
|
||||
prev->next = next->next;
|
||||
#endif
|
||||
|
||||
return found;
|
||||
}
|
||||
|
||||
|
@ -160,8 +160,8 @@ int RAND_poll(void)
|
||||
rdtsc
|
||||
mov tsc, eax
|
||||
}
|
||||
#else
|
||||
asm volatile("rdtsc":"=A" (tsc));
|
||||
#elif defined(__GNUC__) && __GNUC__>=2 && !defined(OPENSSL_NO_ASM) && !defined(OPENSSL_NO_INLINE_ASM)
|
||||
asm volatile("rdtsc":"=a"(tsc)::"edx");
|
||||
#endif
|
||||
|
||||
RAND_add(&tsc, sizeof(tsc), 1);
|
||||
|
@ -265,8 +265,8 @@ int RAND_write_file(const char *file)
|
||||
const char *RAND_file_name(char *buf, size_t size)
|
||||
{
|
||||
char *s=NULL;
|
||||
int ok = 0;
|
||||
#ifdef __OpenBSD__
|
||||
int ok = 0;
|
||||
struct stat sb;
|
||||
#endif
|
||||
|
||||
@ -294,7 +294,9 @@ const char *RAND_file_name(char *buf, size_t size)
|
||||
BUF_strlcat(buf,"/",size);
|
||||
#endif
|
||||
BUF_strlcat(buf,RFILE,size);
|
||||
#ifdef __OpenBSD__
|
||||
ok = 1;
|
||||
#endif
|
||||
}
|
||||
else
|
||||
buf[0] = '\0'; /* no file name */
|
||||
|
@ -673,7 +673,7 @@ static int RSA_eay_public_decrypt(int flen, const unsigned char *from,
|
||||
rsa->_method_mod_n)) goto err;
|
||||
|
||||
if ((padding == RSA_X931_PADDING) && ((ret->d[0] & 0xf) != 12))
|
||||
BN_sub(ret, rsa->n, ret);
|
||||
if (!BN_sub(ret, rsa->n, ret)) goto err;
|
||||
|
||||
p=buf;
|
||||
i=BN_bn2bin(ret,p);
|
||||
|
@ -256,6 +256,7 @@ typedef struct x509_cinf_st
|
||||
ASN1_BIT_STRING *issuerUID; /* [ 1 ] optional in v2 */
|
||||
ASN1_BIT_STRING *subjectUID; /* [ 2 ] optional in v2 */
|
||||
STACK_OF(X509_EXTENSION) *extensions; /* [ 3 ] optional in v3 */
|
||||
ASN1_ENCODING enc;
|
||||
} X509_CINF;
|
||||
|
||||
/* This stuff is certificate "auxiliary info"
|
||||
|
@ -97,7 +97,6 @@ static int x509_subject_cmp(X509 **a, X509 **b)
|
||||
int X509_verify_cert(X509_STORE_CTX *ctx)
|
||||
{
|
||||
X509 *x,*xtmp,*chain_ss=NULL;
|
||||
X509_NAME *xn;
|
||||
int bad_chain = 0;
|
||||
X509_VERIFY_PARAM *param = ctx->param;
|
||||
int depth,i,ok=0;
|
||||
@ -149,7 +148,6 @@ int X509_verify_cert(X509_STORE_CTX *ctx)
|
||||
*/
|
||||
|
||||
/* If we are self signed, we break */
|
||||
xn=X509_get_issuer_name(x);
|
||||
if (ctx->check_issued(ctx, x,x)) break;
|
||||
|
||||
/* If we were passed a cert chain, use it first */
|
||||
@ -186,7 +184,6 @@ int X509_verify_cert(X509_STORE_CTX *ctx)
|
||||
|
||||
i=sk_X509_num(ctx->chain);
|
||||
x=sk_X509_value(ctx->chain,i-1);
|
||||
xn = X509_get_subject_name(x);
|
||||
if (ctx->check_issued(ctx, x, x))
|
||||
{
|
||||
/* we have a self signed certificate */
|
||||
@ -235,7 +232,6 @@ int X509_verify_cert(X509_STORE_CTX *ctx)
|
||||
if (depth < num) break;
|
||||
|
||||
/* If we are self signed, we break */
|
||||
xn=X509_get_issuer_name(x);
|
||||
if (ctx->check_issued(ctx,x,x)) break;
|
||||
|
||||
ok = ctx->get_issuer(&xtmp, ctx, x);
|
||||
@ -254,7 +250,6 @@ int X509_verify_cert(X509_STORE_CTX *ctx)
|
||||
}
|
||||
|
||||
/* we now have our chain, lets check it... */
|
||||
xn=X509_get_issuer_name(x);
|
||||
|
||||
/* Is last certificate looked up self signed? */
|
||||
if (!ctx->check_issued(ctx,x,x))
|
||||
@ -1380,7 +1375,7 @@ int X509_STORE_CTX_init(X509_STORE_CTX *ctx, X509_STORE *store, X509 *x509,
|
||||
if (store)
|
||||
ret = X509_VERIFY_PARAM_inherit(ctx->param, store->param);
|
||||
else
|
||||
ctx->param->flags |= X509_VP_FLAG_DEFAULT|X509_VP_FLAG_ONCE;
|
||||
ctx->param->inh_flags |= X509_VP_FLAG_DEFAULT|X509_VP_FLAG_ONCE;
|
||||
|
||||
if (store)
|
||||
{
|
||||
|
@ -97,6 +97,7 @@ int NETSCAPE_SPKI_verify(NETSCAPE_SPKI *a, EVP_PKEY *r)
|
||||
|
||||
int X509_sign(X509 *x, EVP_PKEY *pkey, const EVP_MD *md)
|
||||
{
|
||||
x->cert_info->enc.modified = 1;
|
||||
return(ASN1_item_sign(ASN1_ITEM_rptr(X509_CINF), x->cert_info->signature,
|
||||
x->sig_alg, x->signature, x->cert_info,pkey,md));
|
||||
}
|
||||
|
@ -182,7 +182,6 @@ static int do_i2r_name_constraints(X509V3_EXT_METHOD *method,
|
||||
print_nc_ipadd(bp, tree->base->d.ip);
|
||||
else
|
||||
GENERAL_NAME_print(bp, tree->base);
|
||||
tree = sk_GENERAL_SUBTREE_value(trees, i);
|
||||
BIO_puts(bp, "\n");
|
||||
}
|
||||
return 1;
|
||||
|
@ -128,7 +128,12 @@ static int process_pci_value(CONF_VALUE *val,
|
||||
unsigned char *tmp_data2 =
|
||||
string_to_hex(val->value + 4, &val_len);
|
||||
|
||||
if (!tmp_data2) goto err;
|
||||
if (!tmp_data2)
|
||||
{
|
||||
X509V3err(X509V3_F_PROCESS_PCI_VALUE,X509V3_R_ILLEGAL_HEX_DIGIT);
|
||||
X509V3_conf_err(val);
|
||||
goto err;
|
||||
}
|
||||
|
||||
tmp_data = OPENSSL_realloc((*policy)->data,
|
||||
(*policy)->length + val_len + 1);
|
||||
@ -140,6 +145,17 @@ static int process_pci_value(CONF_VALUE *val,
|
||||
(*policy)->length += val_len;
|
||||
(*policy)->data[(*policy)->length] = '\0';
|
||||
}
|
||||
else
|
||||
{
|
||||
OPENSSL_free(tmp_data2);
|
||||
/* realloc failure implies the original data space is b0rked too! */
|
||||
(*policy)->data = NULL;
|
||||
(*policy)->length = 0;
|
||||
X509V3err(X509V3_F_PROCESS_PCI_VALUE,ERR_R_MALLOC_FAILURE);
|
||||
X509V3_conf_err(val);
|
||||
goto err;
|
||||
}
|
||||
OPENSSL_free(tmp_data2);
|
||||
}
|
||||
else if (strncmp(val->value, "file:", 5) == 0)
|
||||
{
|
||||
@ -169,6 +185,7 @@ static int process_pci_value(CONF_VALUE *val,
|
||||
(*policy)->length += n;
|
||||
(*policy)->data[(*policy)->length] = '\0';
|
||||
}
|
||||
BIO_free_all(b);
|
||||
|
||||
if (n < 0)
|
||||
{
|
||||
@ -190,6 +207,15 @@ static int process_pci_value(CONF_VALUE *val,
|
||||
(*policy)->length += val_len;
|
||||
(*policy)->data[(*policy)->length] = '\0';
|
||||
}
|
||||
else
|
||||
{
|
||||
/* realloc failure implies the original data space is b0rked too! */
|
||||
(*policy)->data = NULL;
|
||||
(*policy)->length = 0;
|
||||
X509V3err(X509V3_F_PROCESS_PCI_VALUE,ERR_R_MALLOC_FAILURE);
|
||||
X509V3_conf_err(val);
|
||||
goto err;
|
||||
}
|
||||
}
|
||||
else
|
||||
{
|
||||
|
@ -300,7 +300,7 @@ Create a cleartext signed message:
|
||||
openssl smime -sign -in message.txt -text -out mail.msg \
|
||||
-signer mycert.pem
|
||||
|
||||
Create and opaque signed message
|
||||
Create and opaque signed message:
|
||||
|
||||
openssl smime -sign -in message.txt -text -out mail.msg -nodetach \
|
||||
-signer mycert.pem
|
||||
@ -349,11 +349,11 @@ it with:
|
||||
-----BEGIN PKCS7-----
|
||||
-----END PKCS7-----
|
||||
|
||||
and using the command,
|
||||
and using the command:
|
||||
|
||||
openssl smime -verify -inform PEM -in signature.pem -content content.txt
|
||||
|
||||
alternatively you can base64 decode the signature and use
|
||||
Alternatively you can base64 decode the signature and use:
|
||||
|
||||
openssl smime -verify -inform DER -in signature.der -content content.txt
|
||||
|
||||
@ -373,7 +373,7 @@ should be some heuristic that determines the correct encryption certificate.
|
||||
Ideally a database should be maintained of a certificates for each email address.
|
||||
|
||||
The code doesn't currently take note of the permitted symmetric encryption
|
||||
algorithms as supplied in the SMIMECapabilities signed attribute. this means the
|
||||
algorithms as supplied in the SMIMECapabilities signed attribute. This means the
|
||||
user has to manually include the correct encryption algorithm. It should store
|
||||
the list of permitted ciphers in a database and only use those.
|
||||
|
||||
|
@ -6,6 +6,8 @@ ASN1_OBJECT_new, ASN1_OBJECT_free, - object allocation functions
|
||||
|
||||
=head1 SYNOPSIS
|
||||
|
||||
#include <openssl/asn1.h>
|
||||
|
||||
ASN1_OBJECT *ASN1_OBJECT_new(void);
|
||||
void ASN1_OBJECT_free(ASN1_OBJECT *a);
|
||||
|
||||
|
@ -8,6 +8,8 @@ ASN1_STRING utility functions
|
||||
|
||||
=head1 SYNOPSIS
|
||||
|
||||
#include <openssl/asn1.h>
|
||||
|
||||
int ASN1_STRING_length(ASN1_STRING *x);
|
||||
unsigned char * ASN1_STRING_data(ASN1_STRING *x);
|
||||
|
||||
|
@ -7,6 +7,8 @@ ASN1_STRING allocation functions
|
||||
|
||||
=head1 SYNOPSIS
|
||||
|
||||
#include <openssl/asn1.h>
|
||||
|
||||
ASN1_STRING * ASN1_STRING_new(void);
|
||||
ASN1_STRING * ASN1_STRING_type_new(int type);
|
||||
void ASN1_STRING_free(ASN1_STRING *a);
|
||||
|
@ -6,6 +6,8 @@ ASN1_generate_nconf, ASN1_generate_v3 - ASN1 generation functions
|
||||
|
||||
=head1 SYNOPSIS
|
||||
|
||||
#include <openssl/asn1.h>
|
||||
|
||||
ASN1_TYPE *ASN1_generate_nconf(char *str, CONF *nconf);
|
||||
ASN1_TYPE *ASN1_generate_v3(char *str, X509V3_CTX *cnf);
|
||||
|
||||
|
@ -31,7 +31,7 @@ BIO_get_buffer_num_lines() returns the number of lines currently buffered.
|
||||
|
||||
BIO_set_read_buffer_size(), BIO_set_write_buffer_size() and BIO_set_buffer_size()
|
||||
set the read, write or both read and write buffer sizes to B<size>. The initial
|
||||
buffer size is DEFAULT_BUFFER_SIZE, currently 1024. Any attempt to reduce the
|
||||
buffer size is DEFAULT_BUFFER_SIZE, currently 4096. Any attempt to reduce the
|
||||
buffer size below DEFAULT_BUFFER_SIZE is ignored. Any buffered data is cleared
|
||||
when the buffer is resized.
|
||||
|
||||
@ -66,4 +66,9 @@ there was an error.
|
||||
|
||||
=head1 SEE ALSO
|
||||
|
||||
TBA
|
||||
L<BIO(3)|BIO(3)>,
|
||||
L<BIO_reset(3)|BIO_reset(3)>,
|
||||
L<BIO_flush(3)|BIO_flush(3)>,
|
||||
L<BIO_pop(3)|BIO_pop(3)>,
|
||||
L<BIO_ctrl(3)|BIO_ctrl(3)>,
|
||||
L<BIO_int_ctrl(3)|BIO_ctrl(3)>
|
||||
|
@ -45,7 +45,7 @@ needs to read data.
|
||||
BIO_should_io_special() is true if some "special" condition, that is a
|
||||
reason other than reading or writing is the cause of the condition.
|
||||
|
||||
BIO_get_retry_reason() returns a mask of the cause of a retry condition
|
||||
BIO_retry_type() returns a mask of the cause of a retry condition
|
||||
consisting of the values B<BIO_FLAGS_READ>, B<BIO_FLAGS_WRITE>,
|
||||
B<BIO_FLAGS_IO_SPECIAL> though current BIO types will only set one of
|
||||
these.
|
||||
|
@ -6,6 +6,8 @@ CRYPTO_set_ex_data, CRYPTO_get_ex_data - internal application specific data func
|
||||
|
||||
=head1 SYNOPSIS
|
||||
|
||||
#include <openssl/crypto.h>
|
||||
|
||||
int CRYPTO_set_ex_data(CRYPTO_EX_DATA *r, int idx, void *arg);
|
||||
|
||||
void *CRYPTO_get_ex_data(CRYPTO_EX_DATA *r, int idx);
|
||||
|
@ -8,6 +8,8 @@ functions
|
||||
|
||||
=head1 SYNOPSIS
|
||||
|
||||
#include <openssl/objects.h>
|
||||
|
||||
ASN1_OBJECT * OBJ_nid2obj(int n);
|
||||
const char * OBJ_nid2ln(int n);
|
||||
const char * OBJ_nid2sn(int n);
|
||||
|
@ -6,7 +6,9 @@ PKCS7_decrypt - decrypt content from a PKCS#7 envelopedData structure
|
||||
|
||||
=head1 SYNOPSIS
|
||||
|
||||
int PKCS7_decrypt(PKCS7 *p7, EVP_PKEY *pkey, X509 *cert, BIO *data, int flags);
|
||||
#include <openssl/pkcs7.h>
|
||||
|
||||
int PKCS7_decrypt(PKCS7 *p7, EVP_PKEY *pkey, X509 *cert, BIO *data, int flags);
|
||||
|
||||
=head1 DESCRIPTION
|
||||
|
||||
|
@ -6,7 +6,9 @@ PKCS7_encrypt - create a PKCS#7 envelopedData structure
|
||||
|
||||
=head1 SYNOPSIS
|
||||
|
||||
PKCS7 *PKCS7_encrypt(STACK_OF(X509) *certs, BIO *in, const EVP_CIPHER *cipher, int flags);
|
||||
#include <openssl/pkcs7.h>
|
||||
|
||||
PKCS7 *PKCS7_encrypt(STACK_OF(X509) *certs, BIO *in, const EVP_CIPHER *cipher, int flags);
|
||||
|
||||
=head1 DESCRIPTION
|
||||
|
||||
|
@ -6,7 +6,9 @@ PKCS7_sign - create a PKCS#7 signedData structure
|
||||
|
||||
=head1 SYNOPSIS
|
||||
|
||||
PKCS7 *PKCS7_sign(X509 *signcert, EVP_PKEY *pkey, STACK_OF(X509) *certs, BIO *data, int flags);
|
||||
#include <openssl/pkcs7.h>
|
||||
|
||||
PKCS7 *PKCS7_sign(X509 *signcert, EVP_PKEY *pkey, STACK_OF(X509) *certs, BIO *data, int flags);
|
||||
|
||||
=head1 DESCRIPTION
|
||||
|
||||
|
@ -6,9 +6,11 @@ PKCS7_verify - verify a PKCS#7 signedData structure
|
||||
|
||||
=head1 SYNOPSIS
|
||||
|
||||
int PKCS7_verify(PKCS7 *p7, STACK_OF(X509) *certs, X509_STORE *store, BIO *indata, BIO *out, int flags);
|
||||
#include <openssl/pkcs7.h>
|
||||
|
||||
STACK_OF(X509) *PKCS7_get0_signers(PKCS7 *p7, STACK_OF(X509) *certs, int flags);
|
||||
int PKCS7_verify(PKCS7 *p7, STACK_OF(X509) *certs, X509_STORE *store, BIO *indata, BIO *out, int flags);
|
||||
|
||||
STACK_OF(X509) *PKCS7_get0_signers(PKCS7 *p7, STACK_OF(X509) *certs, int flags);
|
||||
|
||||
=head1 DESCRIPTION
|
||||
|
||||
|
@ -6,7 +6,9 @@ SMIME_read_PKCS7 - parse S/MIME message.
|
||||
|
||||
=head1 SYNOPSIS
|
||||
|
||||
PKCS7 *SMIME_read_PKCS7(BIO *in, BIO **bcont);
|
||||
#include <openssl/pkcs7.h>
|
||||
|
||||
PKCS7 *SMIME_read_PKCS7(BIO *in, BIO **bcont);
|
||||
|
||||
=head1 DESCRIPTION
|
||||
|
||||
|
@ -6,7 +6,9 @@ SMIME_write_PKCS7 - convert PKCS#7 structure to S/MIME format.
|
||||
|
||||
=head1 SYNOPSIS
|
||||
|
||||
int SMIME_write_PKCS7(BIO *out, PKCS7 *p7, BIO *data, int flags);
|
||||
#include <openssl/pkcs7.h>
|
||||
|
||||
int SMIME_write_PKCS7(BIO *out, PKCS7 *p7, BIO *data, int flags);
|
||||
|
||||
=head1 DESCRIPTION
|
||||
|
||||
|
@ -9,15 +9,17 @@ X509_NAME_ENTRY_create_by_OBJ - X509_NAME_ENTRY utility functions
|
||||
|
||||
=head1 SYNOPSIS
|
||||
|
||||
ASN1_OBJECT * X509_NAME_ENTRY_get_object(X509_NAME_ENTRY *ne);
|
||||
ASN1_STRING * X509_NAME_ENTRY_get_data(X509_NAME_ENTRY *ne);
|
||||
#include <openssl/x509.h>
|
||||
|
||||
int X509_NAME_ENTRY_set_object(X509_NAME_ENTRY *ne, ASN1_OBJECT *obj);
|
||||
int X509_NAME_ENTRY_set_data(X509_NAME_ENTRY *ne, int type, const unsigned char *bytes, int len);
|
||||
ASN1_OBJECT * X509_NAME_ENTRY_get_object(X509_NAME_ENTRY *ne);
|
||||
ASN1_STRING * X509_NAME_ENTRY_get_data(X509_NAME_ENTRY *ne);
|
||||
|
||||
X509_NAME_ENTRY *X509_NAME_ENTRY_create_by_txt(X509_NAME_ENTRY **ne, const char *field, int type, const unsigned char *bytes, int len);
|
||||
X509_NAME_ENTRY *X509_NAME_ENTRY_create_by_NID(X509_NAME_ENTRY **ne, int nid, int type,unsigned char *bytes, int len);
|
||||
X509_NAME_ENTRY *X509_NAME_ENTRY_create_by_OBJ(X509_NAME_ENTRY **ne, ASN1_OBJECT *obj, int type, const unsigned char *bytes, int len);
|
||||
int X509_NAME_ENTRY_set_object(X509_NAME_ENTRY *ne, ASN1_OBJECT *obj);
|
||||
int X509_NAME_ENTRY_set_data(X509_NAME_ENTRY *ne, int type, const unsigned char *bytes, int len);
|
||||
|
||||
X509_NAME_ENTRY *X509_NAME_ENTRY_create_by_txt(X509_NAME_ENTRY **ne, const char *field, int type, const unsigned char *bytes, int len);
|
||||
X509_NAME_ENTRY *X509_NAME_ENTRY_create_by_NID(X509_NAME_ENTRY **ne, int nid, int type,unsigned char *bytes, int len);
|
||||
X509_NAME_ENTRY *X509_NAME_ENTRY_create_by_OBJ(X509_NAME_ENTRY **ne, ASN1_OBJECT *obj, int type, const unsigned char *bytes, int len);
|
||||
|
||||
=head1 DESCRIPTION
|
||||
|
||||
|
@ -7,15 +7,17 @@ X509_NAME_add_entry, X509_NAME_delete_entry - X509_NAME modification functions
|
||||
|
||||
=head1 SYNOPSIS
|
||||
|
||||
int X509_NAME_add_entry_by_txt(X509_NAME *name, const char *field, int type, const unsigned char *bytes, int len, int loc, int set);
|
||||
#include <openssl/x509.h>
|
||||
|
||||
int X509_NAME_add_entry_by_OBJ(X509_NAME *name, ASN1_OBJECT *obj, int type, unsigned char *bytes, int len, int loc, int set);
|
||||
int X509_NAME_add_entry_by_txt(X509_NAME *name, const char *field, int type, const unsigned char *bytes, int len, int loc, int set);
|
||||
|
||||
int X509_NAME_add_entry_by_NID(X509_NAME *name, int nid, int type, unsigned char *bytes, int len, int loc, int set);
|
||||
int X509_NAME_add_entry_by_OBJ(X509_NAME *name, ASN1_OBJECT *obj, int type, unsigned char *bytes, int len, int loc, int set);
|
||||
|
||||
int X509_NAME_add_entry(X509_NAME *name,X509_NAME_ENTRY *ne, int loc, int set);
|
||||
int X509_NAME_add_entry_by_NID(X509_NAME *name, int nid, int type, unsigned char *bytes, int len, int loc, int set);
|
||||
|
||||
X509_NAME_ENTRY *X509_NAME_delete_entry(X509_NAME *name, int loc);
|
||||
int X509_NAME_add_entry(X509_NAME *name,X509_NAME_ENTRY *ne, int loc, int set);
|
||||
|
||||
X509_NAME_ENTRY *X509_NAME_delete_entry(X509_NAME *name, int loc);
|
||||
|
||||
=head1 DESCRIPTION
|
||||
|
||||
|
@ -8,14 +8,16 @@ X509_NAME lookup and enumeration functions
|
||||
|
||||
=head1 SYNOPSIS
|
||||
|
||||
int X509_NAME_get_index_by_NID(X509_NAME *name,int nid,int lastpos);
|
||||
int X509_NAME_get_index_by_OBJ(X509_NAME *name,ASN1_OBJECT *obj, int lastpos);
|
||||
#include <openssl/x509.h>
|
||||
|
||||
int X509_NAME_entry_count(X509_NAME *name);
|
||||
X509_NAME_ENTRY *X509_NAME_get_entry(X509_NAME *name, int loc);
|
||||
int X509_NAME_get_index_by_NID(X509_NAME *name,int nid,int lastpos);
|
||||
int X509_NAME_get_index_by_OBJ(X509_NAME *name,ASN1_OBJECT *obj, int lastpos);
|
||||
|
||||
int X509_NAME_get_text_by_NID(X509_NAME *name, int nid, char *buf,int len);
|
||||
int X509_NAME_get_text_by_OBJ(X509_NAME *name, ASN1_OBJECT *obj, char *buf,int len);
|
||||
int X509_NAME_entry_count(X509_NAME *name);
|
||||
X509_NAME_ENTRY *X509_NAME_get_entry(X509_NAME *name, int loc);
|
||||
|
||||
int X509_NAME_get_text_by_NID(X509_NAME *name, int nid, char *buf,int len);
|
||||
int X509_NAME_get_text_by_OBJ(X509_NAME *name, ASN1_OBJECT *obj, char *buf,int len);
|
||||
|
||||
=head1 DESCRIPTION
|
||||
|
||||
|
@ -6,6 +6,8 @@ X509_new, X509_free - X509 certificate ASN1 allocation functions
|
||||
|
||||
=head1 SYNOPSIS
|
||||
|
||||
#include <openssl/x509.h>
|
||||
|
||||
X509 *X509_new(void);
|
||||
void X509_free(X509 *a);
|
||||
|
||||
|
@ -13,6 +13,8 @@ library internal functions
|
||||
|
||||
=head1 SYNOPSIS
|
||||
|
||||
#include <openssl/bn.h>
|
||||
|
||||
BN_ULONG bn_mul_words(BN_ULONG *rp, BN_ULONG *ap, int num, BN_ULONG w);
|
||||
BN_ULONG bn_mul_add_words(BN_ULONG *rp, BN_ULONG *ap, int num,
|
||||
BN_ULONG w);
|
||||
|
@ -7,6 +7,8 @@ Compatibility user interface functions
|
||||
|
||||
=head1 SYNOPSIS
|
||||
|
||||
#include <openssl/des_old.h>
|
||||
|
||||
int des_read_password(DES_cblock *key,const char *prompt,int verify);
|
||||
int des_read_2passwords(DES_cblock *key1,DES_cblock *key2,
|
||||
const char *prompt,int verify);
|
||||
|
@ -15,7 +15,7 @@ SSL_library_init, OpenSSL_add_ssl_algorithms, SSLeay_add_ssl_algorithms
|
||||
|
||||
=head1 DESCRIPTION
|
||||
|
||||
SSL_library_init() registers the available ciphers and digests.
|
||||
SSL_library_init() registers the available SSL/TLS ciphers and digests.
|
||||
|
||||
OpenSSL_add_ssl_algorithms() and SSLeay_add_ssl_algorithms() are synonyms
|
||||
for SSL_library_init().
|
||||
@ -26,24 +26,28 @@ SSL_library_init() must be called before any other action takes place.
|
||||
|
||||
=head1 WARNING
|
||||
|
||||
SSL_library_init() only registers ciphers. Another important initialization
|
||||
is the seeding of the PRNG (Pseudo Random Number Generator), which has to
|
||||
be performed separately.
|
||||
SSL_library_init() adds ciphers and digests used directly and indirectly by
|
||||
SSL/TLS.
|
||||
|
||||
=head1 EXAMPLES
|
||||
|
||||
A typical TLS/SSL application will start with the library initialization,
|
||||
will provide readable error messages and will seed the PRNG.
|
||||
and provide readable error messages.
|
||||
|
||||
SSL_load_error_strings(); /* readable error messages */
|
||||
SSL_library_init(); /* initialize library */
|
||||
actions_to_seed_PRNG();
|
||||
|
||||
=head1 RETURN VALUES
|
||||
|
||||
SSL_library_init() always returns "1", so it is safe to discard the return
|
||||
value.
|
||||
|
||||
=head1 NOTES
|
||||
|
||||
OpenSSL 0.9.8o and 1.0.0a and later added SHA2 algorithms to SSL_library_init().
|
||||
Applications which need to use SHA2 in earlier versions of OpenSSL should call
|
||||
OpenSSL_add_all_algorithms() as well.
|
||||
|
||||
=head1 SEE ALSO
|
||||
|
||||
L<ssl(3)|ssl(3)>, L<SSL_load_error_strings(3)|SSL_load_error_strings(3)>,
|
||||
|
@ -153,7 +153,6 @@ extern "C" {
|
||||
#define clear_socket_error() WSASetLastError(0)
|
||||
#define readsocket(s,b,n) recv((s),(b),(n),0)
|
||||
#define writesocket(s,b,n) send((s),(b),(n),0)
|
||||
#define EADDRINUSE WSAEADDRINUSE
|
||||
#elif defined(__DJGPP__)
|
||||
#define WATT32
|
||||
#define get_last_socket_error() errno
|
||||
|
@ -111,11 +111,10 @@ static int hwcrhk_mod_exp(BIGNUM *r, const BIGNUM *a, const BIGNUM *p,
|
||||
#ifndef OPENSSL_NO_RSA
|
||||
/* RSA stuff */
|
||||
static int hwcrhk_rsa_mod_exp(BIGNUM *r, const BIGNUM *I, RSA *rsa, BN_CTX *ctx);
|
||||
#endif
|
||||
#ifndef OPENSSL_NO_RSA
|
||||
/* This function is aliased to mod_exp (with the mont stuff dropped). */
|
||||
static int hwcrhk_mod_exp_mont(BIGNUM *r, const BIGNUM *a, const BIGNUM *p,
|
||||
const BIGNUM *m, BN_CTX *ctx, BN_MONT_CTX *m_ctx);
|
||||
static int hwcrhk_rsa_finish(RSA *rsa);
|
||||
#endif
|
||||
|
||||
#ifndef OPENSSL_NO_DH
|
||||
@ -135,10 +134,6 @@ static EVP_PKEY *hwcrhk_load_privkey(ENGINE *eng, const char *key_id,
|
||||
UI_METHOD *ui_method, void *callback_data);
|
||||
static EVP_PKEY *hwcrhk_load_pubkey(ENGINE *eng, const char *key_id,
|
||||
UI_METHOD *ui_method, void *callback_data);
|
||||
#ifndef OPENSSL_NO_RSA
|
||||
static void hwcrhk_ex_free(void *obj, void *item, CRYPTO_EX_DATA *ad,
|
||||
int ind,long argl, void *argp);
|
||||
#endif
|
||||
|
||||
/* Interaction stuff */
|
||||
static int hwcrhk_insert_card(const char *prompt_info,
|
||||
@ -193,7 +188,7 @@ static RSA_METHOD hwcrhk_rsa =
|
||||
hwcrhk_rsa_mod_exp,
|
||||
hwcrhk_mod_exp_mont,
|
||||
NULL,
|
||||
NULL,
|
||||
hwcrhk_rsa_finish,
|
||||
0,
|
||||
NULL,
|
||||
NULL,
|
||||
@ -603,7 +598,7 @@ static int hwcrhk_init(ENGINE *e)
|
||||
if (hndidx_rsa == -1)
|
||||
hndidx_rsa = RSA_get_ex_new_index(0,
|
||||
"nFast HWCryptoHook RSA key handle",
|
||||
NULL, NULL, hwcrhk_ex_free);
|
||||
NULL, NULL, NULL);
|
||||
#endif
|
||||
return 1;
|
||||
err:
|
||||
@ -1081,6 +1076,21 @@ static int hwcrhk_mod_exp_mont(BIGNUM *r, const BIGNUM *a, const BIGNUM *p,
|
||||
{
|
||||
return hwcrhk_mod_exp(r, a, p, m, ctx);
|
||||
}
|
||||
|
||||
static int hwcrhk_rsa_finish(RSA *rsa)
|
||||
{
|
||||
HWCryptoHook_RSAKeyHandle *hptr;
|
||||
|
||||
hptr = RSA_get_ex_data(rsa, hndidx_rsa);
|
||||
if (hptr)
|
||||
{
|
||||
p_hwcrhk_RSAUnloadKey(*hptr, NULL);
|
||||
OPENSSL_free(hptr);
|
||||
RSA_set_ex_data(rsa, hndidx_rsa, NULL);
|
||||
}
|
||||
return 1;
|
||||
}
|
||||
|
||||
#endif
|
||||
|
||||
#ifndef OPENSSL_NO_DH
|
||||
@ -1139,34 +1149,6 @@ static int hwcrhk_rand_status(void)
|
||||
return 1;
|
||||
}
|
||||
|
||||
/* This cleans up an RSA KM key, called when ex_data is freed */
|
||||
#ifndef OPENSSL_NO_RSA
|
||||
static void hwcrhk_ex_free(void *obj, void *item, CRYPTO_EX_DATA *ad,
|
||||
int ind,long argl, void *argp)
|
||||
{
|
||||
char tempbuf[1024];
|
||||
HWCryptoHook_ErrMsgBuf rmsg;
|
||||
#ifndef OPENSSL_NO_RSA
|
||||
HWCryptoHook_RSAKeyHandle *hptr;
|
||||
#endif
|
||||
#if !defined(OPENSSL_NO_RSA)
|
||||
int ret;
|
||||
#endif
|
||||
|
||||
rmsg.buf = tempbuf;
|
||||
rmsg.size = sizeof(tempbuf);
|
||||
|
||||
#ifndef OPENSSL_NO_RSA
|
||||
hptr = (HWCryptoHook_RSAKeyHandle *) item;
|
||||
if(hptr)
|
||||
{
|
||||
ret = p_hwcrhk_RSAUnloadKey(*hptr, NULL);
|
||||
OPENSSL_free(hptr);
|
||||
}
|
||||
#endif
|
||||
}
|
||||
#endif
|
||||
|
||||
/* Mutex calls: since the HWCryptoHook model closely follows the POSIX model
|
||||
* these just wrap the POSIX functions and add some logging.
|
||||
*/
|
||||
@ -1316,6 +1298,8 @@ static int hwcrhk_insert_card(const char *prompt_info,
|
||||
if (wrong_info && *wrong_info)
|
||||
BIO_snprintf(buf, sizeof(buf)-1,
|
||||
"Current card: \"%s\"\n", wrong_info);
|
||||
else
|
||||
buf[0] = 0;
|
||||
ok = UI_dup_info_string(ui, buf);
|
||||
if (ok >= 0 && prompt_info)
|
||||
{
|
||||
|
@ -811,7 +811,6 @@ static DSA_SIG *cswift_dsa_sign(const unsigned char *dgst, int dlen, DSA *dsa)
|
||||
SW_PARAM sw_param;
|
||||
SW_STATUS sw_status;
|
||||
SW_LARGENUMBER arg, res;
|
||||
unsigned char *ptr;
|
||||
BN_CTX *ctx;
|
||||
BIGNUM *dsa_p = NULL;
|
||||
BIGNUM *dsa_q = NULL;
|
||||
@ -899,7 +898,6 @@ static DSA_SIG *cswift_dsa_sign(const unsigned char *dgst, int dlen, DSA *dsa)
|
||||
goto err;
|
||||
}
|
||||
/* Convert the response */
|
||||
ptr = (unsigned char *)result->d;
|
||||
if((to_return = DSA_SIG_new()) == NULL)
|
||||
goto err;
|
||||
to_return->r = BN_bin2bn((unsigned char *)result->d, 20, NULL);
|
||||
|
@ -631,10 +631,8 @@ static int ubsec_mod_exp_crt(BIGNUM *r, const BIGNUM *a, const BIGNUM *p,
|
||||
const BIGNUM *dq, const BIGNUM *qinv, BN_CTX *ctx)
|
||||
{
|
||||
int y_len,
|
||||
m_len,
|
||||
fd;
|
||||
|
||||
m_len = BN_num_bytes(p) + BN_num_bytes(q) + 1;
|
||||
y_len = BN_num_bits(p) + BN_num_bits(q);
|
||||
|
||||
/* Check if hardware can't handle this argument. */
|
||||
|
@ -297,12 +297,16 @@ my $filter = "";
|
||||
my $tvdir;
|
||||
my $tprefix;
|
||||
my $shwrap_prefix;
|
||||
my $shwrap;
|
||||
my $rmcmd = "rm -rf";
|
||||
my $mkcmd = "mkdir";
|
||||
my $debug = 0;
|
||||
my $quiet = 0;
|
||||
my $rspdir = "rsp";
|
||||
my $rspignore = 0;
|
||||
my @bogus = (); # list of unmatched *.rsp files
|
||||
my $bufout = '';
|
||||
my $bufdir = '';
|
||||
my %_programs = (); # list of external programs to check
|
||||
|
||||
foreach (@ARGV)
|
||||
@ -331,6 +335,10 @@ foreach (@ARGV)
|
||||
{
|
||||
$rspdir = $1;
|
||||
}
|
||||
elsif (/--noshwrap$/)
|
||||
{
|
||||
$shwrap = "";
|
||||
}
|
||||
elsif (/--rspignore$/)
|
||||
{
|
||||
$rspignore = 1;
|
||||
@ -347,6 +355,14 @@ foreach (@ARGV)
|
||||
{
|
||||
$filter = $1;
|
||||
}
|
||||
elsif (/--mkdir=(.*)$/)
|
||||
{
|
||||
$mkcmd = $1;
|
||||
}
|
||||
elsif (/--rm=(.*)$/)
|
||||
{
|
||||
$rmcmd = $1;
|
||||
}
|
||||
elsif (/--outfile=(.*)$/)
|
||||
{
|
||||
$outfile = $1;
|
||||
@ -396,6 +412,8 @@ else
|
||||
$shwrap_prefix = "../util/" unless defined $shwrap_prefix;
|
||||
}
|
||||
|
||||
$shwrap = "${shwrap_prefix}shlib_wrap.sh " unless defined $shwrap;
|
||||
|
||||
$bufinit .= <<END;
|
||||
#!/bin/sh
|
||||
|
||||
@ -403,6 +421,9 @@ else
|
||||
# Auto generated by mkfipsscr.pl script
|
||||
# Do not edit
|
||||
|
||||
RM="$rmcmd"
|
||||
MKDIR="$mkcmd"
|
||||
TPREFIX=$tprefix
|
||||
END
|
||||
|
||||
}
|
||||
@ -546,7 +567,7 @@ sub test_dir
|
||||
{
|
||||
$rsp =~ tr|/|\\|;
|
||||
$req =~ tr|/|\\|;
|
||||
$bufout .= <<END;
|
||||
$bufdir = <<END;
|
||||
|
||||
echo Running tests in $req
|
||||
if exist "$rsp" rd /s /q "$rsp"
|
||||
@ -555,11 +576,11 @@ END
|
||||
}
|
||||
else
|
||||
{
|
||||
$bufout .= <<END;
|
||||
$bufdir = <<END;
|
||||
|
||||
echo Running tests in "$req"
|
||||
rm -rf "$rsp"
|
||||
mkdir "$rsp"
|
||||
\$RM "$rsp"
|
||||
\$MKDIR "$rsp"
|
||||
|
||||
END
|
||||
}
|
||||
@ -571,6 +592,10 @@ sub test_line
|
||||
my ($win32, $req, $tprefix, $tnam) = @_;
|
||||
my $rsp = $req;
|
||||
my $tcmd = $fips_tests{$tnam};
|
||||
|
||||
$bufout .= $bufdir;
|
||||
$bufdir = "";
|
||||
|
||||
$rsp =~ s/req\/([^\/]*).req$/$rspdir\/$1.rsp/;
|
||||
if ($tcmd =~ /-f$/)
|
||||
{
|
||||
@ -584,7 +609,7 @@ sub test_line
|
||||
else
|
||||
{
|
||||
$bufout .= <<END;
|
||||
${shwrap_prefix}shlib_wrap.sh $tprefix$tcmd "$req" "$rsp" || { echo "$req failure" ; exit 1
|
||||
${shwrap}\${TPREFIX}$tcmd "$req" "$rsp" || { echo "$req failure" ; exit 1
|
||||
}
|
||||
END
|
||||
$_programs{"${shwrap_prefix}shlib_wrap.sh"} = 1;
|
||||
@ -624,7 +649,7 @@ END
|
||||
else
|
||||
{
|
||||
$bufout .= <<END;
|
||||
${shwrap_prefix}shlib_wrap.sh $tprefix$tcmd < "$req" > "$rsp" || { echo "$req failure" ; exit 1; }
|
||||
${shwrap}\${TPREFIX}$tcmd < "$req" > "$rsp" || { echo "$req failure" ; exit 1; }
|
||||
END
|
||||
$_programs{"$tprefix$tcmd"} = 1;
|
||||
}
|
||||
|
Some files were not shown because too many files have changed in this diff Show More
Loading…
Reference in New Issue
Block a user