d/freebsd-skq
1
0
Fork 0
Code Issues Pull Requests Packages Projects Releases Wiki Activity

Resolve conflicts

Browse Source
This commit is contained in:
Kris Kennaway 2001-02-18 03:23:30 +00:00
parent a991678294
commit b64f39b655
6 changed files with 247 additions and 72 deletions
Show Stats Download Patch File Download Diff File Expand all files Collapse all files

36
crypto/openssl/crypto/evp/evp.h
View File

@ -465,12 +465,20 @@ typedef int (EVP_PBE_KEYGEN)(EVP_CIPHER_CTX *ctx, const char *pass, int passlen,
ASN1_TYPE *param, EVP_CIPHER *cipher,
EVP_MD *md, int en_de);
#ifndef NO_RSA
#define EVP_PKEY_assign_RSA(pkey,rsa) EVP_PKEY_assign((pkey),EVP_PKEY_RSA,\
(char *)(rsa))
#endif
#ifndef NO_DSA
#define EVP_PKEY_assign_DSA(pkey,dsa) EVP_PKEY_assign((pkey),EVP_PKEY_DSA,\
(char *)(dsa))
#endif
#ifndef NO_DH
#define EVP_PKEY_assign_DH(pkey,dh) EVP_PKEY_assign((pkey),EVP_PKEY_DH,\
(char *)(dh))
#endif
/* Add some extra combinations */
#define EVP_get_digestbynid(a) EVP_get_digestbyname(OBJ_nid2sn(a))
@ -614,17 +622,29 @@ void BIO_set_cipher(BIO *b,const EVP_CIPHER *c,unsigned char *k,
#endif
EVP_MD *EVP_md_null(void);
#ifndef NO_MD2
EVP_MD *EVP_md2(void);
#endif
#ifndef NO_MD4
EVP_MD *EVP_md4(void);
#endif
#ifndef NO_MD5
EVP_MD *EVP_md5(void);
#endif
#ifndef NO_SHA
EVP_MD *EVP_sha(void);
EVP_MD *EVP_sha1(void);
EVP_MD *EVP_dss(void);
EVP_MD *EVP_dss1(void);
#endif
#ifndef NO_MDC2
EVP_MD *EVP_mdc2(void);
#endif
#ifndef NO_RIPEMD
EVP_MD *EVP_ripemd160(void);
#endif
EVP_CIPHER *EVP_enc_null(void); /* does nothing :-) */
#ifndef NO_DES
EVP_CIPHER *EVP_des_ecb(void);
EVP_CIPHER *EVP_des_ede(void);
EVP_CIPHER *EVP_des_ede3(void);
@ -638,31 +658,43 @@ EVP_CIPHER *EVP_des_cbc(void);
EVP_CIPHER *EVP_des_ede_cbc(void);
EVP_CIPHER *EVP_des_ede3_cbc(void);
EVP_CIPHER *EVP_desx_cbc(void);
#endif
#ifndef NO_RC4
EVP_CIPHER *EVP_rc4(void);
EVP_CIPHER *EVP_rc4_40(void);
#endif
#ifndef NO_IDEA
EVP_CIPHER *EVP_idea_ecb(void);
EVP_CIPHER *EVP_idea_cfb(void);
EVP_CIPHER *EVP_idea_ofb(void);
EVP_CIPHER *EVP_idea_cbc(void);
#endif
#ifndef NO_RC2
EVP_CIPHER *EVP_rc2_ecb(void);
EVP_CIPHER *EVP_rc2_cbc(void);
EVP_CIPHER *EVP_rc2_40_cbc(void);
EVP_CIPHER *EVP_rc2_64_cbc(void);
EVP_CIPHER *EVP_rc2_cfb(void);
EVP_CIPHER *EVP_rc2_ofb(void);
#endif
#ifndef NO_BF
EVP_CIPHER *EVP_bf_ecb(void);
EVP_CIPHER *EVP_bf_cbc(void);
EVP_CIPHER *EVP_bf_cfb(void);
EVP_CIPHER *EVP_bf_ofb(void);
#endif
#ifndef NO_CAST
EVP_CIPHER *EVP_cast5_ecb(void);
EVP_CIPHER *EVP_cast5_cbc(void);
EVP_CIPHER *EVP_cast5_cfb(void);
EVP_CIPHER *EVP_cast5_ofb(void);
#endif
#ifndef NO_RC5
EVP_CIPHER *EVP_rc5_32_12_16_cbc(void);
EVP_CIPHER *EVP_rc5_32_12_16_ecb(void);
EVP_CIPHER *EVP_rc5_32_12_16_cfb(void);
EVP_CIPHER *EVP_rc5_32_12_16_ofb(void);
#endif
void OpenSSL_add_all_algorithms(void);
void OpenSSL_add_all_ciphers(void);
void OpenSSL_add_all_digests(void);

3
crypto/openssl/crypto/idea/Makefile.ssl
View File

@ -40,7 +40,8 @@ all: lib
lib: $(LIBOBJ)
$(AR) $(LIB) $(LIBOBJ)
$(RANLIB) $(LIB)
@echo You may get an error following this line. Please ignore.
- $(RANLIB) $(LIB)
@touch lib
files:

101
crypto/openssl/crypto/rsa/rsa_eay.c
View File

@ -139,11 +139,28 @@ static int RSA_eay_public_encrypt(int flen, unsigned char *from,
if ((rsa->_method_mod_n == NULL) && (rsa->flags & RSA_FLAG_CACHE_PUBLIC))
{
if ((rsa->_method_mod_n=BN_MONT_CTX_new()) != NULL)
if (!BN_MONT_CTX_set(rsa->_method_mod_n,rsa->n,ctx))
goto err;
BN_MONT_CTX* bn_mont_ctx;
if ((bn_mont_ctx=BN_MONT_CTX_new()) == NULL)
goto err;
if (!BN_MONT_CTX_set(bn_mont_ctx,rsa->n,ctx))
{
BN_MONT_CTX_free(bn_mont_ctx);
goto err;
}
if (rsa->_method_mod_n == NULL) /* other thread may have finished first */
{
CRYPTO_w_lock(CRYPTO_LOCK_RSA);
if (rsa->_method_mod_n == NULL)
{
rsa->_method_mod_n = bn_mont_ctx;
bn_mont_ctx = NULL;
}
CRYPTO_w_unlock(CRYPTO_LOCK_RSA);
}
if (bn_mont_ctx)
BN_MONT_CTX_free(bn_mont_ctx);
}
if (!rsa->meth->bn_mod_exp(&ret,&f,rsa->e,rsa->n,ctx,
rsa->_method_mod_n)) goto err;
@ -370,11 +387,28 @@ static int RSA_eay_public_decrypt(int flen, unsigned char *from,
/* do the decrypt */
if ((rsa->_method_mod_n == NULL) && (rsa->flags & RSA_FLAG_CACHE_PUBLIC))
{
if ((rsa->_method_mod_n=BN_MONT_CTX_new()) != NULL)
if (!BN_MONT_CTX_set(rsa->_method_mod_n,rsa->n,ctx))
goto err;
BN_MONT_CTX* bn_mont_ctx;
if ((bn_mont_ctx=BN_MONT_CTX_new()) == NULL)
goto err;
if (!BN_MONT_CTX_set(bn_mont_ctx,rsa->n,ctx))
{
BN_MONT_CTX_free(bn_mont_ctx);
goto err;
}
if (rsa->_method_mod_n == NULL) /* other thread may have finished first */
{
CRYPTO_w_lock(CRYPTO_LOCK_RSA);
if (rsa->_method_mod_n == NULL)
{
rsa->_method_mod_n = bn_mont_ctx;
bn_mont_ctx = NULL;
}
CRYPTO_w_unlock(CRYPTO_LOCK_RSA);
}
if (bn_mont_ctx)
BN_MONT_CTX_free(bn_mont_ctx);
}
if (!rsa->meth->bn_mod_exp(&ret,&f,rsa->e,rsa->n,ctx,
rsa->_method_mod_n)) goto err;
@ -422,20 +456,53 @@ static int RSA_eay_mod_exp(BIGNUM *r0, BIGNUM *I, RSA *rsa)
{
if (rsa->_method_mod_p == NULL)
{
if ((rsa->_method_mod_p=BN_MONT_CTX_new()) != NULL)
if (!BN_MONT_CTX_set(rsa->_method_mod_p,rsa->p,
ctx))
goto err;
BN_MONT_CTX* bn_mont_ctx;
if ((bn_mont_ctx=BN_MONT_CTX_new()) == NULL)
goto err;
if (!BN_MONT_CTX_set(bn_mont_ctx,rsa->p,ctx))
{
BN_MONT_CTX_free(bn_mont_ctx);
goto err;
}
if (rsa->_method_mod_p == NULL) /* other thread may have finished first */
{
CRYPTO_w_lock(CRYPTO_LOCK_RSA);
if (rsa->_method_mod_p == NULL)
{
rsa->_method_mod_p = bn_mont_ctx;
bn_mont_ctx = NULL;
}
CRYPTO_w_unlock(CRYPTO_LOCK_RSA);
}
if (bn_mont_ctx)
BN_MONT_CTX_free(bn_mont_ctx);
}
if (rsa->_method_mod_q == NULL)
{
if ((rsa->_method_mod_q=BN_MONT_CTX_new()) != NULL)
if (!BN_MONT_CTX_set(rsa->_method_mod_q,rsa->q,
ctx))
goto err;
BN_MONT_CTX* bn_mont_ctx;
if ((bn_mont_ctx=BN_MONT_CTX_new()) == NULL)
goto err;
if (!BN_MONT_CTX_set(bn_mont_ctx,rsa->q,ctx))
{
BN_MONT_CTX_free(bn_mont_ctx);
goto err;
}
if (rsa->_method_mod_q == NULL) /* other thread may have finished first */
{
CRYPTO_w_lock(CRYPTO_LOCK_RSA);
if (rsa->_method_mod_q == NULL)
{
rsa->_method_mod_q = bn_mont_ctx;
bn_mont_ctx = NULL;
}
CRYPTO_w_unlock(CRYPTO_LOCK_RSA);
}
if (bn_mont_ctx)
BN_MONT_CTX_free(bn_mont_ctx);
}
}
if (!BN_mod(&r1,I,rsa->q,ctx)) goto err;
if (!rsa->meth->bn_mod_exp(&m1,&r1,rsa->dmq1,rsa->q,ctx,
rsa->_method_mod_q)) goto err;

1
crypto/openssl/ssl/s2_clnt.c
View File

@ -923,6 +923,7 @@ int ssl2_set_certificate(SSL *s, int type, int len, unsigned char *data)
goto err;
}
ERR_clear_error(); /* but we keep s->verify_result */
s->session->verify_result = s->verify_result;
/* server's cert for this session */
sc=ssl_sess_cert_new();

10
crypto/openssl/ssl/s2_lib.c
View File

@ -262,7 +262,7 @@ SSL_CIPHER *ssl2_get_cipher(unsigned int u)
int ssl2_pending(SSL *s)
{
return(s->s2->ract_data_length);
return SSL_in_init(s) ? 0 : s->s2->ract_data_length;
}
int ssl2_new(SSL *s)
@ -272,10 +272,16 @@ int ssl2_new(SSL *s)
if ((s2=OPENSSL_malloc(sizeof *s2)) == NULL) goto err;
memset(s2,0,sizeof *s2);
#if SSL2_MAX_RECORD_LENGTH_3_BYTE_HEADER + 3 > SSL2_MAX_RECORD_LENGTH_2_BYTE_HEADER + 2
# error "assertion failed"
#endif
if ((s2->rbuf=OPENSSL_malloc(
SSL2_MAX_RECORD_LENGTH_2_BYTE_HEADER+2)) == NULL) goto err;
/* wbuf needs one byte more because when using two-byte headers,
* we leave the first byte unused in do_ssl_write (s2_pkt.c) */
if ((s2->wbuf=OPENSSL_malloc(
SSL2_MAX_RECORD_LENGTH_2_BYTE_HEADER+2)) == NULL) goto err;
SSL2_MAX_RECORD_LENGTH_2_BYTE_HEADER+3)) == NULL) goto err;
s->s2=s2;
ssl2_clear(s);

168
crypto/openssl/ssl/s2_pkt.c
View File

@ -54,6 +54,58 @@
* derivative of this code cannot be changed. i.e. this code cannot simply be
* copied and put under another distribution licence
* [including the GNU Public Licence.]
*/
/* ====================================================================
* Copyright (c) 1998-2000 The OpenSSL Project. All rights reserved.
*
* Redistribution and use in source and binary forms, with or without
* modification, are permitted provided that the following conditions
* are met:
*
* 1. Redistributions of source code must retain the above copyright
* notice, this list of conditions and the following disclaimer.
*
* 2. Redistributions in binary form must reproduce the above copyright
* notice, this list of conditions and the following disclaimer in
* the documentation and/or other materials provided with the
* distribution.
*
* 3. All advertising materials mentioning features or use of this
* software must display the following acknowledgment:
* "This product includes software developed by the OpenSSL Project
* for use in the OpenSSL Toolkit. (http://www.openssl.org/)"
*
* 4. The names "OpenSSL Toolkit" and "OpenSSL Project" must not be used to
* endorse or promote products derived from this software without
* prior written permission. For written permission, please contact
* openssl-core@openssl.org.
*
* 5. Products derived from this software may not be called "OpenSSL"
* nor may "OpenSSL" appear in their names without prior written
* permission of the OpenSSL Project.
*
* 6. Redistributions of any form whatsoever must retain the following
* acknowledgment:
* "This product includes software developed by the OpenSSL Project
* for use in the OpenSSL Toolkit (http://www.openssl.org/)"
*
* THIS SOFTWARE IS PROVIDED BY THE OpenSSL PROJECT ``AS IS'' AND ANY
* EXPRESSED OR IMPLIED WARRANTIES, INCLUDING, BUT NOT LIMITED TO, THE
* IMPLIED WARRANTIES OF MERCHANTABILITY AND FITNESS FOR A PARTICULAR
* PURPOSE ARE DISCLAIMED. IN NO EVENT SHALL THE OpenSSL PROJECT OR
* ITS CONTRIBUTORS BE LIABLE FOR ANY DIRECT, INDIRECT, INCIDENTAL,
* SPECIAL, EXEMPLARY, OR CONSEQUENTIAL DAMAGES (INCLUDING, BUT
* NOT LIMITED TO, PROCUREMENT OF SUBSTITUTE GOODS OR SERVICES;
* LOSS OF USE, DATA, OR PROFITS; OR BUSINESS INTERRUPTION)
* HOWEVER CAUSED AND ON ANY THEORY OF LIABILITY, WHETHER IN CONTRACT,
* STRICT LIABILITY, OR TORT (INCLUDING NEGLIGENCE OR OTHERWISE)
* ARISING IN ANY WAY OUT OF THE USE OF THIS SOFTWARE, EVEN IF ADVISED
* OF THE POSSIBILITY OF SUCH DAMAGE.
* ====================================================================
*
* This product includes cryptographic software written by Eric Young
* (eay@cryptsoft.com). This product includes software written by Tim
* Hudson (tjh@cryptsoft.com).
*
* $FreeBSD$
*/
@ -68,23 +120,12 @@ static int read_n(SSL *s,unsigned int n,unsigned int max,unsigned int extend);
static int do_ssl_write(SSL *s, const unsigned char *buf, unsigned int len);
static int write_pending(SSL *s, const unsigned char *buf, unsigned int len);
static int ssl_mt_error(int n);
int ssl2_peek(SSL *s, char *buf, int len)
{
int ret;
ret=ssl2_read(s,buf,len);
if (ret > 0)
{
s->s2->ract_data_length+=ret;
s->s2->ract_data-=ret;
}
return(ret);
}
/* SSL_read -
/* SSL 2.0 imlementation for SSL_read/SSL_peek -
* This routine will return 0 to len bytes, decrypted etc if required.
*/
int ssl2_read(SSL *s, void *buf, int len)
static int ssl2_read_internal(SSL *s, void *buf, int len, int peek)
{
int n;
unsigned char mac[MAX_MAC_SIZE];
@ -92,14 +133,14 @@ int ssl2_read(SSL *s, void *buf, int len)
int i;
unsigned int mac_size=0;
ssl2_read_again:
ssl2_read_again:
if (SSL_in_init(s) && !s->in_handshake)
{
n=s->handshake_func(s);
if (n < 0) return(n);
if (n == 0)
{
SSLerr(SSL_F_SSL2_READ,SSL_R_SSL_HANDSHAKE_FAILURE);
SSLerr(SSL_F_SSL2_READ_INTERNAL,SSL_R_SSL_HANDSHAKE_FAILURE);
return(-1);
}
}
@ -116,13 +157,22 @@ int ssl2_read(SSL *s, void *buf, int len)
n=len;
memcpy(buf,s->s2->ract_data,(unsigned int)n);
s->s2->ract_data_length-=n;
s->s2->ract_data+=n;
if (s->s2->ract_data_length == 0)
s->rstate=SSL_ST_READ_HEADER;
if (!peek)
{
s->s2->ract_data_length-=n;
s->s2->ract_data+=n;
if (s->s2->ract_data_length == 0)
s->rstate=SSL_ST_READ_HEADER;
}
return(n);
}
/* s->s2->ract_data_length == 0
*
* Fill the buffer, then goto ssl2_read_again.
*/
if (s->rstate == SSL_ST_READ_HEADER)
{
if (s->first_packet)
@ -135,7 +185,7 @@ int ssl2_read(SSL *s, void *buf, int len)
(p[2] == SSL2_MT_CLIENT_HELLO) ||
(p[2] == SSL2_MT_SERVER_HELLO))))
{
SSLerr(SSL_F_SSL2_READ,SSL_R_NON_SSLV2_INITIAL_PACKET);
SSLerr(SSL_F_SSL2_READ_INTERNAL,SSL_R_NON_SSLV2_INITIAL_PACKET);
return(-1);
}
}
@ -213,48 +263,49 @@ int ssl2_read(SSL *s, void *buf, int len)
(unsigned int)mac_size) != 0) ||
(s->s2->rlength%EVP_CIPHER_CTX_block_size(s->enc_read_ctx) != 0))
{
SSLerr(SSL_F_SSL2_READ,SSL_R_BAD_MAC_DECODE);
SSLerr(SSL_F_SSL2_READ_INTERNAL,SSL_R_BAD_MAC_DECODE);
return(-1);
}
}
INC32(s->s2->read_sequence); /* expect next number */
/* s->s2->ract_data is now available for processing */
#if 1
/* How should we react when a packet containing 0
* bytes is received? (Note that SSLeay/OpenSSL itself
* never sends such packets; see ssl2_write.)
* Returning 0 would be interpreted by the caller as
* indicating EOF, so it's not a good idea.
* Instead, we just continue reading. Note that using
* select() for blocking sockets *never* guarantees
/* Possibly the packet that we just read had 0 actual data bytes.
* (SSLeay/OpenSSL itself never sends such packets; see ssl2_write.)
* In this case, returning 0 would be interpreted by the caller
* as indicating EOF, so it's not a good idea. Instead, we just
* continue reading; thus ssl2_read_internal may have to process
* multiple packets before it can return.
*
* [Note that using select() for blocking sockets *never* guarantees
* that the next SSL_read will not block -- the available
* data may contain incomplete packets, and except for SSL 2
* renegotiation can confuse things even more. */
* data may contain incomplete packets, and except for SSL 2,
* renegotiation can confuse things even more.] */
goto ssl2_read_again; /* This should really be
* "return ssl2_read(s,buf,len)",
* but that would allow for
* denial-of-service attacks if a
* C compiler is used that does not
* recognize end-recursion. */
#else
/* If a 0 byte packet was sent, return 0, otherwise
* we play havoc with people using select with
* blocking sockets. Let them handle a packet at a time,
* they should really be using non-blocking sockets. */
if (s->s2->ract_data_length == 0)
return(0);
return(ssl2_read(s,buf,len));
#endif
* "return ssl2_read(s,buf,len)",
* but that would allow for
* denial-of-service attacks if a
* C compiler is used that does not
* recognize end-recursion. */
}
else
{
SSLerr(SSL_F_SSL2_READ,SSL_R_BAD_STATE);
SSLerr(SSL_F_SSL2_READ_INTERNAL,SSL_R_BAD_STATE);
return(-1);
}
}
int ssl2_read(SSL *s, void *buf, int len)
{
return ssl2_read_internal(s, buf, len, 0);
}
int ssl2_peek(SSL *s, char *buf, int len)
{
return ssl2_read_internal(s, buf, len, 1);
}
static int read_n(SSL *s, unsigned int n, unsigned int max,
unsigned int extend)
{
@ -485,6 +536,9 @@ static int do_ssl_write(SSL *s, const unsigned char *buf, unsigned int len)
{
bs=EVP_CIPHER_CTX_block_size(s->enc_read_ctx);
j=len+mac_size;
/* Two-byte headers allow for a larger record length than
* three-byte headers, but we can't use them if we need
* padding or if we have to set the escape bit. */
if ((j > SSL2_MAX_RECORD_LENGTH_3_BYTE_HEADER) &&
(!s->s2->escape))
{
@ -500,25 +554,39 @@ static int do_ssl_write(SSL *s, const unsigned char *buf, unsigned int len)
}
else if ((bs <= 1) && (!s->s2->escape))
{
/* len=len; */
/* j <= SSL2_MAX_RECORD_LENGTH_3_BYTE_HEADER, thus
* j < SSL2_MAX_RECORD_LENGTH_2_BYTE_HEADER */
s->s2->three_byte_header=0;
p=0;
}
else /* 3 byte header */
else /* we may have to use a 3 byte header */
{
/*len=len; */
/* If s->s2->escape is not set, then
* j <= SSL2_MAX_RECORD_LENGTH_3_BYTE_HEADER, and thus
* j < SSL2_MAX_RECORD_LENGTH_2_BYTE_HEADER. */
p=(j%bs);
p=(p == 0)?0:(bs-p);
if (s->s2->escape)
{
s->s2->three_byte_header=1;
if (j > SSL2_MAX_RECORD_LENGTH_3_BYTE_HEADER)
j=SSL2_MAX_RECORD_LENGTH_3_BYTE_HEADER;
}
else
s->s2->three_byte_header=(p == 0)?0:1;
}
}
/* Now
* j <= SSL2_MAX_RECORD_LENGTH_2_BYTE_HEADER
* holds, and if s->s2->three_byte_header is set, then even
* j <= SSL2_MAX_RECORD_LENGTH_3_BYTE_HEADER.
*/
/* mac_size is the number of MAC bytes
* len is the number of data bytes we are going to send
* p is the number of padding bytes
* if p == 0, it is a 2 byte header */
* (if it is a two-byte header, then p == 0) */
s->s2->wlength=len;
s->s2->padding=p;