d/freebsd-skq
1
0
Fork 0
Code Issues Pull Requests Packages Projects Releases Wiki Activity

This commit was generated by cvs2svn to compensate for changes in r120631,

Browse Source 
which included commits to RCS files with non-trunk default branches.
This commit is contained in:
nectar 2003-10-01 12:32:41 +00:00
commit d8e0ea4b40
133 changed files with 1450 additions and 545 deletions
Show Stats Download Patch File Download Diff File Expand all files Collapse all files

140
crypto/openssl/CHANGES
View File

@ -2,6 +2,92 @@
OpenSSL CHANGES
_______________
Changes between 0.9.7b and 0.9.7c [30 Sep 2003]
*) Fix various bugs revealed by running the NISCC test suite:
Stop out of bounds reads in the ASN1 code when presented with
invalid tags (CAN-2003-0543 and CAN-2003-0544).
Free up ASN1_TYPE correctly if ANY type is invalid (CAN-2003-0545).
If verify callback ignores invalid public key errors don't try to check
certificate signature with the NULL public key.
[Steve Henson]
*) New -ignore_err option in ocsp application to stop the server
exiting on the first error in a request.
[Steve Henson]
*) In ssl3_accept() (ssl/s3_srvr.c) only accept a client certificate
if the server requested one: as stated in TLS 1.0 and SSL 3.0
specifications.
[Steve Henson]
*) In ssl3_get_client_hello() (ssl/s3_srvr.c), tolerate additional
extra data after the compression methods not only for TLS 1.0
but also for SSL 3.0 (as required by the specification).
[Bodo Moeller; problem pointed out by Matthias Loepfe]
*) Change X509_certificate_type() to mark the key as exported/exportable
when it's 512 *bits* long, not 512 bytes.
[Richard Levitte]
*) Change AES_cbc_encrypt() so it outputs exact multiple of
blocks during encryption.
[Richard Levitte]
*) Various fixes to base64 BIO and non blocking I/O. On write
flushes were not handled properly if the BIO retried. On read
data was not being buffered properly and had various logic bugs.
This also affects blocking I/O when the data being decoded is a
certain size.
[Steve Henson]
*) Various S/MIME bugfixes and compatibility changes:
output correct application/pkcs7 MIME type if
PKCS7_NOOLDMIMETYPE is set. Tolerate some broken signatures.
Output CR+LF for EOL if PKCS7_CRLFEOL is set (this makes opening
of files as .eml work). Correctly handle very long lines in MIME
parser.
[Steve Henson]
Changes between 0.9.7a and 0.9.7b [10 Apr 2003]
*) Countermeasure against the Klima-Pokorny-Rosa extension of
Bleichbacher's attack on PKCS #1 v1.5 padding: treat
a protocol version number mismatch like a decryption error
in ssl3_get_client_key_exchange (ssl/s3_srvr.c).
[Bodo Moeller]
*) Turn on RSA blinding by default in the default implementation
to avoid a timing attack. Applications that don't want it can call
RSA_blinding_off() or use the new flag RSA_FLAG_NO_BLINDING.
They would be ill-advised to do so in most cases.
[Ben Laurie, Steve Henson, Geoff Thorpe, Bodo Moeller]
*) Change RSA blinding code so that it works when the PRNG is not
seeded (in this case, the secret RSA exponent is abused as
an unpredictable seed -- if it is not unpredictable, there
is no point in blinding anyway). Make RSA blinding thread-safe
by remembering the creator's thread ID in rsa->blinding and
having all other threads use local one-time blinding factors
(this requires more computation than sharing rsa->blinding, but
avoids excessive locking; and if an RSA object is not shared
between threads, blinding will still be very fast).
[Bodo Moeller]
*) Fixed a typo bug that would cause ENGINE_set_default() to set an
ENGINE as defaults for all supported algorithms irrespective of
the 'flags' parameter. 'flags' is now honoured, so applications
should make sure they are passing it correctly.
[Geoff Thorpe]
*) Target "mingw" now allows native Windows code to be generated in
the Cygwin environment as well as with the MinGW compiler.
[Ulf Moeller]
Changes between 0.9.7 and 0.9.7a [19 Feb 2003]
*) In ssl3_get_record (ssl/s3_pkt.c), minimize information leaked
@ -85,6 +171,9 @@
Changes between 0.9.6h and 0.9.7 [31 Dec 2002]
[NB: OpenSSL 0.9.6i and later 0.9.6 patch levels were released after
OpenSSL 0.9.7.]
*) Fix session ID handling in SSLv2 client code: the SERVER FINISHED
code (06) was taken as the first octet of the session ID and the last
octet was ignored consequently. As a result SSLv2 client side session
@ -1903,6 +1992,57 @@ des-cbc 3624.96k 5258.21k 5530.91k 5624.30k 5628.26k
*) Clean old EAY MD5 hack from e_os.h.
[Richard Levitte]
Changes between 0.9.6j and 0.9.6k [30 Sep 2003]
*) Fix various bugs revealed by running the NISCC test suite:
Stop out of bounds reads in the ASN1 code when presented with
invalid tags (CAN-2003-0543 and CAN-2003-0544).
If verify callback ignores invalid public key errors don't try to check
certificate signature with the NULL public key.
[Steve Henson]
*) In ssl3_accept() (ssl/s3_srvr.c) only accept a client certificate
if the server requested one: as stated in TLS 1.0 and SSL 3.0
specifications.
[Steve Henson]
*) In ssl3_get_client_hello() (ssl/s3_srvr.c), tolerate additional
extra data after the compression methods not only for TLS 1.0
but also for SSL 3.0 (as required by the specification).
[Bodo Moeller; problem pointed out by Matthias Loepfe]
*) Change X509_certificate_type() to mark the key as exported/exportable
when it's 512 *bits* long, not 512 bytes.
[Richard Levitte]
Changes between 0.9.6i and 0.9.6j [10 Apr 2003]
*) Countermeasure against the Klima-Pokorny-Rosa extension of
Bleichbacher's attack on PKCS #1 v1.5 padding: treat
a protocol version number mismatch like a decryption error
in ssl3_get_client_key_exchange (ssl/s3_srvr.c).
[Bodo Moeller]
*) Turn on RSA blinding by default in the default implementation
to avoid a timing attack. Applications that don't want it can call
RSA_blinding_off() or use the new flag RSA_FLAG_NO_BLINDING.
They would be ill-advised to do so in most cases.
[Ben Laurie, Steve Henson, Geoff Thorpe, Bodo Moeller]
*) Change RSA blinding code so that it works when the PRNG is not
seeded (in this case, the secret RSA exponent is abused as
an unpredictable seed -- if it is not unpredictable, there
is no point in blinding anyway). Make RSA blinding thread-safe
by remembering the creator's thread ID in rsa->blinding and
having all other threads use local one-time blinding factors
(this requires more computation than sharing rsa->blinding, but
avoids excessive locking; and if an RSA object is not shared
between threads, blinding will still be very fast).
[Bodo Moeller]
Changes between 0.9.6h and 0.9.6i [19 Feb 2003]
*) In ssl3_get_record (ssl/s3_pkt.c), minimize information leaked

11
crypto/openssl/Configure
View File

@ -219,7 +219,7 @@ my %table=(
# './Configure irix-[g]cc' manually.
# -mips4 flag is added by ./config when appropriate.
"irix-mips3-gcc","gcc:-mabi=n32 -mmips-as -O3 -DTERMIOS -DB_ENDIAN -DBN_DIV3W::-D_SGI_MP_SOURCE:::MD2_CHAR RC4_INDEX RC4_CHAR RC4_CHUNK_LL DES_UNROLL DES_RISC2 DES_PTR BF_PTR SIXTY_FOUR_BIT:${mips3_irix_asm}:dlfcn:irix-shared:::.so.\$(SHLIB_MAJOR).\$(SHLIB_MINOR)",
"irix-mips3-cc", "cc:-n32 -O2 -use_readonly_const -DTERMIOS -DB_ENDIAN -DBN_DIV3W::-D_SGI_MP_SOURCE:::DES_PTR RC4_CHAR RC4_CHUNK_LL DES_RISC2 DES_UNROLL BF_PTR SIXTY_FOUR_BIT:${mips3_irix_asm}:dlfcn:irix-shared:::.so.\$(SHLIB_MAJOR).\$(SHLIB_MINOR)",
"irix-mips3-cc", "cc:-n32 -mips3 -O2 -use_readonly_const -DTERMIOS -DB_ENDIAN -DBN_DIV3W::-D_SGI_MP_SOURCE:::DES_PTR RC4_CHAR RC4_CHUNK_LL DES_RISC2 DES_UNROLL BF_PTR SIXTY_FOUR_BIT:${mips3_irix_asm}:dlfcn:irix-shared:::.so.\$(SHLIB_MAJOR).\$(SHLIB_MINOR)",
# N64 ABI builds.
"irix64-mips4-gcc","gcc:-mabi=64 -mips4 -mmips-as -O3 -DTERMIOS -DB_ENDIAN -DBN_DIV3W::-D_SGI_MP_SOURCE:::RC4_CHAR RC4_CHUNK DES_RISC2 DES_UNROLL SIXTY_FOUR_BIT_LONG:${mips3_irix_asm}:dlfcn:irix-shared:::.so.\$(SHLIB_MAJOR).\$(SHLIB_MINOR)",
"irix64-mips4-cc", "cc:-64 -mips4 -O2 -use_readonly_const -DTERMIOS -DB_ENDIAN -DBN_DIV3W::-D_SGI_MP_SOURCE:::RC4_CHAR RC4_CHUNK DES_RISC2 DES_UNROLL SIXTY_FOUR_BIT_LONG:${mips3_irix_asm}:dlfcn:irix-shared:::.so.\$(SHLIB_MAJOR).\$(SHLIB_MINOR)",
@ -390,6 +390,7 @@ my %table=(
"linux-s390", "gcc:-DB_ENDIAN -DTERMIO -DNO_ASM -O3 -fomit-frame-pointer -Wall::-D_REENTRANT::-ldl:BN_LLONG::::::::::dlfcn:linux-shared:-fPIC::.so.\$(SHLIB_MAJOR).\$(SHLIB_MINOR)",
"linux-s390x", "gcc:-DB_ENDIAN -DTERMIO -DNO_ASM -O3 -fomit-frame-pointer -Wall::-D_REENTRANT::-ldl:SIXTY_FOUR_BIT_LONG::::::::::dlfcn:linux-shared:-fPIC::.so.\$(SHLIB_MAJOR).\$(SHLIB_MINOR)",
"linux-ia64", "gcc:-DL_ENDIAN -DTERMIO -O3 -fomit-frame-pointer -Wall::-D_REENTRANT::-ldl:SIXTY_FOUR_BIT_LONG RC4_CHUNK RC4_CHAR:asm/ia64.o:::::::::dlfcn:linux-shared:-fPIC::.so.\$(SHLIB_MAJOR).\$(SHLIB_MINOR)",
"linux-ia64-ecc", "ecc:-DL_ENDIAN -DTERMIO -O2 -Wall::-D_REENTRANT::-ldl:SIXTY_FOUR_BIT_LONG RC4_CHUNK RC4_CHAR:asm/ia64.o:::::::::dlfcn:linux-shared:-fPIC::.so.\$(SHLIB_MAJOR).\$(SHLIB_MINOR)",
"linux-x86_64", "gcc:-m64 -DL_ENDIAN -DTERMIO -O3 -Wall -DMD32_REG_T=int::-D_REENTRANT::-ldl:SIXTY_FOUR_BIT_LONG RC4_CHUNK RC4_CHAR BF_PTR2 DES_INT DES_UNROLL:asm/x86_64-gcc.o:::::::::dlfcn:linux-shared:-fPIC:-m64:.so.\$(SHLIB_MAJOR).\$(SHLIB_MINOR)",
"NetBSD-sparc", "gcc:-DTERMIOS -O3 -fomit-frame-pointer -mv8 -Wall -DB_ENDIAN::(unknown):::BN_LLONG MD2_CHAR RC4_INDEX DES_UNROLL::::::::::dlfcn:bsd-gcc-shared:-fPIC::.so.\$(SHLIB_MAJOR).\$(SHLIB_MINOR)",
"NetBSD-m68", "gcc:-DTERMIOS -O3 -fomit-frame-pointer -Wall -DB_ENDIAN::(unknown):::BN_LLONG MD2_CHAR RC4_INDEX DES_UNROLL::::::::::dlfcn:bsd-gcc-shared:-fPIC::.so.\$(SHLIB_MAJOR).\$(SHLIB_MINOR)",
@ -506,10 +507,8 @@ my %table=(
"BC-32","bcc32::::WIN32::BN_LLONG DES_PTR RC4_INDEX EXPORT_VAR_AS_FN::::::::::win32",
"BC-16","bcc:::(unknown):WIN16::BN_LLONG DES_PTR RC4_INDEX SIXTEEN_BIT:::",
# Mingw32
# (Note: the real CFLAGS for Windows builds are defined by util/mk1mf.pl
# and its library files in util/pl/*)
"Mingw32", "gcc:-DL_ENDIAN -fomit-frame-pointer -O3 -m486 -Wall:::::BN_LLONG ${x86_gcc_des} ${x86_gcc_opts}::::::::::win32",
# MinGW
"mingw", "gcc:-DL_ENDIAN -fomit-frame-pointer -O3 -march=i486 -mno-cygwin -Wall:::MINGW32:-mno-cygwin -lwsock32 -lgdi32:BN_LLONG ${x86_gcc_des} ${x86_gcc_opts}:${x86_out_asm}:win32::::.dll",
# UWIN
"UWIN", "cc:-DTERMIOS -DL_ENDIAN -O -Wall:::UWIN::BN_LLONG ${x86_gcc_des} ${x86_gcc_opts}::::::::::win32",
@ -561,6 +560,8 @@ my %table=(
"vxworks-ppc405","ccppc:-g -msoft-float -mlongcall -DCPU=PPC405 -I\$(WIND_BASE)/target/h:::VXWORKS:-r:::::",
"vxworks-ppc750","ccppc:-ansi -nostdinc -DPPC750 -D_REENTRANT -fvolatile -fno-builtin -fno-for-scope -fsigned-char -Wall -msoft-float -mlongcall -DCPU=PPC604 -I\$(WIND_BASE)/target/h \$(DEBUG_FLAG):::VXWORKS:-r:::::",
"vxworks-ppc750-debug","ccppc:-ansi -nostdinc -DPPC750 -D_REENTRANT -fvolatile -fno-builtin -fno-for-scope -fsigned-char -Wall -msoft-float -mlongcall -DCPU=PPC604 -I\$(WIND_BASE)/target/h -DBN_DEBUG -DREF_CHECK -DCONF_DEBUG -DBN_CTX_DEBUG -DCRYPTO_MDEBUG -DPEDANTIC -DDEBUG_SAFESTACK -DDEBUG -g:::VXWORKS:-r:::::",
"vxworks-ppc860","ccppc:-nostdinc -msoft-float -DCPU=PPC860 -DNO_STRINGS_H -I\$(WIND_BASE)/target/h:::VXWORKS:-r:::::",
"vxworks-mipsle","ccmips:-B\$(WIND_BASE)/host/\$(WIND_HOST_TYPE)/lib/gcc-lib/ -DL_ENDIAN -EL -Wl,-EL -mips2 -mno-branch-likely -G 0 -fno-builtin -msoft-float -DCPU=MIPS32 -DMIPSEL -DNO_STRINGS_H -I\$(WIND_BASE)/target/h:::VXWORKS:-r::::::::::::::::ranlibmips:",
##### Compaq Non-Stop Kernel (Tandem)
"tandem-c89","c89:-Ww -D__TANDEM -D_XOPEN_SOURCE -D_XOPEN_SOURCE_EXTENDED=1 -D_TANDEM_SOURCE -DB_ENDIAN::(unknown):::THIRTY_TWO_BIT:::",

3
crypto/openssl/FAQ
View File

@ -68,7 +68,7 @@ OpenSSL - Frequently Asked Questions
* Which is the current version of OpenSSL?
The current version is available from <URL: http://www.openssl.org>.
OpenSSL 0.9.7a was released on February 19, 2003.
OpenSSL 0.9.7c was released on September 30, 2003.
In addition to the current stable release, you can also access daily
snapshots of the OpenSSL development version at <URL:
@ -732,6 +732,7 @@ The general answer is to check the config.log file generated when running
the OpenSSH configure script. It should contain the detailed information
on why the OpenSSL library was not detected or considered incompatible.
* Can I use OpenSSL's SSL library with non-blocking I/O?
Yes; make sure to read the SSL_get_error(3) manual page!

2
crypto/openssl/LICENSE
View File

@ -12,7 +12,7 @@
---------------
/* ====================================================================
* Copyright (c) 1998-2002 The OpenSSL Project. All rights reserved.
* Copyright (c) 1998-2003 The OpenSSL Project. All rights reserved.
*
* Redistribution and use in source and binary forms, with or without
* modification, are permitted provided that the following conditions

56
crypto/openssl/Makefile.org
View File

@ -78,7 +78,7 @@ MAKEDEPPROG=makedepend
# gcc, then the driver will automatically translate it to -xarch=v8plus
# and pass it down to assembler.
AS=$(CC) -c
ASFLAGS=$(CFLAG)
ASFLAG=$(CFLAG)
# Set BN_ASM to bn_asm.o if you want to use the C version
BN_ASM= bn_asm.o
@ -194,6 +194,7 @@ MAKE= make -f Makefile.ssl
MANDIR=$(OPENSSLDIR)/man
MAN1=1
MAN3=3
MANSUFFIX=
SHELL=/bin/sh
TOP= .
@ -225,7 +226,7 @@ sub_all:
do \
if [ -d "$$i" ]; then \
(cd $$i && echo "making all in $$i..." && \
$(MAKE) CC='${CC}' PLATFORM='${PLATFORM}' CFLAG='${CFLAG}' AS='${AS}' ASFLAGS='${ASFLAGS}' SDIRS='$(SDIRS)' INSTALLTOP='${INSTALLTOP}' PEX_LIBS='${PEX_LIBS}' EX_LIBS='${EX_LIBS}' BN_ASM='${BN_ASM}' DES_ENC='${DES_ENC}' BF_ENC='${BF_ENC}' CAST_ENC='${CAST_ENC}' RC4_ENC='${RC4_ENC}' RC5_ENC='${RC5_ENC}' SHA1_ASM_OBJ='${SHA1_ASM_OBJ}' MD5_ASM_OBJ='${MD5_ASM_OBJ}' RMD160_ASM_OBJ='${RMD160_ASM_OBJ}' AR='${AR}' PROCESSOR='${PROCESSOR}' PERL='${PERL}' RANLIB='${RANLIB}' KRB5_INCLUDES='${KRB5_INCLUDES}' LIBKRB5='${LIBKRB5}' EXE_EXT='${EXE_EXT}' SHARED_LIBS='${SHARED_LIBS}' SHLIB_EXT='${SHLIB_EXT}' SHLIB_TARGET='${SHLIB_TARGET}' all ) || exit 1; \
$(MAKE) CC='${CC}' PLATFORM='${PLATFORM}' CFLAG='${CFLAG}' AS='${AS}' ASFLAG='${ASFLAG}' SDIRS='$(SDIRS)' INSTALLTOP='${INSTALLTOP}' PEX_LIBS='${PEX_LIBS}' EX_LIBS='${EX_LIBS}' BN_ASM='${BN_ASM}' DES_ENC='${DES_ENC}' BF_ENC='${BF_ENC}' CAST_ENC='${CAST_ENC}' RC4_ENC='${RC4_ENC}' RC5_ENC='${RC5_ENC}' SHA1_ASM_OBJ='${SHA1_ASM_OBJ}' MD5_ASM_OBJ='${MD5_ASM_OBJ}' RMD160_ASM_OBJ='${RMD160_ASM_OBJ}' AR='${AR}' PROCESSOR='${PROCESSOR}' PERL='${PERL}' RANLIB='${RANLIB}' KRB5_INCLUDES='${KRB5_INCLUDES}' LIBKRB5='${LIBKRB5}' EXE_EXT='${EXE_EXT}' SHARED_LIBS='${SHARED_LIBS}' SHLIB_EXT='${SHLIB_EXT}' SHLIB_TARGET='${SHLIB_TARGET}' all ) || exit 1; \
else \
$(MAKE) $$i; \
fi; \
@ -410,9 +411,10 @@ do_svr3-shared:
find . -name "*.o" -print > allobjs ; \
OBJS= ; export OBJS ; \
for obj in `ar t lib$$i.a` ; do \
OBJS="$${OBJS} `grep $$obj allobjs`" ; \
OBJS="$${OBJS} `grep /$$obj allobjs`" ; \
done ; \
set -x; ${CC} -G -o lib$$i.so.${SHLIB_MAJOR}.${SHLIB_MINOR} \
set -x; ${CC} ${SHARED_LDFLAGS} \
-G -o lib$$i.so.${SHLIB_MAJOR}.${SHLIB_MINOR} \
-h lib$$i.so.${SHLIB_MAJOR}.${SHLIB_MINOR} \
$${OBJS} $$libs ${EX_LIBS} ) || exit 1; \
libs="-l$$i $$libs"; \
@ -429,13 +431,16 @@ do_svr5-shared:
libs="$(LIBKRB5) $$libs"; \
fi; \
( PATH=/usr/ccs/bin:$$PATH ; export PATH; \
SHARE_FLAG='-G'; \
(${CC} -v 2>&1 | grep gcc) > /dev/null && SHARE_FLAG='-shared'; \
find . -name "*.o" -print > allobjs ; \
OBJS= ; export OBJS ; \
for obj in `ar t lib$$i.a` ; do \
OBJS="$${OBJS} `grep $$obj allobjs`" ; \
OBJS="$${OBJS} `grep /$$obj allobjs`" ; \
done ; \
set -x; ${CC} ${SHARED_LDFLAGS} \
-G -o lib$$i.so.${SHLIB_MAJOR}.${SHLIB_MINOR} \
set -x; LD_LIBRARY_PATH=.:$$LD_LIBRARY_PATH \
${CC} ${SHARED_LDFLAGS} \
$${SHARE_FLAG} -o lib$$i.so.${SHLIB_MAJOR}.${SHLIB_MINOR} \
-h lib$$i.so.${SHLIB_MAJOR}.${SHLIB_MINOR} \
$${OBJS} $$libs ${EX_LIBS} ) || exit 1; \
libs="-l$$i $$libs"; \
@ -589,10 +594,10 @@ Makefile.ssl: Makefile.org
@false
libclean:
rm -f *.a */lib */*/lib
rm -f *.map *.so *.so.* engines/*.so *.a */lib */*/lib
clean:
rm -f shlib/*.o *.o core a.out fluff *.map rehash.time testlog make.log cctest cctest.c
clean: libclean
rm -f shlib/*.o *.o core a.out fluff rehash.time testlog make.log cctest cctest.c
@for i in $(DIRS) ;\
do \
if [ -d "$$i" ]; then \
@ -602,7 +607,7 @@ clean:
fi; \
done;
rm -f openssl.pc
rm -f *.a *.o speed.* *.map *.so .pure core
rm -f speed.* .pure
rm -f $(TARFILE)
@for i in $(ONEDIRS) ;\
do \
@ -652,7 +657,10 @@ rehash: rehash.time
rehash.time: certs
@(OPENSSL="`pwd`/apps/openssl"; OPENSSL_DEBUG_MEMORY=on; \
export OPENSSL OPENSSL_DEBUG_MEMORY; \
LD_LIBRARY_PATH="`pwd`"; DYLD_LIBRARY_PATH="`pwd`"; SHLIB_PATH="`pwd`"; LIBPATH="`pwd`"; \
LD_LIBRARY_PATH="`pwd`:$$LD_LIBRARY_PATH"; \
DYLD_LIBRARY_PATH="`pwd`:$$DYLD_LIBRARY_PATH"; \
SHLIB_PATH="`pwd`:$$SHLIB_PATH"; \
LIBPATH="`pwd`:$$LIBPATH"; \
if [ "$(PLATFORM)" = "Cygwin" ]; then PATH="`pwd`:$$PATH"; fi; \
export LD_LIBRARY_PATH DYLD_LIBRARY_PATH SHLIB_PATH LIBPATH PATH; \
$(PERL) tools/c_rehash certs)
@ -663,10 +671,13 @@ test: tests
tests: rehash
@(cd test && echo "testing..." && \
$(MAKE) CC='${CC}' PLATFORM='${PLATFORM}' CFLAG='${CFLAG}' SDIRS='$(SDIRS)' INSTALLTOP='${INSTALLTOP}' PEX_LIBS='${PEX_LIBS}' EX_LIBS='${EX_LIBS}' BN_ASM='${BN_ASM}' DES_ENC='${DES_ENC}' BF_ENC='${BF_ENC}' CAST_ENC='${CAST_ENC}' RC4_ENC='${RC4_ENC}' RC5_ENC='${RC5_ENC}' SHA1_ASM_OBJ='${SHA1_ASM_OBJ}' MD5_ASM_OBJ='${MD5_ASM_OBJ}' RMD160_ASM_OBJ='${RMD160_ASM_OBJ}' AR='${AR}' PROCESSOR='${PROCESSOR}' PERL='${PERL}' RANLIB='${RANLIB}' TESTS='${TESTS}' KRB5_INCLUDES='${KRB5_INCLUDES}' LIBKRB5='${LIBKRB5}' EXE_EXT='${EXE_EXT}' SHARED_LIBS='${SHARED_LIBS}' SHLIB_EXT='${SHLIB_EXT}' SHLIB_TARGET='${SHLIB_TARGET}' TESTS='${TESTS}' OPENSSL_DEBUG_MEMORY=on tests );
@LD_LIBRARY_PATH="`pwd`"; DYLD_LIBRARY_PATH="`pwd`"; SHLIB_PATH="`pwd`"; LIBPATH="`pwd`"; \
if [ "$(PLATFORM)" = "Cygwin" ]; then PATH="`pwd`:$$PATH"; fi; \
export LD_LIBRARY_PATH DYLD_LIBRARY_PATH SHLIB_PATH LIBPATH PATH; \
apps/openssl version -a
@LD_LIBRARY_PATH="`pwd`:$$LD_LIBRARY_PATH"; \
DYLD_LIBRARY_PATH="`pwd`:$$DYLD_LIBRARY_PATH"; \
SHLIB_PATH="`pwd`:$$SHLIB_PATH"; \
LIBPATH="`pwd`:$$LIBPATH"; \
if [ "$(PLATFORM)" = "Cygwin" ]; then PATH="`pwd`:$$PATH"; fi; \
export LD_LIBRARY_PATH DYLD_LIBRARY_PATH SHLIB_PATH LIBPATH PATH; \
apps/openssl version -a
report:
@$(PERL) util/selftest.pl
@ -821,6 +832,7 @@ install: all install_docs
fi; \
fi
cp openssl.pc $(INSTALL_PREFIX)$(INSTALLTOP)/lib/pkgconfig
chmod 644 $(INSTALL_PREFIX)$(INSTALLTOP)/lib/pkgconfig
install_docs:
@$(PERL) $(TOP)/util/mkdir-p.pl \
@ -837,33 +849,33 @@ install_docs:
for i in doc/apps/*.pod; do \
fn=`basename $$i .pod`; \
if [ "$$fn" = "config" ]; then sec=5; else sec=1; fi; \
echo "installing man$$sec/$$fn.$$sec"; \
echo "installing man$$sec/$$fn.$${sec}$(MANSUFFIX)"; \
(cd `$(PERL) util/dirname.pl $$i`; \
sh -c "$$pod2man \
--section=$$sec --center=OpenSSL \
--release=$(VERSION) `basename $$i`") \
> $(INSTALL_PREFIX)$(MANDIR)/man$$sec/$$fn.$$sec; \
> $(INSTALL_PREFIX)$(MANDIR)/man$$sec/$$fn.$${sec}$(MANSUFFIX); \
$(PERL) util/extract-names.pl < $$i | \
grep -v $$filecase "^$$fn\$$" | \
(cd $(INSTALL_PREFIX)$(MANDIR)/man$$sec/; \
while read n; do \
$$here/util/point.sh $$fn.$$sec $$n.$$sec; \
$$here/util/point.sh $$fn.$${sec}$(MANSUFFIX) "$$n".$${sec}$(MANSUFFIX); \
done); \
done; \
for i in doc/crypto/*.pod doc/ssl/*.pod; do \
fn=`basename $$i .pod`; \
if [ "$$fn" = "des_modes" ]; then sec=7; else sec=3; fi; \
echo "installing man$$sec/$$fn.$$sec"; \
echo "installing man$$sec/$$fn.$${sec}$(MANSUFFIX)"; \
(cd `$(PERL) util/dirname.pl $$i`; \
sh -c "$$pod2man \
--section=$$sec --center=OpenSSL \
--release=$(VERSION) `basename $$i`") \
> $(INSTALL_PREFIX)$(MANDIR)/man$$sec/$$fn.$$sec; \
> $(INSTALL_PREFIX)$(MANDIR)/man$$sec/$$fn.$${sec}$(MANSUFFIX); \
$(PERL) util/extract-names.pl < $$i | \
grep -v $$filecase "^$$fn\$$" | \
(cd $(INSTALL_PREFIX)$(MANDIR)/man$$sec/; \
while read n; do \
$$here/util/point.sh $$fn.$$sec $$n.$$sec; \
$$here/util/point.sh $$fn.$${sec}$(MANSUFFIX) "$$n".$${sec}$(MANSUFFIX); \
done); \
done

68
crypto/openssl/Makefile.ssl
View File

@ -4,7 +4,7 @@
## Makefile for OpenSSL
##
VERSION=0.9.7a
VERSION=0.9.7c
MAJOR=0
MINOR=9.7
SHLIB_VERSION_NUMBER=0.9.7
@ -12,9 +12,9 @@ SHLIB_VERSION_HISTORY=
SHLIB_MAJOR=0
SHLIB_MINOR=9.7
SHLIB_EXT=
PLATFORM=dist
PLATFORM=VC-WIN16
OPTIONS= no-krb5
CONFIGURE_ARGS=dist
CONFIGURE_ARGS=VC-WIN16
SHLIB_TARGET=
# HERE indicates where this Makefile lives. This can be used to indicate
@ -59,9 +59,9 @@ OPENSSLDIR=/usr/local/ssl
# equal 4.
# PKCS1_CHECK - pkcs1 tests.
CC= cc
CC= cl
#CFLAG= -DL_ENDIAN -DTERMIO -O3 -fomit-frame-pointer -m486 -Wall -Wuninitialized -DSHA1_ASM -DMD5_ASM -DRMD160_ASM
CFLAG= -DOPENSSL_NO_KRB5 -O
CFLAG= -DOPENSSL_SYSNAME_WIN16 -DOPENSSL_NO_KRB5
DEPFLAG=
PEX_LIBS=
EX_LIBS=
@ -69,7 +69,7 @@ EXE_EXT=
ARFLAGS=
AR=ar $(ARFLAGS) r
RANLIB= /usr/bin/ranlib
PERL= /usr/local/bin/perl
PERL= /usr/local/bin/perl5
TAR= tar
TARFLAGS= --no-recursion
MAKEDEPPROG=makedepend
@ -80,7 +80,7 @@ MAKEDEPPROG=makedepend
# gcc, then the driver will automatically translate it to -xarch=v8plus
# and pass it down to assembler.
AS=$(CC) -c
ASFLAGS=$(CFLAG)
ASFLAG=$(CFLAG)
# Set BN_ASM to bn_asm.o if you want to use the C version
BN_ASM= bn_asm.o
@ -196,6 +196,7 @@ MAKE= make -f Makefile.ssl
MANDIR=$(OPENSSLDIR)/man
MAN1=1
MAN3=3
MANSUFFIX=
SHELL=/bin/sh
TOP= .
@ -227,7 +228,7 @@ sub_all:
do \
if [ -d "$$i" ]; then \
(cd $$i && echo "making all in $$i..." && \
$(MAKE) CC='${CC}' PLATFORM='${PLATFORM}' CFLAG='${CFLAG}' AS='${AS}' ASFLAGS='${ASFLAGS}' SDIRS='$(SDIRS)' INSTALLTOP='${INSTALLTOP}' PEX_LIBS='${PEX_LIBS}' EX_LIBS='${EX_LIBS}' BN_ASM='${BN_ASM}' DES_ENC='${DES_ENC}' BF_ENC='${BF_ENC}' CAST_ENC='${CAST_ENC}' RC4_ENC='${RC4_ENC}' RC5_ENC='${RC5_ENC}' SHA1_ASM_OBJ='${SHA1_ASM_OBJ}' MD5_ASM_OBJ='${MD5_ASM_OBJ}' RMD160_ASM_OBJ='${RMD160_ASM_OBJ}' AR='${AR}' PROCESSOR='${PROCESSOR}' PERL='${PERL}' RANLIB='${RANLIB}' KRB5_INCLUDES='${KRB5_INCLUDES}' LIBKRB5='${LIBKRB5}' EXE_EXT='${EXE_EXT}' SHARED_LIBS='${SHARED_LIBS}' SHLIB_EXT='${SHLIB_EXT}' SHLIB_TARGET='${SHLIB_TARGET}' all ) || exit 1; \
$(MAKE) CC='${CC}' PLATFORM='${PLATFORM}' CFLAG='${CFLAG}' AS='${AS}' ASFLAG='${ASFLAG}' SDIRS='$(SDIRS)' INSTALLTOP='${INSTALLTOP}' PEX_LIBS='${PEX_LIBS}' EX_LIBS='${EX_LIBS}' BN_ASM='${BN_ASM}' DES_ENC='${DES_ENC}' BF_ENC='${BF_ENC}' CAST_ENC='${CAST_ENC}' RC4_ENC='${RC4_ENC}' RC5_ENC='${RC5_ENC}' SHA1_ASM_OBJ='${SHA1_ASM_OBJ}' MD5_ASM_OBJ='${MD5_ASM_OBJ}' RMD160_ASM_OBJ='${RMD160_ASM_OBJ}' AR='${AR}' PROCESSOR='${PROCESSOR}' PERL='${PERL}' RANLIB='${RANLIB}' KRB5_INCLUDES='${KRB5_INCLUDES}' LIBKRB5='${LIBKRB5}' EXE_EXT='${EXE_EXT}' SHARED_LIBS='${SHARED_LIBS}' SHLIB_EXT='${SHLIB_EXT}' SHLIB_TARGET='${SHLIB_TARGET}' all ) || exit 1; \
else \
$(MAKE) $$i; \
fi; \
@ -412,9 +413,10 @@ do_svr3-shared:
find . -name "*.o" -print > allobjs ; \
OBJS= ; export OBJS ; \
for obj in `ar t lib$$i.a` ; do \
OBJS="$${OBJS} `grep $$obj allobjs`" ; \
OBJS="$${OBJS} `grep /$$obj allobjs`" ; \
done ; \
set -x; ${CC} -G -o lib$$i.so.${SHLIB_MAJOR}.${SHLIB_MINOR} \
set -x; ${CC} ${SHARED_LDFLAGS} \
-G -o lib$$i.so.${SHLIB_MAJOR}.${SHLIB_MINOR} \
-h lib$$i.so.${SHLIB_MAJOR}.${SHLIB_MINOR} \
$${OBJS} $$libs ${EX_LIBS} ) || exit 1; \
libs="-l$$i $$libs"; \
@ -431,13 +433,16 @@ do_svr5-shared:
libs="$(LIBKRB5) $$libs"; \
fi; \
( PATH=/usr/ccs/bin:$$PATH ; export PATH; \
SHARE_FLAG='-G'; \
(${CC} -v 2>&1 | grep gcc) > /dev/null && SHARE_FLAG='-shared'; \
find . -name "*.o" -print > allobjs ; \
OBJS= ; export OBJS ; \
for obj in `ar t lib$$i.a` ; do \
OBJS="$${OBJS} `grep $$obj allobjs`" ; \
OBJS="$${OBJS} `grep /$$obj allobjs`" ; \
done ; \
set -x; ${CC} ${SHARED_LDFLAGS} \
-G -o lib$$i.so.${SHLIB_MAJOR}.${SHLIB_MINOR} \
set -x; LD_LIBRARY_PATH=.:$$LD_LIBRARY_PATH \
${CC} ${SHARED_LDFLAGS} \
$${SHARE_FLAG} -o lib$$i.so.${SHLIB_MAJOR}.${SHLIB_MINOR} \
-h lib$$i.so.${SHLIB_MAJOR}.${SHLIB_MINOR} \
$${OBJS} $$libs ${EX_LIBS} ) || exit 1; \
libs="-l$$i $$libs"; \
@ -591,10 +596,10 @@ Makefile.ssl: Makefile.org
@false
libclean:
rm -f *.a */lib */*/lib
rm -f *.map *.so *.so.* engines/*.so *.a */lib */*/lib
clean:
rm -f shlib/*.o *.o core a.out fluff *.map rehash.time testlog make.log cctest cctest.c
clean: libclean
rm -f shlib/*.o *.o core a.out fluff rehash.time testlog make.log cctest cctest.c
@for i in $(DIRS) ;\
do \
if [ -d "$$i" ]; then \
@ -604,7 +609,7 @@ clean:
fi; \
done;
rm -f openssl.pc
rm -f *.a *.o speed.* *.map *.so .pure core
rm -f speed.* .pure
rm -f $(TARFILE)
@for i in $(ONEDIRS) ;\
do \
@ -654,7 +659,10 @@ rehash: rehash.time
rehash.time: certs
@(OPENSSL="`pwd`/apps/openssl"; OPENSSL_DEBUG_MEMORY=on; \
export OPENSSL OPENSSL_DEBUG_MEMORY; \
LD_LIBRARY_PATH="`pwd`"; DYLD_LIBRARY_PATH="`pwd`"; SHLIB_PATH="`pwd`"; LIBPATH="`pwd`"; \
LD_LIBRARY_PATH="`pwd`:$$LD_LIBRARY_PATH"; \
DYLD_LIBRARY_PATH="`pwd`:$$DYLD_LIBRARY_PATH"; \
SHLIB_PATH="`pwd`:$$SHLIB_PATH"; \
LIBPATH="`pwd`:$$LIBPATH"; \
if [ "$(PLATFORM)" = "Cygwin" ]; then PATH="`pwd`:$$PATH"; fi; \
export LD_LIBRARY_PATH DYLD_LIBRARY_PATH SHLIB_PATH LIBPATH PATH; \
$(PERL) tools/c_rehash certs)
@ -665,10 +673,13 @@ test: tests
tests: rehash
@(cd test && echo "testing..." && \
$(MAKE) CC='${CC}' PLATFORM='${PLATFORM}' CFLAG='${CFLAG}' SDIRS='$(SDIRS)' INSTALLTOP='${INSTALLTOP}' PEX_LIBS='${PEX_LIBS}' EX_LIBS='${EX_LIBS}' BN_ASM='${BN_ASM}' DES_ENC='${DES_ENC}' BF_ENC='${BF_ENC}' CAST_ENC='${CAST_ENC}' RC4_ENC='${RC4_ENC}' RC5_ENC='${RC5_ENC}' SHA1_ASM_OBJ='${SHA1_ASM_OBJ}' MD5_ASM_OBJ='${MD5_ASM_OBJ}' RMD160_ASM_OBJ='${RMD160_ASM_OBJ}' AR='${AR}' PROCESSOR='${PROCESSOR}' PERL='${PERL}' RANLIB='${RANLIB}' TESTS='${TESTS}' KRB5_INCLUDES='${KRB5_INCLUDES}' LIBKRB5='${LIBKRB5}' EXE_EXT='${EXE_EXT}' SHARED_LIBS='${SHARED_LIBS}' SHLIB_EXT='${SHLIB_EXT}' SHLIB_TARGET='${SHLIB_TARGET}' TESTS='${TESTS}' OPENSSL_DEBUG_MEMORY=on tests );
@LD_LIBRARY_PATH="`pwd`"; DYLD_LIBRARY_PATH="`pwd`"; SHLIB_PATH="`pwd`"; LIBPATH="`pwd`"; \
if [ "$(PLATFORM)" = "Cygwin" ]; then PATH="`pwd`:$$PATH"; fi; \
export LD_LIBRARY_PATH DYLD_LIBRARY_PATH SHLIB_PATH LIBPATH PATH; \
apps/openssl version -a
@LD_LIBRARY_PATH="`pwd`:$$LD_LIBRARY_PATH"; \
DYLD_LIBRARY_PATH="`pwd`:$$DYLD_LIBRARY_PATH"; \
SHLIB_PATH="`pwd`:$$SHLIB_PATH"; \
LIBPATH="`pwd`:$$LIBPATH"; \
if [ "$(PLATFORM)" = "Cygwin" ]; then PATH="`pwd`:$$PATH"; fi; \
export LD_LIBRARY_PATH DYLD_LIBRARY_PATH SHLIB_PATH LIBPATH PATH; \
apps/openssl version -a
report:
@$(PERL) util/selftest.pl
@ -823,6 +834,7 @@ install: all install_docs
fi; \
fi
cp openssl.pc $(INSTALL_PREFIX)$(INSTALLTOP)/lib/pkgconfig
chmod 644 $(INSTALL_PREFIX)$(INSTALLTOP)/lib/pkgconfig
install_docs:
@$(PERL) $(TOP)/util/mkdir-p.pl \
@ -839,33 +851,33 @@ install_docs:
for i in doc/apps/*.pod; do \
fn=`basename $$i .pod`; \
if [ "$$fn" = "config" ]; then sec=5; else sec=1; fi; \
echo "installing man$$sec/$$fn.$$sec"; \
echo "installing man$$sec/$$fn.$${sec}$(MANSUFFIX)"; \
(cd `$(PERL) util/dirname.pl $$i`; \
sh -c "$$pod2man \
--section=$$sec --center=OpenSSL \
--release=$(VERSION) `basename $$i`") \
> $(INSTALL_PREFIX)$(MANDIR)/man$$sec/$$fn.$$sec; \
> $(INSTALL_PREFIX)$(MANDIR)/man$$sec/$$fn.$${sec}$(MANSUFFIX); \
$(PERL) util/extract-names.pl < $$i | \
grep -v $$filecase "^$$fn\$$" | \
(cd $(INSTALL_PREFIX)$(MANDIR)/man$$sec/; \
while read n; do \
$$here/util/point.sh $$fn.$$sec $$n.$$sec; \
$$here/util/point.sh $$fn.$${sec}$(MANSUFFIX) "$$n".$${sec}$(MANSUFFIX); \
done); \
done; \
for i in doc/crypto/*.pod doc/ssl/*.pod; do \
fn=`basename $$i .pod`; \
if [ "$$fn" = "des_modes" ]; then sec=7; else sec=3; fi; \
echo "installing man$$sec/$$fn.$$sec"; \
echo "installing man$$sec/$$fn.$${sec}$(MANSUFFIX)"; \
(cd `$(PERL) util/dirname.pl $$i`; \
sh -c "$$pod2man \
--section=$$sec --center=OpenSSL \
--release=$(VERSION) `basename $$i`") \
> $(INSTALL_PREFIX)$(MANDIR)/man$$sec/$$fn.$$sec; \
> $(INSTALL_PREFIX)$(MANDIR)/man$$sec/$$fn.$${sec}$(MANSUFFIX); \
$(PERL) util/extract-names.pl < $$i | \
grep -v $$filecase "^$$fn\$$" | \
(cd $(INSTALL_PREFIX)$(MANDIR)/man$$sec/; \
while read n; do \
$$here/util/point.sh $$fn.$$sec $$n.$$sec; \
$$here/util/point.sh $$fn.$${sec}$(MANSUFFIX) "$$n".$${sec}$(MANSUFFIX); \
done); \
done

30
crypto/openssl/NEWS
View File

@ -5,6 +5,24 @@
This file gives a brief overview of the major changes between each OpenSSL
release. For more details please read the CHANGES file.
Major changes between OpenSSL 0.9.7b and OpenSSL 0.9.7c:
o Security: fix various ASN1 parsing bugs.
o New -ignore_err option to OCSP utility.
o Various interop and bug fixes in S/MIME code.
o SSL/TLS protocol fix for unrequested client certificates.
Major changes between OpenSSL 0.9.7a and OpenSSL 0.9.7b:
o Security: counter the Klima-Pokorny-Rosa extension of
Bleichbacher's attack
o Security: make RSA blinding default.
o Configuration: Irix fixes, AIX fixes, better mingw support.
o Support for new platforms: linux-ia64-ecc.
o Build: shared library support fixes.
o ASN.1: treat domainComponent correctly.
o Documentation: fixes and additions.
Major changes between OpenSSL 0.9.7 and OpenSSL 0.9.7a:
o Security: Important security related bugfixes.
@ -62,6 +80,18 @@
o SSL/TLS: add callback to retrieve SSL/TLS messages.
o SSL/TLS: support AES cipher suites (RFC3268).
Major changes between OpenSSL 0.9.6j and OpenSSL 0.9.6k:
o Security: fix various ASN1 parsing bugs.
o SSL/TLS protocol fix for unrequested client certificates.
Major changes between OpenSSL 0.9.6i and OpenSSL 0.9.6j:
o Security: counter the Klima-Pokorny-Rosa extension of
Bleichbacher's attack
o Security: make RSA blinding default.
o Build: shared library support fixes.
Major changes between OpenSSL 0.9.6h and OpenSSL 0.9.6i:
o Important security related bugfixes.

31
crypto/openssl/PROBLEMS
View File

@ -98,3 +98,34 @@ config-line. './Configure aix43-cc shared' is working, but not
libraries. It's possible to build 64-bit shared libraries by running
'env OBJECT_MODE=64 make', but we need more elegant solution. Preferably one
supporting even gcc shared builds. See RT#463 for background information.
* Problems building shared libraries on SCO OpenServer Release 5.0.6
with gcc 2.95.3
The symptoms appear when running the test suite, more specifically
test/ectest, with the following result:
OSSL_LIBPATH="`cd ..; pwd`"; LD_LIBRARY_PATH="$OSSL_LIBPATH:$LD_LIBRARY_PATH"; DYLD_LIBRARY_PATH="$OSSL_LIBPATH:$DYLD_LIBRARY_PATH"; SHLIB_PATH="$OSSL_LIBPATH:$SHLIB_PATH"; LIBPATH="$OSSL_LIBPATH:$LIBPATH"; if [ "debug-sco5-gcc" = "Cygwin" ]; then PATH="${LIBPATH}:$PATH"; fi; export LD_LIBRARY_PATH DYLD_LIBRARY_PATH SHLIB_PATH LIBPATH PATH; ./ectest
ectest.c:186: ABORT
The cause of the problem seems to be that isxdigit(), called from
BN_hex2bn(), returns 0 on a perfectly legitimate hex digit. Further
investigation shows that any of the isxxx() macros return 0 on any
input. A direct look in the information array that the isxxx() use,
called __ctype, shows that it contains all zeroes...
Taking a look at the newly created libcrypto.so with nm, one can see
that the variable __ctype is defined in libcrypto's .bss (which
explains why it is filled with zeroes):
$ nm -Pg libcrypto.so | grep __ctype
__ctype B 0011659c
__ctype2 U
Curiously, __ctype2 is undefined, in spite of being declared in
/usr/include/ctype.h in exactly the same way as __ctype.
Any information helping to solve this issue would be deeply
appreciated.
NOTE: building non-shared doesn't come with this problem.

2
crypto/openssl/README
View File

@ -1,5 +1,5 @@
OpenSSL 0.9.7a Feb 19 2003
OpenSSL 0.9.7c 30 Sep 2003
Copyright (c) 1998-2003 The OpenSSL Project
Copyright (c) 1995-1998 Eric A. Young, Tim J. Hudson

2
crypto/openssl/apps/CA.pl
View File

@ -1,4 +1,4 @@
#!/usr/local/bin/perl
#!/usr/bin/perl
#
# CA - wrapper around ca to make it easier to use ... basically ca requires
# some setup stuff to be done before you can use it and this makes

7
crypto/openssl/apps/Makefile.ssl
View File

@ -87,6 +87,7 @@ all: exe
exe: $(PROGRAM)
req: sreq.o $(A_OBJ) $(DLIBCRYPTO)
LD_LIBRARY_PATH=..:$$LD_LIBRARY_PATH \
$(CC) -o req $(CFLAG) sreq.o $(A_OBJ) $(RAND_OBJ) $(PEX_LIBS) $(LIBCRYPTO) $(EX_LIBS)
sreq.o: req.c
@ -147,10 +148,14 @@ $(PROGRAM): progs.h $(E_OBJ) $(PROGRAM).o $(DLIBCRYPTO) $(DLIBSSL)
if [ "$(SHLIB_TARGET)" = "hpux-shared" -o "$(SHLIB_TARGET)" = "darwin-shared" ] ; then \
$(CC) -o $(PROGRAM) $(CFLAGS) $(PROGRAM).o $(E_OBJ) $(PEX_LIBS) $(DLIBSSL) $(LIBKRB5) $(DLIBCRYPTO) $(EX_LIBS) ; \
else \
LD_LIBRARY_PATH=..:$$LD_LIBRARY_PATH \
$(CC) -o $(PROGRAM) $(CFLAGS) $(PROGRAM).o $(E_OBJ) $(PEX_LIBS) $(LIBSSL) $(LIBKRB5) $(LIBCRYPTO) $(EX_LIBS) ; \
fi
-(cd ..; OPENSSL="`pwd`/apps/openssl"; export OPENSSL; \
LIBPATH="`pwd`"; LD_LIBRARY_PATH="`pwd`"; DYLD_LIBRARY_PATH="`pwd`"; SHLIB_PATH="`pwd`"; \
LD_LIBRARY_PATH="`pwd`:$$LD_LIBRARY_PATH"; \
DYLD_LIBRARY_PATH="`pwd`:$$DYLD_LIBRARY_PATH"; \
SHLIB_PATH="`pwd`:$$SHLIB_PATH"; \
LIBPATH="`pwd`:$$LIBPATH"; \
if [ "$(PLATFORM)" = "Cygwin" ]; then PATH="`pwd`:$$PATH"; fi; \
export LD_LIBRARY_PATH DYLD_LIBRARY_PATH SHLIB_PATH LIBPATH PATH; \
$(PERL) tools/c_rehash certs)

4
crypto/openssl/apps/apps.c
View File

@ -140,10 +140,6 @@
#include "apps.h"
#undef NON_MAIN
#ifdef OPENSSL_SYS_WINDOWS
# include "bss_file.c"
#endif
typedef struct {
char *name;
unsigned long flag;

2
crypto/openssl/apps/ca.c
View File

@ -2193,7 +2193,7 @@ again2:
#ifdef X509_V3
/* Make it an X509 v3 certificate. */
if (!X509_set_version(x509,2)) goto err;
if (!X509_set_version(ret,2)) goto err;
#endif
if (BN_to_ASN1_INTEGER(serial,ci->serialNumber) == NULL)

1
crypto/openssl/apps/crl.c
View File

@ -81,6 +81,7 @@ static char *crl_usage[]={
" -in arg - input file - default stdin\n",
" -out arg - output file - default stdout\n",
" -hash - print hash value\n",
" -fingerprint - print the crl fingerprint\n",
" -issuer - print issuer DN\n",
" -lastupdate - lastUpdate field\n",
" -nextupdate - nextUpdate field\n",

2
crypto/openssl/apps/der_chop
View File

@ -1,4 +1,4 @@
#!/usr/local/bin/perl
#!/usr/bin/perl
#
# der_chop ... this is one total hack that Eric is really not proud of
# so don't look at it and don't ask for support

6
crypto/openssl/apps/engine.c
View File

@ -520,4 +520,10 @@ end:
apps_shutdown();
OPENSSL_EXIT(ret);
}
#else
# if PEDANTIC
static void *dummy=&dummy;
# endif
#endif

11
crypto/openssl/apps/ocsp.c
View File

@ -136,6 +136,7 @@ int MAIN(int argc, char **argv)
int accept_count = -1;
int badarg = 0;
int i;
int ignore_err = 0;
STACK *reqnames = NULL;
STACK_OF(OCSP_CERTID) *ids = NULL;
@ -195,6 +196,8 @@ int MAIN(int argc, char **argv)
}
else badarg = 1;
}
else if (!strcmp(*args, "-ignore_err"))
ignore_err = 1;
else if (!strcmp(*args, "-noverify"))
noverify = 1;
else if (!strcmp(*args, "-nonce"))
@ -524,7 +527,7 @@ int MAIN(int argc, char **argv)
BIO_printf (bio_err, "-serial n serial number to check\n");
BIO_printf (bio_err, "-signer file certificate to sign OCSP request with\n");
BIO_printf (bio_err, "-signkey file private key to sign OCSP request with\n");
BIO_printf (bio_err, "-sign_certs file additional certificates to include in signed request\n");
BIO_printf (bio_err, "-sign_other file additional certificates to include in signed request\n");
BIO_printf (bio_err, "-no_certs don't include any certificates in signed request\n");
BIO_printf (bio_err, "-req_text print text form of request\n");
BIO_printf (bio_err, "-resp_text print text form of response\n");
@ -544,10 +547,10 @@ int MAIN(int argc, char **argv)
BIO_printf (bio_err, "-validity_period n maximum validity discrepancy in seconds\n");
BIO_printf (bio_err, "-status_age n maximum status age in seconds\n");
BIO_printf (bio_err, "-noverify don't verify response at all\n");
BIO_printf (bio_err, "-verify_certs file additional certificates to search for signer\n");
BIO_printf (bio_err, "-verify_other file additional certificates to search for signer\n");
BIO_printf (bio_err, "-trust_other don't verify additional certificates\n");
BIO_printf (bio_err, "-no_intern don't search certificates contained in response for signer\n");
BIO_printf (bio_err, "-no_sig_verify don't check signature on response\n");
BIO_printf (bio_err, "-no_signature_verify don't check signature on response\n");
BIO_printf (bio_err, "-no_cert_verify don't check signing certificate\n");
BIO_printf (bio_err, "-no_chain don't chain verify response\n");
BIO_printf (bio_err, "-no_cert_checks don't do additional checks on signing certificate\n");
@ -809,6 +812,8 @@ int MAIN(int argc, char **argv)
{
BIO_printf(out, "Responder Error: %s (%ld)\n",
OCSP_response_status_str(i), i);
if (ignore_err)
goto redo_accept;
ret = 0;
goto end;
}

2
crypto/openssl/apps/openssl.c
View File

@ -163,7 +163,7 @@ static void lock_dbg_cb(int mode, int type, const char *file, int line)
goto err;
}
if (type < 0 || type > CRYPTO_NUM_LOCKS)
if (type < 0 || type >= CRYPTO_NUM_LOCKS)
{
errstr = "type out of bounds";
goto err;

11
crypto/openssl/apps/pkcs8.c
View File

@ -235,7 +235,7 @@ int MAIN(int argc, char **argv)
return (1);
}
if (!(p8inf = EVP_PKEY2PKCS8_broken(pkey, p8_broken))) {
BIO_printf(bio_err, "Error converting key\n", outfile);
BIO_printf(bio_err, "Error converting key\n");
ERR_print_errors(bio_err);
return (1);
}
@ -259,8 +259,7 @@ int MAIN(int argc, char **argv)
if (!(p8 = PKCS8_encrypt(pbe_nid, cipher,
p8pass, strlen(p8pass),
NULL, 0, iter, p8inf))) {
BIO_printf(bio_err, "Error encrypting key\n",
outfile);
BIO_printf(bio_err, "Error encrypting key\n");
ERR_print_errors(bio_err);
return (1);
}
@ -303,7 +302,7 @@ int MAIN(int argc, char **argv)
}
if (!p8) {
BIO_printf (bio_err, "Error reading key\n", outfile);
BIO_printf (bio_err, "Error reading key\n");
ERR_print_errors(bio_err);
return (1);
}
@ -317,13 +316,13 @@ int MAIN(int argc, char **argv)
}
if (!p8inf) {
BIO_printf(bio_err, "Error decrypting key\n", outfile);
BIO_printf(bio_err, "Error decrypting key\n");
ERR_print_errors(bio_err);
return (1);
}
if (!(pkey = EVP_PKCS82PKEY(p8inf))) {
BIO_printf(bio_err, "Error converting key\n", outfile);
BIO_printf(bio_err, "Error converting key\n");
ERR_print_errors(bio_err);
return (1);
}

8
crypto/openssl/apps/s_apps.h
View File

@ -112,6 +112,14 @@
#include <sys/types.h>
#include <openssl/opensslconf.h>
#if defined(OPENSSL_SYS_WINDOWS) || defined(OPENSSL_SYS_MSDOS)
#include <conio.h>
#endif
#ifdef OPENSSL_SYS_MSDOS
#define _kbhit kbhit
#endif
#if defined(OPENSSL_SYS_VMS) && !defined(FD_SET)
/* VAX C does not defined fd_set and friends, but it's actually quite simple */
/* These definitions are borrowed from SOCKETSHR. /Richard Levitte */

38
crypto/openssl/apps/s_client.c
View File

@ -136,10 +136,6 @@ typedef unsigned int u_int;
#include <openssl/rand.h>
#include "s_apps.h"
#ifdef OPENSSL_SYS_WINDOWS
#include <conio.h>
#endif
#ifdef OPENSSL_SYS_WINCE
/* Windows CE incorrectly defines fileno as returning void*, so to avoid problems below... */
#ifdef fileno
@ -221,7 +217,7 @@ static void sc_usage(void)
BIO_printf(bio_err," -starttls prot - use the STARTTLS command before starting TLS\n");
BIO_printf(bio_err," for those protocols that support it, where\n");
BIO_printf(bio_err," 'prot' defines which one to assume. Currently,\n");
BIO_printf(bio_err," only \"smtp\" is supported.\n");
BIO_printf(bio_err," only \"smtp\" and \"pop3\" are supported.\n");
#ifndef OPENSSL_NO_ENGINE
BIO_printf(bio_err," -engine id - Initialise and use the specified engine\n");
#endif
@ -251,7 +247,7 @@ int MAIN(int argc, char **argv)
int write_tty,read_tty,write_ssl,read_ssl,tty_on,ssl_pending;
SSL_CTX *ctx=NULL;
int ret=1,in_init=1,i,nbio_test=0;
int smtp_starttls = 0;
int starttls_proto = 0;
int prexit = 0, vflags = 0;
SSL_METHOD *meth=NULL;
BIO *sbio;
@ -260,7 +256,7 @@ int MAIN(int argc, char **argv)
char *engine_id=NULL;
ENGINE *e=NULL;
#endif
#ifdef OPENSSL_SYS_WINDOWS
#if defined(OPENSSL_SYS_WINDOWS) || defined(OPENSSL_SYS_MSDOS)
struct timeval tv;
#endif
@ -415,7 +411,9 @@ int MAIN(int argc, char **argv)
if (--argc < 1) goto bad;
++argv;
if (strcmp(*argv,"smtp") == 0)
smtp_starttls = 1;
starttls_proto = 1;
else if (strcmp(*argv,"pop3") == 0)
starttls_proto = 2;
else
goto bad;
}
@ -587,12 +585,18 @@ re_start:
sbuf_off=0;
/* This is an ugly hack that does a lot of assumptions */
if (smtp_starttls)
if (starttls_proto == 1)
{
BIO_read(sbio,mbuf,BUFSIZZ);
BIO_printf(sbio,"STARTTLS\r\n");
BIO_read(sbio,sbuf,BUFSIZZ);
}
if (starttls_proto == 2)
{
BIO_read(sbio,mbuf,BUFSIZZ);
BIO_printf(sbio,"STLS\r\n");
BIO_read(sbio,sbuf,BUFSIZZ);
}
for (;;)
{
@ -613,11 +617,11 @@ re_start:
print_stuff(bio_c_out,con,full_log);
if (full_log > 0) full_log--;
if (smtp_starttls)
if (starttls_proto)
{
BIO_printf(bio_err,"%s",mbuf);
/* We don't need to know any more */
smtp_starttls = 0;
starttls_proto = 0;
}
if (reconnect)
@ -636,7 +640,7 @@ re_start:
if (!ssl_pending)
{
#ifndef OPENSSL_SYS_WINDOWS
#if !defined(OPENSSL_SYS_WINDOWS) && !defined(OPENSSL_SYS_MSDOS)
if (tty_on)
{
if (read_tty) FD_SET(fileno(stdin),&readfds);
@ -663,8 +667,8 @@ re_start:
* will choke the compiler: if you do have a cast then
* you can either go for (int *) or (void *).
*/
#ifdef OPENSSL_SYS_WINDOWS
/* Under Windows we make the assumption that we can
#if defined(OPENSSL_SYS_WINDOWS) || defined(OPENSSL_SYS_MSDOS)
/* Under Windows/DOS we make the assumption that we can
* always write to the tty: therefore if we need to
* write to the tty we just fall through. Otherwise
* we timeout the select every second and see if there
@ -678,7 +682,7 @@ re_start:
tv.tv_usec = 0;
i=select(width,(void *)&readfds,(void *)&writefds,
NULL,&tv);
#ifdef OPENSSL_SYS_WINCE
#if defined(OPENSSL_SYS_WINCE) || defined(OPENSSL_SYS_MSDOS)
if(!i && (!_kbhit() || !read_tty) ) continue;
#else
if(!i && (!((_kbhit()) || (WAIT_OBJECT_0 == WaitForSingleObject(GetStdHandle(STD_INPUT_HANDLE), 0))) || !read_tty) ) continue;
@ -847,8 +851,8 @@ printf("read=%d pending=%d peek=%d\n",k,SSL_pending(con),SSL_peek(con,zbuf,10240
}
}
#ifdef OPENSSL_SYS_WINDOWS
#ifdef OPENSSL_SYS_WINCE
#if defined(OPENSSL_SYS_WINDOWS) || defined(OPENSSL_SYS_MSDOS)
#if defined(OPENSSL_SYS_WINCE) || defined(OPENSSL_SYS_MSDOS)
else if (_kbhit())
#else
else if ((_kbhit()) || (WAIT_OBJECT_0 == WaitForSingleObject(GetStdHandle(STD_INPUT_HANDLE), 0)))

20
crypto/openssl/apps/s_server.c
View File

@ -140,10 +140,6 @@ typedef unsigned int u_int;
#include <openssl/rand.h>
#include "s_apps.h"
#ifdef OPENSSL_SYS_WINDOWS
#include <conio.h>
#endif
#ifdef OPENSSL_SYS_WINCE
/* Windows CE incorrectly defines fileno as returning void*, so to avoid problems below... */
#ifdef fileno
@ -917,7 +913,7 @@ static int sv_body(char *hostname, int s, unsigned char *context)
unsigned long l;
SSL *con=NULL;
BIO *sbio;
#ifdef OPENSSL_SYS_WINDOWS
#if defined(OPENSSL_SYS_WINDOWS) || defined(OPENSSL_SYS_MSDOS)
struct timeval tv;
#endif
@ -991,7 +987,7 @@ static int sv_body(char *hostname, int s, unsigned char *context)
if (!read_from_sslcon)
{
FD_ZERO(&readfds);
#ifndef OPENSSL_SYS_WINDOWS
#if !defined(OPENSSL_SYS_WINDOWS) && !defined(OPENSSL_SYS_MSDOS)
FD_SET(fileno(stdin),&readfds);
#endif
FD_SET(s,&readfds);
@ -1001,8 +997,8 @@ static int sv_body(char *hostname, int s, unsigned char *context)
* the compiler: if you do have a cast then you can either
* go for (int *) or (void *).
*/
#ifdef OPENSSL_SYS_WINDOWS
/* Under Windows we can't select on stdin: only
#if defined(OPENSSL_SYS_WINDOWS) || defined(OPENSSL_SYS_MSDOS)
/* Under DOS (non-djgpp) and Windows we can't select on stdin: only
* on sockets. As a workaround we timeout the select every
* second and check for any keypress. In a proper Windows
* application we wouldn't do this because it is inefficient.
@ -1263,7 +1259,13 @@ static int init_ssl_connection(SSL *con)
if (SSL_ctrl(con,SSL_CTRL_GET_FLAGS,0,NULL) &
TLS1_FLAGS_TLS_PADDING_BUG)
BIO_printf(bio_s_out,"Peer has incorrect TLSv1 block padding\n");
#ifndef OPENSSL_NO_KRB5
if (con->kssl_ctx->client_princ != NULL)
{
BIO_printf(bio_s_out,"Kerberos peer principal is %s\n",
con->kssl_ctx->client_princ);
}
#endif /* OPENSSL_NO_KRB5 */
return(1);
}

4
crypto/openssl/apps/smime.c
View File

@ -168,6 +168,10 @@ int MAIN(int argc, char **argv)
flags |= PKCS7_BINARY;
else if (!strcmp (*args, "-nosigs"))
flags |= PKCS7_NOSIGS;
else if (!strcmp (*args, "-nooldmime"))
flags |= PKCS7_NOOLDMIMETYPE;
else if (!strcmp (*args, "-crlfeol"))
flags |= PKCS7_CRLFEOL;
else if (!strcmp (*args, "-crl_check"))
store_flags |= X509_V_FLAG_CRL_CHECK;
else if (!strcmp (*args, "-crl_check_all"))

8
crypto/openssl/apps/x509.c
View File

@ -358,12 +358,6 @@ int MAIN(int argc, char **argv)
if (--argc < 1) goto bad;
if (!set_name_ex(&nmflag, *(++argv))) goto bad;
}
else if (strcmp(*argv,"-setalias") == 0)
{
if (--argc < 1) goto bad;
alias= *(++argv);
trustout = 1;
}
#ifndef OPENSSL_NO_ENGINE
else if (strcmp(*argv,"-engine") == 0)
{
@ -1151,7 +1145,7 @@ static int x509_certify(X509_STORE *ctx, char *CAfile, const EVP_MD *digest,
else if (!(bs = load_serial(CAfile, serialfile, create)))
goto end;
if (!X509_STORE_add_cert(ctx,x)) goto end;
/* if (!X509_STORE_add_cert(ctx,x)) goto end;*/
/* NOTE: this certificate can/should be self signed, unless it was
* a certificate request in which case it is not. */

2
crypto/openssl/bugs/SSLv3
View File

@ -29,7 +29,7 @@ RC4-MD5, but a re-connect tries to use DES-CBC-SHA. So netscape, when
doing a re-connect, always takes the first cipher in the cipher list.
If we accept a netscape connection, demand a client cert, have a
non-self-sighed CA which does not have it's CA in netscape, and the
non-self-signed CA which does not have it's CA in netscape, and the
browser has a cert, it will crash/hang. Works for 3.x and 4.xbeta
Netscape browsers do not really notice the server sending a

8
crypto/openssl/config
View File

@ -458,7 +458,7 @@ if [ "${SYSTEM}-${MACHINE}" = "Linux-alpha" ]; then
fi
if [ "${SYSTEM}" = "AIX" ]; then # favor vendor cc over gcc
(cc) 2>&1 | grep -iv "command not found" > /dev/null && CC=cc
(cc) 2>&1 | grep -iv "not found" > /dev/null && CC=cc
fi
CCVER=${CCVER:-0}
@ -473,7 +473,7 @@ echo Operating system: $GUESSOS
# more time that I want to waste at the moment
case "$GUESSOS" in
mips2-sgi-irix)
CPU=`(hinv -t cpu) 2>/dev/null | sed 's/^CPU:[^R]*R\([0-9]*\).*/\1/'`
CPU=`(hinv -t cpu) 2>/dev/null | head -1 | sed 's/^CPU:[^R]*R\([0-9]*\).*/\1/'`
CPU=${CPU:-0}
if [ $CPU -ge 4000 ]; then
options="$options -mips2"
@ -481,7 +481,7 @@ case "$GUESSOS" in
OUT="irix-$CC"
;;
mips3-sgi-irix)
CPU=`(hinv -t cpu) 2>/dev/null | sed 's/^CPU:[^R]*R\([0-9]*\).*/\1/'`
CPU=`(hinv -t cpu) 2>/dev/null | head -1 | sed 's/^CPU:[^R]*R\([0-9]*\).*/\1/'`
CPU=${CPU:-0}
if [ $CPU -ge 5000 ]; then
options="$options -mips4"
@ -497,7 +497,7 @@ case "$GUESSOS" in
echo " You have about 5 seconds to press Ctrl-C to abort."
(stty -icanon min 0 time 50; read waste) < /dev/tty
fi
CPU=`(hinv -t cpu) 2>/dev/null | sed 's/^CPU:[^R]*R\([0-9]*\).*/\1/'`
CPU=`(hinv -t cpu) 2>/dev/null | head -1 | sed 's/^CPU:[^R]*R\([0-9]*\).*/\1/'`
CPU=${CPU:-0}
if [ $CPU -ge 5000 ]; then
options="$options -mips4"

2
crypto/openssl/crypto/aes/aes.h
View File

@ -100,7 +100,7 @@ void AES_ofb128_encrypt(const unsigned char *in, unsigned char *out,
unsigned char *ivec, int *num);
void AES_ctr128_encrypt(const unsigned char *in, unsigned char *out,
const unsigned long length, const AES_KEY *key,
unsigned char counter[AES_BLOCK_SIZE],
unsigned char ivec[AES_BLOCK_SIZE],
unsigned char ecount_buf[AES_BLOCK_SIZE],
unsigned int *num);

12
crypto/openssl/crypto/aes/aes_cbc.c
View File

@ -72,7 +72,7 @@ void AES_cbc_encrypt(const unsigned char *in, unsigned char *out,
if (AES_ENCRYPT == enc) {
while (len >= AES_BLOCK_SIZE) {
for(n=0; n < sizeof tmp; ++n)
for(n=0; n < AES_BLOCK_SIZE; ++n)
tmp[n] = in[n] ^ ivec[n];
AES_encrypt(tmp, out, key);
memcpy(ivec, out, AES_BLOCK_SIZE);
@ -86,12 +86,12 @@ void AES_cbc_encrypt(const unsigned char *in, unsigned char *out,
for(n=len; n < AES_BLOCK_SIZE; ++n)
tmp[n] = ivec[n];
AES_encrypt(tmp, tmp, key);
memcpy(out, tmp, len);
memcpy(ivec, tmp, sizeof tmp);
memcpy(out, tmp, AES_BLOCK_SIZE);
memcpy(ivec, tmp, AES_BLOCK_SIZE);
}
} else {
while (len >= AES_BLOCK_SIZE) {
memcpy(tmp, in, sizeof tmp);
memcpy(tmp, in, AES_BLOCK_SIZE);
AES_decrypt(in, out, key);
for(n=0; n < AES_BLOCK_SIZE; ++n)
out[n] ^= ivec[n];
@ -101,11 +101,11 @@ void AES_cbc_encrypt(const unsigned char *in, unsigned char *out,
out += AES_BLOCK_SIZE;
}
if (len) {
memcpy(tmp, in, sizeof tmp);
memcpy(tmp, in, AES_BLOCK_SIZE);
AES_decrypt(tmp, tmp, key);
for(n=0; n < len; ++n)
out[n] ^= ivec[n];
memcpy(ivec, tmp, sizeof tmp);
memcpy(ivec, tmp, AES_BLOCK_SIZE);
}
}
}

54
crypto/openssl/crypto/aes/aes_ctr.c
View File

@ -62,19 +62,49 @@
/* NOTE: CTR mode is big-endian. The rest of the AES code
* is endian-neutral. */
/* increment counter (128-bit int) by 2^64 */
/* increment counter (128-bit int) by 1 */
static void AES_ctr128_inc(unsigned char *counter) {
unsigned long c;
/* Grab 3rd dword of counter and increment */
/* Grab bottom dword of counter and increment */
#ifdef L_ENDIAN
c = GETU32(counter + 8);
c = GETU32(counter + 0);
c++;
PUTU32(counter + 8, c);
PUTU32(counter + 0, c);
#else
c = GETU32(counter + 4);
c = GETU32(counter + 12);
c++;
PUTU32(counter + 4, c);
PUTU32(counter + 12, c);
#endif
/* if no overflow, we're done */
if (c)
return;
/* Grab 1st dword of counter and increment */
#ifdef L_ENDIAN
c = GETU32(counter + 4);
c++;
PUTU32(counter + 4, c);
#else
c = GETU32(counter + 8);
c++;
PUTU32(counter + 8, c);
#endif
/* if no overflow, we're done */
if (c)
return;
/* Grab 2nd dword of counter and increment */
#ifdef L_ENDIAN
c = GETU32(counter + 8);
c++;
PUTU32(counter + 8, c);
#else
c = GETU32(counter + 4);
c++;
PUTU32(counter + 4, c);
#endif
/* if no overflow, we're done */
@ -100,10 +130,16 @@ static void AES_ctr128_inc(unsigned char *counter) {
* encrypted counter is kept in ecount_buf. Both *num and
* ecount_buf must be initialised with zeros before the first
* call to AES_ctr128_encrypt().
*
* This algorithm assumes that the counter is in the x lower bits
* of the IV (ivec), and that the application has full control over
* overflow and the rest of the IV. This implementation takes NO
* responsability for checking that the counter doesn't overflow
* into the rest of the IV when incremented.
*/
void AES_ctr128_encrypt(const unsigned char *in, unsigned char *out,
const unsigned long length, const AES_KEY *key,
unsigned char counter[AES_BLOCK_SIZE],
unsigned char ivec[AES_BLOCK_SIZE],
unsigned char ecount_buf[AES_BLOCK_SIZE],
unsigned int *num) {
@ -117,8 +153,8 @@ void AES_ctr128_encrypt(const unsigned char *in, unsigned char *out,
while (l--) {
if (n == 0) {
AES_encrypt(counter, ecount_buf, key);
AES_ctr128_inc(counter);
AES_encrypt(ivec, ecount_buf, key);
AES_ctr128_inc(ivec);
}
*(out++) = *(in++) ^ ecount_buf[n];
n = (n+1) % AES_BLOCK_SIZE;

2
crypto/openssl/crypto/asn1/a_mbstr.c
View File

@ -296,7 +296,7 @@ static int in_utf8(unsigned long value, void *arg)
static int out_utf8(unsigned long value, void *arg)
{
long *outlen;
int *outlen;
outlen = arg;
*outlen += UTF8_putc(NULL, -1, value);
return 1;

2
crypto/openssl/crypto/asn1/a_strex.c
View File

@ -279,7 +279,7 @@ static int do_dump(unsigned long lflags, char_io *io_ch, void *arg, ASN1_STRING
* otherwise it is the number of bytes per character
*/
const static char tag2nbyte[] = {
const static signed char tag2nbyte[] = {
-1, -1, -1, -1, -1, /* 0-4 */
-1, -1, -1, -1, -1, /* 5-9 */
-1, -1, 0, -1, /* 10-13 */

40
crypto/openssl/crypto/asn1/a_strnid.c
View File

@ -143,7 +143,7 @@ ASN1_STRING *ASN1_STRING_set_by_NID(ASN1_STRING **out, const unsigned char *in,
/* Now the tables and helper functions for the string table:
*/
/* size limits: this stuff is taken straight from RFC2459 */
/* size limits: this stuff is taken straight from RFC3280 */
#define ub_name 32768
#define ub_common_name 64
@ -153,6 +153,8 @@ ASN1_STRING *ASN1_STRING_set_by_NID(ASN1_STRING **out, const unsigned char *in,
#define ub_organization_unit_name 64
#define ub_title 64
#define ub_email_address 128
#define ub_serial_number 64
/* This table must be kept in NID order */
@ -170,9 +172,11 @@ static ASN1_STRING_TABLE tbl_standard[] = {
{NID_givenName, 1, ub_name, DIRSTRING_TYPE, 0},
{NID_surname, 1, ub_name, DIRSTRING_TYPE, 0},
{NID_initials, 1, ub_name, DIRSTRING_TYPE, 0},
{NID_serialNumber, 1, ub_serial_number, B_ASN1_PRINTABLESTRING, STABLE_NO_MASK},
{NID_friendlyName, -1, -1, B_ASN1_BMPSTRING, STABLE_NO_MASK},
{NID_name, 1, ub_name, DIRSTRING_TYPE, 0},
{NID_dnQualifier, -1, -1, B_ASN1_PRINTABLESTRING, STABLE_NO_MASK},
{NID_domainComponent, 1, -1, B_ASN1_IA5STRING, STABLE_NO_MASK},
{NID_ms_csp_name, -1, -1, B_ASN1_BMPSTRING, STABLE_NO_MASK}
};
@ -249,4 +253,38 @@ static void st_free(ASN1_STRING_TABLE *tbl)
if(tbl->flags & STABLE_FLAGS_MALLOC) OPENSSL_free(tbl);
}
IMPLEMENT_STACK_OF(ASN1_STRING_TABLE)
#ifdef STRING_TABLE_TEST
main()
{
ASN1_STRING_TABLE *tmp;
int i, last_nid = -1;
for (tmp = tbl_standard, i = 0;
i < sizeof(tbl_standard)/sizeof(ASN1_STRING_TABLE); i++, tmp++)
{
if (tmp->nid < last_nid)
{
last_nid = 0;
break;
}
last_nid = tmp->nid;
}
if (last_nid != 0)
{
printf("Table order OK\n");
exit(0);
}
for (tmp = tbl_standard, i = 0;
i < sizeof(tbl_standard)/sizeof(ASN1_STRING_TABLE); i++, tmp++)
printf("Index %d, NID %d, Name=%s\n", i, tmp->nid,
OBJ_nid2ln(tmp->nid));
}
#endif

2
crypto/openssl/crypto/asn1/asn1.h
View File

@ -132,7 +132,7 @@ extern "C" {
#define B_ASN1_NUMERICSTRING 0x0001
#define B_ASN1_PRINTABLESTRING 0x0002
#define B_ASN1_T61STRING 0x0004
#define B_ASN1_TELETEXSTRING 0x0008
#define B_ASN1_TELETEXSTRING 0x0004
#define B_ASN1_VIDEOTEXSTRING 0x0008
#define B_ASN1_IA5STRING 0x0010
#define B_ASN1_GRAPHICSTRING 0x0020

2
crypto/openssl/crypto/asn1/asn1_lib.c
View File

@ -104,10 +104,12 @@ int ASN1_get_object(unsigned char **pp, long *plength, int *ptag, int *pclass,
l<<=7L;
l|= *(p++)&0x7f;
if (--max == 0) goto err;
if (l > (INT_MAX >> 7L)) goto err;
}
l<<=7L;
l|= *(p++)&0x7f;
tag=(int)l;
if (--max == 0) goto err;
}
else
{

9
crypto/openssl/crypto/asn1/tasn_dec.c
View File

@ -691,6 +691,7 @@ static int asn1_d2i_ex_primitive(ASN1_VALUE **pval, unsigned char **in, long inl
int asn1_ex_c2i(ASN1_VALUE **pval, unsigned char *cont, int len, int utype, char *free_cont, const ASN1_ITEM *it)
{
ASN1_VALUE **opval = NULL;
ASN1_STRING *stmp;
ASN1_TYPE *typ = NULL;
int ret = 0;
@ -705,6 +706,7 @@ int asn1_ex_c2i(ASN1_VALUE **pval, unsigned char *cont, int len, int utype, char
*pval = (ASN1_VALUE *)typ;
} else typ = (ASN1_TYPE *)*pval;
if(utype != typ->type) ASN1_TYPE_set(typ, utype, NULL);
opval = pval;
pval = (ASN1_VALUE **)&typ->value.ptr;
}
switch(utype) {
@ -796,7 +798,12 @@ int asn1_ex_c2i(ASN1_VALUE **pval, unsigned char *cont, int len, int utype, char
ret = 1;
err:
if(!ret) ASN1_TYPE_free(typ);
if(!ret)
{
ASN1_TYPE_free(typ);
if (opval)
*opval = NULL;
}
return ret;
}

21
crypto/openssl/crypto/bio/b_print.c
View File

@ -378,7 +378,7 @@ _dopr(
case 'p':
value = (long)va_arg(args, void *);
fmtint(sbuffer, buffer, &currlen, maxlen,
value, 16, min, max, flags);
value, 16, min, max, flags|DP_F_NUM);
break;
case 'n': /* XXX */
if (cflags == DP_C_SHORT) {
@ -482,8 +482,9 @@ fmtint(
int flags)
{
int signvalue = 0;
char *prefix = "";
unsigned LLONG uvalue;
char convert[DECIMAL_SIZE(value)+1];
char convert[DECIMAL_SIZE(value)+3];
int place = 0;
int spadlen = 0;
int zpadlen = 0;
@ -501,6 +502,10 @@ fmtint(
else if (flags & DP_F_SPACE)
signvalue = ' ';
}
if (flags & DP_F_NUM) {
if (base == 8) prefix = "0";
if (base == 16) prefix = "0x";
}
if (flags & DP_F_UP)
caps = 1;
do {
@ -514,7 +519,7 @@ fmtint(
convert[place] = 0;
zpadlen = max - place;
spadlen = min - OSSL_MAX(max, place) - (signvalue ? 1 : 0);
spadlen = min - OSSL_MAX(max, place) - (signvalue ? 1 : 0) - strlen(prefix);
if (zpadlen < 0)
zpadlen = 0;
if (spadlen < 0)
@ -536,6 +541,12 @@ fmtint(
if (signvalue)
doapr_outch(sbuffer, buffer, currlen, maxlen, signvalue);
/* prefix */
while (*prefix) {
doapr_outch(sbuffer, buffer, currlen, maxlen, *prefix);
prefix++;
}
/* zeros */
if (zpadlen > 0) {
while (zpadlen > 0) {
@ -692,7 +703,7 @@ fmtfp(
* Decimal point. This should probably use locale to find the correct
* char to print out.
*/
if (max > 0) {
if (max > 0 || (flags & DP_F_NUM)) {
doapr_outch(sbuffer, buffer, currlen, maxlen, '.');
while (fplace > 0)
@ -825,5 +836,5 @@ int BIO_vsnprintf(char *buf, size_t n, const char *format, va_list args)
* had the buffer been large enough.) */
return -1;
else
return (retlen <= INT_MAX) ? retlen : -1;
return (retlen <= INT_MAX) ? (int)retlen : -1;
}

1
crypto/openssl/crypto/bio/bf_buff.c
View File

@ -494,6 +494,7 @@ static int buffer_gets(BIO *b, char *buf, int size)
if (i <= 0)
{
BIO_copy_next_retry(b);
*buf='\0';
if (i < 0) return((num > 0)?num:i);
if (i == 0) return(num);
}

55
crypto/openssl/crypto/bio/bss_bio.c
View File

@ -1,4 +1,57 @@
/* crypto/bio/bss_bio.c -*- Mode: C; c-file-style: "eay" -*- */
/* ====================================================================
* Copyright (c) 1998-2003 The OpenSSL Project. All rights reserved.
*
* Redistribution and use in source and binary forms, with or without
* modification, are permitted provided that the following conditions
* are met:
*
* 1. Redistributions of source code must retain the above copyright
* notice, this list of conditions and the following disclaimer.
*
* 2. Redistributions in binary form must reproduce the above copyright
* notice, this list of conditions and the following disclaimer in
* the documentation and/or other materials provided with the
* distribution.
*
* 3. All advertising materials mentioning features or use of this
* software must display the following acknowledgment:
* "This product includes software developed by the OpenSSL Project
* for use in the OpenSSL Toolkit. (http://www.openssl.org/)"
*
* 4. The names "OpenSSL Toolkit" and "OpenSSL Project" must not be used to
* endorse or promote products derived from this software without
* prior written permission. For written permission, please contact
* openssl-core@openssl.org.
*
* 5. Products derived from this software may not be called "OpenSSL"
* nor may "OpenSSL" appear in their names without prior written
* permission of the OpenSSL Project.
*
* 6. Redistributions of any form whatsoever must retain the following
* acknowledgment:
* "This product includes software developed by the OpenSSL Project
* for use in the OpenSSL Toolkit (http://www.openssl.org/)"
*
* THIS SOFTWARE IS PROVIDED BY THE OpenSSL PROJECT ``AS IS'' AND ANY
* EXPRESSED OR IMPLIED WARRANTIES, INCLUDING, BUT NOT LIMITED TO, THE
* IMPLIED WARRANTIES OF MERCHANTABILITY AND FITNESS FOR A PARTICULAR
* PURPOSE ARE DISCLAIMED. IN NO EVENT SHALL THE OpenSSL PROJECT OR
* ITS CONTRIBUTORS BE LIABLE FOR ANY DIRECT, INDIRECT, INCIDENTAL,
* SPECIAL, EXEMPLARY, OR CONSEQUENTIAL DAMAGES (INCLUDING, BUT
* NOT LIMITED TO, PROCUREMENT OF SUBSTITUTE GOODS OR SERVICES;
* LOSS OF USE, DATA, OR PROFITS; OR BUSINESS INTERRUPTION)
* HOWEVER CAUSED AND ON ANY THEORY OF LIABILITY, WHETHER IN CONTRACT,
* STRICT LIABILITY, OR TORT (INCLUDING NEGLIGENCE OR OTHERWISE)
* ARISING IN ANY WAY OUT OF THE USE OF THIS SOFTWARE, EVEN IF ADVISED
* OF THE POSSIBILITY OF SUCH DAMAGE.
* ====================================================================
*
* This product includes cryptographic software written by Eric Young
* (eay@cryptsoft.com). This product includes software written by Tim
* Hudson (tjh@cryptsoft.com).
*
*/
/* Special method for a BIO where the other endpoint is also a BIO
* of this kind, handled by the same thread (i.e. the "peer" is actually
@ -502,7 +555,7 @@ static long bio_ctrl(BIO *bio, int cmd, long num, void *ptr)
break;
case BIO_C_DESTROY_BIO_PAIR:
/* Effects both BIOs in the pair -- call just once!
/* Affects both BIOs in the pair -- call just once!
* Or let BIO_free(bio1); BIO_free(bio2); do the job. */
bio_destroy_pair(bio);
ret = 1;

21
crypto/openssl/crypto/bio/bss_file.c
View File

@ -213,12 +213,29 @@ static long MS_CALLBACK file_ctrl(BIO *b, int cmd, long num, void *ptr)
b->shutdown=(int)num&BIO_CLOSE;
b->ptr=(char *)ptr;
b->init=1;
#if defined(OPENSSL_SYS_MSDOS) || defined(OPENSSL_SYS_WINDOWS)
/* Set correct text/binary mode */
#if defined(OPENSSL_SYS_WINDOWS)
if (num & BIO_FP_TEXT)
_setmode(fileno((FILE *)ptr),_O_TEXT);
else
_setmode(fileno((FILE *)ptr),_O_BINARY);
#elif defined(OPENSSL_SYS_MSDOS)
{
int fd = fileno((FILE*)ptr);
/* Set correct text/binary mode */
if (num & BIO_FP_TEXT)
_setmode(fd,_O_TEXT);
/* Dangerous to set stdin/stdout to raw (unless redirected) */
else
{
if (fd == STDIN_FILENO || fd == STDOUT_FILENO)
{
if (isatty(fd) <= 0)
_setmode(fd,_O_BINARY);
}
else
_setmode(fd,_O_BINARY);
}
}
#elif defined(OPENSSL_SYS_OS2)
if (num & BIO_FP_TEXT)
setmode(fileno((FILE *)ptr), O_TEXT);

1
crypto/openssl/crypto/bn/Makefile.ssl
View File

@ -22,6 +22,7 @@ BN_ASM= bn_asm.o
#BN_ASM= bn86-elf.o
CFLAGS= $(INCLUDES) $(CFLAG)
ASFLAGS= $(INCLUDES) $(ASFLAG)
GENERAL=Makefile
TEST=bntest.c exptest.c

2
crypto/openssl/crypto/bn/bn.h
View File

@ -248,6 +248,8 @@ typedef struct bn_blinding_st
BIGNUM *A;
BIGNUM *Ai;
BIGNUM *mod; /* just a reference */
unsigned long thread_id; /* added in OpenSSL 0.9.6j and 0.9.7b;
* used only by crypto/rsa/rsa_eay.c, rsa_lib.c */
} BN_BLINDING;
/* Used for montgomery multiplication */

4
crypto/openssl/crypto/bn/bn_mul.c
View File

@ -224,7 +224,7 @@ void bn_mul_part_recursive(BN_ULONG *r, BN_ULONG *a, BN_ULONG *b, int tn,
int n, BN_ULONG *t)
{
int i,j,n2=n*2;
unsigned int c1,c2,neg,zero;
int c1,c2,neg,zero;
BN_ULONG ln,lo,*p;
# ifdef BN_COUNT
@ -376,7 +376,7 @@ void bn_mul_part_recursive(BN_ULONG *r, BN_ULONG *a, BN_ULONG *b, int tn,
/* The overflow will stop before we over write
* words we should not overwrite */
if (ln < c1)
if (ln < (BN_ULONG)c1)
{
do {
p++;

9
crypto/openssl/crypto/bn/bntest.c
View File

@ -68,10 +68,6 @@
#include <openssl/x509.h>
#include <openssl/err.h>
#ifdef OPENSSL_SYS_WINDOWS
#include "../bio/bss_file.c"
#endif
const int num0 = 100; /* number of tests */
const int num1 = 50; /* additional tests for some functions */
const int num2 = 5; /* number of tests for slow functions */
@ -96,11 +92,6 @@ int test_sqrt(BIO *bp,BN_CTX *ctx);
int rand_neg(void);
static int results=0;
#ifdef OPENSSL_NO_STDIO
#define APPS_WIN16
#include "bss_file.c"
#endif
static unsigned char lst[]="\xC6\x4F\x43\x04\x2A\xEA\xCA\x6E\x58\x36\x80\x5B\xE8\xC9"
"\x9B\x04\x5D\x48\x36\xC2\xFD\x16\xC9\x64\xF0";

3
crypto/openssl/crypto/bn/exptest.c
View File

@ -66,9 +66,6 @@
#include <openssl/bn.h>
#include <openssl/rand.h>
#include <openssl/err.h>
#ifdef OPENSSL_SYS_WINDOWS
#include "../bio/bss_file.c"
#endif
#define NUM_BITS (BN_BITS*2)

84
crypto/openssl/crypto/des/cfb_enc.c
View File

@ -64,32 +64,22 @@
* the second. The second 12 bits will come from the 3rd and half the 4th
* byte.
*/
/* WARNING WARNING: this uses in and out in 8-byte chunks regardless of
* length */
/* Until Aug 1 2003 this function did not correctly implement CFB-r, so it
* will not be compatible with any encryption prior to that date. Ben. */
void DES_cfb_encrypt(const unsigned char *in, unsigned char *out, int numbits,
long length, DES_key_schedule *schedule, DES_cblock *ivec, int enc)
long length, DES_key_schedule *schedule, DES_cblock *ivec,
int enc)
{
register DES_LONG d0,d1,v0,v1,n=(numbits+7)/8;
register DES_LONG mask0,mask1;
register unsigned long l=length;
register int num=numbits;
DES_LONG ti[2];
unsigned char *iv;
unsigned char ovec[16];
if (num > 64) return;
if (num > 32)
{
mask0=0xffffffffL;
if (num == 64)
mask1=mask0;
else mask1=(1L<<(num-32))-1;
}
else
{
if (num == 32)
mask0=0xffffffffL;
else mask0=(1L<<num)-1;
mask1=0x00000000L;
}
iv = &(*ivec)[0];
c2l(iv,v0);
c2l(iv,v1);
@ -103,8 +93,8 @@ void DES_cfb_encrypt(const unsigned char *in, unsigned char *out, int numbits,
DES_encrypt1((DES_LONG *)ti,schedule,DES_ENCRYPT);
c2ln(in,d0,d1,n);
in+=n;
d0=(d0^ti[0])&mask0;
d1=(d1^ti[1])&mask1;
d0^=ti[0];
d1^=ti[1];
l2cn(d0,d1,out,n);
out+=n;
/* 30-08-94 - eay - changed because l>>32 and
@ -113,15 +103,25 @@ void DES_cfb_encrypt(const unsigned char *in, unsigned char *out, int numbits,
{ v0=v1; v1=d0; }
else if (num == 64)
{ v0=d0; v1=d1; }
else if (num > 32) /* && num != 64 */
else
{
v0=((v1>>(num-32))|(d0<<(64-num)))&0xffffffffL;
v1=((d0>>(num-32))|(d1<<(64-num)))&0xffffffffL;
}
else /* num < 32 */
{
v0=((v0>>num)|(v1<<(32-num)))&0xffffffffL;
v1=((v1>>num)|(d0<<(32-num)))&0xffffffffL;
iv=&ovec[0];
l2c(v0,iv);
l2c(v1,iv);
l2c(d0,iv);
l2c(d1,iv);
/* shift ovec left most of the bits... */
memmove(ovec,ovec+num/8,8+(num%8 ? 1 : 0));
/* now the remaining bits */
if(num%8 != 0)
for(n=0 ; n < 8 ; ++n)
{
ovec[n]<<=num%8;
ovec[n]|=ovec[n+1]>>(8-num%8);
}
iv=&ovec[0];
c2l(iv,v0);
c2l(iv,v1);
}
}
}
@ -141,18 +141,28 @@ void DES_cfb_encrypt(const unsigned char *in, unsigned char *out, int numbits,
{ v0=v1; v1=d0; }
else if (num == 64)
{ v0=d0; v1=d1; }
else if (num > 32) /* && num != 64 */
else
{
v0=((v1>>(num-32))|(d0<<(64-num)))&0xffffffffL;
v1=((d0>>(num-32))|(d1<<(64-num)))&0xffffffffL;
iv=&ovec[0];
l2c(v0,iv);
l2c(v1,iv);
l2c(d0,iv);
l2c(d1,iv);
/* shift ovec left most of the bits... */
memmove(ovec,ovec+num/8,8+(num%8 ? 1 : 0));
/* now the remaining bits */
if(num%8 != 0)
for(n=0 ; n < 8 ; ++n)
{
ovec[n]<<=num%8;
ovec[n]|=ovec[n+1]>>(8-num%8);
}
iv=&ovec[0];
c2l(iv,v0);
c2l(iv,v1);
}
else /* num < 32 */
{
v0=((v0>>num)|(v1<<(32-num)))&0xffffffffL;
v1=((v1>>num)|(d0<<(32-num)))&0xffffffffL;
}
d0=(d0^ti[0])&mask0;
d1=(d1^ti[1])&mask1;
d0^=ti[0];
d1^=ti[1];
l2cn(d0,d1,out,n);
out+=n;
}

2
crypto/openssl/crypto/des/destest.c
View File

@ -431,7 +431,7 @@ int main(int argc, char *argv[])
#ifndef LIBDES_LIT
printf("Doing ede ecb\n");
for (i=0; i<(NUM_TESTS-1); i++)
for (i=0; i<(NUM_TESTS-2); i++)
{
DES_set_key_unchecked(&key_data[i],&ks);
DES_set_key_unchecked(&key_data[i+1],&ks2);

17
crypto/openssl/crypto/dh/Makefile.ssl
View File

@ -112,17 +112,14 @@ dh_gen.o: ../../include/openssl/opensslconf.h ../../include/openssl/opensslv.h
dh_gen.o: ../../include/openssl/ossl_typ.h ../../include/openssl/safestack.h
dh_gen.o: ../../include/openssl/stack.h ../../include/openssl/symhacks.h
dh_gen.o: ../cryptlib.h dh_gen.c
dh_key.o: ../../e_os.h ../../include/openssl/asn1.h ../../include/openssl/bio.h
dh_key.o: ../../include/openssl/bn.h ../../include/openssl/buffer.h
dh_key.o: ../../include/openssl/crypto.h ../../include/openssl/dh.h
dh_key.o: ../../include/openssl/dsa.h ../../include/openssl/e_os2.h
dh_key.o: ../../include/openssl/engine.h ../../include/openssl/err.h
dh_key.o: ../../include/openssl/lhash.h ../../include/openssl/opensslconf.h
dh_key.o: ../../include/openssl/opensslv.h ../../include/openssl/ossl_typ.h
dh_key.o: ../../include/openssl/rand.h ../../include/openssl/rsa.h
dh_key.o: ../../e_os.h ../../include/openssl/bio.h ../../include/openssl/bn.h
dh_key.o: ../../include/openssl/buffer.h ../../include/openssl/crypto.h
dh_key.o: ../../include/openssl/dh.h ../../include/openssl/e_os2.h
dh_key.o: ../../include/openssl/err.h ../../include/openssl/lhash.h
dh_key.o: ../../include/openssl/opensslconf.h ../../include/openssl/opensslv.h
dh_key.o: ../../include/openssl/ossl_typ.h ../../include/openssl/rand.h
dh_key.o: ../../include/openssl/safestack.h ../../include/openssl/stack.h
dh_key.o: ../../include/openssl/symhacks.h ../../include/openssl/ui.h
dh_key.o: ../cryptlib.h dh_key.c
dh_key.o: ../../include/openssl/symhacks.h ../cryptlib.h dh_key.c
dh_lib.o: ../../e_os.h ../../include/openssl/asn1.h ../../include/openssl/bio.h
dh_lib.o: ../../include/openssl/bn.h ../../include/openssl/buffer.h
dh_lib.o: ../../include/openssl/crypto.h ../../include/openssl/dh.h

3
crypto/openssl/crypto/dh/dh_key.c
View File

@ -61,9 +61,6 @@
#include <openssl/bn.h>
#include <openssl/rand.h>
#include <openssl/dh.h>
#ifndef OPENSSL_NO_ENGINE
#include <openssl/engine.h>
#endif
static int generate_key(DH *dh);
static int compute_key(unsigned char *key, const BIGNUM *pub_key, DH *dh);

7
crypto/openssl/crypto/dh/dhtest.c
View File

@ -62,9 +62,6 @@
#include "../e_os.h"
#ifdef OPENSSL_SYS_WINDOWS
#include "../bio/bss_file.c"
#endif
#include <openssl/crypto.h>
#include <openssl/bio.h>
#include <openssl/bn.h>
@ -87,10 +84,6 @@ int main(int argc, char *argv[])
#endif
static void MS_CALLBACK cb(int p, int n, void *arg);
#ifdef OPENSSL_NO_STDIO
#define APPS_WIN16
#include "bss_file.c"
#endif
static const char rnd_seed[] = "string to make the random number generator think it has entropy";

30
crypto/openssl/crypto/dsa/Makefile.ssl
View File

@ -143,35 +143,29 @@ dsa_ossl.o: ../../e_os.h ../../include/openssl/asn1.h
dsa_ossl.o: ../../include/openssl/bio.h ../../include/openssl/bn.h
dsa_ossl.o: ../../include/openssl/buffer.h ../../include/openssl/crypto.h
dsa_ossl.o: ../../include/openssl/dh.h ../../include/openssl/dsa.h
dsa_ossl.o: ../../include/openssl/e_os2.h ../../include/openssl/engine.h
dsa_ossl.o: ../../include/openssl/err.h ../../include/openssl/lhash.h
dsa_ossl.o: ../../include/openssl/opensslconf.h
dsa_ossl.o: ../../include/openssl/e_os2.h ../../include/openssl/err.h
dsa_ossl.o: ../../include/openssl/lhash.h ../../include/openssl/opensslconf.h
dsa_ossl.o: ../../include/openssl/opensslv.h ../../include/openssl/ossl_typ.h
dsa_ossl.o: ../../include/openssl/rand.h ../../include/openssl/rsa.h
dsa_ossl.o: ../../include/openssl/safestack.h ../../include/openssl/stack.h
dsa_ossl.o: ../../include/openssl/symhacks.h ../../include/openssl/ui.h
dsa_ossl.o: ../../include/openssl/rand.h ../../include/openssl/safestack.h
dsa_ossl.o: ../../include/openssl/stack.h ../../include/openssl/symhacks.h
dsa_ossl.o: ../cryptlib.h dsa_ossl.c
dsa_sign.o: ../../e_os.h ../../include/openssl/asn1.h
dsa_sign.o: ../../include/openssl/bio.h ../../include/openssl/bn.h
dsa_sign.o: ../../include/openssl/buffer.h ../../include/openssl/crypto.h
dsa_sign.o: ../../include/openssl/dh.h ../../include/openssl/dsa.h
dsa_sign.o: ../../include/openssl/e_os2.h ../../include/openssl/engine.h
dsa_sign.o: ../../include/openssl/err.h ../../include/openssl/lhash.h
dsa_sign.o: ../../include/openssl/opensslconf.h
dsa_sign.o: ../../include/openssl/e_os2.h ../../include/openssl/err.h
dsa_sign.o: ../../include/openssl/lhash.h ../../include/openssl/opensslconf.h
dsa_sign.o: ../../include/openssl/opensslv.h ../../include/openssl/ossl_typ.h
dsa_sign.o: ../../include/openssl/rand.h ../../include/openssl/rsa.h
dsa_sign.o: ../../include/openssl/safestack.h ../../include/openssl/stack.h
dsa_sign.o: ../../include/openssl/symhacks.h ../../include/openssl/ui.h
dsa_sign.o: ../../include/openssl/rand.h ../../include/openssl/safestack.h
dsa_sign.o: ../../include/openssl/stack.h ../../include/openssl/symhacks.h
dsa_sign.o: ../cryptlib.h dsa_sign.c
dsa_vrf.o: ../../e_os.h ../../include/openssl/asn1.h
dsa_vrf.o: ../../include/openssl/asn1_mac.h ../../include/openssl/bio.h
dsa_vrf.o: ../../include/openssl/bn.h ../../include/openssl/buffer.h
dsa_vrf.o: ../../include/openssl/crypto.h ../../include/openssl/dh.h
dsa_vrf.o: ../../include/openssl/dsa.h ../../include/openssl/e_os2.h
dsa_vrf.o: ../../include/openssl/engine.h ../../include/openssl/err.h
dsa_vrf.o: ../../include/openssl/lhash.h ../../include/openssl/opensslconf.h
dsa_vrf.o: ../../include/openssl/opensslv.h ../../include/openssl/ossl_typ.h
dsa_vrf.o: ../../include/openssl/rand.h ../../include/openssl/rsa.h
dsa_vrf.o: ../../include/openssl/err.h ../../include/openssl/lhash.h
dsa_vrf.o: ../../include/openssl/opensslconf.h ../../include/openssl/opensslv.h
dsa_vrf.o: ../../include/openssl/ossl_typ.h ../../include/openssl/rand.h
dsa_vrf.o: ../../include/openssl/safestack.h ../../include/openssl/stack.h
dsa_vrf.o: ../../include/openssl/symhacks.h ../../include/openssl/ui.h
dsa_vrf.o: ../cryptlib.h dsa_vrf.c
dsa_vrf.o: ../../include/openssl/symhacks.h ../cryptlib.h dsa_vrf.c

3
crypto/openssl/crypto/dsa/dsa_ossl.c
View File

@ -64,9 +64,6 @@
#include <openssl/dsa.h>
#include <openssl/rand.h>
#include <openssl/asn1.h>
#ifndef OPENSSL_NO_ENGINE
#include <openssl/engine.h>
#endif
static DSA_SIG *dsa_do_sign(const unsigned char *dgst, int dlen, DSA *dsa);
static int dsa_sign_setup(DSA *dsa, BN_CTX *ctx_in, BIGNUM **kinvp, BIGNUM **rp);

3
crypto/openssl/crypto/dsa/dsa_sign.c
View File

@ -64,9 +64,6 @@
#include <openssl/dsa.h>
#include <openssl/rand.h>
#include <openssl/asn1.h>
#ifndef OPENSSL_NO_ENGINE
#include <openssl/engine.h>
#endif
DSA_SIG * DSA_do_sign(const unsigned char *dgst, int dlen, DSA *dsa)
{

3
crypto/openssl/crypto/dsa/dsa_vrf.c
View File

@ -65,9 +65,6 @@
#include <openssl/rand.h>
#include <openssl/asn1.h>
#include <openssl/asn1_mac.h>
#ifndef OPENSSL_NO_ENGINE
#include <openssl/engine.h>
#endif
int DSA_do_verify(const unsigned char *dgst, int dgst_len, DSA_SIG *sig,
DSA *dsa)

6
crypto/openssl/crypto/dsa/dsatest.c
View File

@ -68,12 +68,6 @@
#include <openssl/rand.h>
#include <openssl/bio.h>
#include <openssl/err.h>
#ifndef OPENSSL_NO_ENGINE
#include <openssl/engine.h>
#endif
#ifdef OPENSSL_SYS_WINDOWS
#include "../bio/bss_file.c"
#endif
#ifdef OPENSSL_NO_DSA
int main(int argc, char *argv[])

6
crypto/openssl/crypto/dso/dso_dlfcn.c
View File

@ -125,7 +125,11 @@ DSO_METHOD *DSO_METHOD_dlfcn(void)
# endif
# endif
#else
# define DLOPEN_FLAG RTLD_NOW /* Hope this works everywhere else */
# ifdef OPENSSL_SYS_SUNOS
# define DLOPEN_FLAG 1
# else
# define DLOPEN_FLAG RTLD_NOW /* Hope this works everywhere else */
# endif
#endif
/* For this DSO_METHOD, our meth_data STACK will contain;

13
crypto/openssl/crypto/ec/ec_mult.c
View File

@ -175,12 +175,13 @@ static signed char *compute_wNAF(const BIGNUM *scalar, int w, size_t *ret_len, B
* (thus the boundaries should be increased)
*/
#define EC_window_bits_for_scalar_size(b) \
((b) >= 2000 ? 6 : \
(b) >= 800 ? 5 : \
(b) >= 300 ? 4 : \
(b) >= 70 ? 3 : \
(b) >= 20 ? 2 : \
1)
((size_t) \
((b) >= 2000 ? 6 : \
(b) >= 800 ? 5 : \
(b) >= 300 ? 4 : \
(b) >= 70 ? 3 : \
(b) >= 20 ? 2 : \
1))
/* Compute
* \sum scalars[i]*points[i],

8
crypto/openssl/crypto/engine/eng_fat.c
View File

@ -66,18 +66,18 @@ int ENGINE_set_default(ENGINE *e, unsigned int flags)
if((flags & ENGINE_METHOD_DIGESTS) && !ENGINE_set_default_digests(e))
return 0;
#ifndef OPENSSL_NO_RSA
if((flags & ENGINE_METHOD_RSA) & !ENGINE_set_default_RSA(e))
if((flags & ENGINE_METHOD_RSA) && !ENGINE_set_default_RSA(e))
return 0;
#endif
#ifndef OPENSSL_NO_DSA
if((flags & ENGINE_METHOD_DSA) & !ENGINE_set_default_DSA(e))
if((flags & ENGINE_METHOD_DSA) && !ENGINE_set_default_DSA(e))
return 0;
#endif
#ifndef OPENSSL_NO_DH
if((flags & ENGINE_METHOD_DH) & !ENGINE_set_default_DH(e))
if((flags & ENGINE_METHOD_DH) && !ENGINE_set_default_DH(e))
return 0;
#endif
if((flags & ENGINE_METHOD_RAND) & !ENGINE_set_default_RAND(e))
if((flags & ENGINE_METHOD_RAND) && !ENGINE_set_default_RAND(e))
return 0;
return 1;
}

8
crypto/openssl/crypto/engine/engine.h
View File

@ -538,10 +538,10 @@ void ENGINE_add_conf_module(void);
/**************************/
/* Binary/behaviour compatibility levels */
#define OSSL_DYNAMIC_VERSION (unsigned long)0x00010100
#define OSSL_DYNAMIC_VERSION (unsigned long)0x00010200
/* Binary versions older than this are too old for us (whether we're a loader or
* a loadee) */
#define OSSL_DYNAMIC_OLDEST (unsigned long)0x00010100
#define OSSL_DYNAMIC_OLDEST (unsigned long)0x00010200
/* When compiling an ENGINE entirely as an external shared library, loadable by
* the "dynamic" ENGINE, these types are needed. The 'dynamic_fns' structure
@ -630,6 +630,10 @@ typedef int (*dynamic_bind_engine)(ENGINE *e, const char *id,
if(!fn(e,id)) return 0; \
return 1; }
#if defined(__OpenBSD__) || defined(__FreeBSD__)
void ENGINE_setup_bsd_cryptodev(void);
#endif
/* BEGIN ERROR CODES */
/* The following lines are auto generated by the script mkerr.pl. Any changes
* made after this point may be overwritten when the script is next run.

1
crypto/openssl/crypto/engine/hw_ubsec.c
View File

@ -561,7 +561,6 @@ static int ubsec_mod_exp(BIGNUM *r, const BIGNUM *a, const BIGNUM *p,
UBSECerr(UBSEC_F_UBSEC_MOD_EXP, UBSEC_R_BN_EXPAND_FAIL);
return 0;
}
memset(r->d, 0, BN_num_bytes(m));
if ((fd = p_UBSEC_ubsec_open(UBSEC_KEY_DEVICE_NAME)) <= 0) {
fd = 0;

42
crypto/openssl/crypto/err/err.c
View File

@ -225,6 +225,7 @@ struct st_ERR_FNS
ERR_STRING_DATA *(*cb_err_del_item)(ERR_STRING_DATA *);
/* Works on the "thread_hash" error-state table */
LHASH *(*cb_thread_get)(int create);
void (*cb_thread_release)(LHASH **hash);
ERR_STATE *(*cb_thread_get_item)(const ERR_STATE *);
ERR_STATE *(*cb_thread_set_item)(ERR_STATE *);
void (*cb_thread_del_item)(const ERR_STATE *);
@ -239,6 +240,7 @@ static ERR_STRING_DATA *int_err_get_item(const ERR_STRING_DATA *);
static ERR_STRING_DATA *int_err_set_item(ERR_STRING_DATA *);
static ERR_STRING_DATA *int_err_del_item(ERR_STRING_DATA *);
static LHASH *int_thread_get(int create);
static void int_thread_release(LHASH **hash);
static ERR_STATE *int_thread_get_item(const ERR_STATE *);
static ERR_STATE *int_thread_set_item(ERR_STATE *);
static void int_thread_del_item(const ERR_STATE *);
@ -252,6 +254,7 @@ static const ERR_FNS err_defaults =
int_err_set_item,
int_err_del_item,
int_thread_get,
int_thread_release,
int_thread_get_item,
int_thread_set_item,
int_thread_del_item,
@ -271,6 +274,7 @@ static const ERR_FNS *err_fns = NULL;
* and state in the loading application. */
static LHASH *int_error_hash = NULL;
static LHASH *int_thread_hash = NULL;
static int int_thread_hash_references = 0;
static int int_err_library_number= ERR_LIB_USER;
/* Internal function that checks whether "err_fns" is set and if not, sets it to
@ -417,11 +421,37 @@ static LHASH *int_thread_get(int create)
CRYPTO_pop_info();
}
if (int_thread_hash)
{
int_thread_hash_references++;
ret = int_thread_hash;
}
CRYPTO_w_unlock(CRYPTO_LOCK_ERR);
return ret;
}
static void int_thread_release(LHASH **hash)
{
int i;
if (hash == NULL || *hash == NULL)
return;
i = CRYPTO_add(&int_thread_hash_references, -1, CRYPTO_LOCK_ERR);
#ifdef REF_PRINT
fprintf(stderr,"%4d:%s\n",int_thread_hash_references,"ERR");
#endif
if (i > 0) return;
#ifdef REF_CHECK
if (i < 0)
{
fprintf(stderr,"int_thread_release, bad reference count\n");
abort(); /* ok */
}
#endif
*hash = NULL;
}
static ERR_STATE *int_thread_get_item(const ERR_STATE *d)
{
ERR_STATE *p;
@ -436,6 +466,7 @@ static ERR_STATE *int_thread_get_item(const ERR_STATE *d)
p = (ERR_STATE *)lh_retrieve(hash, d);
CRYPTO_r_unlock(CRYPTO_LOCK_ERR);
ERRFN(thread_release)(&hash);
return p;
}
@ -453,6 +484,7 @@ static ERR_STATE *int_thread_set_item(ERR_STATE *d)
p = (ERR_STATE *)lh_insert(hash, d);
CRYPTO_w_unlock(CRYPTO_LOCK_ERR);
ERRFN(thread_release)(&hash);
return p;
}
@ -469,13 +501,15 @@ static void int_thread_del_item(const ERR_STATE *d)
CRYPTO_w_lock(CRYPTO_LOCK_ERR);
p = (ERR_STATE *)lh_delete(hash, d);
/* make sure we don't leak memory */
if (int_thread_hash && (lh_num_items(int_thread_hash) == 0))
if (int_thread_hash_references == 1
&& int_thread_hash && (lh_num_items(int_thread_hash) == 0))
{
lh_free(int_thread_hash);
int_thread_hash = NULL;
}
CRYPTO_w_unlock(CRYPTO_LOCK_ERR);
ERRFN(thread_release)(&hash);
if (p)
ERR_STATE_free(p);
}
@ -845,6 +879,12 @@ LHASH *ERR_get_err_state_table(void)
return ERRFN(thread_get)(0);
}
void ERR_release_err_state_table(LHASH **hash)
{
err_fns_check();
ERRFN(thread_release)(hash);
}
const char *ERR_lib_error_string(unsigned long e)
{
ERR_STRING_DATA d,*p;

1
crypto/openssl/crypto/err/err.h
View File

@ -278,6 +278,7 @@ ERR_STATE *ERR_get_state(void);
#ifndef OPENSSL_NO_LHASH
LHASH *ERR_get_string_table(void);
LHASH *ERR_get_err_state_table(void);
void ERR_release_err_state_table(LHASH **hash);
#endif
int ERR_get_next_error_library(void);

43
crypto/openssl/crypto/evp/Makefile.ssl
View File

@ -70,7 +70,7 @@ links:
@$(TOP)/util/point.sh Makefile.ssl Makefile
@$(PERL) $(TOP)/util/mklink.pl ../../include/openssl $(EXHEADER)
@$(PERL) $(TOP)/util/mklink.pl ../../test $(TEST)
@$(PERL) $(TOP)/util/mklink.pl ../../test $(TESTDATA)
cp $(TESTDATA) ../../test
@$(PERL) $(TOP)/util/mklink.pl ../../apps $(APPS)
install:
@ -185,13 +185,14 @@ c_all.o: ../../include/openssl/bn.h ../../include/openssl/buffer.h
c_all.o: ../../include/openssl/cast.h ../../include/openssl/crypto.h
c_all.o: ../../include/openssl/des.h ../../include/openssl/des_old.h
c_all.o: ../../include/openssl/dh.h ../../include/openssl/dsa.h
c_all.o: ../../include/openssl/e_os2.h ../../include/openssl/err.h
c_all.o: ../../include/openssl/evp.h ../../include/openssl/idea.h
c_all.o: ../../include/openssl/lhash.h ../../include/openssl/md2.h
c_all.o: ../../include/openssl/md4.h ../../include/openssl/md5.h
c_all.o: ../../include/openssl/mdc2.h ../../include/openssl/obj_mac.h
c_all.o: ../../include/openssl/objects.h ../../include/openssl/opensslconf.h
c_all.o: ../../include/openssl/opensslv.h ../../include/openssl/ossl_typ.h
c_all.o: ../../include/openssl/e_os2.h ../../include/openssl/engine.h
c_all.o: ../../include/openssl/err.h ../../include/openssl/evp.h
c_all.o: ../../include/openssl/idea.h ../../include/openssl/lhash.h
c_all.o: ../../include/openssl/md2.h ../../include/openssl/md4.h
c_all.o: ../../include/openssl/md5.h ../../include/openssl/mdc2.h
c_all.o: ../../include/openssl/obj_mac.h ../../include/openssl/objects.h
c_all.o: ../../include/openssl/opensslconf.h ../../include/openssl/opensslv.h
c_all.o: ../../include/openssl/ossl_typ.h ../../include/openssl/rand.h
c_all.o: ../../include/openssl/rc2.h ../../include/openssl/rc4.h
c_all.o: ../../include/openssl/rc5.h ../../include/openssl/ripemd.h
c_all.o: ../../include/openssl/rsa.h ../../include/openssl/safestack.h
@ -496,21 +497,19 @@ evp_acnf.o: ../../include/openssl/buffer.h ../../include/openssl/cast.h
evp_acnf.o: ../../include/openssl/conf.h ../../include/openssl/crypto.h
evp_acnf.o: ../../include/openssl/des.h ../../include/openssl/des_old.h
evp_acnf.o: ../../include/openssl/dh.h ../../include/openssl/dsa.h
evp_acnf.o: ../../include/openssl/e_os2.h ../../include/openssl/engine.h
evp_acnf.o: ../../include/openssl/err.h ../../include/openssl/evp.h
evp_acnf.o: ../../include/openssl/idea.h ../../include/openssl/lhash.h
evp_acnf.o: ../../include/openssl/md2.h ../../include/openssl/md4.h
evp_acnf.o: ../../include/openssl/md5.h ../../include/openssl/mdc2.h
evp_acnf.o: ../../include/openssl/obj_mac.h ../../include/openssl/objects.h
evp_acnf.o: ../../include/openssl/opensslconf.h
evp_acnf.o: ../../include/openssl/e_os2.h ../../include/openssl/err.h
evp_acnf.o: ../../include/openssl/evp.h ../../include/openssl/idea.h
evp_acnf.o: ../../include/openssl/lhash.h ../../include/openssl/md2.h
evp_acnf.o: ../../include/openssl/md4.h ../../include/openssl/md5.h
evp_acnf.o: ../../include/openssl/mdc2.h ../../include/openssl/obj_mac.h
evp_acnf.o: ../../include/openssl/objects.h ../../include/openssl/opensslconf.h
evp_acnf.o: ../../include/openssl/opensslv.h ../../include/openssl/ossl_typ.h
evp_acnf.o: ../../include/openssl/rand.h ../../include/openssl/rc2.h
evp_acnf.o: ../../include/openssl/rc4.h ../../include/openssl/rc5.h
evp_acnf.o: ../../include/openssl/ripemd.h ../../include/openssl/rsa.h
evp_acnf.o: ../../include/openssl/safestack.h ../../include/openssl/sha.h
evp_acnf.o: ../../include/openssl/stack.h ../../include/openssl/symhacks.h
evp_acnf.o: ../../include/openssl/ui.h ../../include/openssl/ui_compat.h
evp_acnf.o: ../cryptlib.h evp_acnf.c
evp_acnf.o: ../../include/openssl/rc2.h ../../include/openssl/rc4.h
evp_acnf.o: ../../include/openssl/rc5.h ../../include/openssl/ripemd.h
evp_acnf.o: ../../include/openssl/rsa.h ../../include/openssl/safestack.h
evp_acnf.o: ../../include/openssl/sha.h ../../include/openssl/stack.h
evp_acnf.o: ../../include/openssl/symhacks.h ../../include/openssl/ui.h
evp_acnf.o: ../../include/openssl/ui_compat.h ../cryptlib.h evp_acnf.c
evp_enc.o: ../../e_os.h ../../include/openssl/aes.h
evp_enc.o: ../../include/openssl/asn1.h ../../include/openssl/bio.h
evp_enc.o: ../../include/openssl/blowfish.h ../../include/openssl/bn.h

38
crypto/openssl/crypto/evp/bio_b64.c
View File

@ -184,7 +184,9 @@ static int b64_read(BIO *b, char *out, int outl)
ret_code=0;
while (outl > 0)
{
if (ctx->cont <= 0) break;
if (ctx->cont <= 0)
break;
i=BIO_read(b->next_bio,&(ctx->tmp[ctx->tmp_len]),
B64_BLOCK_SIZE-ctx->tmp_len);
@ -195,11 +197,21 @@ static int b64_read(BIO *b, char *out, int outl)
/* Should be continue next time we are called? */
if (!BIO_should_retry(b->next_bio))
{
ctx->cont=i;
/* else we should continue when called again */
break;
/* If buffer empty break */
if(ctx->tmp_len == 0)
break;
/* Fall through and process what we have */
else
i = 0;
}
/* else we retry and add more data to buffer */
else
break;
}
i+=ctx->tmp_len;
ctx->tmp_len = i;
/* We need to scan, a line at a time until we
* have a valid line if we are starting. */
@ -255,8 +267,12 @@ static int b64_read(BIO *b, char *out, int outl)
* reading until a new line. */
if (p == (unsigned char *)&(ctx->tmp[0]))
{
ctx->tmp_nl=1;
ctx->tmp_len=0;
/* Check buffer full */
if (i == B64_BLOCK_SIZE)
{
ctx->tmp_nl=1;
ctx->tmp_len=0;
}
}
else if (p != q) /* finished on a '\n' */
{
@ -271,6 +287,11 @@ static int b64_read(BIO *b, char *out, int outl)
else
ctx->tmp_len=0;
}
/* If buffer isn't full and we can retry then
* restart to read in more data.
*/
else if ((i < B64_BLOCK_SIZE) && (ctx->cont > 0))
continue;
if (BIO_get_flags(b) & BIO_FLAGS_BASE64_NO_NL)
{
@ -310,8 +331,8 @@ static int b64_read(BIO *b, char *out, int outl)
i=EVP_DecodeUpdate(&(ctx->base64),
(unsigned char *)ctx->buf,&ctx->buf_len,
(unsigned char *)ctx->tmp,i);
ctx->tmp_len = 0;
}
ctx->cont=i;
ctx->buf_off=0;
if (i < 0)
{
@ -484,10 +505,7 @@ again:
{
i=b64_write(b,NULL,0);
if (i < 0)
{
ret=i;
break;
}
return i;
}
if (BIO_get_flags(b) & BIO_FLAGS_BASE64_NO_NL)
{

7
crypto/openssl/crypto/evp/bio_enc.c
View File

@ -271,7 +271,7 @@ static int enc_write(BIO *b, const char *in, int inl)
if (i <= 0)
{
BIO_copy_next_retry(b);
return(i);
return (ret == inl) ? i : ret - inl;
}
n-=i;
ctx->buf_off+=i;
@ -325,10 +325,7 @@ again:
{
i=enc_write(b,NULL,0);
if (i < 0)
{
ret=i;
break;
}
return i;
}
if (!ctx->finished)

7
crypto/openssl/crypto/evp/c_all.c
View File

@ -59,6 +59,9 @@
#include <stdio.h>
#include "cryptlib.h"
#include <openssl/evp.h>
#ifndef OPENSSL_NO_ENGINE
#include <openssl/engine.h>
#endif
#if 0
#undef OpenSSL_add_all_algorithms
@ -73,7 +76,9 @@ void OPENSSL_add_all_algorithms_noconf(void)
{
OpenSSL_add_all_ciphers();
OpenSSL_add_all_digests();
#if defined(__OpenBSD__) || defined(__FreeBSD__)
#ifndef OPENSSL_NO_ENGINE
# if defined(__OpenBSD__) || defined(__FreeBSD__)
ENGINE_setup_bsd_cryptodev();
# endif
#endif
}

2
crypto/openssl/crypto/evp/digest.c
View File

@ -187,12 +187,12 @@ int EVP_DigestInit_ex(EVP_MD_CTX *ctx, const EVP_MD *type, ENGINE *impl)
ctx->engine = NULL;
}
else
#endif
if(!ctx->digest)
{
EVPerr(EVP_F_EVP_DIGESTINIT, EVP_R_NO_DIGEST_SET);
return 0;
}
#endif
if (ctx->digest != type)
{
if (ctx->digest && ctx->digest->ctx_size)

3
crypto/openssl/crypto/evp/evp_acnf.c
View File

@ -59,9 +59,6 @@
#include "cryptlib.h"
#include <openssl/evp.h>
#include <openssl/conf.h>
#ifndef OPENSSL_NO_ENGINE
#include <openssl/engine.h>
#endif
/* Load all algorithms and configure OpenSSL.

2
crypto/openssl/crypto/md2/md2test.c
View File

@ -59,7 +59,6 @@
#include <stdio.h>
#include <stdlib.h>
#include <string.h>
#include <openssl/md2.h>
#include "../e_os.h"
@ -71,6 +70,7 @@ int main(int argc, char *argv[])
}
#else
#include <openssl/evp.h>
#include <openssl/md2.h>
#ifdef CHARSET_EBCDIC
#include <openssl/ebcdic.h>

3
crypto/openssl/crypto/md5/Makefile.ssl
View File

@ -6,7 +6,7 @@ DIR= md5
TOP= ../..
CC= cc
CPP= $(CC) -E
INCLUDES=
INCLUDES=-I.. -I$(TOP) -I../../include
CFLAG=-g
INSTALL_PREFIX=
OPENSSLDIR= /usr/local/ssl
@ -20,6 +20,7 @@ AR= ar r
MD5_ASM_OBJ=
CFLAGS= $(INCLUDES) $(CFLAG)
ASFLAGS= $(INCLUDES) $(ASFLAG)
GENERAL=Makefile
TEST=md5test.c

2
crypto/openssl/crypto/md5/asm/md5-586.pl
View File

@ -293,7 +293,7 @@ sub md5_block
&mov(&DWP(12,$tmp2,"",0),$D);
&cmp($tmp1,$X) unless $normal; # check count
&jge(&label("start")) unless $normal;
&jae(&label("start")) unless $normal;
&pop("eax"); # pop the temp variable off the stack
&pop("ebx");

4
crypto/openssl/crypto/md5/asm/md5-sparcv9.S
View File

@ -34,10 +34,12 @@
*
* or if above fails (it does if you have gas):
*
* gcc -E -DULTRASPARC -DMD5_BLOCK_DATA_ORDER md5_block.sparc.S | \
* gcc -E -DOPENSSL_SYSNAMEULTRASPARC -DMD5_BLOCK_DATA_ORDER md5_block.sparc.S | \
* as -xarch=v8plus /dev/fd/0 -o md5-sparcv9.o
*/
#include <openssl/e_os2.h>
#define A %o0
#define B %o1
#define C %o2

8
crypto/openssl/crypto/o_time.c
View File

@ -73,15 +73,17 @@ struct tm *OPENSSL_gmtime(const time_t *timer, struct tm *result)
{
struct tm *ts = NULL;
#if defined(OPENSSL_THREADS) && !defined(OPENSSL_SYS_WIN32) && !defined(OPENSSL_SYS_OS2) && !defined(__CYGWIN32__) && (!defined(OPENSSL_SYS_VMS) || defined(gmtime_r)) && !defined(OPENSSL_SYS_MACOSX)
#if defined(OPENSSL_THREADS) && !defined(OPENSSL_SYS_WIN32) && !defined(OPENSSL_SYS_OS2) && !defined(__CYGWIN32__) && (!defined(OPENSSL_SYS_VMS) || defined(gmtime_r)) && !defined(OPENSSL_SYS_MACOSX) && !defined(OPENSSL_SYS_SUNOS)
/* should return &data, but doesn't on some systems,
so we don't even look at the return value */
gmtime_r(timer,result);
ts = result;
#elif !defined(OPENSSL_SYS_VMS)
ts = gmtime(timer);
if (ts != NULL)
memcpy(result, ts, sizeof(struct tm));
if (ts == NULL)
return NULL;
memcpy(result, ts, sizeof(struct tm));
ts = result;
#endif
#ifdef OPENSSL_SYS_VMS

14
crypto/openssl/crypto/ocsp/ocsp_ht.c
View File

@ -110,7 +110,7 @@ Content-Length: %d\r\n\r\n";
}
/* Parse the HTTP response. This will look like this:
* "HTTP/1.0 200 OK". We need to obtain the numeric code and
* informational message.
* (optional) informational message.
*/
/* Skip to first white space (passed protocol info) */
@ -138,13 +138,19 @@ Content-Length: %d\r\n\r\n";
if(*r) goto err;
/* Skip over any leading white space in message */
while(*q && isspace((unsigned char)*q)) q++;
if(!*q) goto err;
if(*q) {
/* Finally zap any trailing white space in message (include CRLF) */
/* We know q has a non white space character so this is OK */
for(r = q + strlen(q) - 1; isspace((unsigned char)*r); r--) *r = 0;
for(r = q + strlen(q) - 1; isspace((unsigned char)*r); r--) *r = 0;
}
if(retcode != 200) {
OCSPerr(OCSP_F_OCSP_SENDREQ_BIO,OCSP_R_SERVER_RESPONSE_ERROR);
ERR_add_error_data(4, "Code=", p, ",Reason=", q);
if(!*q) {
ERR_add_error_data(2, "Code=", p);
}
else {
ERR_add_error_data(4, "Code=", p, ",Reason=", q);
}
goto err;
}
/* Find blank line marking beginning of content */

11
crypto/openssl/crypto/opensslconf.h
View File

@ -2,6 +2,9 @@
/* WARNING: Generated automatically from opensslconf.h.in by Configure. */
/* OpenSSL was configured with the following options: */
#ifndef OPENSSL_SYSNAME_WIN16
# define OPENSSL_SYSNAME_WIN16
#endif
#ifndef OPENSSL_DOING_MAKEDEPEND
#ifndef OPENSSL_NO_KRB5
@ -41,7 +44,7 @@
#endif
#if defined(HEADER_MD2_H) && !defined(MD2_INT)
#define MD2_INT unsigned int
#define MD2_INT unsigned char
#endif
#if defined(HEADER_RC2_H) && !defined(RC2_INT)
@ -98,7 +101,7 @@
#define CONFIG_HEADER_RC4_LOCL_H
/* if this is defined data[i] is used instead of *data, this is a %20
* speedup on x86 */
#undef RC4_INDEX
#define RC4_INDEX
#endif
#if defined(HEADER_BF_LOCL_H) && !defined(CONFIG_HEADER_BF_LOCL_H)
@ -112,7 +115,7 @@
/* the following is tweaked from a config script, that is why it is a
* protected undef/define */
#ifndef DES_PTR
#undef DES_PTR
#define DES_PTR
#endif
/* This helps C compiler generate the correct code for multiple functional
@ -133,7 +136,7 @@ YOU SHOULD NOT HAVE BOTH DES_RISC1 AND DES_RISC2 DEFINED!!!!!
/* Unroll the inner loop, this sometimes helps, sometimes hinders.
* Very mucy CPU dependant */
#ifndef DES_UNROLL
#undef DES_UNROLL
#define DES_UNROLL
#endif
/* These default values were supplied by

4
crypto/openssl/crypto/opensslv.h
View File

@ -25,8 +25,8 @@
* (Prior to 0.9.5a beta1, a different scheme was used: MMNNFFRBB for
* major minor fix final patch/beta)
*/
#define OPENSSL_VERSION_NUMBER 0x0090701fL
#define OPENSSL_VERSION_TEXT "OpenSSL 0.9.7a Feb 19 2003"
#define OPENSSL_VERSION_NUMBER 0x0090703fL
#define OPENSSL_VERSION_TEXT "OpenSSL 0.9.7c 30 Sep 2003"
#define OPENSSL_VERSION_PTEXT " part of " OPENSSL_VERSION_TEXT

3
crypto/openssl/crypto/perlasm/x86ms.pl
View File

@ -144,7 +144,10 @@ sub main'jle { &out1("jle",@_); }
sub main'jz { &out1("jz",@_); }
sub main'jge { &out1("jge",@_); }
sub main'jl { &out1("jl",@_); }
sub main'ja { &out1("ja",@_); }
sub main'jae { &out1("jae",@_); }
sub main'jb { &out1("jb",@_); }
sub main'jbe { &out1("jbe",@_); }
sub main'jc { &out1("jc",@_); }
sub main'jnc { &out1("jnc",@_); }
sub main'jnz { &out1("jnz",@_); }

3
crypto/openssl/crypto/perlasm/x86nasm.pl
View File

@ -152,7 +152,10 @@ sub main'jle { &out1("jle NEAR",@_); }
sub main'jz { &out1("jz NEAR",@_); }
sub main'jge { &out1("jge NEAR",@_); }
sub main'jl { &out1("jl NEAR",@_); }
sub main'ja { &out1("ja NEAR",@_); }
sub main'jae { &out1("jae NEAR",@_); }
sub main'jb { &out1("jb NEAR",@_); }
sub main'jbe { &out1("jbe NEAR",@_); }
sub main'jc { &out1("jc NEAR",@_); }
sub main'jnc { &out1("jnc NEAR",@_); }
sub main'jnz { &out1("jnz NEAR",@_); }

3
crypto/openssl/crypto/perlasm/x86unix.pl
View File

@ -156,7 +156,10 @@ sub main'jnz { &out1("jnz",@_); }
sub main'jz { &out1("jz",@_); }
sub main'jge { &out1("jge",@_); }
sub main'jl { &out1("jl",@_); }
sub main'ja { &out1("ja",@_); }
sub main'jae { &out1("jae",@_); }
sub main'jb { &out1("jb",@_); }
sub main'jbe { &out1("jbe",@_); }
sub main'jc { &out1("jc",@_); }
sub main'jnc { &out1("jnc",@_); }
sub main'jno { &out1("jno",@_); }

2
crypto/openssl/crypto/pkcs12/p12_npas.c
View File

@ -107,7 +107,7 @@ static int newpass_p12(PKCS12 *p12, char *oldpass, char *newpass)
{
STACK_OF(PKCS7) *asafes, *newsafes;
STACK_OF(PKCS12_SAFEBAG) *bags;
int i, bagnid, pbe_nid, pbe_iter, pbe_saltlen;
int i, bagnid, pbe_nid = 0, pbe_iter = 0, pbe_saltlen = 0;
PKCS7 *p7, *p7new;
ASN1_OCTET_STRING *p12_data_tmp = NULL, *macnew = NULL;
unsigned char mac[EVP_MAX_MD_SIZE];

5
crypto/openssl/crypto/pkcs7/pk7_doit.c
View File

@ -767,6 +767,11 @@ int PKCS7_signatureVerify(BIO *bio, PKCS7 *p7, PKCS7_SIGNER_INFO *si,
}
if (EVP_MD_CTX_type(mdc) == md_type)
break;
/* Workaround for some broken clients that put the signature
* OID instead of the digest OID in digest_alg->algorithm
*/
if (EVP_MD_pkey_type(EVP_MD_CTX_md(mdc)) == md_type)
break;
btmp=BIO_next(btmp);
}

105
crypto/openssl/crypto/pkcs7/pk7_mime.c
View File

@ -3,7 +3,7 @@
* project 1999.
*/
/* ====================================================================
* Copyright (c) 1999 The OpenSSL Project. All rights reserved.
* Copyright (c) 1999-2003 The OpenSSL Project. All rights reserved.
*
* Redistribution and use in source and binary forms, with or without
* modification, are permitted provided that the following conditions
@ -101,7 +101,7 @@ static int mime_param_cmp(const MIME_PARAM * const *a,
static void mime_param_free(MIME_PARAM *param);
static int mime_bound_check(char *line, int linelen, char *bound, int blen);
static int multi_split(BIO *bio, char *bound, STACK_OF(BIO) **ret);
static int iscrlf(char c);
static int strip_eol(char *linebuf, int *plen);
static MIME_HEADER *mime_hdr_find(STACK_OF(MIME_HEADER) *hdrs, char *name);
static MIME_PARAM *mime_param_find(MIME_HEADER *hdr, char *name);
static void mime_hdr_free(MIME_HEADER *hdr);
@ -150,9 +150,17 @@ static PKCS7 *B64_read_PKCS7(BIO *bio)
int SMIME_write_PKCS7(BIO *bio, PKCS7 *p7, BIO *data, int flags)
{
char linebuf[MAX_SMLEN];
char bound[33], c;
int i;
char *mime_prefix, *mime_eol;
if (flags & PKCS7_NOOLDMIMETYPE)
mime_prefix = "application/pkcs7-";
else
mime_prefix = "application/x-pkcs7-";
if (flags & PKCS7_CRLFEOL)
mime_eol = "\r\n";
else
mime_eol = "\n";
if((flags & PKCS7_DETACHED) && data) {
/* We want multipart/signed */
/* Generate a random boundary */
@ -164,34 +172,42 @@ int SMIME_write_PKCS7(BIO *bio, PKCS7 *p7, BIO *data, int flags)
bound[i] = c;
}
bound[32] = 0;
BIO_printf(bio, "MIME-Version: 1.0\n");
BIO_printf(bio, "MIME-Version: 1.0%s", mime_eol);
BIO_printf(bio, "Content-Type: multipart/signed;");
BIO_printf(bio, " protocol=\"application/x-pkcs7-signature\";");
BIO_printf(bio, " micalg=sha1; boundary=\"----%s\"\n\n", bound);
BIO_printf(bio, "This is an S/MIME signed message\n\n");
BIO_printf(bio, " protocol=\"%ssignature\";", mime_prefix);
BIO_printf(bio, " micalg=sha1; boundary=\"----%s\"%s%s",
bound, mime_eol, mime_eol);
BIO_printf(bio, "This is an S/MIME signed message%s%s",
mime_eol, mime_eol);
/* Now write out the first part */
BIO_printf(bio, "------%s\n", bound);
if(flags & PKCS7_TEXT) BIO_printf(bio, "Content-Type: text/plain\n\n");
while((i = BIO_read(data, linebuf, MAX_SMLEN)) > 0)
BIO_write(bio, linebuf, i);
BIO_printf(bio, "\n------%s\n", bound);
BIO_printf(bio, "------%s%s", bound, mime_eol);
SMIME_crlf_copy(data, bio, flags);
BIO_printf(bio, "%s------%s%s", mime_eol, bound, mime_eol);
/* Headers for signature */
BIO_printf(bio, "Content-Type: application/x-pkcs7-signature; name=\"smime.p7s\"\n");
BIO_printf(bio, "Content-Transfer-Encoding: base64\n");
BIO_printf(bio, "Content-Disposition: attachment; filename=\"smime.p7s\"\n\n");
BIO_printf(bio, "Content-Type: %ssignature;", mime_prefix);
BIO_printf(bio, " name=\"smime.p7s\"%s", mime_eol);
BIO_printf(bio, "Content-Transfer-Encoding: base64%s",
mime_eol);
BIO_printf(bio, "Content-Disposition: attachment;");
BIO_printf(bio, " filename=\"smime.p7s\"%s%s",
mime_eol, mime_eol);
B64_write_PKCS7(bio, p7);
BIO_printf(bio,"\n------%s--\n\n", bound);
BIO_printf(bio,"%s------%s--%s%s", mime_eol, bound,
mime_eol, mime_eol);
return 1;
}
/* MIME headers */
BIO_printf(bio, "MIME-Version: 1.0\n");
BIO_printf(bio, "Content-Disposition: attachment; filename=\"smime.p7m\"\n");
BIO_printf(bio, "Content-Type: application/x-pkcs7-mime; name=\"smime.p7m\"\n");
BIO_printf(bio, "Content-Transfer-Encoding: base64\n\n");
BIO_printf(bio, "MIME-Version: 1.0%s", mime_eol);
BIO_printf(bio, "Content-Disposition: attachment;");
BIO_printf(bio, " filename=\"smime.p7m\"%s", mime_eol);
BIO_printf(bio, "Content-Type: %smime;", mime_prefix);
BIO_printf(bio, " name=\"smime.p7m\"%s", mime_eol);
BIO_printf(bio, "Content-Transfer-Encoding: base64%s%s",
mime_eol, mime_eol);
B64_write_PKCS7(bio, p7);
BIO_printf(bio, "\n");
BIO_printf(bio, "%s", mime_eol);
return 1;
}
@ -316,12 +332,9 @@ int SMIME_crlf_copy(BIO *in, BIO *out, int flags)
}
if(flags & PKCS7_TEXT) BIO_printf(out, "Content-Type: text/plain\r\n\r\n");
while ((len = BIO_gets(in, linebuf, MAX_SMLEN)) > 0) {
eol = 0;
while(iscrlf(linebuf[len - 1])) {
len--;
eol = 1;
}
BIO_write(out, linebuf, len);
eol = strip_eol(linebuf, &len);
if (len)
BIO_write(out, linebuf, len);
if(eol) BIO_write(out, "\r\n", 2);
}
return 1;
@ -364,6 +377,7 @@ static int multi_split(BIO *bio, char *bound, STACK_OF(BIO) **ret)
{
char linebuf[MAX_SMLEN];
int len, blen;
int eol = 0, next_eol = 0;
BIO *bpart = NULL;
STACK_OF(BIO) *parts;
char state, part, first;
@ -383,26 +397,23 @@ static int multi_split(BIO *bio, char *bound, STACK_OF(BIO) **ret)
sk_BIO_push(parts, bpart);
return 1;
} else if(part) {
/* Strip CR+LF from linebuf */
next_eol = strip_eol(linebuf, &len);
if(first) {
first = 0;
if(bpart) sk_BIO_push(parts, bpart);
bpart = BIO_new(BIO_s_mem());
} else BIO_write(bpart, "\r\n", 2);
/* Strip CR+LF from linebuf */
while(iscrlf(linebuf[len - 1])) len--;
BIO_write(bpart, linebuf, len);
BIO_set_mem_eof_return(bpart, 0);
} else if (eol)
BIO_write(bpart, "\r\n", 2);
eol = next_eol;
if (len)
BIO_write(bpart, linebuf, len);
}
}
return 0;
}
static int iscrlf(char c)
{
if(c == '\r' || c == '\n') return 1;
return 0;
}
/* This is the big one: parse MIME header lines up to message body */
#define MIME_INVALID 0
@ -683,3 +694,21 @@ static int mime_bound_check(char *line, int linelen, char *bound, int blen)
}
return 0;
}
static int strip_eol(char *linebuf, int *plen)
{
int len = *plen;
char *p, c;
int is_eol = 0;
p = linebuf + len - 1;
for (p = linebuf + len - 1; len > 0; len--, p--)
{
c = *p;
if (c == '\n')
is_eol = 1;
else if (c != '\r')
break;
}
*plen = len;
return is_eol;
}

2
crypto/openssl/crypto/pkcs7/pk7_smime.c
View File

@ -3,7 +3,7 @@
* project 1999.
*/
/* ====================================================================
* Copyright (c) 1999 The OpenSSL Project. All rights reserved.
* Copyright (c) 1999-2003 The OpenSSL Project. All rights reserved.
*
* Redistribution and use in source and binary forms, with or without
* modification, are permitted provided that the following conditions

2
crypto/openssl/crypto/pkcs7/pkcs7.h
View File

@ -260,6 +260,8 @@ DECLARE_PKCS12_STACK_OF(PKCS7)
#define PKCS7_BINARY 0x80
#define PKCS7_NOATTR 0x100
#define PKCS7_NOSMIMECAP 0x200
#define PKCS7_NOOLDMIMETYPE 0x400
#define PKCS7_CRLFEOL 0x800
/* Flags: for compatibility with older code */

14
crypto/openssl/crypto/rand/rand_win.c
View File

@ -162,6 +162,7 @@ typedef BOOL (WINAPI *GETCURSORINFO)(PCURSORINFO);
typedef DWORD (WINAPI *GETQUEUESTATUS)(UINT);
typedef HANDLE (WINAPI *CREATETOOLHELP32SNAPSHOT)(DWORD, DWORD);
typedef BOOL (WINAPI *CLOSETOOLHELP32SNAPSHOT)(HANDLE);
typedef BOOL (WINAPI *HEAP32FIRST)(LPHEAPENTRY32, DWORD, DWORD);
typedef BOOL (WINAPI *HEAP32NEXT)(LPHEAPENTRY32);
typedef BOOL (WINAPI *HEAP32LIST)(HANDLE, LPHEAPLIST32);
@ -431,7 +432,7 @@ int RAND_poll(void)
* This seeding method was proposed in Peter Gutmann, Software
* Generation of Practically Strong Random Numbers,
* http://www.usenix.org/publications/library/proceedings/sec98/gutmann.html
* revised version at http://www.cryptoengines.com/~peter/06_random.pdf
* revised version at http://www.cryptoengines.com/~peter/06_random.pdf
* (The assignment of entropy estimates below is arbitrary, but based
* on Peter's analysis the full poll appears to be safe. Additional
* interactive seeding is encouraged.)
@ -440,6 +441,7 @@ int RAND_poll(void)
if (kernel)
{
CREATETOOLHELP32SNAPSHOT snap;
CLOSETOOLHELP32SNAPSHOT close_snap;
HANDLE handle;
HEAP32FIRST heap_first;
@ -457,6 +459,8 @@ int RAND_poll(void)
snap = (CREATETOOLHELP32SNAPSHOT)
GetProcAddress(kernel, TEXT("CreateToolhelp32Snapshot"));
close_snap = (CLOSETOOLHELP32SNAPSHOT)
GetProcAddress(kernel, TEXT("CloseToolhelp32Snapshot"));
heap_first = (HEAP32FIRST) GetProcAddress(kernel, TEXT("Heap32First"));
heap_next = (HEAP32NEXT) GetProcAddress(kernel, TEXT("Heap32Next"));
heaplist_first = (HEAP32LIST) GetProcAddress(kernel, TEXT("Heap32ListFirst"));
@ -472,7 +476,7 @@ int RAND_poll(void)
heaplist_next && process_first && process_next &&
thread_first && thread_next && module_first &&
module_next && (handle = snap(TH32CS_SNAPALL,0))
!= NULL)
!= INVALID_HANDLE_VALUE)
{
/* heap list and heap walking */
/* HEAPLIST32 contains 3 fields that will change with
@ -534,8 +538,10 @@ int RAND_poll(void)
do
RAND_add(&m, m.dwSize, 9);
while (module_next(handle, &m));
CloseHandle(handle);
if (close_snap)
close_snap(handle);
else
CloseHandle(handle);
}
FreeLibrary(kernel);

42
crypto/openssl/crypto/rsa/Makefile.ssl
View File

@ -104,14 +104,12 @@ rsa_chk.o: rsa_chk.c
rsa_eay.o: ../../e_os.h ../../include/openssl/asn1.h
rsa_eay.o: ../../include/openssl/bio.h ../../include/openssl/bn.h
rsa_eay.o: ../../include/openssl/buffer.h ../../include/openssl/crypto.h
rsa_eay.o: ../../include/openssl/dh.h ../../include/openssl/dsa.h
rsa_eay.o: ../../include/openssl/e_os2.h ../../include/openssl/engine.h
rsa_eay.o: ../../include/openssl/err.h ../../include/openssl/lhash.h
rsa_eay.o: ../../include/openssl/opensslconf.h ../../include/openssl/opensslv.h
rsa_eay.o: ../../include/openssl/ossl_typ.h ../../include/openssl/rand.h
rsa_eay.o: ../../include/openssl/rsa.h ../../include/openssl/safestack.h
rsa_eay.o: ../../include/openssl/stack.h ../../include/openssl/symhacks.h
rsa_eay.o: ../../include/openssl/ui.h ../cryptlib.h rsa_eay.c
rsa_eay.o: ../../include/openssl/e_os2.h ../../include/openssl/err.h
rsa_eay.o: ../../include/openssl/lhash.h ../../include/openssl/opensslconf.h
rsa_eay.o: ../../include/openssl/opensslv.h ../../include/openssl/ossl_typ.h
rsa_eay.o: ../../include/openssl/rand.h ../../include/openssl/rsa.h
rsa_eay.o: ../../include/openssl/safestack.h ../../include/openssl/stack.h
rsa_eay.o: ../../include/openssl/symhacks.h ../cryptlib.h rsa_eay.c
rsa_err.o: ../../include/openssl/asn1.h ../../include/openssl/bio.h
rsa_err.o: ../../include/openssl/bn.h ../../include/openssl/crypto.h
rsa_err.o: ../../include/openssl/e_os2.h ../../include/openssl/err.h
@ -217,21 +215,21 @@ rsa_sign.o: ../../include/openssl/buffer.h ../../include/openssl/cast.h
rsa_sign.o: ../../include/openssl/crypto.h ../../include/openssl/des.h
rsa_sign.o: ../../include/openssl/des_old.h ../../include/openssl/dh.h
rsa_sign.o: ../../include/openssl/dsa.h ../../include/openssl/e_os2.h
rsa_sign.o: ../../include/openssl/engine.h ../../include/openssl/err.h
rsa_sign.o: ../../include/openssl/evp.h ../../include/openssl/idea.h
rsa_sign.o: ../../include/openssl/lhash.h ../../include/openssl/md2.h
rsa_sign.o: ../../include/openssl/md4.h ../../include/openssl/md5.h
rsa_sign.o: ../../include/openssl/mdc2.h ../../include/openssl/obj_mac.h
rsa_sign.o: ../../include/openssl/objects.h ../../include/openssl/opensslconf.h
rsa_sign.o: ../../include/openssl/err.h ../../include/openssl/evp.h
rsa_sign.o: ../../include/openssl/idea.h ../../include/openssl/lhash.h
rsa_sign.o: ../../include/openssl/md2.h ../../include/openssl/md4.h
rsa_sign.o: ../../include/openssl/md5.h ../../include/openssl/mdc2.h
rsa_sign.o: ../../include/openssl/obj_mac.h ../../include/openssl/objects.h
rsa_sign.o: ../../include/openssl/opensslconf.h
rsa_sign.o: ../../include/openssl/opensslv.h ../../include/openssl/ossl_typ.h
rsa_sign.o: ../../include/openssl/pkcs7.h ../../include/openssl/rand.h
rsa_sign.o: ../../include/openssl/rc2.h ../../include/openssl/rc4.h
rsa_sign.o: ../../include/openssl/rc5.h ../../include/openssl/ripemd.h
rsa_sign.o: ../../include/openssl/rsa.h ../../include/openssl/safestack.h
rsa_sign.o: ../../include/openssl/sha.h ../../include/openssl/stack.h
rsa_sign.o: ../../include/openssl/symhacks.h ../../include/openssl/ui.h
rsa_sign.o: ../../include/openssl/ui_compat.h ../../include/openssl/x509.h
rsa_sign.o: ../../include/openssl/x509_vfy.h ../cryptlib.h rsa_sign.c
rsa_sign.o: ../../include/openssl/pkcs7.h ../../include/openssl/rc2.h
rsa_sign.o: ../../include/openssl/rc4.h ../../include/openssl/rc5.h
rsa_sign.o: ../../include/openssl/ripemd.h ../../include/openssl/rsa.h
rsa_sign.o: ../../include/openssl/safestack.h ../../include/openssl/sha.h
rsa_sign.o: ../../include/openssl/stack.h ../../include/openssl/symhacks.h
rsa_sign.o: ../../include/openssl/ui.h ../../include/openssl/ui_compat.h
rsa_sign.o: ../../include/openssl/x509.h ../../include/openssl/x509_vfy.h
rsa_sign.o: ../cryptlib.h rsa_sign.c
rsa_ssl.o: ../../e_os.h ../../include/openssl/asn1.h
rsa_ssl.o: ../../include/openssl/bio.h ../../include/openssl/bn.h
rsa_ssl.o: ../../include/openssl/buffer.h ../../include/openssl/crypto.h

25
crypto/openssl/crypto/rsa/rsa_sign.c
View File

@ -62,9 +62,6 @@
#include <openssl/rsa.h>
#include <openssl/objects.h>
#include <openssl/x509.h>
#ifndef OPENSSL_NO_ENGINE
#include <openssl/engine.h>
#endif
/* Size of an SSL signature: MD5+SHA1 */
#define SSL_SIG_LENGTH 36
@ -79,12 +76,11 @@ int RSA_sign(int type, const unsigned char *m, unsigned int m_len,
const unsigned char *s = NULL;
X509_ALGOR algor;
ASN1_OCTET_STRING digest;
#ifndef OPENSSL_NO_ENGINE
if((rsa->flags & RSA_FLAG_SIGN_VER)
&& ENGINE_get_RSA(rsa->engine)->rsa_sign)
return ENGINE_get_RSA(rsa->engine)->rsa_sign(type,
m, m_len, sigret, siglen, rsa);
#endif
if((rsa->flags & RSA_FLAG_SIGN_VER) && rsa->meth->rsa_sign)
{
return rsa->meth->rsa_sign(type, m, m_len,
sigret, siglen, rsa);
}
/* Special case: SSL signature, just check the length */
if(type == NID_md5_sha1) {
if(m_len != SSL_SIG_LENGTH) {
@ -159,12 +155,11 @@ int RSA_verify(int dtype, const unsigned char *m, unsigned int m_len,
return(0);
}
#ifndef OPENSSL_NO_ENGINE
if((rsa->flags & RSA_FLAG_SIGN_VER)
&& ENGINE_get_RSA(rsa->engine)->rsa_verify)
return ENGINE_get_RSA(rsa->engine)->rsa_verify(dtype,
m, m_len, sigbuf, siglen, rsa);
#endif
if((rsa->flags & RSA_FLAG_SIGN_VER) && rsa->meth->rsa_verify)
{
return rsa->meth->rsa_verify(dtype, m, m_len,
sigbuf, siglen, rsa);
}
s=(unsigned char *)OPENSSL_malloc((unsigned int)siglen);
if (s == NULL)

3
crypto/openssl/crypto/rsa/rsa_test.c
View File

@ -16,9 +16,6 @@ int main(int argc, char *argv[])
}
#else
#include <openssl/rsa.h>
#ifndef OPENSSL_NO_ENGINE
#include <openssl/engine.h>
#endif
#define SetKey \
key->n = BN_bin2bn(n, sizeof(n)-1, key->n); \

5
crypto/openssl/crypto/threads/mttest.c
View File

@ -86,11 +86,6 @@
#include <openssl/err.h>
#include <openssl/rand.h>
#ifdef OPENSSL_NO_FP_API
#define APPS_WIN16
#include "../buffer/bss_file.c"
#endif
#define TEST_SERVER_CERT "../../apps/server.pem"
#define TEST_CLIENT_CERT "../../apps/client.pem"

3
crypto/openssl/crypto/x509/by_file.c
View File

@ -285,7 +285,8 @@ int X509_load_cert_crl_file(X509_LOOKUP *ctx, const char *file, int type)
if(itmp->x509) {
X509_STORE_add_cert(ctx->store_ctx, itmp->x509);
count++;
} else if(itmp->crl) {
}
if(itmp->crl) {
X509_STORE_add_crl(ctx->store_ctx, itmp->crl);
count++;
}

1
crypto/openssl/crypto/x509/x509_trs.c
View File

@ -82,6 +82,7 @@ static X509_TRUST trstandard[] = {
{X509_TRUST_SSL_CLIENT, 0, trust_1oidany, "SSL Client", NID_client_auth, NULL},
{X509_TRUST_SSL_SERVER, 0, trust_1oidany, "SSL Server", NID_server_auth, NULL},
{X509_TRUST_EMAIL, 0, trust_1oidany, "S/MIME email", NID_email_protect, NULL},
{X509_TRUST_OBJECT_SIGN, 0, trust_1oidany, "Object Signer", NID_code_sign, NULL},
{X509_TRUST_OCSP_SIGN, 0, trust_1oid, "OCSP responder", NID_OCSP_sign, NULL},
{X509_TRUST_OCSP_REQUEST, 0, trust_1oid, "OCSP request", NID_ad_OCSP, NULL}
};

6
crypto/openssl/crypto/x509/x509_vfy.c
View File

@ -453,9 +453,9 @@ static int check_revocation(X509_STORE_CTX *ctx)
if (!(ctx->flags & X509_V_FLAG_CRL_CHECK))
return 1;
if (ctx->flags & X509_V_FLAG_CRL_CHECK_ALL)
last = 0;
else
last = sk_X509_num(ctx->chain) - 1;
else
last = 0;
for(i = 0; i <= last; i++)
{
ctx->error_depth = i;
@ -674,7 +674,7 @@ static int internal_verify(X509_STORE_CTX *ctx)
ok=(*cb)(0,ctx);
if (!ok) goto end;
}
if (X509_verify(xs,pkey) <= 0)
else if (X509_verify(xs,pkey) <= 0)
/* XXX For the final trusted self-signed cert,
* this is a waste of time. That check should
* optional so that e.g. 'openssl x509' can be

5
crypto/openssl/crypto/x509/x509type.c
View File

@ -99,14 +99,15 @@ int X509_certificate_type(X509 *x, EVP_PKEY *pkey)
case EVP_PKEY_RSA:
ret|=EVP_PKS_RSA;
break;
case EVP_PKS_DSA:
case EVP_PKEY_DSA:
ret|=EVP_PKS_DSA;
break;
default:
break;
}
if (EVP_PKEY_size(pk) <= 512)
if (EVP_PKEY_size(pk) <= 512/8) /* /8 because it's 512 bits we look
for, not bytes */
ret|=EVP_PKT_EXP;
if(pkey==NULL) EVP_PKEY_free(pk);
return(ret);

2
crypto/openssl/crypto/x509v3/v3_conf.c
View File

@ -236,7 +236,7 @@ static int v3_check_critical(char **value)
static int v3_check_generic(char **value)
{
char *p = *value;
if ((strlen(p) < 4) || strncmp(p, "DER:,", 4)) return 0;
if ((strlen(p) < 4) || strncmp(p, "DER:", 4)) return 0;
p+=4;
while (isspace((unsigned char)*p)) p++;
*value = p;

24
crypto/openssl/crypto/x509v3/v3_cpols.c
View File

@ -73,7 +73,7 @@ static POLICYINFO *policy_section(X509V3_CTX *ctx,
STACK_OF(CONF_VALUE) *polstrs, int ia5org);
static POLICYQUALINFO *notice_section(X509V3_CTX *ctx,
STACK_OF(CONF_VALUE) *unot, int ia5org);
static STACK_OF(ASN1_INTEGER) *nref_nos(STACK_OF(CONF_VALUE) *nos);
static int nref_nos(STACK_OF(ASN1_INTEGER) *nnums, STACK_OF(CONF_VALUE) *nos);
X509V3_EXT_METHOD v3_cpols = {
NID_certificate_policies, 0,ASN1_ITEM_ref(CERTIFICATEPOLICIES),
@ -226,6 +226,8 @@ static POLICYINFO *policy_section(X509V3_CTX *ctx,
qual = notice_section(ctx, unot, ia5org);
X509V3_section_free(ctx, unot);
if(!qual) goto err;
if(!pol->qualifiers) pol->qualifiers =
sk_POLICYQUALINFO_new_null();
if(!sk_POLICYQUALINFO_push(pol->qualifiers, qual))
goto merr;
} else {
@ -255,7 +257,7 @@ static POLICYINFO *policy_section(X509V3_CTX *ctx,
static POLICYQUALINFO *notice_section(X509V3_CTX *ctx,
STACK_OF(CONF_VALUE) *unot, int ia5org)
{
int i;
int i, ret;
CONF_VALUE *cnf;
USERNOTICE *not;
POLICYQUALINFO *qual;
@ -275,8 +277,8 @@ static POLICYQUALINFO *notice_section(X509V3_CTX *ctx,
if(!(nref = NOTICEREF_new())) goto merr;
not->noticeref = nref;
} else nref = not->noticeref;
if(ia5org) nref->organization = M_ASN1_IA5STRING_new();
else nref->organization = M_ASN1_VISIBLESTRING_new();
if(ia5org) nref->organization->type = V_ASN1_IA5STRING;
else nref->organization->type = V_ASN1_VISIBLESTRING;
if(!ASN1_STRING_set(nref->organization, cnf->value,
strlen(cnf->value))) goto merr;
} else if(!strcmp(cnf->name, "noticeNumbers")) {
@ -292,12 +294,12 @@ static POLICYQUALINFO *notice_section(X509V3_CTX *ctx,
X509V3_conf_err(cnf);
goto err;
}
nref->noticenos = nref_nos(nos);
ret = nref_nos(nref->noticenos, nos);
sk_CONF_VALUE_pop_free(nos, X509V3_conf_free);
if(!nref->noticenos) goto err;
if (!ret)
goto err;
} else {
X509V3err(X509V3_F_NOTICE_SECTION,X509V3_R_INVALID_OPTION);
X509V3_conf_err(cnf);
goto err;
}
@ -319,15 +321,13 @@ static POLICYQUALINFO *notice_section(X509V3_CTX *ctx,
return NULL;
}
static STACK_OF(ASN1_INTEGER) *nref_nos(STACK_OF(CONF_VALUE) *nos)
static int nref_nos(STACK_OF(ASN1_INTEGER) *nnums, STACK_OF(CONF_VALUE) *nos)
{
STACK_OF(ASN1_INTEGER) *nnums;
CONF_VALUE *cnf;
ASN1_INTEGER *aint;
int i;
if(!(nnums = sk_ASN1_INTEGER_new_null())) goto merr;
for(i = 0; i < sk_CONF_VALUE_num(nos); i++) {
cnf = sk_CONF_VALUE_value(nos, i);
if(!(aint = s2i_ASN1_INTEGER(NULL, cnf->name))) {
@ -336,14 +336,14 @@ static STACK_OF(ASN1_INTEGER) *nref_nos(STACK_OF(CONF_VALUE) *nos)
}
if(!sk_ASN1_INTEGER_push(nnums, aint)) goto merr;
}
return nnums;
return 1;
merr:
X509V3err(X509V3_F_NOTICE_SECTION,ERR_R_MALLOC_FAILURE);
err:
sk_ASN1_INTEGER_pop_free(nnums, ASN1_STRING_free);
return NULL;
return 0;
}

1
crypto/openssl/crypto/x509v3/v3_lib.c
View File

@ -202,6 +202,7 @@ void *X509V3_get_d2i(STACK_OF(X509_EXTENSION) *x, int nid, int *crit, int *idx)
if(OBJ_obj2nid(ex->object) == nid) {
if(idx) {
*idx = i;
found_ex = ex;
break;
} else if(found_ex) {
/* Found more than one */

4
crypto/openssl/crypto/x509v3/v3_prn.c
View File

@ -178,13 +178,13 @@ int X509V3_extensions_print(BIO *bp, char *title, STACK_OF(X509_EXTENSION) *exts
ASN1_OBJECT *obj;
X509_EXTENSION *ex;
ex=sk_X509_EXTENSION_value(exts, i);
if (BIO_printf(bp,"%*s",indent, "") <= 0) return 0;
if (indent && BIO_printf(bp,"%*s",indent, "") <= 0) return 0;
obj=X509_EXTENSION_get_object(ex);
i2a_ASN1_OBJECT(bp,obj);
j=X509_EXTENSION_get_critical(ex);
if (BIO_printf(bp,": %s\n",j?"critical":"","") <= 0)
return 0;
if(!X509V3_EXT_print(bp, ex, flag, 12))
if(!X509V3_EXT_print(bp, ex, flag, indent + 4))
{
BIO_printf(bp, "%*s", indent + 4, "");
M_ASN1_OCTET_STRING_print(bp,ex->value);

2
crypto/openssl/demos/engines/zencod/hw_zencod.h
View File

@ -46,7 +46,7 @@ typedef int t_zencod_dump_key (FILE *stream, char *msg, KEY *key);
/*
* Key managment tools
* Key management tools
*/
typedef KEY *t_zencod_new_number (unsigned long len, unsigned char *data);
typedef int t_zencod_init_number (KEY *n, unsigned long len, unsigned char *data);

12
crypto/openssl/doc/HOWTO/certificates.txt
View File

@ -48,7 +48,7 @@ you have your own certificate authority, you may sign it yourself, or
if you need a self-signed certificate (because you just want a test
certificate or because you are setting up your own CA).
The certificate is created like this:
The certificate request is created like this:
openssl req -new -key privkey.pem -out cert.csr
@ -71,13 +71,11 @@ received.
If you don't want to deal with another certificate authority, or just
want to create a test certificate for yourself, or are setting up a
certificate authority of your own, you may want to make the requested
certificate a self-signed one. If you have created a certificate
request as shown above, you can sign it using the 'openssl x509'
command, for example like this (to create a self-signed CA
certificate):
certificate a self-signed one. This is similar to creating a
certificate request, but creates a certificate instead of a
certificate request (1095 is 3 years):
openssl x509 -req -in cert.csr -extfile openssl.cnf -extensions v3_ca \
-signkey privkey.pem -out cacert.pem -trustout
openssl req -new -x509 -key privkey.pem -out cacert.pem -days 1095
5. What to do with the certificate

73
crypto/openssl/doc/HOWTO/keys.txt Normal file
View File

@ -0,0 +1,73 @@
<DRAFT!>
HOWTO keys
1. Introduction
Keys are the basis of public key algorithms and PKI. Keys usually
come in pairs, with one half being the public key and the other half
being the private key. With OpenSSL, the private key contains the
public key information as well, so a public key doesn't need to be
generated separately.
Public keys come in several flavors, using different cryptographic
algorithms. The most popular ones associated with certificates are
RSA and DSA, and this HOWTO will show how to generate each of them.
2. To generate a RSA key
A RSA key can be used both for encryption and for signing.
Generating a key for the RSA algorithm is quite easy, all you have to
do is the following:
openssl genrsa -des3 -out privkey.pem 2048
With this variant, you will be prompted for a protecting password. If
you don't want your key to be protected by a password, remove the flag
'-des3' from the command line above.
NOTE: if you intend to use the key together with a server
certificate, it may be a good thing to avoid protecting it
with a password, since that would mean someone would have to
type in the password every time the server needs to access
the key.
The number 2048 is the size of the key, in bits. Today, 2048 or
higher is recommended for RSA keys, as fewer amount of bits is
consider insecure or to be insecure pretty soon.
3. To generate a DSA key
A DSA key can be used both for signing only. This is important to
keep in mind to know what kind of purposes a certificate request with
a DSA key can really be used for.
Generating a key for the DSA algorithm is a two-step process. First,
you have to generate parameters from which to generate the key:
openssl dsaparam -out dsaparam.pem 2048
The number 2048 is the size of the key, in bits. Today, 2048 or
higher is recommended for DSA keys, as fewer amount of bits is
consider insecure or to be insecure pretty soon.
When that is done, you can generate a key using the parameters in
question (actually, several keys can be generated from the same
parameters):
openssl gendsa -des3 -out privkey.pem dsaparam.pem
With this variant, you will be prompted for a protecting password. If
you don't want your key to be protected by a password, remove the flag
'-des3' from the command line above.
NOTE: if you intend to use the key together with a server
certificate, it may be a good thing to avoid protecting it
with a password, since that would mean someone would have to
type in the password every time the server needs to access
the key.
--
Richard Levitte

8
crypto/openssl/doc/apps/ca.pod
View File

@ -359,7 +359,7 @@ the same as the B<-md> option. The message digest to use. Mandatory.
the text database file to use. Mandatory. This file must be present
though initially it will be empty.
=item B<serialfile>
=item B<serial>
a text file containing the next serial number to use in hex. Mandatory.
This file must be present and contain a valid serial number.
@ -400,7 +400,7 @@ here, except the B<no_signame> and B<no_sigdump> are permanently set
and cannot be disabled (this is because the certificate signature cannot
be displayed because the certificate has not been signed at this point).
For convenience the values B<default_ca> are accepted by both to produce
For convenience the values B<ca_default> are accepted by both to produce
a reasonable output.
If neither option is present the format used in earlier versions of
@ -513,8 +513,8 @@ A sample configuration file with the relevant sections for B<ca>:
policy = policy_any # default policy
email_in_dn = no # Don't add the email into cert DN
nameopt = default_ca # Subject name display option
certopt = default_ca # Certificate display option
nameopt = ca_default # Subject name display option
certopt = ca_default # Certificate display option
copy_extensions = none # Don't copy extensions from request
[ policy_any ]

Some files were not shown because too many files have changed in this diff Show More