d/freebsd-skq
1
0
Fork 0
Code Issues Pull Requests Packages Projects Releases Wiki Activity

Import OpenSSL 0.9.8p.

Browse Source
This commit is contained in:
Simon L. B. Nielsen 2010-11-21 22:45:18 +00:00
parent 0cedaa6c89
commit f2c43d19b9
127 changed files with 872 additions and 530 deletions
Show Stats Download Patch File Download Diff File Expand all files Collapse all files

45
CHANGES
View File

@ -2,6 +2,51 @@
OpenSSL CHANGES
_______________
Changes between 0.9.8o and 0.9.8p [16 Nov 2010]
*) Fix extension code to avoid race conditions which can result in a buffer
overrun vulnerability: resumed sessions must not be modified as they can
be shared by multiple threads. CVE-2010-3864
[Steve Henson]
*) Fix for double free bug in ssl/s3_clnt.c CVE-2010-2939
[Steve Henson]
*) Don't reencode certificate when calculating signature: cache and use
the original encoding instead. This makes signature verification of
some broken encodings work correctly.
[Steve Henson]
*) ec2_GF2m_simple_mul bugfix: compute correct result if the output EC_POINT
is also one of the inputs.
[Emilia Käsper <emilia.kasper@esat.kuleuven.be> (Google)]
*) Don't repeatedly append PBE algorithms to table if they already exist.
Sort table on each new add. This effectively makes the table read only
after all algorithms are added and subsequent calls to PKCS12_pbe_add
etc are non-op.
[Steve Henson]
Changes between 0.9.8n and 0.9.8o [01 Jun 2010]
[NB: OpenSSL 0.9.8o and later 0.9.8 patch levels were released after
OpenSSL 1.0.0.]
*) Correct a typo in the CMS ASN1 module which can result in invalid memory
access or freeing data twice (CVE-2010-0742)
[Steve Henson, Ronald Moesbergen <intercommit@gmail.com>]
*) Add SHA2 algorithms to SSL_library_init(). SHA2 is becoming far more
common in certificates and some applications which only call
SSL_library_init and not OpenSSL_add_all_algorithms() will fail.
[Steve Henson]
*) VMS fixes:
Reduce copying into .apps and .test in makevms.com
Don't try to use blank CA certificate in CA.com
Allow use of C files from original directories in maketests.com
[Steven M. Schweda" <sms@antinode.info>]
Changes between 0.9.8m and 0.9.8n [24 Mar 2010]
*) When rejecting SSL/TLS records due to an incorrect version number, never

4
Configure
View File

@ -1812,11 +1812,11 @@ EOF
(system $make_command.$make_targets) == 0 or exit $?
if $make_targets ne "";
if ( $perl =~ m@^/@) {
&dofile("tools/c_rehash",$perl,'^#!/', '#!%s','^my \$dir;$', 'my $dir = "' . $openssldir . '";');
&dofile("tools/c_rehash",$perl,'^#!/', '#!%s','^my \$dir;$', 'my $dir = "' . $openssldir . '";', '^my \$prefix;$', 'my $prefix = "' . $prefix . '";');
&dofile("apps/CA.pl",$perl,'^#!/', '#!%s');
} else {
# No path for Perl known ...
&dofile("tools/c_rehash",'/usr/local/bin/perl','^#!/', '#!%s','^my \$dir;$', 'my $dir = "' . $openssldir . '";');
&dofile("tools/c_rehash",'/usr/local/bin/perl','^#!/', '#!%s','^my \$dir;$', 'my $dir = "' . $openssldir . '";', '^my \$prefix;$', 'my $prefix = "' . $prefix . '";');
&dofile("apps/CA.pl",'/usr/local/bin/perl','^#!/', '#!%s');
}
if ($depflags ne $default_depflags && !$make_depend) {

29
FAQ
View File

@ -70,6 +70,7 @@ OpenSSL - Frequently Asked Questions
* I think I've detected a memory leak, is this a bug?
* Why does Valgrind complain about the use of uninitialized data?
* Why doesn't a memory BIO work when a file does?
* Where are the declarations and implementations of d2i_X509() etc?
===============================================================================
@ -78,7 +79,7 @@ OpenSSL - Frequently Asked Questions
* Which is the current version of OpenSSL?
The current version is available from <URL: http://www.openssl.org>.
OpenSSL 0.9.8n was released on Mar 24th, 2010.
OpenSSL 1.0.0b was released on Nov 16th, 2010.
In addition to the current stable release, you can also access daily
snapshots of the OpenSSL development version at <URL:
@ -94,14 +95,17 @@ explains how to install this library.
OpenSSL includes a command line utility that can be used to perform a
variety of cryptographic functions. It is described in the openssl(1)
manpage. Documentation for developers is currently being written. A
few manual pages already are available; overviews over libcrypto and
manpage. Documentation for developers is currently being written. Many
manual pages are available; overviews over libcrypto and
libssl are given in the crypto(3) and ssl(3) manpages.
The OpenSSL manpages are installed in /usr/local/ssl/man/ (or a
different directory if you specified one as described in INSTALL).
In addition, you can read the most current versions at
<URL: http://www.openssl.org/docs/>.
<URL: http://www.openssl.org/docs/>. Note that the online documents refer
to the very latest development versions of OpenSSL and may include features
not present in released versions. If in doubt refer to the documentation
that came with the version of OpenSSL you are using.
For information on parts of libcrypto that are not yet documented, you
might want to read Ariel Glenn's documentation on SSLeay 0.9, OpenSSL's
@ -717,8 +721,10 @@ file.
Multi-threaded applications must provide two callback functions to
OpenSSL by calling CRYPTO_set_locking_callback() and
CRYPTO_set_id_callback(). This is described in the threads(3)
manpage.
CRYPTO_set_id_callback(), for all versions of OpenSSL up to and
including 0.9.8[abc...]. As of version 1.0.0, CRYPTO_set_id_callback()
and associated APIs are deprecated by CRYPTO_THREADID_set_callback()
and friends. This is described in the threads(3) manpage.
* I've compiled a program under Windows and it crashes: why?
@ -962,4 +968,15 @@ is needed. This must be done by calling:
See the manual pages for more details.
* Where are the declarations and implementations of d2i_X509() etc?
These are defined and implemented by macros of the form:
DECLARE_ASN1_FUNCTIONS(X509) and IMPLEMENT_ASN1_FUNCTIONS(X509)
The implementation passes an ASN1 "template" defining the structure into an
ASN1 interpreter using generalised functions such as ASN1_item_d2i().
===============================================================================

2
Makefile
View File

@ -4,7 +4,7 @@
## Makefile for OpenSSL
##
VERSION=0.9.8n
VERSION=0.9.8p
MAJOR=0
MINOR=9.8
SHLIB_VERSION_NUMBER=0.9.8

12
NEWS
View File

@ -5,6 +5,18 @@
This file gives a brief overview of the major changes between each OpenSSL
release. For more details please read the CHANGES file.
Major changes between OpenSSL 0.9.8o and OpenSSL 0.9.8p:
o Fix for security issue CVE-2010-3864.
Major changes between OpenSSL 0.9.8n and OpenSSL 0.9.8o:
o Fix for security issue CVE-2010-0742.
o Various DTLS fixes.
o Recognise SHA2 certificates if only SSL algorithms added.
o Fix for no-rc4 compilation.
o Chil ENGINE unload workaround.
Major changes between OpenSSL 0.9.8m and OpenSSL 0.9.8n:
o CFB cipher definition fixes.

4
PROBLEMS
View File

@ -36,7 +36,9 @@ may differ on your machine.
As long as Apple doesn't fix the problem with ld, this problem building
OpenSSL will remain as is.
OpenSSL will remain as is. Well, the problem was addressed in 0.9.8f by
passing -Wl,-search_paths_first, but it's unknown if the flag was
supported from the initial MacOS X release.
* Parallell make leads to errors

2
README
View File

@ -1,5 +1,5 @@
OpenSSL 0.9.8n
OpenSSL 0.9.8p 16 Nov 2010
Copyright (c) 1998-2009 The OpenSSL Project
Copyright (c) 1995-1998 Eric A. Young, Tim J. Hudson

17
apps/apps.c
View File

@ -351,13 +351,12 @@ void program_name(char *in, char *out, int size)
int chopup_args(ARGS *arg, char *buf, int *argc, char **argv[])
{
int num,len,i;
int num,i;
char *p;
*argc=0;
*argv=NULL;
len=strlen(buf);
i=0;
if (arg->count == 0)
{
@ -866,10 +865,17 @@ EVP_PKEY *load_key(BIO *err, const char *file, int format, int maybe_stdin,
if (format == FORMAT_ENGINE)
{
if (!e)
BIO_printf(bio_err,"no engine specified\n");
BIO_printf(err,"no engine specified\n");
else
{
pkey = ENGINE_load_private_key(e, file,
ui_method, &cb_data);
if (!pkey)
{
BIO_printf(err,"cannot load %s from engine\n",key_descrip);
ERR_print_errors(err);
}
}
goto end;
}
#endif
@ -919,8 +925,11 @@ EVP_PKEY *load_key(BIO *err, const char *file, int format, int maybe_stdin,
}
end:
if (key != NULL) BIO_free(key);
if (pkey == NULL)
if (pkey == NULL)
{
BIO_printf(err,"unable to load %s\n", key_descrip);
ERR_print_errors(err);
}
return(pkey);
}

5
apps/dh.c
View File

@ -88,9 +88,6 @@ int MAIN(int, char **);
int MAIN(int argc, char **argv)
{
#ifndef OPENSSL_NO_ENGINE
ENGINE *e = NULL;
#endif
DH *dh=NULL;
int i,badops=0,text=0;
BIO *in=NULL,*out=NULL;
@ -189,7 +186,7 @@ int MAIN(int argc, char **argv)
ERR_load_crypto_strings();
#ifndef OPENSSL_NO_ENGINE
e = setup_engine(bio_err, engine, 0);
setup_engine(bio_err, engine, 0);
#endif
in=BIO_new(BIO_s_file());

5
apps/dhparam.c
View File

@ -149,9 +149,6 @@ int MAIN(int, char **);
int MAIN(int argc, char **argv)
{
#ifndef OPENSSL_NO_ENGINE
ENGINE *e = NULL;
#endif
DH *dh=NULL;
int i,badops=0,text=0;
#ifndef OPENSSL_NO_DSA
@ -270,7 +267,7 @@ int MAIN(int argc, char **argv)
ERR_load_crypto_strings();
#ifndef OPENSSL_NO_ENGINE
e = setup_engine(bio_err, engine, 0);
setup_engine(bio_err, engine, 0);
#endif
if (g && !num)

9
apps/dsaparam.c
View File

@ -111,9 +111,6 @@ int MAIN(int, char **);
int MAIN(int argc, char **argv)
{
#ifndef OPENSSL_NO_ENGINE
ENGINE *e = NULL;
#endif
DSA *dsa=NULL;
int i,badops=0,text=0;
BIO *in=NULL,*out=NULL;
@ -278,7 +275,7 @@ int MAIN(int argc, char **argv)
}
#ifndef OPENSSL_NO_ENGINE
e = setup_engine(bio_err, engine, 0);
setup_engine(bio_err, engine, 0);
#endif
if (need_rand)
@ -357,12 +354,10 @@ int MAIN(int argc, char **argv)
if (C)
{
unsigned char *data;
int l,len,bits_p,bits_q,bits_g;
int l,len,bits_p;
len=BN_num_bytes(dsa->p);
bits_p=BN_num_bits(dsa->p);
bits_q=BN_num_bits(dsa->q);
bits_g=BN_num_bits(dsa->g);
data=(unsigned char *)OPENSSL_malloc(len+20);
if (data == NULL)
{

5
apps/ec.c
View File

@ -85,9 +85,6 @@ int MAIN(int, char **);
int MAIN(int argc, char **argv)
{
#ifndef OPENSSL_NO_ENGINE
ENGINE *e = NULL;
#endif
int ret = 1;
EC_KEY *eckey = NULL;
const EC_GROUP *group;
@ -254,7 +251,7 @@ int MAIN(int argc, char **argv)
ERR_load_crypto_strings();
#ifndef OPENSSL_NO_ENGINE
e = setup_engine(bio_err, engine, 0);
setup_engine(bio_err, engine, 0);
#endif
if(!app_passwd(bio_err, passargin, passargout, &passin, &passout))

5
apps/ecparam.c
View File

@ -129,9 +129,6 @@ int MAIN(int argc, char **argv)
char *infile = NULL, *outfile = NULL, *prog;
BIO *in = NULL, *out = NULL;
int informat, outformat, noout = 0, C = 0, ret = 1;
#ifndef OPENSSL_NO_ENGINE
ENGINE *e = NULL;
#endif
char *engine = NULL;
BIGNUM *ec_p = NULL, *ec_a = NULL, *ec_b = NULL,
@ -340,7 +337,7 @@ int MAIN(int argc, char **argv)
}
#ifndef OPENSSL_NO_ENGINE
e = setup_engine(bio_err, engine, 0);
setup_engine(bio_err, engine, 0);
#endif
if (list_curves)

5
apps/enc.c
View File

@ -100,9 +100,6 @@ int MAIN(int, char **);
int MAIN(int argc, char **argv)
{
#ifndef OPENSSL_NO_ENGINE
ENGINE *e = NULL;
#endif
static const char magic[]="Salted__";
char mbuf[sizeof magic-1];
char *strbuf=NULL;
@ -311,7 +308,7 @@ int MAIN(int argc, char **argv)
}
#ifndef OPENSSL_NO_ENGINE
e = setup_engine(bio_err, engine, 0);
setup_engine(bio_err, engine, 0);
#endif
if (md && (dgst=EVP_get_digestbyname(md)) == NULL)

5
apps/gendh.c
View File

@ -89,9 +89,6 @@ int MAIN(int, char **);
int MAIN(int argc, char **argv)
{
BN_GENCB cb;
#ifndef OPENSSL_NO_ENGINE
ENGINE *e = NULL;
#endif
DH *dh=NULL;
int ret=1,num=DEFBITS;
int g=2;
@ -163,7 +160,7 @@ int MAIN(int argc, char **argv)
}
#ifndef OPENSSL_NO_ENGINE
e = setup_engine(bio_err, engine, 0);
setup_engine(bio_err, engine, 0);
#endif
out=BIO_new(BIO_s_file());

5
apps/gendsa.c
View File

@ -78,9 +78,6 @@ int MAIN(int, char **);
int MAIN(int argc, char **argv)
{
#ifndef OPENSSL_NO_ENGINE
ENGINE *e = NULL;
#endif
DSA *dsa=NULL;
int ret=1;
char *outfile=NULL;
@ -206,7 +203,7 @@ int MAIN(int argc, char **argv)
}
#ifndef OPENSSL_NO_ENGINE
e = setup_engine(bio_err, engine, 0);
setup_engine(bio_err, engine, 0);
#endif
if(!app_passwd(bio_err, NULL, passargout, NULL, &passout)) {

5
apps/genrsa.c
View File

@ -89,9 +89,6 @@ int MAIN(int, char **);
int MAIN(int argc, char **argv)
{
BN_GENCB cb;
#ifndef OPENSSL_NO_ENGINE
ENGINE *e = NULL;
#endif
int ret=1;
int i,num=DEFBITS;
long l;
@ -235,7 +232,7 @@ int MAIN(int argc, char **argv)
}
#ifndef OPENSSL_NO_ENGINE
e = setup_engine(bio_err, engine, 0);
setup_engine(bio_err, engine, 0);
#endif
if (outfile == NULL)

5
apps/pkcs7.c
View File

@ -82,9 +82,6 @@ int MAIN(int, char **);
int MAIN(int argc, char **argv)
{
#ifndef OPENSSL_NO_ENGINE
ENGINE *e = NULL;
#endif
PKCS7 *p7=NULL;
int i,badops=0;
BIO *in=NULL,*out=NULL;
@ -180,7 +177,7 @@ int MAIN(int argc, char **argv)
ERR_load_crypto_strings();
#ifndef OPENSSL_NO_ENGINE
e = setup_engine(bio_err, engine, 0);
setup_engine(bio_err, engine, 0);
#endif
in=BIO_new(BIO_s_file());

5
apps/rand.c
View File

@ -77,9 +77,6 @@ int MAIN(int, char **);
int MAIN(int argc, char **argv)
{
#ifndef OPENSSL_NO_ENGINE
ENGINE *e = NULL;
#endif
int i, r, ret = 1;
int badopt;
char *outfile = NULL;
@ -178,7 +175,7 @@ int MAIN(int argc, char **argv)
}
#ifndef OPENSSL_NO_ENGINE
e = setup_engine(bio_err, engine, 0);
setup_engine(bio_err, engine, 0);
#endif
app_RAND_load_file(NULL, bio_err, (inrand != NULL));

7
apps/s_server.c
View File

@ -2075,12 +2075,14 @@ static int www_body(char *hostname, int s, unsigned char *context)
{
char *buf=NULL;
int ret=1;
int i,j,k,blank,dot;
int i,j,k,dot;
struct stat st_buf;
SSL *con;
SSL_CIPHER *c;
BIO *io,*ssl_bio,*sbio;
#ifdef RENEG
long total_bytes;
#endif
buf=OPENSSL_malloc(bufsize);
if (buf == NULL) return(0);
@ -2151,7 +2153,6 @@ static int www_body(char *hostname, int s, unsigned char *context)
SSL_set_msg_callback_arg(con, bio_s_out);
}
blank=0;
for (;;)
{
if (hack)
@ -2388,7 +2389,9 @@ static int www_body(char *hostname, int s, unsigned char *context)
BIO_puts(io,"HTTP/1.0 200 ok\r\nContent-type: text/plain\r\n\r\n");
}
/* send the file */
#ifdef RENEG
total_bytes=0;
#endif
for (;;)
{
i=BIO_read(file,buf,bufsize);

7
apps/s_socket.c
View File

@ -329,7 +329,7 @@ static int init_server_long(int *sock, int port, char *ip, int type)
{
int ret=0;
struct sockaddr_in server;
int s= -1,i;
int s= -1;
if (!ssl_sock_init()) return(0);
@ -368,7 +368,6 @@ static int init_server_long(int *sock, int port, char *ip, int type)
}
/* Make it 128 for linux */
if (type==SOCK_STREAM && listen(s,128) == -1) goto err;
i=0;
*sock=s;
ret=1;
err:
@ -386,7 +385,7 @@ static int init_server(int *sock, int port, int type)
static int do_accept(int acc_sock, int *sock, char **host)
{
int ret,i;
int ret;
struct hostent *h1,*h2;
static struct sockaddr_in from;
int len;
@ -409,6 +408,7 @@ static int do_accept(int acc_sock, int *sock, char **host)
if (ret == INVALID_SOCKET)
{
#if defined(OPENSSL_SYS_WINDOWS) || (defined(OPENSSL_SYS_NETWARE) && !defined(NETWARE_BSDSOCK))
int i;
i=WSAGetLastError();
BIO_printf(bio_err,"accept error %d\n",i);
#else
@ -463,7 +463,6 @@ static int do_accept(int acc_sock, int *sock, char **host)
BIO_printf(bio_err,"gethostbyname failure\n");
return(0);
}
i=0;
if (h2->h_addrtype != AF_INET)
{
BIO_printf(bio_err,"gethostbyname addr is not AF_INET\n");

12
apps/speed.c
View File

@ -500,9 +500,6 @@ int MAIN(int, char **);
int MAIN(int argc, char **argv)
{
#ifndef OPENSSL_NO_ENGINE
ENGINE *e = NULL;
#endif
unsigned char *buf=NULL,*buf2=NULL;
int mret=1;
long count=0,save_count=0;
@ -593,7 +590,6 @@ int MAIN(int argc, char **argv)
unsigned char DES_iv[8];
unsigned char iv[2*MAX_BLOCK_SIZE/8];
#ifndef OPENSSL_NO_DES
DES_cblock *buf_as_des_cblock = NULL;
static DES_cblock key ={0x12,0x34,0x56,0x78,0x9a,0xbc,0xde,0xf0};
static DES_cblock key2={0x34,0x56,0x78,0x9a,0xbc,0xde,0xf0,0x12};
static DES_cblock key3={0x56,0x78,0x9a,0xbc,0xde,0xf0,0x12,0x34};
@ -806,9 +802,6 @@ int MAIN(int argc, char **argv)
BIO_printf(bio_err,"out of memory\n");
goto end;
}
#ifndef OPENSSL_NO_DES
buf_as_des_cblock = (DES_cblock *)buf;
#endif
if ((buf2=(unsigned char *)OPENSSL_malloc((int)BUFSIZE)) == NULL)
{
BIO_printf(bio_err,"out of memory\n");
@ -883,7 +876,7 @@ int MAIN(int argc, char **argv)
BIO_printf(bio_err,"no engine given\n");
goto end;
}
e = setup_engine(bio_err, *argv, 0);
setup_engine(bio_err, *argv, 0);
/* j will be increased again further down. We just
don't want speed to confuse an engine with an
algorithm, especially when none is given (which
@ -1388,7 +1381,8 @@ int MAIN(int argc, char **argv)
count*=2;
Time_F(START);
for (it=count; it; it--)
DES_ecb_encrypt(buf_as_des_cblock,buf_as_des_cblock,
DES_ecb_encrypt((DES_cblock *)buf,
(DES_cblock *)buf,
&sch,DES_ENCRYPT);
d=Time_F(STOP);
} while (d <3);

2
apps/x509.c
View File

@ -539,7 +539,6 @@ int MAIN(int argc, char **argv)
if (reqfile)
{
EVP_PKEY *pkey;
X509_CINF *ci;
BIO *in;
if (!sign_flag && !CA_flag)
@ -607,7 +606,6 @@ int MAIN(int argc, char **argv)
print_name(bio_err, "subject=", X509_REQ_get_subject_name(req), nmflag);
if ((x=X509_new()) == NULL) goto end;
ci=x->cert_info;
if (sno == NULL)
{

12
crypto/aes/aes_wrap.c
View File

@ -85,9 +85,9 @@ int AES_wrap_key(AES_KEY *key, const unsigned char *iv,
A[7] ^= (unsigned char)(t & 0xff);
if (t > 0xff)
{
A[6] ^= (unsigned char)((t & 0xff) >> 8);
A[5] ^= (unsigned char)((t & 0xff) >> 16);
A[4] ^= (unsigned char)((t & 0xff) >> 24);
A[6] ^= (unsigned char)((t >> 8) & 0xff);
A[5] ^= (unsigned char)((t >> 16) & 0xff);
A[4] ^= (unsigned char)((t >> 24) & 0xff);
}
memcpy(R, B + 8, 8);
}
@ -119,9 +119,9 @@ int AES_unwrap_key(AES_KEY *key, const unsigned char *iv,
A[7] ^= (unsigned char)(t & 0xff);
if (t > 0xff)
{
A[6] ^= (unsigned char)((t & 0xff) >> 8);
A[5] ^= (unsigned char)((t & 0xff) >> 16);
A[4] ^= (unsigned char)((t & 0xff) >> 24);
A[6] ^= (unsigned char)((t >> 8) & 0xff);
A[5] ^= (unsigned char)((t >> 16) & 0xff);
A[4] ^= (unsigned char)((t >> 24) & 0xff);
}
memcpy(B + 8, R, 8);
AES_decrypt(B, B, key);

38
crypto/aes/asm/aes-x86_64.pl
View File

@ -751,7 +751,19 @@ $code.=<<___;
AES_set_encrypt_key:
push %rbx
push %rbp
sub \$8,%rsp
call _x86_64_AES_set_encrypt_key
mov 8(%rsp),%rbp
mov 16(%rsp),%rbx
add \$24,%rsp
ret
.size AES_set_encrypt_key,.-AES_set_encrypt_key
.type _x86_64_AES_set_encrypt_key,\@abi-omnipotent
.align 16
_x86_64_AES_set_encrypt_key:
mov %esi,%ecx # %ecx=bits
mov %rdi,%rsi # %rsi=userKey
mov %rdx,%rdi # %rdi=key
@ -938,10 +950,8 @@ $code.=<<___;
.Lbadpointer:
mov \$-1,%rax
.Lexit:
pop %rbp
pop %rbx
ret
.size AES_set_encrypt_key,.-AES_set_encrypt_key
.byte 0xf3,0xc3 # rep ret
.size _x86_64_AES_set_encrypt_key,.-_x86_64_AES_set_encrypt_key
___
sub deckey()
@ -973,15 +983,14 @@ $code.=<<___;
.type AES_set_decrypt_key,\@function,3
.align 16
AES_set_decrypt_key:
push %rdx
call AES_set_encrypt_key
cmp \$0,%eax
je .Lproceed
lea 24(%rsp),%rsp
ret
.Lproceed:
push %rbx
push %rbp
push %rdx # save key schedule
call _x86_64_AES_set_encrypt_key
mov (%rsp),%r8 # restore key schedule
mov %rbx,(%rsp)
cmp \$0,%eax
jne .Labort
mov 240(%r8),%ecx # pull number of rounds
xor %rdi,%rdi
@ -1023,7 +1032,10 @@ $code.=<<___;
jnz .Lpermute
xor %rax,%rax
pop %rbx
.Labort:
mov 8(%rsp),%rbp
mov 16(%rsp),%rbx
add \$24,%rsp
ret
.size AES_set_decrypt_key,.-AES_set_decrypt_key
___

3
crypto/asn1/a_int.c
View File

@ -273,7 +273,7 @@ ASN1_INTEGER *d2i_ASN1_UINTEGER(ASN1_INTEGER **a, const unsigned char **pp,
{
ASN1_INTEGER *ret=NULL;
const unsigned char *p;
unsigned char *to,*s;
unsigned char *s;
long len;
int inf,tag,xclass;
int i;
@ -308,7 +308,6 @@ ASN1_INTEGER *d2i_ASN1_UINTEGER(ASN1_INTEGER **a, const unsigned char **pp,
i=ERR_R_MALLOC_FAILURE;
goto err;
}
to=s;
ret->type=V_ASN1_INTEGER;
if(len) {
if ((*p == 0) && (len != 1))

3
crypto/asn1/n_pkey.c
View File

@ -242,7 +242,7 @@ RSA *d2i_RSA_NET(RSA **a, const unsigned char **pp, long length,
int sgckey)
{
RSA *ret=NULL;
const unsigned char *p, *kp;
const unsigned char *p;
NETSCAPE_ENCRYPTED_PKEY *enckey = NULL;
p = *pp;
@ -265,7 +265,6 @@ RSA *d2i_RSA_NET(RSA **a, const unsigned char **pp, long length,
ASN1err(ASN1_F_D2I_RSA_NET,ASN1_R_UNSUPPORTED_ENCRYPTION_ALGORITHM);
goto err;
}
kp = enckey->enckey->digest->data;
if (cb == NULL)
cb=EVP_read_pw_string;
if ((ret=d2i_RSA_NET_2(a, enckey->enckey->digest,cb, sgckey)) == NULL) goto err;

3
crypto/asn1/t_crl.c
View File

@ -87,7 +87,7 @@ int X509_CRL_print(BIO *out, X509_CRL *x)
STACK_OF(X509_REVOKED) *rev;
X509_REVOKED *r;
long l;
int i, n;
int i;
char *p;
BIO_printf(out, "Certificate Revocation List (CRL):\n");
@ -107,7 +107,6 @@ int X509_CRL_print(BIO *out, X509_CRL *x)
else BIO_printf(out,"NONE");
BIO_printf(out,"\n");
n=X509_CRL_get_ext_count(x);
X509V3_extensions_print(out, "CRL extensions",
x->crl->extensions, 0, 8);

3
crypto/asn1/tasn_dec.c
View File

@ -166,7 +166,7 @@ int ASN1_item_ex_d2i(ASN1_VALUE **pval, const unsigned char **in, long len,
int i;
int otag;
int ret = 0;
ASN1_VALUE *pchval, **pchptr, *ptmpval;
ASN1_VALUE **pchptr, *ptmpval;
if (!pval)
return 0;
if (aux && aux->asn1_cb)
@ -317,7 +317,6 @@ int ASN1_item_ex_d2i(ASN1_VALUE **pval, const unsigned char **in, long len,
goto err;
}
/* CHOICE type, try each possibility in turn */
pchval = NULL;
p = *in;
for (i = 0, tt=it->templates; i < it->tcount; i++, tt++)
{

4
crypto/asn1/x_x509.c
View File

@ -63,7 +63,7 @@
#include <openssl/x509.h>
#include <openssl/x509v3.h>
ASN1_SEQUENCE(X509_CINF) = {
ASN1_SEQUENCE_enc(X509_CINF, enc, 0) = {
ASN1_EXP_OPT(X509_CINF, version, ASN1_INTEGER, 0),
ASN1_SIMPLE(X509_CINF, serialNumber, ASN1_INTEGER),
ASN1_SIMPLE(X509_CINF, signature, X509_ALGOR),
@ -74,7 +74,7 @@ ASN1_SEQUENCE(X509_CINF) = {
ASN1_IMP_OPT(X509_CINF, issuerUID, ASN1_BIT_STRING, 1),
ASN1_IMP_OPT(X509_CINF, subjectUID, ASN1_BIT_STRING, 2),
ASN1_EXP_SEQUENCE_OF_OPT(X509_CINF, extensions, X509_EXTENSION, 3)
} ASN1_SEQUENCE_END(X509_CINF)
} ASN1_SEQUENCE_END_enc(X509_CINF, X509_CINF)
IMPLEMENT_ASN1_FUNCTIONS(X509_CINF)
/* X509 top level structure needs a bit of customisation */

7
crypto/bio/b_sock.c
View File

@ -659,7 +659,14 @@ int BIO_get_accept_socket(char *host, int bind_mode)
#ifdef SO_REUSEADDR
err_num=get_last_socket_error();
if ((bind_mode == BIO_BIND_REUSEADDR_IF_UNUSED) &&
#ifdef OPENSSL_SYS_WINDOWS
/* Some versions of Windows define EADDRINUSE to
* a dummy value.
*/
(err_num == WSAEADDRINUSE))
#else
(err_num == EADDRINUSE))
#endif
{
memcpy((char *)&client,(char *)&server,sizeof(server));
if (strcmp(h,"*") == 0)

2
crypto/bio/bf_nbio.c
View File

@ -125,7 +125,6 @@ static int nbiof_free(BIO *a)
static int nbiof_read(BIO *b, char *out, int outl)
{
NBIO_TEST *nt;
int ret=0;
#if 1
int num;
@ -134,7 +133,6 @@ static int nbiof_read(BIO *b, char *out, int outl)
if (out == NULL) return(0);
if (b->next_bio == NULL) return(0);
nt=(NBIO_TEST *)b->ptr;
BIO_clear_retry_flags(b);
#if 1

4
crypto/bio/bio_lib.c
View File

@ -110,7 +110,7 @@ int BIO_set(BIO *bio, BIO_METHOD *method)
int BIO_free(BIO *a)
{
int ret=0,i;
int i;
if (a == NULL) return(0);
@ -133,7 +133,7 @@ int BIO_free(BIO *a)
CRYPTO_free_ex_data(CRYPTO_EX_INDEX_BIO, a, &a->ex_data);
if ((a->method == NULL) || (a->method->destroy == NULL)) return(1);
ret=a->method->destroy(a);
a->method->destroy(a);
OPENSSL_free(a);
return(1);
}

5
crypto/bio/bss_acpt.c
View File

@ -340,7 +340,6 @@ static int acpt_write(BIO *b, const char *in, int inl)
static long acpt_ctrl(BIO *b, int cmd, long num, void *ptr)
{
BIO *dbio;
int *ip;
long ret=1;
BIO_ACCEPT *data;
@ -437,8 +436,8 @@ static long acpt_ctrl(BIO *b, int cmd, long num, void *ptr)
ret=(long)data->bind_mode;
break;
case BIO_CTRL_DUP:
dbio=(BIO *)ptr;
/* if (data->param_port) EAY EAY
/* dbio=(BIO *)ptr;
if (data->param_port) EAY EAY
BIO_set_port(dbio,data->param_port);
if (data->param_hostname)
BIO_set_hostname(dbio,data->param_hostname);

13
crypto/bio/bss_sock.c
View File

@ -172,15 +172,6 @@ static long sock_ctrl(BIO *b, int cmd, long num, void *ptr)
switch (cmd)
{
case BIO_CTRL_RESET:
num=0;
case BIO_C_FILE_SEEK:
ret=0;
break;
case BIO_C_FILE_TELL:
case BIO_CTRL_INFO:
ret=0;
break;
case BIO_C_SET_FD:
sock_free(b);
b->num= *((int *)ptr);
@ -203,10 +194,6 @@ static long sock_ctrl(BIO *b, int cmd, long num, void *ptr)
case BIO_CTRL_SET_CLOSE:
b->shutdown=(int)num;
break;
case BIO_CTRL_PENDING:
case BIO_CTRL_WPENDING:
ret=0;
break;
case BIO_CTRL_DUP:
case BIO_CTRL_FLUSH:
ret=1;

3
crypto/bn/bn_exp2.c
View File

@ -301,7 +301,8 @@ int BN_mod_exp2_mont(BIGNUM *rr, const BIGNUM *a1, const BIGNUM *p1,
r_is_one = 0;
}
}
BN_from_montgomery(rr,r,mont,ctx);
if (!BN_from_montgomery(rr,r,mont,ctx))
goto err;
ret=1;
err:
if ((in_mont == NULL) && (mont != NULL)) BN_MONT_CTX_free(mont);

9
crypto/bn/bn_mul.c
View File

@ -551,7 +551,7 @@ void bn_mul_part_recursive(BN_ULONG *r, BN_ULONG *a, BN_ULONG *b, int n,
int tna, int tnb, BN_ULONG *t)
{
int i,j,n2=n*2;
int c1,c2,neg,zero;
int c1,c2,neg;
BN_ULONG ln,lo,*p;
# ifdef BN_COUNT
@ -567,7 +567,7 @@ void bn_mul_part_recursive(BN_ULONG *r, BN_ULONG *a, BN_ULONG *b, int n,
/* r=(a[0]-a[1])*(b[1]-b[0]) */
c1=bn_cmp_part_words(a,&(a[n]),tna,n-tna);
c2=bn_cmp_part_words(&(b[n]),b,tnb,tnb-n);
zero=neg=0;
neg=0;
switch (c1*3+c2)
{
case -4:
@ -575,7 +575,6 @@ void bn_mul_part_recursive(BN_ULONG *r, BN_ULONG *a, BN_ULONG *b, int n,
bn_sub_part_words(&(t[n]),b, &(b[n]),tnb,n-tnb); /* - */
break;
case -3:
zero=1;
/* break; */
case -2:
bn_sub_part_words(t, &(a[n]),a, tna,tna-n); /* - */
@ -585,7 +584,6 @@ void bn_mul_part_recursive(BN_ULONG *r, BN_ULONG *a, BN_ULONG *b, int n,
case -1:
case 0:
case 1:
zero=1;
/* break; */
case 2:
bn_sub_part_words(t, a, &(a[n]),tna,n-tna); /* + */
@ -593,7 +591,6 @@ void bn_mul_part_recursive(BN_ULONG *r, BN_ULONG *a, BN_ULONG *b, int n,
neg=1;
break;
case 3:
zero=1;
/* break; */
case 4:
bn_sub_part_words(t, a, &(a[n]),tna,n-tna);
@ -1012,7 +1009,6 @@ int BN_mul(BIGNUM *r, const BIGNUM *a, const BIGNUM *b, BN_CTX *ctx)
{
if (i >= -1 && i <= 1)
{
int sav_j =0;
/* Find out the power of two lower or equal
to the longest of the two numbers */
if (i >= 0)
@ -1023,7 +1019,6 @@ int BN_mul(BIGNUM *r, const BIGNUM *a, const BIGNUM *b, BN_CTX *ctx)
{
j = BN_num_bits_word((BN_ULONG)bl);
}
sav_j = j;
j = 1<<(j-1);
assert(j <= al || j <= bl);
k = j+j;

4
crypto/cms/cms_asn1.c
View File

@ -130,8 +130,8 @@ ASN1_NDEF_SEQUENCE(CMS_SignedData) = {
} ASN1_NDEF_SEQUENCE_END(CMS_SignedData)
ASN1_SEQUENCE(CMS_OriginatorInfo) = {
ASN1_IMP_SET_OF_OPT(CMS_SignedData, certificates, CMS_CertificateChoices, 0),
ASN1_IMP_SET_OF_OPT(CMS_SignedData, crls, CMS_RevocationInfoChoice, 1)
ASN1_IMP_SET_OF_OPT(CMS_OriginatorInfo, certificates, CMS_CertificateChoices, 0),
ASN1_IMP_SET_OF_OPT(CMS_OriginatorInfo, crls, CMS_RevocationInfoChoice, 1)
} ASN1_SEQUENCE_END(CMS_OriginatorInfo)
ASN1_NDEF_SEQUENCE(CMS_EncryptedContentInfo) = {

17
crypto/conf/conf_def.c
View File

@ -213,13 +213,14 @@ static int def_load_bio(CONF *conf, BIO *in, long *line)
int bufnum=0,i,ii;
BUF_MEM *buff=NULL;
char *s,*p,*end;
int again,n;
int again;
long eline=0;
char btmp[DECIMAL_SIZE(eline)+1];
CONF_VALUE *v=NULL,*tv;
CONF_VALUE *sv=NULL;
char *section=NULL,*buf;
STACK_OF(CONF_VALUE) *section_sk=NULL,*ts;
/* STACK_OF(CONF_VALUE) *section_sk=NULL;*/
/* STACK_OF(CONF_VALUE) *ts=NULL;*/
char *start,*psection,*pname;
void *h = (void *)(conf->data);
@ -250,7 +251,7 @@ static int def_load_bio(CONF *conf, BIO *in, long *line)
CONF_R_UNABLE_TO_CREATE_NEW_SECTION);
goto err;
}
section_sk=(STACK_OF(CONF_VALUE) *)sv->value;
/* section_sk=(STACK_OF(CONF_VALUE) *)sv->value;*/
bufnum=0;
again=0;
@ -309,7 +310,6 @@ static int def_load_bio(CONF *conf, BIO *in, long *line)
buf=buff->data;
clear_comments(conf, buf);
n=strlen(buf);
s=eat_ws(conf, buf);
if (IS_EOF(conf,*s)) continue; /* blank line */
if (*s == '[')
@ -343,7 +343,7 @@ static int def_load_bio(CONF *conf, BIO *in, long *line)
CONF_R_UNABLE_TO_CREATE_NEW_SECTION);
goto err;
}
section_sk=(STACK_OF(CONF_VALUE) *)sv->value;
/* section_sk=(STACK_OF(CONF_VALUE) *)sv->value;*/
continue;
}
else
@ -406,12 +406,12 @@ static int def_load_bio(CONF *conf, BIO *in, long *line)
CONF_R_UNABLE_TO_CREATE_NEW_SECTION);
goto err;
}
ts=(STACK_OF(CONF_VALUE) *)tv->value;
/* ts=(STACK_OF(CONF_VALUE) *)tv->value;*/
}
else
{
tv=sv;
ts=section_sk;
/* ts=section_sk;*/
}
#if 1
if (_CONF_add_string(conf, tv, v) == 0)
@ -465,9 +465,6 @@ static int def_load_bio(CONF *conf, BIO *in, long *line)
static void clear_comments(CONF *conf, char *p)
{
char *to;
to=p;
for (;;)
{
if (IS_FCOMMENT(conf,*p))

4
crypto/des/rpc_des.h
View File

@ -122,10 +122,10 @@ struct desparams {
/*
* Encrypt an arbitrary sized buffer
*/
#define DESIOCBLOCK _IOWR(d, 6, struct desparams)
#define DESIOCBLOCK _IOWR('d', 6, struct desparams)
/*
* Encrypt of small amount of data, quickly
*/
#define DESIOCQUICK _IOWR(d, 7, struct desparams)
#define DESIOCQUICK _IOWR('d', 7, struct desparams)

3
crypto/dsa/dsa_gen.c
View File

@ -110,7 +110,7 @@ static int dsa_builtin_paramgen(DSA *ret, int bits,
BIGNUM *r0,*W,*X,*c,*test;
BIGNUM *g=NULL,*q=NULL,*p=NULL;
BN_MONT_CTX *mont=NULL;
int k,n=0,i,b,m=0;
int k,n=0,i,m=0;
int counter=0;
int r=0;
BN_CTX *ctx=NULL;
@ -211,7 +211,6 @@ static int dsa_builtin_paramgen(DSA *ret, int bits,
/* "offset = 2" */
n=(bits-1)/160;
b=(bits-1)-n*160;
for (;;)
{

3
crypto/dsa/dsa_ossl.c
View File

@ -178,7 +178,8 @@ static DSA_SIG *dsa_do_sign(const unsigned char *dgst, int dlen, DSA *dsa)
if (!BN_mod_mul(&xr,dsa->priv_key,r,dsa->q,ctx)) goto err;/* s = xr */
if (!BN_add(s, &xr, &m)) goto err; /* s = m + xr */
if (BN_cmp(s,dsa->q) > 0)
BN_sub(s,s,dsa->q);
if (!BN_sub(s,s,dsa->q))
goto err;
if (!BN_mod_mul(s,s,kinv,dsa->q,ctx)) goto err;
ret=DSA_SIG_new();

13
crypto/ec/ec2_mult.c
View File

@ -318,6 +318,7 @@ int ec_GF2m_simple_mul(const EC_GROUP *group, EC_POINT *r, const BIGNUM *scalar,
int ret = 0;
size_t i;
EC_POINT *p=NULL;
EC_POINT *acc = NULL;
if (ctx == NULL)
{
@ -337,15 +338,16 @@ int ec_GF2m_simple_mul(const EC_GROUP *group, EC_POINT *r, const BIGNUM *scalar,
}
if ((p = EC_POINT_new(group)) == NULL) goto err;
if ((acc = EC_POINT_new(group)) == NULL) goto err;
if (!EC_POINT_set_to_infinity(group, r)) goto err;
if (!EC_POINT_set_to_infinity(group, acc)) goto err;
if (scalar)
{
if (!ec_GF2m_montgomery_point_multiply(group, p, scalar, group->generator, ctx)) goto err;
if (BN_is_negative(scalar))
if (BN_is_negative(scalar))
if (!group->meth->invert(group, p, ctx)) goto err;
if (!group->meth->add(group, r, r, p, ctx)) goto err;
if (!group->meth->add(group, acc, acc, p, ctx)) goto err;
}
for (i = 0; i < num; i++)
@ -353,13 +355,16 @@ int ec_GF2m_simple_mul(const EC_GROUP *group, EC_POINT *r, const BIGNUM *scalar,
if (!ec_GF2m_montgomery_point_multiply(group, p, scalars[i], points[i], ctx)) goto err;
if (BN_is_negative(scalars[i]))
if (!group->meth->invert(group, p, ctx)) goto err;
if (!group->meth->add(group, r, r, p, ctx)) goto err;
if (!group->meth->add(group, acc, acc, p, ctx)) goto err;
}
if (!EC_POINT_copy(r, acc)) goto err;
ret = 1;
err:
if (p) EC_POINT_free(p);
if (acc) EC_POINT_free(acc);
if (new_ctx != NULL)
BN_CTX_free(new_ctx);
return ret;

6
crypto/ec/ec_mult.c
View File

@ -169,11 +169,13 @@ static void ec_pre_comp_clear_free(void *pre_)
EC_POINT **p;
for (p = pre->points; *p != NULL; p++)
{
EC_POINT_clear_free(*p);
OPENSSL_cleanse(pre->points, sizeof pre->points);
OPENSSL_cleanse(p, sizeof *p);
}
OPENSSL_free(pre->points);
}
OPENSSL_cleanse(pre, sizeof pre);
OPENSSL_cleanse(pre, sizeof *pre);
OPENSSL_free(pre);
}

6
crypto/ecdh/ech_lib.c
View File

@ -96,7 +96,6 @@ const ECDH_METHOD *ECDH_get_default_method(void)
int ECDH_set_method(EC_KEY *eckey, const ECDH_METHOD *meth)
{
const ECDH_METHOD *mtmp;
ECDH_DATA *ecdh;
ecdh = ecdh_check(eckey);
@ -104,11 +103,6 @@ int ECDH_set_method(EC_KEY *eckey, const ECDH_METHOD *meth)
if (ecdh == NULL)
return 0;
mtmp = ecdh->meth;
#if 0
if (mtmp->finish)
mtmp->finish(eckey);
#endif
#ifndef OPENSSL_NO_ENGINE
if (ecdh->engine)
{

2
crypto/ecdsa/ecs_lib.c
View File

@ -83,7 +83,6 @@ const ECDSA_METHOD *ECDSA_get_default_method(void)
int ECDSA_set_method(EC_KEY *eckey, const ECDSA_METHOD *meth)
{
const ECDSA_METHOD *mtmp;
ECDSA_DATA *ecdsa;
ecdsa = ecdsa_check(eckey);
@ -91,7 +90,6 @@ int ECDSA_set_method(EC_KEY *eckey, const ECDSA_METHOD *meth)
if (ecdsa == NULL)
return 0;
mtmp = ecdsa->meth;
#ifndef OPENSSL_NO_ENGINE
if (ecdsa->engine)
{

1
crypto/engine/eng_list.c
View File

@ -412,6 +412,7 @@ ENGINE *ENGINE_by_id(const char *id)
return iterator;
}
notfound:
ENGINE_free(iterator);
ENGINEerr(ENGINE_F_ENGINE_BY_ID,ENGINE_R_NO_SUCH_ENGINE);
ERR_add_error_data(2, "id=", id);
return NULL;

10
crypto/err/err_prn.c
View File

@ -79,14 +79,20 @@ void ERR_print_errors_cb(int (*cb)(const char *str, size_t len, void *u),
ERR_error_string_n(l, buf, sizeof buf);
BIO_snprintf(buf2, sizeof(buf2), "%lu:%s:%s:%d:%s\n", es, buf,
file, line, (flags & ERR_TXT_STRING) ? data : "");
cb(buf2, strlen(buf2), u);
if (cb(buf2, strlen(buf2), u) <= 0)
break; /* abort outputting the error report */
}
}
#ifndef OPENSSL_NO_FP_API
static int print_fp(const char *str, size_t len, void *fp)
{
return fwrite(str, 1, len, fp);
BIO bio;
BIO_set(&bio,BIO_s_file());
BIO_set_fp(&bio,fp,BIO_NOCLOSE);
return BIO_printf(&bio, "%s", str);
}
void ERR_print_errors_fp(FILE *fp)
{

77
crypto/evp/bio_b64.c
View File

@ -64,7 +64,7 @@
static int b64_write(BIO *h, const char *buf, int num);
static int b64_read(BIO *h, char *buf, int size);
/*static int b64_puts(BIO *h, const char *str); */
static int b64_puts(BIO *h, const char *str);
/*static int b64_gets(BIO *h, char *str, int size); */
static long b64_ctrl(BIO *h, int cmd, long arg1, void *arg2);
static int b64_new(BIO *h);
@ -96,7 +96,7 @@ static BIO_METHOD methods_b64=
BIO_TYPE_BASE64,"base64 encoding",
b64_write,
b64_read,
NULL, /* b64_puts, */
b64_puts,
NULL, /* b64_gets, */
b64_ctrl,
b64_new,
@ -127,6 +127,7 @@ static int b64_new(BIO *bi)
bi->init=1;
bi->ptr=(char *)ctx;
bi->flags=0;
bi->num = 0;
return(1);
}
@ -151,6 +152,8 @@ static int b64_read(BIO *b, char *out, int outl)
if ((ctx == NULL) || (b->next_bio == NULL)) return(0);
BIO_clear_retry_flags(b);
if (ctx->encode != B64_DECODE)
{
ctx->encode=B64_DECODE;
@ -163,6 +166,7 @@ static int b64_read(BIO *b, char *out, int outl)
/* First check if there are bytes decoded/encoded */
if (ctx->buf_len > 0)
{
OPENSSL_assert(ctx->buf_len >= ctx->buf_off);
i=ctx->buf_len-ctx->buf_off;
if (i > outl) i=outl;
OPENSSL_assert(ctx->buf_off+i < (int)sizeof(ctx->buf));
@ -184,7 +188,6 @@ static int b64_read(BIO *b, char *out, int outl)
ret_code=0;
while (outl > 0)
{
if (ctx->cont <= 0)
break;
@ -195,7 +198,7 @@ static int b64_read(BIO *b, char *out, int outl)
{
ret_code=i;
/* Should be continue next time we are called? */
/* Should we continue next time we are called? */
if (!BIO_should_retry(b->next_bio))
{
ctx->cont=i;
@ -285,19 +288,27 @@ static int b64_read(BIO *b, char *out, int outl)
continue;
}
else
{
ctx->tmp_len=0;
}
/* If buffer isn't full and we can retry then
* restart to read in more data.
*/
}
else if ((i < B64_BLOCK_SIZE) && (ctx->cont > 0))
{
/* If buffer isn't full and we can retry then
* restart to read in more data.
*/
continue;
}
if (BIO_get_flags(b) & BIO_FLAGS_BASE64_NO_NL)
{
int z,jj;
#if 0
jj=(i>>2)<<2;
#else
jj = i & ~3; /* process per 4 */
#endif
z=EVP_DecodeBlock((unsigned char *)ctx->buf,
(unsigned char *)ctx->tmp,jj);
if (jj > 2)
@ -313,18 +324,15 @@ static int b64_read(BIO *b, char *out, int outl)
* number consumed */
if (jj != i)
{
memcpy((unsigned char *)ctx->tmp,
(unsigned char *)&(ctx->tmp[jj]),i-jj);
memmove(ctx->tmp, &ctx->tmp[jj], i-jj);
ctx->tmp_len=i-jj;
}
ctx->buf_len=0;
if (z > 0)
{
ctx->buf_len=z;
i=1;
}
else
i=z;
i=z;
}
else
{
@ -357,14 +365,16 @@ static int b64_read(BIO *b, char *out, int outl)
outl-=i;
out+=i;
}
BIO_clear_retry_flags(b);
/* BIO_clear_retry_flags(b); */
BIO_copy_next_retry(b);
return((ret == 0)?ret_code:ret);
}
static int b64_write(BIO *b, const char *in, int inl)
{
int ret=inl,n,i;
int ret=0;
int n;
int i;
BIO_B64_CTX *ctx;
ctx=(BIO_B64_CTX *)b->ptr;
@ -379,6 +389,9 @@ static int b64_write(BIO *b, const char *in, int inl)
EVP_EncodeInit(&(ctx->base64));
}
OPENSSL_assert(ctx->buf_off < (int)sizeof(ctx->buf));
OPENSSL_assert(ctx->buf_len <= (int)sizeof(ctx->buf));
OPENSSL_assert(ctx->buf_len >= ctx->buf_off);
n=ctx->buf_len-ctx->buf_off;
while (n > 0)
{
@ -388,7 +401,10 @@ static int b64_write(BIO *b, const char *in, int inl)
BIO_copy_next_retry(b);
return(i);
}
OPENSSL_assert(i <= n);
ctx->buf_off+=i;
OPENSSL_assert(ctx->buf_off <= (int)sizeof(ctx->buf));
OPENSSL_assert(ctx->buf_len >= ctx->buf_off);
n-=i;
}
/* at this point all pending data has been written */
@ -405,18 +421,19 @@ static int b64_write(BIO *b, const char *in, int inl)
{
if (ctx->tmp_len > 0)
{
OPENSSL_assert(ctx->tmp_len <= 3);
n=3-ctx->tmp_len;
/* There's a teoretical possibility for this */
/* There's a theoretical possibility for this */
if (n > inl)
n=inl;
memcpy(&(ctx->tmp[ctx->tmp_len]),in,n);
ctx->tmp_len+=n;
ret += n;
if (ctx->tmp_len < 3)
break;
ctx->buf_len=EVP_EncodeBlock(
(unsigned char *)ctx->buf,
(unsigned char *)ctx->tmp,
ctx->tmp_len);
ctx->buf_len=EVP_EncodeBlock((unsigned char *)ctx->buf,(unsigned char *)ctx->tmp,ctx->tmp_len);
OPENSSL_assert(ctx->buf_len <= (int)sizeof(ctx->buf));
OPENSSL_assert(ctx->buf_len >= ctx->buf_off);
/* Since we're now done using the temporary
buffer, the length should be 0'd */
ctx->tmp_len=0;
@ -425,14 +442,16 @@ static int b64_write(BIO *b, const char *in, int inl)
{
if (n < 3)
{
memcpy(&(ctx->tmp[0]),in,n);
memcpy(ctx->tmp,in,n);
ctx->tmp_len=n;
ret += n;
break;
}
n-=n%3;
ctx->buf_len=EVP_EncodeBlock(
(unsigned char *)ctx->buf,
(unsigned char *)in,n);
ctx->buf_len=EVP_EncodeBlock((unsigned char *)ctx->buf,(const unsigned char *)in,n);
OPENSSL_assert(ctx->buf_len <= (int)sizeof(ctx->buf));
OPENSSL_assert(ctx->buf_len >= ctx->buf_off);
ret += n;
}
}
else
@ -440,6 +459,9 @@ static int b64_write(BIO *b, const char *in, int inl)
EVP_EncodeUpdate(&(ctx->base64),
(unsigned char *)ctx->buf,&ctx->buf_len,
(unsigned char *)in,n);
OPENSSL_assert(ctx->buf_len <= (int)sizeof(ctx->buf));
OPENSSL_assert(ctx->buf_len >= ctx->buf_off);
ret += n;
}
inl-=n;
in+=n;
@ -454,8 +476,11 @@ static int b64_write(BIO *b, const char *in, int inl)
BIO_copy_next_retry(b);
return((ret == 0)?i:ret);
}
OPENSSL_assert(i <= n);
n-=i;
ctx->buf_off+=i;
OPENSSL_assert(ctx->buf_off <= (int)sizeof(ctx->buf));
OPENSSL_assert(ctx->buf_len >= ctx->buf_off);
}
ctx->buf_len=0;
ctx->buf_off=0;
@ -486,6 +511,7 @@ static long b64_ctrl(BIO *b, int cmd, long num, void *ptr)
ret=BIO_ctrl(b->next_bio,cmd,num,ptr);
break;
case BIO_CTRL_WPENDING: /* More to write in buffer */
OPENSSL_assert(ctx->buf_len >= ctx->buf_off);
ret=ctx->buf_len-ctx->buf_off;
if ((ret == 0) && (ctx->encode != B64_NONE)
&& (ctx->base64.num != 0))
@ -494,6 +520,7 @@ static long b64_ctrl(BIO *b, int cmd, long num, void *ptr)
ret=BIO_ctrl(b->next_bio,cmd,num,ptr);
break;
case BIO_CTRL_PENDING: /* More to read in buffer */
OPENSSL_assert(ctx->buf_len >= ctx->buf_off);
ret=ctx->buf_len-ctx->buf_off;
if (ret <= 0)
ret=BIO_ctrl(b->next_bio,cmd,num,ptr);
@ -565,3 +592,7 @@ static long b64_callback_ctrl(BIO *b, int cmd, bio_info_cb *fp)
return(ret);
}
static int b64_puts(BIO *b, const char *str)
{
return b64_write(b,str,strlen(str));
}

1
crypto/evp/enc_min.c
View File

@ -279,6 +279,7 @@ int EVP_CipherInit_ex(EVP_CIPHER_CTX *ctx, const EVP_CIPHER *cipher, ENGINE *imp
case EVP_CIPH_OFB_MODE:
ctx->num = 0;
/* fall-through */
case EVP_CIPH_CBC_MODE:

3
crypto/evp/encode.c
View File

@ -235,7 +235,7 @@ void EVP_DecodeInit(EVP_ENCODE_CTX *ctx)
int EVP_DecodeUpdate(EVP_ENCODE_CTX *ctx, unsigned char *out, int *outl,
const unsigned char *in, int inl)
{
int seof= -1,eof=0,rv= -1,ret=0,i,v,tmp,n,ln,tmp2,exp_nl;
int seof= -1,eof=0,rv= -1,ret=0,i,v,tmp,n,ln,exp_nl;
unsigned char *d;
n=ctx->num;
@ -319,7 +319,6 @@ int EVP_DecodeUpdate(EVP_ENCODE_CTX *ctx, unsigned char *out, int *outl,
* lines. We process the line and then need to
* accept the '\n' */
if ((v != B64_EOF) && (n >= 64)) exp_nl=1;
tmp2=v;
if (n > 0)
{
v=EVP_DecodeBlock(out,d,n);

49
crypto/evp/evp_pbe.c
View File

@ -116,17 +116,50 @@ static int pbe_cmp(const char * const *a, const char * const *b)
int EVP_PBE_alg_add(int nid, const EVP_CIPHER *cipher, const EVP_MD *md,
EVP_PBE_KEYGEN *keygen)
{
EVP_PBE_CTL *pbe_tmp;
if (!pbe_algs) pbe_algs = sk_new(pbe_cmp);
if (!(pbe_tmp = (EVP_PBE_CTL*) OPENSSL_malloc (sizeof(EVP_PBE_CTL)))) {
EVPerr(EVP_F_EVP_PBE_ALG_ADD,ERR_R_MALLOC_FAILURE);
return 0;
}
pbe_tmp->pbe_nid = nid;
EVP_PBE_CTL *pbe_tmp = NULL, pbelu;
int i;
if (!pbe_algs)
{
pbe_algs = sk_new(pbe_cmp);
if (!pbe_algs)
{
EVPerr(EVP_F_EVP_PBE_ALG_ADD,ERR_R_MALLOC_FAILURE);
return 0;
}
}
else
{
/* Check if already present */
pbelu.pbe_nid = nid;
i = sk_find(pbe_algs, (char *)&pbelu);
if (i >= 0)
{
pbe_tmp = (EVP_PBE_CTL *)sk_value(pbe_algs, i);
/* If everything identical leave alone */
if (pbe_tmp->cipher == cipher
&& pbe_tmp->md == md
&& pbe_tmp->keygen == keygen)
return 1;
}
}
if (!pbe_tmp)
{
pbe_tmp = OPENSSL_malloc (sizeof(EVP_PBE_CTL));
if (!pbe_tmp)
{
EVPerr(EVP_F_EVP_PBE_ALG_ADD,ERR_R_MALLOC_FAILURE);
return 0;
}
/* If adding a new PBE, set nid, append and sort */
pbe_tmp->pbe_nid = nid;
sk_push (pbe_algs, (char *)pbe_tmp);
sk_sort(pbe_algs);
}
pbe_tmp->cipher = cipher;
pbe_tmp->md = md;
pbe_tmp->keygen = keygen;
sk_push (pbe_algs, (char *)pbe_tmp);
return 1;
}

3
crypto/hmac/hmac.c
View File

@ -130,12 +130,9 @@ void HMAC_Update(HMAC_CTX *ctx, const unsigned char *data, size_t len)
void HMAC_Final(HMAC_CTX *ctx, unsigned char *md, unsigned int *len)
{
int j;
unsigned int i;
unsigned char buf[EVP_MAX_MD_SIZE];
j=EVP_MD_block_size(ctx->md);
EVP_DigestFinal_ex(&ctx->md_ctx,buf,&i);
EVP_MD_CTX_copy_ex(&ctx->md_ctx,&ctx->o_ctx);
EVP_DigestUpdate(&ctx->md_ctx,buf,i);

2
crypto/md32_common.h
View File

@ -242,7 +242,7 @@
# if defined(__GNUC__) && __GNUC__>=2 && !defined(OPENSSL_NO_ASM) && !defined(OPENSSL_NO_INLINE_ASM)
# if defined(__s390x__)
# define HOST_c2l(c,l) ({ asm ("lrv %0,%1" \
:"=d"(l) :"m"(*(const unsigned int *)(c));\
:"=d"(l) :"m"(*(const unsigned int *)(c)));\
(c)+=4; (l); })
# define HOST_l2c(l,c) ({ asm ("strv %1,%0" \
:"=m"(*(unsigned int *)(c)) :"d"(l));\

5
crypto/o_init.c
View File

@ -58,11 +58,16 @@
#include <e_os.h>
#include <openssl/err.h>
/* Internal only functions: only ever used here */
#ifdef OPENSSL_FIPS
extern void int_ERR_lib_init(void);
# ifndef OPENSSL_NO_ENGINE
extern void int_EVP_MD_init_engine_callbacks(void );
extern void int_EVP_CIPHER_init_engine_callbacks(void );
extern void int_RAND_init_engine_callbacks(void );
# endif
#endif
/* Perform any essential OpenSSL initialization operations.
* Currently only sets FIPS callbacks

12
crypto/ocsp/ocsp_ht.c
View File

@ -371,11 +371,12 @@ int OCSP_sendreq_nbio(OCSP_RESPONSE **presp, OCSP_REQ_CTX *rctx)
case OHS_ASN1_HEADER:
/* Now reading ASN1 header: can read at least 6 bytes which
* is more than enough for any valid ASN1 SEQUENCE header
/* Now reading ASN1 header: can read at least 2 bytes which
* is enough for ASN1 SEQUENCE header and either length field
* or at least the length of the length field.
*/
n = BIO_get_mem_data(rctx->mem, &p);
if (n < 6)
if (n < 2)
goto next_io;
/* Check it is an ASN1 SEQUENCE */
@ -388,6 +389,11 @@ int OCSP_sendreq_nbio(OCSP_RESPONSE **presp, OCSP_REQ_CTX *rctx)
/* Check out length field */
if (*p & 0x80)
{
/* If MSB set on initial length octet we can now
* always read 6 octets: make sure we have them.
*/
if (n < 6)
goto next_io;
n = *p & 0x7F;
/* Not NDEF or excessive length */
if (!n || (n > 4))

2
crypto/ocsp/ocsp_prn.c
View File

@ -182,7 +182,6 @@ int OCSP_RESPONSE_print(BIO *bp, OCSP_RESPONSE* o, unsigned long flags)
{
int i, ret = 0;
long l;
unsigned char *p;
OCSP_CERTID *cid = NULL;
OCSP_BASICRESP *br = NULL;
OCSP_RESPID *rid = NULL;
@ -207,7 +206,6 @@ int OCSP_RESPONSE_print(BIO *bp, OCSP_RESPONSE* o, unsigned long flags)
return 1;
}
p = ASN1_STRING_data(rb->response);
i = ASN1_STRING_length(rb->response);
if (!(br = OCSP_response_get1_basic(o))) goto err;
rd = br->tbsResponseData;

6
crypto/opensslv.h
View File

@ -25,11 +25,11 @@
* (Prior to 0.9.5a beta1, a different scheme was used: MMNNFFRBB for
* major minor fix final patch/beta)
*/
#define OPENSSL_VERSION_NUMBER 0x009080efL
#define OPENSSL_VERSION_NUMBER 0x0090810f
#ifdef OPENSSL_FIPS
#define OPENSSL_VERSION_TEXT "OpenSSL 0.9.8n-fips 24 Mar 2010"
#define OPENSSL_VERSION_TEXT "OpenSSL 0.9.8p-fips 16 Nov 2010"
#else
#define OPENSSL_VERSION_TEXT "OpenSSL 0.9.8n 24 Mar 2010"
#define OPENSSL_VERSION_TEXT "OpenSSL 0.9.8p 16 Nov 2010"
#endif
#define OPENSSL_VERSION_PTEXT " part of " OPENSSL_VERSION_TEXT

2
crypto/pem/pem_lib.c
View File

@ -434,7 +434,6 @@ int PEM_do_header(EVP_CIPHER_INFO *cipher, unsigned char *data, long *plen,
int PEM_get_EVP_CIPHER_INFO(char *header, EVP_CIPHER_INFO *cipher)
{
int o;
const EVP_CIPHER *enc=NULL;
char *p,c;
char **header_pp = &header;
@ -474,7 +473,6 @@ int PEM_get_EVP_CIPHER_INFO(char *header, EVP_CIPHER_INFO *cipher)
header++;
}
*header='\0';
o=OBJ_sn2nid(p);
cipher->cipher=enc=EVP_get_cipherbyname(p);
*header=c;
header++;

38
crypto/pkcs12/p12_key.c
View File

@ -110,6 +110,7 @@ int PKCS12_key_gen_uni(unsigned char *pass, int passlen, unsigned char *salt,
unsigned char *B, *D, *I, *p, *Ai;
int Slen, Plen, Ilen, Ijlen;
int i, j, u, v;
int ret = 0;
BIGNUM *Ij, *Bpl1; /* These hold Ij and B + 1 */
EVP_MD_CTX ctx;
#ifdef DEBUG_KEYGEN
@ -145,10 +146,8 @@ int PKCS12_key_gen_uni(unsigned char *pass, int passlen, unsigned char *salt,
I = OPENSSL_malloc (Ilen);
Ij = BN_new();
Bpl1 = BN_new();
if (!D || !Ai || !B || !I || !Ij || !Bpl1) {
PKCS12err(PKCS12_F_PKCS12_KEY_GEN_UNI,ERR_R_MALLOC_FAILURE);
return 0;
}
if (!D || !Ai || !B || !I || !Ij || !Bpl1)
goto err;
for (i = 0; i < v; i++) D[i] = id;
p = I;
for (i = 0; i < Slen; i++) *p++ = salt[i % saltlen];
@ -165,28 +164,22 @@ int PKCS12_key_gen_uni(unsigned char *pass, int passlen, unsigned char *salt,
}
memcpy (out, Ai, min (n, u));
if (u >= n) {
OPENSSL_free (Ai);
OPENSSL_free (B);
OPENSSL_free (D);
OPENSSL_free (I);
BN_free (Ij);
BN_free (Bpl1);
EVP_MD_CTX_cleanup(&ctx);
#ifdef DEBUG_KEYGEN
fprintf(stderr, "Output KEY (length %d)\n", tmpn);
h__dump(tmpout, tmpn);
#endif
return 1;
ret = 1;
goto end;
}
n -= u;
out += u;
for (j = 0; j < v; j++) B[j] = Ai[j % u];
/* Work out B + 1 first then can use B as tmp space */
BN_bin2bn (B, v, Bpl1);
BN_add_word (Bpl1, 1);
if (!BN_bin2bn (B, v, Bpl1)) goto err;
if (!BN_add_word (Bpl1, 1)) goto err;
for (j = 0; j < Ilen ; j+=v) {
BN_bin2bn (I + j, v, Ij);
BN_add (Ij, Ij, Bpl1);
if (!BN_bin2bn (I + j, v, Ij)) goto err;
if (!BN_add (Ij, Ij, Bpl1)) goto err;
BN_bn2bin (Ij, B);
Ijlen = BN_num_bytes (Ij);
/* If more than 2^(v*8) - 1 cut off MSB */
@ -202,6 +195,19 @@ int PKCS12_key_gen_uni(unsigned char *pass, int passlen, unsigned char *salt,
} else BN_bn2bin (Ij, I + j);
}
}
err:
PKCS12err(PKCS12_F_PKCS12_KEY_GEN_UNI,ERR_R_MALLOC_FAILURE);
end:
OPENSSL_free (Ai);
OPENSSL_free (B);
OPENSSL_free (D);
OPENSSL_free (I);
BN_free (Ij);
BN_free (Bpl1);
EVP_MD_CTX_cleanup(&ctx);
return ret;
}
#ifdef DEBUG_KEYGEN
void h__dump (unsigned char *p, int len)

17
crypto/pkcs12/p12_npas.c
View File

@ -120,8 +120,13 @@ static int newpass_p12(PKCS12 *p12, char *oldpass, char *newpass)
bags = PKCS12_unpack_p7data(p7);
} else if (bagnid == NID_pkcs7_encrypted) {
bags = PKCS12_unpack_p7encdata(p7, oldpass, -1);
alg_get(p7->d.encrypted->enc_data->algorithm,
&pbe_nid, &pbe_iter, &pbe_saltlen);
if (!alg_get(p7->d.encrypted->enc_data->algorithm,
&pbe_nid, &pbe_iter, &pbe_saltlen))
{
sk_PKCS12_SAFEBAG_pop_free(bags,
PKCS12_SAFEBAG_free);
bags = NULL;
}
} else continue;
if (!bags) {
sk_PKCS7_pop_free(asafes, PKCS7_free);
@ -193,7 +198,9 @@ static int newpass_bag(PKCS12_SAFEBAG *bag, char *oldpass, char *newpass)
if(M_PKCS12_bag_type(bag) != NID_pkcs8ShroudedKeyBag) return 1;
if (!(p8 = PKCS8_decrypt(bag->value.shkeybag, oldpass, -1))) return 0;
alg_get(bag->value.shkeybag->algor, &p8_nid, &p8_iter, &p8_saltlen);
if (!alg_get(bag->value.shkeybag->algor, &p8_nid, &p8_iter,
&p8_saltlen))
return 0;
if(!(p8new = PKCS8_encrypt(p8_nid, NULL, newpass, -1, NULL, p8_saltlen,
p8_iter, p8))) return 0;
X509_SIG_free(bag->value.shkeybag);
@ -208,9 +215,11 @@ static int alg_get(X509_ALGOR *alg, int *pnid, int *piter, int *psaltlen)
p = alg->parameter->value.sequence->data;
pbe = d2i_PBEPARAM(NULL, &p, alg->parameter->value.sequence->length);
if (!pbe)
return 0;
*pnid = OBJ_obj2nid(alg->algorithm);
*piter = ASN1_INTEGER_get(pbe->iter);
*psaltlen = pbe->salt->length;
PBEPARAM_free(pbe);
return 0;
return 1;
}

3
crypto/pkcs7/pk7_doit.c
View File

@ -342,7 +342,6 @@ BIO *PKCS7_dataDecode(PKCS7 *p7, EVP_PKEY *pkey, BIO *in_bio, X509 *pcert)
X509_ALGOR *enc_alg=NULL;
STACK_OF(X509_ALGOR) *md_sk=NULL;
STACK_OF(PKCS7_RECIP_INFO) *rsk=NULL;
X509_ALGOR *xalg=NULL;
PKCS7_RECIP_INFO *ri=NULL;
i=OBJ_obj2nid(p7->type);
@ -365,7 +364,6 @@ BIO *PKCS7_dataDecode(PKCS7 *p7, EVP_PKEY *pkey, BIO *in_bio, X509 *pcert)
PKCS7err(PKCS7_F_PKCS7_DATADECODE,PKCS7_R_UNSUPPORTED_CIPHER_TYPE);
goto err;
}
xalg=p7->d.signed_and_enveloped->enc_data->algorithm;
break;
case NID_pkcs7_enveloped:
rsk=p7->d.enveloped->recipientinfo;
@ -377,7 +375,6 @@ BIO *PKCS7_dataDecode(PKCS7 *p7, EVP_PKEY *pkey, BIO *in_bio, X509 *pcert)
PKCS7err(PKCS7_F_PKCS7_DATADECODE,PKCS7_R_UNSUPPORTED_CIPHER_TYPE);
goto err;
}
xalg=p7->d.enveloped->enc_data->algorithm;
break;
default:
PKCS7err(PKCS7_F_PKCS7_DATADECODE,PKCS7_R_UNSUPPORTED_CONTENT_TYPE);

2
crypto/pkcs7/pk7_lib.c
View File

@ -558,7 +558,6 @@ X509 *PKCS7_cert_from_signer_info(PKCS7 *p7, PKCS7_SIGNER_INFO *si)
int PKCS7_set_cipher(PKCS7 *p7, const EVP_CIPHER *cipher)
{
int i;
ASN1_OBJECT *objtmp;
PKCS7_ENC_CONTENT *ec;
i=OBJ_obj2nid(p7->type);
@ -581,7 +580,6 @@ int PKCS7_set_cipher(PKCS7 *p7, const EVP_CIPHER *cipher)
PKCS7err(PKCS7_F_PKCS7_SET_CIPHER,PKCS7_R_CIPHER_HAS_NO_OBJECT_IDENTIFIER);
return(0);
}
objtmp = OBJ_nid2obj(i);
ec->cipher = cipher;
return 1;

3
crypto/pkcs7/pk7_mime.c
View File

@ -73,7 +73,6 @@ static int pk7_output_data(BIO *out, BIO *data, ASN1_VALUE *val, int flags,
{
PKCS7 *p7 = (PKCS7 *)val;
BIO *tmpbio, *p7bio;
int r = 0;
if (!(flags & SMIME_DETACHED))
{
@ -95,8 +94,6 @@ static int pk7_output_data(BIO *out, BIO *data, ASN1_VALUE *val, int flags,
if (PKCS7_dataFinal(p7, p7bio) <= 0)
goto err;
r = 1;
err:
/* Now remove any digests prepended to the BIO */

12
crypto/pqueue/pqueue.c
View File

@ -166,14 +166,13 @@ pqueue_pop(pqueue_s *pq)
pitem *
pqueue_find(pqueue_s *pq, PQ_64BIT priority)
{
pitem *next, *prev = NULL;
pitem *next;
pitem *found = NULL;
if ( pq->items == NULL)
return NULL;
for ( next = pq->items; next->next != NULL;
prev = next, next = next->next)
for ( next = pq->items; next->next != NULL; next = next->next)
{
if ( pq_64bit_eq(&(next->priority), &priority))
{
@ -189,13 +188,6 @@ pqueue_find(pqueue_s *pq, PQ_64BIT priority)
if ( ! found)
return NULL;
#if 0 /* find works in peek mode */
if ( prev == NULL)
pq->items = next->next;
else
prev->next = next->next;
#endif
return found;
}

4
crypto/rand/rand_nw.c
View File

@ -160,8 +160,8 @@ int RAND_poll(void)
rdtsc
mov tsc, eax
}
#else
asm volatile("rdtsc":"=A" (tsc));
#elif defined(__GNUC__) && __GNUC__>=2 && !defined(OPENSSL_NO_ASM) && !defined(OPENSSL_NO_INLINE_ASM)
asm volatile("rdtsc":"=a"(tsc)::"edx");
#endif
RAND_add(&tsc, sizeof(tsc), 1);

4
crypto/rand/randfile.c
View File

@ -265,8 +265,8 @@ int RAND_write_file(const char *file)
const char *RAND_file_name(char *buf, size_t size)
{
char *s=NULL;
int ok = 0;
#ifdef __OpenBSD__
int ok = 0;
struct stat sb;
#endif
@ -294,7 +294,9 @@ const char *RAND_file_name(char *buf, size_t size)
BUF_strlcat(buf,"/",size);
#endif
BUF_strlcat(buf,RFILE,size);
#ifdef __OpenBSD__
ok = 1;
#endif
}
else
buf[0] = '\0'; /* no file name */

2
crypto/rsa/rsa_eay.c
View File

@ -673,7 +673,7 @@ static int RSA_eay_public_decrypt(int flen, const unsigned char *from,
rsa->_method_mod_n)) goto err;
if ((padding == RSA_X931_PADDING) && ((ret->d[0] & 0xf) != 12))
BN_sub(ret, rsa->n, ret);
if (!BN_sub(ret, rsa->n, ret)) goto err;
p=buf;
i=BN_bn2bin(ret,p);

1
crypto/x509/x509.h
View File

@ -256,6 +256,7 @@ typedef struct x509_cinf_st
ASN1_BIT_STRING *issuerUID; /* [ 1 ] optional in v2 */
ASN1_BIT_STRING *subjectUID; /* [ 2 ] optional in v2 */
STACK_OF(X509_EXTENSION) *extensions; /* [ 3 ] optional in v3 */
ASN1_ENCODING enc;
} X509_CINF;
/* This stuff is certificate "auxiliary info"

7
crypto/x509/x509_vfy.c
View File

@ -97,7 +97,6 @@ static int x509_subject_cmp(X509 **a, X509 **b)
int X509_verify_cert(X509_STORE_CTX *ctx)
{
X509 *x,*xtmp,*chain_ss=NULL;
X509_NAME *xn;
int bad_chain = 0;
X509_VERIFY_PARAM *param = ctx->param;
int depth,i,ok=0;
@ -149,7 +148,6 @@ int X509_verify_cert(X509_STORE_CTX *ctx)
*/
/* If we are self signed, we break */
xn=X509_get_issuer_name(x);
if (ctx->check_issued(ctx, x,x)) break;
/* If we were passed a cert chain, use it first */
@ -186,7 +184,6 @@ int X509_verify_cert(X509_STORE_CTX *ctx)
i=sk_X509_num(ctx->chain);
x=sk_X509_value(ctx->chain,i-1);
xn = X509_get_subject_name(x);
if (ctx->check_issued(ctx, x, x))
{
/* we have a self signed certificate */
@ -235,7 +232,6 @@ int X509_verify_cert(X509_STORE_CTX *ctx)
if (depth < num) break;
/* If we are self signed, we break */
xn=X509_get_issuer_name(x);
if (ctx->check_issued(ctx,x,x)) break;
ok = ctx->get_issuer(&xtmp, ctx, x);
@ -254,7 +250,6 @@ int X509_verify_cert(X509_STORE_CTX *ctx)
}
/* we now have our chain, lets check it... */
xn=X509_get_issuer_name(x);
/* Is last certificate looked up self signed? */
if (!ctx->check_issued(ctx,x,x))
@ -1380,7 +1375,7 @@ int X509_STORE_CTX_init(X509_STORE_CTX *ctx, X509_STORE *store, X509 *x509,
if (store)
ret = X509_VERIFY_PARAM_inherit(ctx->param, store->param);
else
ctx->param->flags |= X509_VP_FLAG_DEFAULT|X509_VP_FLAG_ONCE;
ctx->param->inh_flags |= X509_VP_FLAG_DEFAULT|X509_VP_FLAG_ONCE;
if (store)
{

1
crypto/x509/x_all.c
View File

@ -97,6 +97,7 @@ int NETSCAPE_SPKI_verify(NETSCAPE_SPKI *a, EVP_PKEY *r)
int X509_sign(X509 *x, EVP_PKEY *pkey, const EVP_MD *md)
{
x->cert_info->enc.modified = 1;
return(ASN1_item_sign(ASN1_ITEM_rptr(X509_CINF), x->cert_info->signature,
x->sig_alg, x->signature, x->cert_info,pkey,md));
}

1
crypto/x509v3/v3_ncons.c
View File

@ -182,7 +182,6 @@ static int do_i2r_name_constraints(X509V3_EXT_METHOD *method,
print_nc_ipadd(bp, tree->base->d.ip);
else
GENERAL_NAME_print(bp, tree->base);
tree = sk_GENERAL_SUBTREE_value(trees, i);
BIO_puts(bp, "\n");
}
return 1;

28
crypto/x509v3/v3_pci.c
View File

@ -128,7 +128,12 @@ static int process_pci_value(CONF_VALUE *val,
unsigned char *tmp_data2 =
string_to_hex(val->value + 4, &val_len);
if (!tmp_data2) goto err;
if (!tmp_data2)
{
X509V3err(X509V3_F_PROCESS_PCI_VALUE,X509V3_R_ILLEGAL_HEX_DIGIT);
X509V3_conf_err(val);
goto err;
}
tmp_data = OPENSSL_realloc((*policy)->data,
(*policy)->length + val_len + 1);
@ -140,6 +145,17 @@ static int process_pci_value(CONF_VALUE *val,
(*policy)->length += val_len;
(*policy)->data[(*policy)->length] = '\0';
}
else
{
OPENSSL_free(tmp_data2);
/* realloc failure implies the original data space is b0rked too! */
(*policy)->data = NULL;
(*policy)->length = 0;
X509V3err(X509V3_F_PROCESS_PCI_VALUE,ERR_R_MALLOC_FAILURE);
X509V3_conf_err(val);
goto err;
}
OPENSSL_free(tmp_data2);
}
else if (strncmp(val->value, "file:", 5) == 0)
{
@ -169,6 +185,7 @@ static int process_pci_value(CONF_VALUE *val,
(*policy)->length += n;
(*policy)->data[(*policy)->length] = '\0';
}
BIO_free_all(b);
if (n < 0)
{
@ -190,6 +207,15 @@ static int process_pci_value(CONF_VALUE *val,
(*policy)->length += val_len;
(*policy)->data[(*policy)->length] = '\0';
}
else
{
/* realloc failure implies the original data space is b0rked too! */
(*policy)->data = NULL;
(*policy)->length = 0;
X509V3err(X509V3_F_PROCESS_PCI_VALUE,ERR_R_MALLOC_FAILURE);
X509V3_conf_err(val);
goto err;
}
}
else
{

8
doc/apps/smime.pod
View File

@ -300,7 +300,7 @@ Create a cleartext signed message:
openssl smime -sign -in message.txt -text -out mail.msg \
-signer mycert.pem
Create and opaque signed message
Create and opaque signed message:
openssl smime -sign -in message.txt -text -out mail.msg -nodetach \
-signer mycert.pem
@ -349,11 +349,11 @@ it with:
-----BEGIN PKCS7-----
-----END PKCS7-----
and using the command,
and using the command:
openssl smime -verify -inform PEM -in signature.pem -content content.txt
alternatively you can base64 decode the signature and use
Alternatively you can base64 decode the signature and use:
openssl smime -verify -inform DER -in signature.der -content content.txt
@ -373,7 +373,7 @@ should be some heuristic that determines the correct encryption certificate.
Ideally a database should be maintained of a certificates for each email address.
The code doesn't currently take note of the permitted symmetric encryption
algorithms as supplied in the SMIMECapabilities signed attribute. this means the
algorithms as supplied in the SMIMECapabilities signed attribute. This means the
user has to manually include the correct encryption algorithm. It should store
the list of permitted ciphers in a database and only use those.

2
doc/crypto/ASN1_OBJECT_new.pod
View File

@ -6,6 +6,8 @@ ASN1_OBJECT_new, ASN1_OBJECT_free, - object allocation functions
=head1 SYNOPSIS
#include <openssl/asn1.h>
ASN1_OBJECT *ASN1_OBJECT_new(void);
void ASN1_OBJECT_free(ASN1_OBJECT *a);

2
doc/crypto/ASN1_STRING_length.pod
View File

@ -8,6 +8,8 @@ ASN1_STRING utility functions
=head1 SYNOPSIS
#include <openssl/asn1.h>
int ASN1_STRING_length(ASN1_STRING *x);
unsigned char * ASN1_STRING_data(ASN1_STRING *x);

2
doc/crypto/ASN1_STRING_new.pod
View File

@ -7,6 +7,8 @@ ASN1_STRING allocation functions
=head1 SYNOPSIS
#include <openssl/asn1.h>
ASN1_STRING * ASN1_STRING_new(void);
ASN1_STRING * ASN1_STRING_type_new(int type);
void ASN1_STRING_free(ASN1_STRING *a);

2
doc/crypto/ASN1_generate_nconf.pod
View File

@ -6,6 +6,8 @@ ASN1_generate_nconf, ASN1_generate_v3 - ASN1 generation functions
=head1 SYNOPSIS
#include <openssl/asn1.h>
ASN1_TYPE *ASN1_generate_nconf(char *str, CONF *nconf);
ASN1_TYPE *ASN1_generate_v3(char *str, X509V3_CTX *cnf);

9
doc/crypto/BIO_f_buffer.pod
View File

@ -31,7 +31,7 @@ BIO_get_buffer_num_lines() returns the number of lines currently buffered.
BIO_set_read_buffer_size(), BIO_set_write_buffer_size() and BIO_set_buffer_size()
set the read, write or both read and write buffer sizes to B<size>. The initial
buffer size is DEFAULT_BUFFER_SIZE, currently 1024. Any attempt to reduce the
buffer size is DEFAULT_BUFFER_SIZE, currently 4096. Any attempt to reduce the
buffer size below DEFAULT_BUFFER_SIZE is ignored. Any buffered data is cleared
when the buffer is resized.
@ -66,4 +66,9 @@ there was an error.
=head1 SEE ALSO
TBA
L<BIO(3)|BIO(3)>,
L<BIO_reset(3)|BIO_reset(3)>,
L<BIO_flush(3)|BIO_flush(3)>,
L<BIO_pop(3)|BIO_pop(3)>,
L<BIO_ctrl(3)|BIO_ctrl(3)>,
L<BIO_int_ctrl(3)|BIO_ctrl(3)>

2
doc/crypto/BIO_should_retry.pod
View File

@ -45,7 +45,7 @@ needs to read data.
BIO_should_io_special() is true if some "special" condition, that is a
reason other than reading or writing is the cause of the condition.
BIO_get_retry_reason() returns a mask of the cause of a retry condition
BIO_retry_type() returns a mask of the cause of a retry condition
consisting of the values B<BIO_FLAGS_READ>, B<BIO_FLAGS_WRITE>,
B<BIO_FLAGS_IO_SPECIAL> though current BIO types will only set one of
these.

2
doc/crypto/CRYPTO_set_ex_data.pod
View File

@ -6,6 +6,8 @@ CRYPTO_set_ex_data, CRYPTO_get_ex_data - internal application specific data func
=head1 SYNOPSIS
#include <openssl/crypto.h>
int CRYPTO_set_ex_data(CRYPTO_EX_DATA *r, int idx, void *arg);
void *CRYPTO_get_ex_data(CRYPTO_EX_DATA *r, int idx);

2
doc/crypto/OBJ_nid2obj.pod
View File

@ -8,6 +8,8 @@ functions
=head1 SYNOPSIS
#include <openssl/objects.h>
ASN1_OBJECT * OBJ_nid2obj(int n);
const char * OBJ_nid2ln(int n);
const char * OBJ_nid2sn(int n);

4
doc/crypto/PKCS7_decrypt.pod
View File

@ -6,7 +6,9 @@ PKCS7_decrypt - decrypt content from a PKCS#7 envelopedData structure
=head1 SYNOPSIS
int PKCS7_decrypt(PKCS7 *p7, EVP_PKEY *pkey, X509 *cert, BIO *data, int flags);
#include <openssl/pkcs7.h>
int PKCS7_decrypt(PKCS7 *p7, EVP_PKEY *pkey, X509 *cert, BIO *data, int flags);
=head1 DESCRIPTION

4
doc/crypto/PKCS7_encrypt.pod
View File

@ -6,7 +6,9 @@ PKCS7_encrypt - create a PKCS#7 envelopedData structure
=head1 SYNOPSIS
PKCS7 *PKCS7_encrypt(STACK_OF(X509) *certs, BIO *in, const EVP_CIPHER *cipher, int flags);
#include <openssl/pkcs7.h>
PKCS7 *PKCS7_encrypt(STACK_OF(X509) *certs, BIO *in, const EVP_CIPHER *cipher, int flags);
=head1 DESCRIPTION

4
doc/crypto/PKCS7_sign.pod
View File

@ -6,7 +6,9 @@ PKCS7_sign - create a PKCS#7 signedData structure
=head1 SYNOPSIS
PKCS7 *PKCS7_sign(X509 *signcert, EVP_PKEY *pkey, STACK_OF(X509) *certs, BIO *data, int flags);
#include <openssl/pkcs7.h>
PKCS7 *PKCS7_sign(X509 *signcert, EVP_PKEY *pkey, STACK_OF(X509) *certs, BIO *data, int flags);
=head1 DESCRIPTION

6
doc/crypto/PKCS7_verify.pod
View File

@ -6,9 +6,11 @@ PKCS7_verify - verify a PKCS#7 signedData structure
=head1 SYNOPSIS
int PKCS7_verify(PKCS7 *p7, STACK_OF(X509) *certs, X509_STORE *store, BIO *indata, BIO *out, int flags);
#include <openssl/pkcs7.h>
STACK_OF(X509) *PKCS7_get0_signers(PKCS7 *p7, STACK_OF(X509) *certs, int flags);
int PKCS7_verify(PKCS7 *p7, STACK_OF(X509) *certs, X509_STORE *store, BIO *indata, BIO *out, int flags);
STACK_OF(X509) *PKCS7_get0_signers(PKCS7 *p7, STACK_OF(X509) *certs, int flags);
=head1 DESCRIPTION

4
doc/crypto/SMIME_read_PKCS7.pod
View File

@ -6,7 +6,9 @@ SMIME_read_PKCS7 - parse S/MIME message.
=head1 SYNOPSIS
PKCS7 *SMIME_read_PKCS7(BIO *in, BIO **bcont);
#include <openssl/pkcs7.h>
PKCS7 *SMIME_read_PKCS7(BIO *in, BIO **bcont);
=head1 DESCRIPTION

4
doc/crypto/SMIME_write_PKCS7.pod
View File

@ -6,7 +6,9 @@ SMIME_write_PKCS7 - convert PKCS#7 structure to S/MIME format.
=head1 SYNOPSIS
int SMIME_write_PKCS7(BIO *out, PKCS7 *p7, BIO *data, int flags);
#include <openssl/pkcs7.h>
int SMIME_write_PKCS7(BIO *out, PKCS7 *p7, BIO *data, int flags);
=head1 DESCRIPTION

16
doc/crypto/X509_NAME_ENTRY_get_object.pod
View File

@ -9,15 +9,17 @@ X509_NAME_ENTRY_create_by_OBJ - X509_NAME_ENTRY utility functions
=head1 SYNOPSIS
ASN1_OBJECT * X509_NAME_ENTRY_get_object(X509_NAME_ENTRY *ne);
ASN1_STRING * X509_NAME_ENTRY_get_data(X509_NAME_ENTRY *ne);
#include <openssl/x509.h>
int X509_NAME_ENTRY_set_object(X509_NAME_ENTRY *ne, ASN1_OBJECT *obj);
int X509_NAME_ENTRY_set_data(X509_NAME_ENTRY *ne, int type, const unsigned char *bytes, int len);
ASN1_OBJECT * X509_NAME_ENTRY_get_object(X509_NAME_ENTRY *ne);
ASN1_STRING * X509_NAME_ENTRY_get_data(X509_NAME_ENTRY *ne);
X509_NAME_ENTRY *X509_NAME_ENTRY_create_by_txt(X509_NAME_ENTRY **ne, const char *field, int type, const unsigned char *bytes, int len);
X509_NAME_ENTRY *X509_NAME_ENTRY_create_by_NID(X509_NAME_ENTRY **ne, int nid, int type,unsigned char *bytes, int len);
X509_NAME_ENTRY *X509_NAME_ENTRY_create_by_OBJ(X509_NAME_ENTRY **ne, ASN1_OBJECT *obj, int type, const unsigned char *bytes, int len);
int X509_NAME_ENTRY_set_object(X509_NAME_ENTRY *ne, ASN1_OBJECT *obj);
int X509_NAME_ENTRY_set_data(X509_NAME_ENTRY *ne, int type, const unsigned char *bytes, int len);
X509_NAME_ENTRY *X509_NAME_ENTRY_create_by_txt(X509_NAME_ENTRY **ne, const char *field, int type, const unsigned char *bytes, int len);
X509_NAME_ENTRY *X509_NAME_ENTRY_create_by_NID(X509_NAME_ENTRY **ne, int nid, int type,unsigned char *bytes, int len);
X509_NAME_ENTRY *X509_NAME_ENTRY_create_by_OBJ(X509_NAME_ENTRY **ne, ASN1_OBJECT *obj, int type, const unsigned char *bytes, int len);
=head1 DESCRIPTION

12
doc/crypto/X509_NAME_add_entry_by_txt.pod
View File

@ -7,15 +7,17 @@ X509_NAME_add_entry, X509_NAME_delete_entry - X509_NAME modification functions
=head1 SYNOPSIS
int X509_NAME_add_entry_by_txt(X509_NAME *name, const char *field, int type, const unsigned char *bytes, int len, int loc, int set);
#include <openssl/x509.h>
int X509_NAME_add_entry_by_OBJ(X509_NAME *name, ASN1_OBJECT *obj, int type, unsigned char *bytes, int len, int loc, int set);
int X509_NAME_add_entry_by_txt(X509_NAME *name, const char *field, int type, const unsigned char *bytes, int len, int loc, int set);
int X509_NAME_add_entry_by_NID(X509_NAME *name, int nid, int type, unsigned char *bytes, int len, int loc, int set);
int X509_NAME_add_entry_by_OBJ(X509_NAME *name, ASN1_OBJECT *obj, int type, unsigned char *bytes, int len, int loc, int set);
int X509_NAME_add_entry(X509_NAME *name,X509_NAME_ENTRY *ne, int loc, int set);
int X509_NAME_add_entry_by_NID(X509_NAME *name, int nid, int type, unsigned char *bytes, int len, int loc, int set);
X509_NAME_ENTRY *X509_NAME_delete_entry(X509_NAME *name, int loc);
int X509_NAME_add_entry(X509_NAME *name,X509_NAME_ENTRY *ne, int loc, int set);
X509_NAME_ENTRY *X509_NAME_delete_entry(X509_NAME *name, int loc);
=head1 DESCRIPTION

14
doc/crypto/X509_NAME_get_index_by_NID.pod
View File

@ -8,14 +8,16 @@ X509_NAME lookup and enumeration functions
=head1 SYNOPSIS
int X509_NAME_get_index_by_NID(X509_NAME *name,int nid,int lastpos);
int X509_NAME_get_index_by_OBJ(X509_NAME *name,ASN1_OBJECT *obj, int lastpos);
#include <openssl/x509.h>
int X509_NAME_entry_count(X509_NAME *name);
X509_NAME_ENTRY *X509_NAME_get_entry(X509_NAME *name, int loc);
int X509_NAME_get_index_by_NID(X509_NAME *name,int nid,int lastpos);
int X509_NAME_get_index_by_OBJ(X509_NAME *name,ASN1_OBJECT *obj, int lastpos);
int X509_NAME_get_text_by_NID(X509_NAME *name, int nid, char *buf,int len);
int X509_NAME_get_text_by_OBJ(X509_NAME *name, ASN1_OBJECT *obj, char *buf,int len);
int X509_NAME_entry_count(X509_NAME *name);
X509_NAME_ENTRY *X509_NAME_get_entry(X509_NAME *name, int loc);
int X509_NAME_get_text_by_NID(X509_NAME *name, int nid, char *buf,int len);
int X509_NAME_get_text_by_OBJ(X509_NAME *name, ASN1_OBJECT *obj, char *buf,int len);
=head1 DESCRIPTION

2
doc/crypto/X509_new.pod
View File

@ -6,6 +6,8 @@ X509_new, X509_free - X509 certificate ASN1 allocation functions
=head1 SYNOPSIS
#include <openssl/x509.h>
X509 *X509_new(void);
void X509_free(X509 *a);

2
doc/crypto/bn_internal.pod
View File

@ -13,6 +13,8 @@ library internal functions
=head1 SYNOPSIS
#include <openssl/bn.h>
BN_ULONG bn_mul_words(BN_ULONG *rp, BN_ULONG *ap, int num, BN_ULONG w);
BN_ULONG bn_mul_add_words(BN_ULONG *rp, BN_ULONG *ap, int num,
BN_ULONG w);

2
doc/crypto/ui_compat.pod
View File

@ -7,6 +7,8 @@ Compatibility user interface functions
=head1 SYNOPSIS
#include <openssl/des_old.h>
int des_read_password(DES_cblock *key,const char *prompt,int verify);
int des_read_2passwords(DES_cblock *key1,DES_cblock *key2,
const char *prompt,int verify);

16
doc/ssl/SSL_library_init.pod
View File

@ -15,7 +15,7 @@ SSL_library_init, OpenSSL_add_ssl_algorithms, SSLeay_add_ssl_algorithms
=head1 DESCRIPTION
SSL_library_init() registers the available ciphers and digests.
SSL_library_init() registers the available SSL/TLS ciphers and digests.
OpenSSL_add_ssl_algorithms() and SSLeay_add_ssl_algorithms() are synonyms
for SSL_library_init().
@ -26,24 +26,28 @@ SSL_library_init() must be called before any other action takes place.
=head1 WARNING
SSL_library_init() only registers ciphers. Another important initialization
is the seeding of the PRNG (Pseudo Random Number Generator), which has to
be performed separately.
SSL_library_init() adds ciphers and digests used directly and indirectly by
SSL/TLS.
=head1 EXAMPLES
A typical TLS/SSL application will start with the library initialization,
will provide readable error messages and will seed the PRNG.
and provide readable error messages.
SSL_load_error_strings(); /* readable error messages */
SSL_library_init(); /* initialize library */
actions_to_seed_PRNG();
=head1 RETURN VALUES
SSL_library_init() always returns "1", so it is safe to discard the return
value.
=head1 NOTES
OpenSSL 0.9.8o and 1.0.0a and later added SHA2 algorithms to SSL_library_init().
Applications which need to use SHA2 in earlier versions of OpenSSL should call
OpenSSL_add_all_algorithms() as well.
=head1 SEE ALSO
L<ssl(3)|ssl(3)>, L<SSL_load_error_strings(3)|SSL_load_error_strings(3)>,

1
e_os.h
View File

@ -153,7 +153,6 @@ extern "C" {
#define clear_socket_error() WSASetLastError(0)
#define readsocket(s,b,n) recv((s),(b),(n),0)
#define writesocket(s,b,n) send((s),(b),(n),0)
#define EADDRINUSE WSAEADDRINUSE
#elif defined(__DJGPP__)
#define WATT32
#define get_last_socket_error() errno

56
engines/e_chil.c
View File

@ -111,11 +111,10 @@ static int hwcrhk_mod_exp(BIGNUM *r, const BIGNUM *a, const BIGNUM *p,
#ifndef OPENSSL_NO_RSA
/* RSA stuff */
static int hwcrhk_rsa_mod_exp(BIGNUM *r, const BIGNUM *I, RSA *rsa, BN_CTX *ctx);
#endif
#ifndef OPENSSL_NO_RSA
/* This function is aliased to mod_exp (with the mont stuff dropped). */
static int hwcrhk_mod_exp_mont(BIGNUM *r, const BIGNUM *a, const BIGNUM *p,
const BIGNUM *m, BN_CTX *ctx, BN_MONT_CTX *m_ctx);
static int hwcrhk_rsa_finish(RSA *rsa);
#endif
#ifndef OPENSSL_NO_DH
@ -135,10 +134,6 @@ static EVP_PKEY *hwcrhk_load_privkey(ENGINE *eng, const char *key_id,
UI_METHOD *ui_method, void *callback_data);
static EVP_PKEY *hwcrhk_load_pubkey(ENGINE *eng, const char *key_id,
UI_METHOD *ui_method, void *callback_data);
#ifndef OPENSSL_NO_RSA
static void hwcrhk_ex_free(void *obj, void *item, CRYPTO_EX_DATA *ad,
int ind,long argl, void *argp);
#endif
/* Interaction stuff */
static int hwcrhk_insert_card(const char *prompt_info,
@ -193,7 +188,7 @@ static RSA_METHOD hwcrhk_rsa =
hwcrhk_rsa_mod_exp,
hwcrhk_mod_exp_mont,
NULL,
NULL,
hwcrhk_rsa_finish,
0,
NULL,
NULL,
@ -603,7 +598,7 @@ static int hwcrhk_init(ENGINE *e)
if (hndidx_rsa == -1)
hndidx_rsa = RSA_get_ex_new_index(0,
"nFast HWCryptoHook RSA key handle",
NULL, NULL, hwcrhk_ex_free);
NULL, NULL, NULL);
#endif
return 1;
err:
@ -1081,6 +1076,21 @@ static int hwcrhk_mod_exp_mont(BIGNUM *r, const BIGNUM *a, const BIGNUM *p,
{
return hwcrhk_mod_exp(r, a, p, m, ctx);
}
static int hwcrhk_rsa_finish(RSA *rsa)
{
HWCryptoHook_RSAKeyHandle *hptr;
hptr = RSA_get_ex_data(rsa, hndidx_rsa);
if (hptr)
{
p_hwcrhk_RSAUnloadKey(*hptr, NULL);
OPENSSL_free(hptr);
RSA_set_ex_data(rsa, hndidx_rsa, NULL);
}
return 1;
}
#endif
#ifndef OPENSSL_NO_DH
@ -1139,34 +1149,6 @@ static int hwcrhk_rand_status(void)
return 1;
}
/* This cleans up an RSA KM key, called when ex_data is freed */
#ifndef OPENSSL_NO_RSA
static void hwcrhk_ex_free(void *obj, void *item, CRYPTO_EX_DATA *ad,
int ind,long argl, void *argp)
{
char tempbuf[1024];
HWCryptoHook_ErrMsgBuf rmsg;
#ifndef OPENSSL_NO_RSA
HWCryptoHook_RSAKeyHandle *hptr;
#endif
#if !defined(OPENSSL_NO_RSA)
int ret;
#endif
rmsg.buf = tempbuf;
rmsg.size = sizeof(tempbuf);
#ifndef OPENSSL_NO_RSA
hptr = (HWCryptoHook_RSAKeyHandle *) item;
if(hptr)
{
ret = p_hwcrhk_RSAUnloadKey(*hptr, NULL);
OPENSSL_free(hptr);
}
#endif
}
#endif
/* Mutex calls: since the HWCryptoHook model closely follows the POSIX model
* these just wrap the POSIX functions and add some logging.
*/
@ -1316,6 +1298,8 @@ static int hwcrhk_insert_card(const char *prompt_info,
if (wrong_info && *wrong_info)
BIO_snprintf(buf, sizeof(buf)-1,
"Current card: \"%s\"\n", wrong_info);
else
buf[0] = 0;
ok = UI_dup_info_string(ui, buf);
if (ok >= 0 && prompt_info)
{

2
engines/e_cswift.c
View File

@ -811,7 +811,6 @@ static DSA_SIG *cswift_dsa_sign(const unsigned char *dgst, int dlen, DSA *dsa)
SW_PARAM sw_param;
SW_STATUS sw_status;
SW_LARGENUMBER arg, res;
unsigned char *ptr;
BN_CTX *ctx;
BIGNUM *dsa_p = NULL;
BIGNUM *dsa_q = NULL;
@ -899,7 +898,6 @@ static DSA_SIG *cswift_dsa_sign(const unsigned char *dgst, int dlen, DSA *dsa)
goto err;
}
/* Convert the response */
ptr = (unsigned char *)result->d;
if((to_return = DSA_SIG_new()) == NULL)
goto err;
to_return->r = BN_bin2bn((unsigned char *)result->d, 20, NULL);

2
engines/e_ubsec.c
View File

@ -631,10 +631,8 @@ static int ubsec_mod_exp_crt(BIGNUM *r, const BIGNUM *a, const BIGNUM *p,
const BIGNUM *dq, const BIGNUM *qinv, BN_CTX *ctx)
{
int y_len,
m_len,
fd;
m_len = BN_num_bytes(p) + BN_num_bytes(q) + 1;
y_len = BN_num_bits(p) + BN_num_bits(q);
/* Check if hardware can't handle this argument. */

37
fips/mkfipsscr.pl
View File

@ -297,12 +297,16 @@ my $filter = "";
my $tvdir;
my $tprefix;
my $shwrap_prefix;
my $shwrap;
my $rmcmd = "rm -rf";
my $mkcmd = "mkdir";
my $debug = 0;
my $quiet = 0;
my $rspdir = "rsp";
my $rspignore = 0;
my @bogus = (); # list of unmatched *.rsp files
my $bufout = '';
my $bufdir = '';
my %_programs = (); # list of external programs to check
foreach (@ARGV)
@ -331,6 +335,10 @@ foreach (@ARGV)
{
$rspdir = $1;
}
elsif (/--noshwrap$/)
{
$shwrap = "";
}
elsif (/--rspignore$/)
{
$rspignore = 1;
@ -347,6 +355,14 @@ foreach (@ARGV)
{
$filter = $1;
}
elsif (/--mkdir=(.*)$/)
{
$mkcmd = $1;
}
elsif (/--rm=(.*)$/)
{
$rmcmd = $1;
}
elsif (/--outfile=(.*)$/)
{
$outfile = $1;
@ -396,6 +412,8 @@ else
$shwrap_prefix = "../util/" unless defined $shwrap_prefix;
}
$shwrap = "${shwrap_prefix}shlib_wrap.sh " unless defined $shwrap;
$bufinit .= <<END;
#!/bin/sh
@ -403,6 +421,9 @@ else
# Auto generated by mkfipsscr.pl script
# Do not edit
RM="$rmcmd"
MKDIR="$mkcmd"
TPREFIX=$tprefix
END
}
@ -546,7 +567,7 @@ sub test_dir
{
$rsp =~ tr|/|\\|;
$req =~ tr|/|\\|;
$bufout .= <<END;
$bufdir = <<END;
echo Running tests in $req
if exist "$rsp" rd /s /q "$rsp"
@ -555,11 +576,11 @@ END
}
else
{
$bufout .= <<END;
$bufdir = <<END;
echo Running tests in "$req"
rm -rf "$rsp"
mkdir "$rsp"
\$RM "$rsp"
\$MKDIR "$rsp"
END
}
@ -571,6 +592,10 @@ sub test_line
my ($win32, $req, $tprefix, $tnam) = @_;
my $rsp = $req;
my $tcmd = $fips_tests{$tnam};
$bufout .= $bufdir;
$bufdir = "";
$rsp =~ s/req\/([^\/]*).req$/$rspdir\/$1.rsp/;
if ($tcmd =~ /-f$/)
{
@ -584,7 +609,7 @@ sub test_line
else
{
$bufout .= <<END;
${shwrap_prefix}shlib_wrap.sh $tprefix$tcmd "$req" "$rsp" || { echo "$req failure" ; exit 1
${shwrap}\${TPREFIX}$tcmd "$req" "$rsp" || { echo "$req failure" ; exit 1
}
END
$_programs{"${shwrap_prefix}shlib_wrap.sh"} = 1;
@ -624,7 +649,7 @@ END
else
{
$bufout .= <<END;
${shwrap_prefix}shlib_wrap.sh $tprefix$tcmd < "$req" > "$rsp" || { echo "$req failure" ; exit 1; }
${shwrap}\${TPREFIX}$tcmd < "$req" > "$rsp" || { echo "$req failure" ; exit 1; }
END
$_programs{"$tprefix$tcmd"} = 1;
}

Some files were not shown because too many files have changed in this diff Show More