summaryrefslogtreecommitdiff
path: root/lib/libcrypto
diff options
context:
space:
mode:
authorMarkus Friedl <markus@cvs.openbsd.org>2002-09-14 11:18:05 +0000
committerMarkus Friedl <markus@cvs.openbsd.org>2002-09-14 11:18:05 +0000
commitf4428d8101c504f427625270a1dfb1d4be89987f (patch)
treeee462389672345f98c9a6edd8bbded5bb36bd3d0 /lib/libcrypto
parent7d5614b00acb8f7a6a52cac536b12db6326859c3 (diff)
merge with openssl-0.9.7-stable-SNAP-20020911,
new minor for libcrypto (_X509_REQ_print_ex) tested by miod@, pb@
Diffstat (limited to 'lib/libcrypto')
-rw-r--r--lib/libcrypto/Makefile.ssl2
-rw-r--r--lib/libcrypto/asn1/a_bitstr.c6
-rw-r--r--lib/libcrypto/asn1/a_strex.c4
-rw-r--r--lib/libcrypto/asn1/t_req.c260
-rw-r--r--lib/libcrypto/asn1/tasn_dec.c6
-rw-r--r--lib/libcrypto/bio/b_print.c2
-rw-r--r--lib/libcrypto/bn/bn.h2
-rw-r--r--lib/libcrypto/crypto-lib.com10
-rw-r--r--lib/libcrypto/des/Makefile.ssl3
-rw-r--r--lib/libcrypto/des/des_ver.h4
-rw-r--r--lib/libcrypto/des/ecb_enc.c1
-rw-r--r--lib/libcrypto/des/set_key.c2
-rw-r--r--lib/libcrypto/doc/DH_set_method.pod102
-rw-r--r--lib/libcrypto/doc/DSA_dup_DH.pod2
-rw-r--r--lib/libcrypto/doc/DSA_new.pod3
-rw-r--r--lib/libcrypto/doc/DSA_set_method.pod91
-rw-r--r--lib/libcrypto/doc/DSA_size.pod2
-rw-r--r--lib/libcrypto/doc/EVP_SealInit.pod2
-rw-r--r--lib/libcrypto/doc/RAND_set_rand_method.pod44
-rw-r--r--lib/libcrypto/doc/RSA_new.pod6
-rw-r--r--lib/libcrypto/doc/RSA_set_method.pod127
-rw-r--r--lib/libcrypto/doc/RSA_size.pod2
-rw-r--r--lib/libcrypto/doc/dh.pod31
-rw-r--r--lib/libcrypto/doc/dsa.pod38
-rw-r--r--lib/libcrypto/doc/evp.pod10
-rw-r--r--lib/libcrypto/doc/rsa.pod31
-rw-r--r--lib/libcrypto/engine/hw_4758_cca.c2
-rw-r--r--lib/libcrypto/engine/hw_openbsd_dev_crypto.c10
-rw-r--r--lib/libcrypto/engine/hw_ubsec.c8
-rw-r--r--lib/libcrypto/evp/evp_locl.h12
-rw-r--r--lib/libcrypto/krb5/Makefile.ssl10
-rw-r--r--lib/libcrypto/mem.c3
-rw-r--r--lib/libcrypto/objects/obj_dat.c2
-rw-r--r--lib/libcrypto/ocsp/Makefile.ssl10
-rw-r--r--lib/libcrypto/pem/pem_lib.c7
-rw-r--r--lib/libcrypto/pkcs12/p12_asn.c6
-rw-r--r--lib/libcrypto/pkcs7/pk7_lib.c7
-rw-r--r--lib/libcrypto/ripemd/rmdtest.c2
-rw-r--r--lib/libcrypto/util/libeay.num1
-rw-r--r--lib/libcrypto/x509/x509.h2
40 files changed, 543 insertions, 332 deletions
diff --git a/lib/libcrypto/Makefile.ssl b/lib/libcrypto/Makefile.ssl
index 2489b614c66..db8baf385e1 100644
--- a/lib/libcrypto/Makefile.ssl
+++ b/lib/libcrypto/Makefile.ssl
@@ -98,7 +98,7 @@ lib: $(LIBOBJ)
shared:
if [ -n "$(SHARED_LIBS)" ]; then \
- (cd ..; make $(SHARED_LIB)); \
+ (cd ..; $(MAKE) $(SHARED_LIB)); \
fi
libs:
diff --git a/lib/libcrypto/asn1/a_bitstr.c b/lib/libcrypto/asn1/a_bitstr.c
index ed0bdfbde1a..e0265f69d2a 100644
--- a/lib/libcrypto/asn1/a_bitstr.c
+++ b/lib/libcrypto/asn1/a_bitstr.c
@@ -120,6 +120,12 @@ ASN1_BIT_STRING *c2i_ASN1_BIT_STRING(ASN1_BIT_STRING **a, unsigned char **pp,
unsigned char *p,*s;
int i;
+ if (len < 1)
+ {
+ i=ASN1_R_STRING_TOO_SHORT;
+ goto err;
+ }
+
if ((a == NULL) || ((*a) == NULL))
{
if ((ret=M_ASN1_BIT_STRING_new()) == NULL) return(NULL);
diff --git a/lib/libcrypto/asn1/a_strex.c b/lib/libcrypto/asn1/a_strex.c
index 8dab29dca14..7ddb7662f1e 100644
--- a/lib/libcrypto/asn1/a_strex.c
+++ b/lib/libcrypto/asn1/a_strex.c
@@ -544,7 +544,7 @@ int ASN1_STRING_to_UTF8(unsigned char **out, ASN1_STRING *in)
{
ASN1_STRING stmp, *str = &stmp;
int mbflag, type, ret;
- if(!*out || !in) return -1;
+ if(!in) return -1;
type = in->type;
if((type < 0) || (type > 30)) return -1;
mbflag = tag2nbyte[type];
@@ -553,6 +553,6 @@ int ASN1_STRING_to_UTF8(unsigned char **out, ASN1_STRING *in)
stmp.data = NULL;
ret = ASN1_mbstring_copy(&str, in->data, in->length, mbflag, B_ASN1_UTF8STRING);
if(ret < 0) return ret;
- if(out) *out = stmp.data;
+ *out = stmp.data;
return stmp.length;
}
diff --git a/lib/libcrypto/asn1/t_req.c b/lib/libcrypto/asn1/t_req.c
index 848c29a2dd3..739f272ecf4 100644
--- a/lib/libcrypto/asn1/t_req.c
+++ b/lib/libcrypto/asn1/t_req.c
@@ -82,7 +82,7 @@ int X509_REQ_print_fp(FILE *fp, X509_REQ *x)
}
#endif
-int X509_REQ_print(BIO *bp, X509_REQ *x)
+int X509_REQ_print_ex(BIO *bp, X509_REQ *x, unsigned long nmflags, unsigned long cflag)
{
unsigned long l;
int i;
@@ -92,143 +92,185 @@ int X509_REQ_print(BIO *bp, X509_REQ *x)
STACK_OF(X509_ATTRIBUTE) *sk;
STACK_OF(X509_EXTENSION) *exts;
char str[128];
+ char mlch = ' ';
+ int nmindent = 0;
+
+ if((nmflags & XN_FLAG_SEP_MASK) == XN_FLAG_SEP_MULTILINE) {
+ mlch = '\n';
+ nmindent = 12;
+ }
+
+ if(nmflags == X509_FLAG_COMPAT)
+ nmindent = 16;
+
ri=x->req_info;
- sprintf(str,"Certificate Request:\n");
- if (BIO_puts(bp,str) <= 0) goto err;
- sprintf(str,"%4sData:\n","");
- if (BIO_puts(bp,str) <= 0) goto err;
-
- neg=(ri->version->type == V_ASN1_NEG_INTEGER)?"-":"";
- l=0;
- for (i=0; i<ri->version->length; i++)
- { l<<=8; l+=ri->version->data[i]; }
- sprintf(str,"%8sVersion: %s%lu (%s0x%lx)\n","",neg,l,neg,l);
- if (BIO_puts(bp,str) <= 0) goto err;
- sprintf(str,"%8sSubject: ","");
- if (BIO_puts(bp,str) <= 0) goto err;
-
- X509_NAME_print(bp,ri->subject,16);
- sprintf(str,"\n%8sSubject Public Key Info:\n","");
- if (BIO_puts(bp,str) <= 0) goto err;
- i=OBJ_obj2nid(ri->pubkey->algor->algorithm);
- sprintf(str,"%12sPublic Key Algorithm: %s\n","",
- (i == NID_undef)?"UNKNOWN":OBJ_nid2ln(i));
- if (BIO_puts(bp,str) <= 0) goto err;
-
- pkey=X509_REQ_get_pubkey(x);
-#ifndef OPENSSL_NO_RSA
- if (pkey != NULL && pkey->type == EVP_PKEY_RSA)
+ if(!(cflag & X509_FLAG_NO_HEADER))
{
- BIO_printf(bp,"%12sRSA Public Key: (%d bit)\n","",
- BN_num_bits(pkey->pkey.rsa->n));
- RSA_print(bp,pkey->pkey.rsa,16);
+ if (BIO_write(bp,"Certificate Request:\n",21) <= 0) goto err;
+ if (BIO_write(bp," Data:\n",10) <= 0) goto err;
}
- else
-#endif
-#ifndef OPENSSL_NO_DSA
- if (pkey != NULL && pkey->type == EVP_PKEY_DSA)
+ if(!(cflag & X509_FLAG_NO_VERSION))
{
- BIO_printf(bp,"%12sDSA Public Key:\n","");
- DSA_print(bp,pkey->pkey.dsa,16);
+ neg=(ri->version->type == V_ASN1_NEG_INTEGER)?"-":"";
+ l=0;
+ for (i=0; i<ri->version->length; i++)
+ { l<<=8; l+=ri->version->data[i]; }
+ sprintf(str,"%8sVersion: %s%lu (%s0x%lx)\n","",neg,l,neg,l);
+ if (BIO_puts(bp,str) <= 0) goto err;
}
- else
-#endif
- BIO_printf(bp,"%12sUnknown Public Key:\n","");
+ if(!(cflag & X509_FLAG_NO_SUBJECT))
+ {
+ if (BIO_printf(bp," Subject:%c",mlch) <= 0) goto err;
+ if (X509_NAME_print_ex(bp,ri->subject,nmindent, nmflags) < 0) goto err;
+ if (BIO_write(bp,"\n",1) <= 0) goto err;
+ }
+ if(!(cflag & X509_FLAG_NO_PUBKEY))
+ {
+ if (BIO_write(bp," Subject Public Key Info:\n",33) <= 0)
+ goto err;
+ if (BIO_printf(bp,"%12sPublic Key Algorithm: ","") <= 0)
+ goto err;
+ if (i2a_ASN1_OBJECT(bp, ri->pubkey->algor->algorithm) <= 0)
+ goto err;
+ if (BIO_puts(bp, "\n") <= 0)
+ goto err;
- if (pkey != NULL)
- EVP_PKEY_free(pkey);
+ pkey=X509_REQ_get_pubkey(x);
+ if (pkey == NULL)
+ {
+ BIO_printf(bp,"%12sUnable to load Public Key\n","");
+ ERR_print_errors(bp);
+ }
+ else
+#ifndef OPENSSL_NO_RSA
+ if (pkey->type == EVP_PKEY_RSA)
+ {
+ BIO_printf(bp,"%12sRSA Public Key: (%d bit)\n","",
+ BN_num_bits(pkey->pkey.rsa->n));
+ RSA_print(bp,pkey->pkey.rsa,16);
+ }
+ else
+#endif
+#ifndef OPENSSL_NO_DSA
+ if (pkey->type == EVP_PKEY_DSA)
+ {
+ BIO_printf(bp,"%12sDSA Public Key:\n","");
+ DSA_print(bp,pkey->pkey.dsa,16);
+ }
+ else
+#endif
+ BIO_printf(bp,"%12sUnknown Public Key:\n","");
- /* may not be */
- sprintf(str,"%8sAttributes:\n","");
- if (BIO_puts(bp,str) <= 0) goto err;
+ EVP_PKEY_free(pkey);
+ }
- sk=x->req_info->attributes;
- if (sk_X509_ATTRIBUTE_num(sk) == 0)
+ if(!(cflag & X509_FLAG_NO_ATTRIBUTES))
{
- sprintf(str,"%12sa0:00\n","");
+ /* may not be */
+ sprintf(str,"%8sAttributes:\n","");
if (BIO_puts(bp,str) <= 0) goto err;
- }
- else
- {
- for (i=0; i<sk_X509_ATTRIBUTE_num(sk); i++)
+
+ sk=x->req_info->attributes;
+ if (sk_X509_ATTRIBUTE_num(sk) == 0)
{
- ASN1_TYPE *at;
- X509_ATTRIBUTE *a;
- ASN1_BIT_STRING *bs=NULL;
- ASN1_TYPE *t;
- int j,type=0,count=1,ii=0;
-
- a=sk_X509_ATTRIBUTE_value(sk,i);
- if(X509_REQ_extension_nid(OBJ_obj2nid(a->object)))
- continue;
- sprintf(str,"%12s","");
+ sprintf(str,"%12sa0:00\n","");
if (BIO_puts(bp,str) <= 0) goto err;
- if ((j=i2a_ASN1_OBJECT(bp,a->object)) > 0)
+ }
+ else
{
- if (a->single)
+ for (i=0; i<sk_X509_ATTRIBUTE_num(sk); i++)
{
- t=a->value.single;
- type=t->type;
- bs=t->value.bit_string;
- }
- else
+ ASN1_TYPE *at;
+ X509_ATTRIBUTE *a;
+ ASN1_BIT_STRING *bs=NULL;
+ ASN1_TYPE *t;
+ int j,type=0,count=1,ii=0;
+
+ a=sk_X509_ATTRIBUTE_value(sk,i);
+ if(X509_REQ_extension_nid(OBJ_obj2nid(a->object)))
+ continue;
+ sprintf(str,"%12s","");
+ if (BIO_puts(bp,str) <= 0) goto err;
+ if ((j=i2a_ASN1_OBJECT(bp,a->object)) > 0)
{
- ii=0;
- count=sk_ASN1_TYPE_num(a->value.set);
+ if (a->single)
+ {
+ t=a->value.single;
+ type=t->type;
+ bs=t->value.bit_string;
+ }
+ else
+ {
+ ii=0;
+ count=sk_ASN1_TYPE_num(a->value.set);
get_next:
- at=sk_ASN1_TYPE_value(a->value.set,ii);
- type=at->type;
- bs=at->value.asn1_string;
+ at=sk_ASN1_TYPE_value(a->value.set,ii);
+ type=at->type;
+ bs=at->value.asn1_string;
+ }
+ }
+ for (j=25-j; j>0; j--)
+ if (BIO_write(bp," ",1) != 1) goto err;
+ if (BIO_puts(bp,":") <= 0) goto err;
+ if ( (type == V_ASN1_PRINTABLESTRING) ||
+ (type == V_ASN1_T61STRING) ||
+ (type == V_ASN1_IA5STRING))
+ {
+ if (BIO_write(bp,(char *)bs->data,bs->length)
+ != bs->length)
+ goto err;
+ BIO_puts(bp,"\n");
+ }
+ else
+ {
+ BIO_puts(bp,"unable to print attribute\n");
+ }
+ if (++ii < count) goto get_next;
}
}
- for (j=25-j; j>0; j--)
- if (BIO_write(bp," ",1) != 1) goto err;
- if (BIO_puts(bp,":") <= 0) goto err;
- if ( (type == V_ASN1_PRINTABLESTRING) ||
- (type == V_ASN1_T61STRING) ||
- (type == V_ASN1_IA5STRING))
+ }
+ if(!(cflag & X509_FLAG_NO_ATTRIBUTES))
+ {
+ exts = X509_REQ_get_extensions(x);
+ if(exts)
+ {
+ BIO_printf(bp,"%8sRequested Extensions:\n","");
+ for (i=0; i<sk_X509_EXTENSION_num(exts); i++)
{
- if (BIO_write(bp,(char *)bs->data,bs->length)
- != bs->length)
+ ASN1_OBJECT *obj;
+ X509_EXTENSION *ex;
+ int j;
+ ex=sk_X509_EXTENSION_value(exts, i);
+ if (BIO_printf(bp,"%12s","") <= 0) goto err;
+ obj=X509_EXTENSION_get_object(ex);
+ i2a_ASN1_OBJECT(bp,obj);
+ j=X509_EXTENSION_get_critical(ex);
+ if (BIO_printf(bp,": %s\n",j?"critical":"","") <= 0)
goto err;
- BIO_puts(bp,"\n");
- }
- else
- {
- BIO_puts(bp,"unable to print attribute\n");
+ if(!X509V3_EXT_print(bp, ex, 0, 16))
+ {
+ BIO_printf(bp, "%16s", "");
+ M_ASN1_OCTET_STRING_print(bp,ex->value);
+ }
+ if (BIO_write(bp,"\n",1) <= 0) goto err;
}
- if (++ii < count) goto get_next;
+ sk_X509_EXTENSION_pop_free(exts, X509_EXTENSION_free);
}
}
- exts = X509_REQ_get_extensions(x);
- if(exts) {
- BIO_printf(bp,"%8sRequested Extensions:\n","");
- for (i=0; i<sk_X509_EXTENSION_num(exts); i++) {
- ASN1_OBJECT *obj;
- X509_EXTENSION *ex;
- int j;
- ex=sk_X509_EXTENSION_value(exts, i);
- if (BIO_printf(bp,"%12s","") <= 0) goto err;
- obj=X509_EXTENSION_get_object(ex);
- i2a_ASN1_OBJECT(bp,obj);
- j=X509_EXTENSION_get_critical(ex);
- if (BIO_printf(bp,": %s\n",j?"critical":"","") <= 0)
- goto err;
- if(!X509V3_EXT_print(bp, ex, 0, 16)) {
- BIO_printf(bp, "%16s", "");
- M_ASN1_OCTET_STRING_print(bp,ex->value);
- }
- if (BIO_write(bp,"\n",1) <= 0) goto err;
+ if(!(cflag & X509_FLAG_NO_SIGDUMP))
+ {
+ if(!X509_signature_print(bp, x->sig_alg, x->signature)) goto err;
}
- sk_X509_EXTENSION_pop_free(exts, X509_EXTENSION_free);
- }
-
- if(!X509_signature_print(bp, x->sig_alg, x->signature)) goto err;
return(1);
err:
X509err(X509_F_X509_REQ_PRINT,ERR_R_BUF_LIB);
return(0);
}
+
+int X509_REQ_print(BIO *bp, X509_REQ *x)
+ {
+ return X509_REQ_print_ex(bp, x, XN_FLAG_COMPAT, X509_FLAG_COMPAT);
+ }
diff --git a/lib/libcrypto/asn1/tasn_dec.c b/lib/libcrypto/asn1/tasn_dec.c
index 0fc1f421e28..f87c08793aa 100644
--- a/lib/libcrypto/asn1/tasn_dec.c
+++ b/lib/libcrypto/asn1/tasn_dec.c
@@ -913,10 +913,10 @@ static int asn1_check_tlen(long *olen, int *otag, unsigned char *oclass, char *i
ctx->ptag = ptag;
ctx->hdrlen = p - q;
ctx->valid = 1;
- /* If definite length, length + header can't exceed total
- * amount of data available.
+ /* If definite length, and no error, length +
+ * header can't exceed total amount of data available.
*/
- if(!(i & 1) && ((plen + ctx->hdrlen) > len)) {
+ if(!(i & 0x81) && ((plen + ctx->hdrlen) > len)) {
ASN1err(ASN1_F_ASN1_CHECK_TLEN, ASN1_R_TOO_LONG);
asn1_tlc_clear(ctx);
return 0;
diff --git a/lib/libcrypto/bio/b_print.c b/lib/libcrypto/bio/b_print.c
index 3ce12907728..80c9cb69db2 100644
--- a/lib/libcrypto/bio/b_print.c
+++ b/lib/libcrypto/bio/b_print.c
@@ -109,7 +109,7 @@
* o ... (for OpenSSL)
*/
-#if HAVE_LONG_DOUBLE
+#ifdef HAVE_LONG_DOUBLE
#define LDOUBLE long double
#else
#define LDOUBLE double
diff --git a/lib/libcrypto/bn/bn.h b/lib/libcrypto/bn/bn.h
index 1eaf8795531..b40682f8318 100644
--- a/lib/libcrypto/bn/bn.h
+++ b/lib/libcrypto/bn/bn.h
@@ -430,7 +430,7 @@ int BN_mod_mul_montgomery(BIGNUM *r,const BIGNUM *a,const BIGNUM *b,
int BN_from_montgomery(BIGNUM *r,const BIGNUM *a,
BN_MONT_CTX *mont, BN_CTX *ctx);
void BN_MONT_CTX_free(BN_MONT_CTX *mont);
-int BN_MONT_CTX_set(BN_MONT_CTX *mont,const BIGNUM *modulus,BN_CTX *ctx);
+int BN_MONT_CTX_set(BN_MONT_CTX *mont,const BIGNUM *mod,BN_CTX *ctx);
BN_MONT_CTX *BN_MONT_CTX_copy(BN_MONT_CTX *to,BN_MONT_CTX *from);
BN_BLINDING *BN_BLINDING_new(BIGNUM *A,BIGNUM *Ai,BIGNUM *mod);
diff --git a/lib/libcrypto/crypto-lib.com b/lib/libcrypto/crypto-lib.com
index 4847a69a716..dfcff11860a 100644
--- a/lib/libcrypto/crypto-lib.com
+++ b/lib/libcrypto/crypto-lib.com
@@ -231,7 +231,7 @@ $ LIB_RAND = "md_rand,randfile,rand_lib,rand_err,rand_egd,"+ -
"rand_vms"
$ LIB_ERR = "err,err_all,err_prn"
$ LIB_OBJECTS = "o_names,obj_dat,obj_lib,obj_err"
-$ LIB_EVP = "encode,digest,evp_enc,evp_key,"+ -
+$ LIB_EVP = "encode,digest,evp_enc,evp_key,evp_acnf,"+ -
"e_des,e_bf,e_idea,e_des3,"+ -
"e_rc4,e_aes,names,"+ -
"e_xcbc_d,e_rc2,e_cast,e_rc5"
@@ -265,14 +265,14 @@ $ LIB_X509V3 = "v3_bcons,v3_bitst,v3_conf,v3_extku,v3_ia5,v3_lib,"+ -
"v3_prn,v3_utl,v3err,v3_genn,v3_alt,v3_skey,v3_akey,v3_pku,"+ -
"v3_int,v3_enum,v3_sxnet,v3_cpols,v3_crld,v3_purp,v3_info,"+ -
"v3_ocsp,v3_akeya"
-$ LIB_CONF = "conf_err,conf_lib,conf_api,conf_def,conf_mod,conf_mall"
+$ LIB_CONF = "conf_err,conf_lib,conf_api,conf_def,conf_mod,conf_mall,conf_sap"
$ LIB_TXT_DB = "txt_db"
$ LIB_PKCS7 = "pk7_asn1,pk7_lib,pkcs7err,pk7_doit,pk7_smime,pk7_attr,"+ -
"pk7_mime"
$ LIB_PKCS12 = "p12_add,p12_asn,p12_attr,p12_crpt,p12_crt,p12_decr,"+ -
"p12_init,p12_key,p12_kiss,p12_mutl,"+ -
"p12_utl,p12_npas,pk12err,p12_p8d,p12_p8e"
-$ LIB_COMP = "comp_lib,"+ -
+$ LIB_COMP = "comp_lib,comp_err,"+ -
"c_rle,c_zlib"
$ LIB_OCSP = "ocsp_asn,ocsp_ext,ocsp_ht,ocsp_lib,ocsp_cl,"+ -
"ocsp_srv,ocsp_prn,ocsp_vfy,ocsp_err"
@@ -1325,7 +1325,7 @@ $ CC4 = CC - CCDISABLEWARNINGS + CC4DISABLEWARNINGS
$!
$! Show user the result
$!
-$ WRITE SYS$OUTPUT "Main C Compiling Command: ",CC
+$ WRITE/SYMBOL SYS$OUTPUT "Main C Compiling Command: ",CC
$!
$! Else The User Entered An Invalid Arguement.
$!
@@ -1356,7 +1356,7 @@ $ IF ARCH .EQS. "AXP" THEN MACRO = "MACRO/MIGRATION/''DEBUGGER'/''MACRO_OPTIMIZE
$!
$! Show user the result
$!
-$ WRITE SYS$OUTPUT "Main MACRO Compiling Command: ",MACRO
+$ WRITE/SYMBOL SYS$OUTPUT "Main MACRO Compiling Command: ",MACRO
$!
$! Time to check the contents, and to make sure we get the correct library.
$!
diff --git a/lib/libcrypto/des/Makefile.ssl b/lib/libcrypto/des/Makefile.ssl
index ee5849d8fad..826ffcc58c2 100644
--- a/lib/libcrypto/des/Makefile.ssl
+++ b/lib/libcrypto/des/Makefile.ssl
@@ -207,7 +207,8 @@ ecb_enc.o: ../../include/openssl/des_old.h ../../include/openssl/e_os2.h
ecb_enc.o: ../../include/openssl/opensslconf.h ../../include/openssl/opensslv.h
ecb_enc.o: ../../include/openssl/safestack.h ../../include/openssl/stack.h
ecb_enc.o: ../../include/openssl/symhacks.h ../../include/openssl/ui.h
-ecb_enc.o: ../../include/openssl/ui_compat.h des_locl.h ecb_enc.c spr.h
+ecb_enc.o: ../../include/openssl/ui_compat.h des_locl.h des_ver.h ecb_enc.c
+ecb_enc.o: spr.h
ede_cbcm_enc.o: ../../include/openssl/crypto.h ../../include/openssl/des.h
ede_cbcm_enc.o: ../../include/openssl/des_old.h ../../include/openssl/e_os2.h
ede_cbcm_enc.o: ../../include/openssl/opensslconf.h
diff --git a/lib/libcrypto/des/des_ver.h b/lib/libcrypto/des/des_ver.h
index 0fa94d53682..ec9cc736e3c 100644
--- a/lib/libcrypto/des/des_ver.h
+++ b/lib/libcrypto/des/des_ver.h
@@ -63,5 +63,5 @@
# define OPENSSL_EXTERN OPENSSL_EXPORT
#endif
-OPENSSL_EXTERN char *DES_version; /* SSLeay version string */
-OPENSSL_EXTERN char *libdes_version; /* old libdes version string */
+OPENSSL_EXTERN const char *DES_version; /* SSLeay version string */
+OPENSSL_EXTERN const char *libdes_version; /* old libdes version string */
diff --git a/lib/libcrypto/des/ecb_enc.c b/lib/libcrypto/des/ecb_enc.c
index 4650f2fa0f5..1b70f68806d 100644
--- a/lib/libcrypto/des/ecb_enc.c
+++ b/lib/libcrypto/des/ecb_enc.c
@@ -57,6 +57,7 @@
*/
#include "des_locl.h"
+#include "des_ver.h"
#include "spr.h"
#include <openssl/opensslv.h>
diff --git a/lib/libcrypto/des/set_key.c b/lib/libcrypto/des/set_key.c
index 683916e71b0..143008ed9c5 100644
--- a/lib/libcrypto/des/set_key.c
+++ b/lib/libcrypto/des/set_key.c
@@ -342,7 +342,7 @@ void DES_set_key_unchecked(const_DES_cblock *key, DES_key_schedule *schedule)
register DES_LONG *k;
register int i;
-#if OPENBSD_DEV_CRYPTO
+#ifdef OPENBSD_DEV_CRYPTO
memcpy(schedule->key,key,sizeof schedule->key);
schedule->session=NULL;
#endif
diff --git a/lib/libcrypto/doc/DH_set_method.pod b/lib/libcrypto/doc/DH_set_method.pod
index d990bf87860..73261fc4675 100644
--- a/lib/libcrypto/doc/DH_set_method.pod
+++ b/lib/libcrypto/doc/DH_set_method.pod
@@ -2,7 +2,7 @@
=head1 NAME
-DH_set_default_openssl_method, DH_get_default_openssl_method,
+DH_set_default_method, DH_get_default_method,
DH_set_method, DH_new_method, DH_OpenSSL - select DH method
=head1 SYNOPSIS
@@ -10,45 +10,47 @@ DH_set_method, DH_new_method, DH_OpenSSL - select DH method
#include <openssl/dh.h>
#include <openssl/engine.h>
- void DH_set_default_openssl_method(DH_METHOD *meth);
+ void DH_set_default_method(const DH_METHOD *meth);
- DH_METHOD *DH_get_default_openssl_method(void);
+ const DH_METHOD *DH_get_default_method(void);
- int DH_set_method(DH *dh, ENGINE *engine);
+ int DH_set_method(DH *dh, const DH_METHOD *meth);
DH *DH_new_method(ENGINE *engine);
- DH_METHOD *DH_OpenSSL(void);
+ const DH_METHOD *DH_OpenSSL(void);
=head1 DESCRIPTION
A B<DH_METHOD> specifies the functions that OpenSSL uses for Diffie-Hellman
operations. By modifying the method, alternative implementations
-such as hardware accelerators may be used.
-
-Initially, the default is to use the OpenSSL internal implementation.
-DH_OpenSSL() returns a pointer to that method.
-
-DH_set_default_openssl_method() makes B<meth> the default method for all DH
-structures created later. B<NB:> This is true only whilst the default engine
-for Diffie-Hellman operations remains as "openssl". ENGINEs provide an
-encapsulation for implementations of one or more algorithms, and all the DH
-functions mentioned here operate within the scope of the default
-"openssl" engine.
-
-DH_get_default_openssl_method() returns a pointer to the current default
-method for the "openssl" engine.
-
-DH_set_method() selects B<engine> as the engine that will be responsible for
-all operations using the structure B<dh>. If this function completes successfully,
-then the B<dh> structure will have its own functional reference of B<engine>, so
-the caller should remember to free their own reference to B<engine> when they are
-finished with it. NB: An ENGINE's DH_METHOD can be retrieved (or set) by
-ENGINE_get_DH() or ENGINE_set_DH().
-
-DH_new_method() allocates and initializes a DH structure so that
-B<engine> will be used for the DH operations. If B<engine> is NULL,
-the default engine for Diffie-Hellman opertaions is used.
+such as hardware accelerators may be used. IMPORTANT: See the NOTES section for
+important information about how these DH API functions are affected by the use
+of B<ENGINE> API calls.
+
+Initially, the default DH_METHOD is the OpenSSL internal implementation, as
+returned by DH_OpenSSL().
+
+DH_set_default_method() makes B<meth> the default method for all DH
+structures created later. B<NB>: This is true only whilst no ENGINE has been set
+as a default for DH, so this function is no longer recommended.
+
+DH_get_default_method() returns a pointer to the current default DH_METHOD.
+However, the meaningfulness of this result is dependant on whether the ENGINE
+API is being used, so this function is no longer recommended.
+
+DH_set_method() selects B<meth> to perform all operations using the key B<dh>.
+This will replace the DH_METHOD used by the DH key and if the previous method
+was supplied by an ENGINE, the handle to that ENGINE will be released during the
+change. It is possible to have DH keys that only work with certain DH_METHOD
+implementations (eg. from an ENGINE module that supports embedded
+hardware-protected keys), and in such cases attempting to change the DH_METHOD
+for the key can have unexpected results.
+
+DH_new_method() allocates and initializes a DH structure so that B<engine> will
+be used for the DH operations. If B<engine> is NULL, the default ENGINE for DH
+operations is used, and if no default ENGINE is set, the DH_METHOD controlled by
+DH_set_default_method() is used.
=head1 THE DH_METHOD STRUCTURE
@@ -82,17 +84,28 @@ the default engine for Diffie-Hellman opertaions is used.
=head1 RETURN VALUES
-DH_OpenSSL() and DH_get_default_openssl_method() return pointers to the
-respective B<DH_METHOD>s.
+DH_OpenSSL() and DH_get_default_method() return pointers to the respective
+B<DH_METHOD>s.
+
+DH_set_default_method() returns no value.
+
+DH_set_method() returns non-zero if the provided B<meth> was successfully set as
+the method for B<dh> (including unloading the ENGINE handle if the previous
+method was supplied by an ENGINE).
-DH_set_default_openssl_method() returns no value.
+DH_new_method() returns NULL and sets an error code that can be obtained by
+L<ERR_get_error(3)|ERR_get_error(3)> if the allocation fails. Otherwise it
+returns a pointer to the newly allocated structure.
-DH_set_method() returns non-zero if the ENGINE associated with B<dh>
-was successfully changed to B<engine>.
+=head1 NOTES
-DH_new_method() returns NULL and sets an error code that can be
-obtained by L<ERR_get_error(3)|ERR_get_error(3)> if the allocation fails.
-Otherwise it returns a pointer to the newly allocated structure.
+As of version 0.9.7, DH_METHOD implementations are grouped together with other
+algorithmic APIs (eg. RSA_METHOD, EVP_CIPHER, etc) in B<ENGINE> modules. If a
+default ENGINE is specified for DH functionality using an ENGINE API function,
+that will override any DH defaults set using the DH API (ie.
+DH_set_default_method()). For this reason, the ENGINE API is the recommended way
+to control default implementations for use in DH and other cryptographic
+algorithms.
=head1 SEE ALSO
@@ -103,9 +116,14 @@ L<dh(3)|dh(3)>, L<DH_new(3)|DH_new(3)>
DH_set_default_method(), DH_get_default_method(), DH_set_method(),
DH_new_method() and DH_OpenSSL() were added in OpenSSL 0.9.4.
-DH_set_default_openssl_method() and DH_get_default_openssl_method()
-replaced DH_set_default_method() and DH_get_default_method() respectively,
-and DH_set_method() and DH_new_method() were altered to use B<ENGINE>s
-rather than B<DH_METHOD>s during development of OpenSSL 0.9.6.
+DH_set_default_openssl_method() and DH_get_default_openssl_method() replaced
+DH_set_default_method() and DH_get_default_method() respectively, and
+DH_set_method() and DH_new_method() were altered to use B<ENGINE>s rather than
+B<DH_METHOD>s during development of the engine version of OpenSSL 0.9.6. For
+0.9.7, the handling of defaults in the ENGINE API was restructured so that this
+change was reversed, and behaviour of the other functions resembled more closely
+the previous behaviour. The behaviour of defaults in the ENGINE API now
+transparently overrides the behaviour of defaults in the DH API without
+requiring changing these function prototypes.
=cut
diff --git a/lib/libcrypto/doc/DSA_dup_DH.pod b/lib/libcrypto/doc/DSA_dup_DH.pod
index 695f99a13b1..7f6f0d1115a 100644
--- a/lib/libcrypto/doc/DSA_dup_DH.pod
+++ b/lib/libcrypto/doc/DSA_dup_DH.pod
@@ -8,7 +8,7 @@ DSA_dup_DH - create a DH structure out of DSA structure
#include <openssl/dsa.h>
- DH * DSA_dup_DH(DSA *r);
+ DH * DSA_dup_DH(const DSA *r);
=head1 DESCRIPTION
diff --git a/lib/libcrypto/doc/DSA_new.pod b/lib/libcrypto/doc/DSA_new.pod
index 301af912dd5..48e9b82a09c 100644
--- a/lib/libcrypto/doc/DSA_new.pod
+++ b/lib/libcrypto/doc/DSA_new.pod
@@ -14,7 +14,8 @@ DSA_new, DSA_free - allocate and free DSA objects
=head1 DESCRIPTION
-DSA_new() allocates and initializes a B<DSA> structure.
+DSA_new() allocates and initializes a B<DSA> structure. It is equivalent to
+calling DSA_new_method(NULL).
DSA_free() frees the B<DSA> structure and its components. The values are
erased before the memory is returned to the system.
diff --git a/lib/libcrypto/doc/DSA_set_method.pod b/lib/libcrypto/doc/DSA_set_method.pod
index 36a1052d276..bc3cfb1f0a7 100644
--- a/lib/libcrypto/doc/DSA_set_method.pod
+++ b/lib/libcrypto/doc/DSA_set_method.pod
@@ -2,7 +2,7 @@
=head1 NAME
-DSA_set_default_openssl_method, DSA_get_default_openssl_method,
+DSA_set_default_method, DSA_get_default_method,
DSA_set_method, DSA_new_method, DSA_OpenSSL - select DSA method
=head1 SYNOPSIS
@@ -10,11 +10,11 @@ DSA_set_method, DSA_new_method, DSA_OpenSSL - select DSA method
#include <openssl/dsa.h>
#include <openssl/engine.h>
- void DSA_set_default_openssl_method(DSA_METHOD *meth);
+ void DSA_set_default_method(const DSA_METHOD *meth);
- DSA_METHOD *DSA_get_default_openssl_method(void);
+ const DSA_METHOD *DSA_get_default_method(void);
- int DSA_set_method(DSA *dsa, ENGINE *engine);
+ int DSA_set_method(DSA *dsa, const DSA_METHOD *meth);
DSA *DSA_new_method(ENGINE *engine);
@@ -24,26 +24,35 @@ DSA_set_method, DSA_new_method, DSA_OpenSSL - select DSA method
A B<DSA_METHOD> specifies the functions that OpenSSL uses for DSA
operations. By modifying the method, alternative implementations
-such as hardware accelerators may be used.
-
-Initially, the default is to use the OpenSSL internal implementation.
-DSA_OpenSSL() returns a pointer to that method.
-
-DSA_set_default_openssl_method() makes B<meth> the default method for
-all DSA structures created later. B<NB:> This is true only whilst the
-default engine for DSA operations remains as "openssl". ENGINEs
-provide an encapsulation for implementations of one or more algorithms at a
-time, and all the DSA functions mentioned here operate within the scope
-of the default "openssl" engine.
-
-DSA_get_default_openssl_method() returns a pointer to the current default
-method for the "openssl" engine.
-
-DSA_set_method() selects B<engine> for all operations using the structure B<dsa>.
-
-DSA_new_method() allocates and initializes a DSA structure so that
-B<engine> will be used for the DSA operations. If B<engine> is NULL,
-the default engine for DSA operations is used.
+such as hardware accelerators may be used. IMPORTANT: See the NOTES section for
+important information about how these DSA API functions are affected by the use
+of B<ENGINE> API calls.
+
+Initially, the default DSA_METHOD is the OpenSSL internal implementation,
+as returned by DSA_OpenSSL().
+
+DSA_set_default_method() makes B<meth> the default method for all DSA
+structures created later. B<NB>: This is true only whilst no ENGINE has
+been set as a default for DSA, so this function is no longer recommended.
+
+DSA_get_default_method() returns a pointer to the current default
+DSA_METHOD. However, the meaningfulness of this result is dependant on
+whether the ENGINE API is being used, so this function is no longer
+recommended.
+
+DSA_set_method() selects B<meth> to perform all operations using the key
+B<rsa>. This will replace the DSA_METHOD used by the DSA key and if the
+previous method was supplied by an ENGINE, the handle to that ENGINE will
+be released during the change. It is possible to have DSA keys that only
+work with certain DSA_METHOD implementations (eg. from an ENGINE module
+that supports embedded hardware-protected keys), and in such cases
+attempting to change the DSA_METHOD for the key can have unexpected
+results.
+
+DSA_new_method() allocates and initializes a DSA structure so that B<engine>
+will be used for the DSA operations. If B<engine> is NULL, the default engine
+for DSA operations is used, and if no default ENGINE is set, the DSA_METHOD
+controlled by DSA_set_default_method() is used.
=head1 THE DSA_METHOD STRUCTURE
@@ -89,18 +98,29 @@ struct
=head1 RETURN VALUES
-DSA_OpenSSL() and DSA_get_default_openssl_method() return pointers to the
-respective B<DSA_METHOD>s.
+DSA_OpenSSL() and DSA_get_default_method() return pointers to the respective
+B<DSA_METHOD>s.
-DSA_set_default_openssl_method() returns no value.
+DSA_set_default_method() returns no value.
-DSA_set_method() returns non-zero if the ENGINE associated with B<dsa>
-was successfully changed to B<engine>.
+DSA_set_method() returns non-zero if the provided B<meth> was successfully set as
+the method for B<dsa> (including unloading the ENGINE handle if the previous
+method was supplied by an ENGINE).
DSA_new_method() returns NULL and sets an error code that can be
obtained by L<ERR_get_error(3)|ERR_get_error(3)> if the allocation
fails. Otherwise it returns a pointer to the newly allocated structure.
+=head1 NOTES
+
+As of version 0.9.7, DSA_METHOD implementations are grouped together with other
+algorithmic APIs (eg. RSA_METHOD, EVP_CIPHER, etc) in B<ENGINE> modules. If a
+default ENGINE is specified for DSA functionality using an ENGINE API function,
+that will override any DSA defaults set using the DSA API (ie.
+DSA_set_default_method()). For this reason, the ENGINE API is the recommended way
+to control default implementations for use in DSA and other cryptographic
+algorithms.
+
=head1 SEE ALSO
L<dsa(3)|dsa(3)>, L<DSA_new(3)|DSA_new(3)>
@@ -110,9 +130,14 @@ L<dsa(3)|dsa(3)>, L<DSA_new(3)|DSA_new(3)>
DSA_set_default_method(), DSA_get_default_method(), DSA_set_method(),
DSA_new_method() and DSA_OpenSSL() were added in OpenSSL 0.9.4.
-DSA_set_default_openssl_method() and DSA_get_default_openssl_method()
-replaced DSA_set_default_method() and DSA_get_default_method() respectively,
-and DSA_set_method() and DSA_new_method() were altered to use B<ENGINE>s
-rather than B<DSA_METHOD>s during development of OpenSSL 0.9.6.
+DSA_set_default_openssl_method() and DSA_get_default_openssl_method() replaced
+DSA_set_default_method() and DSA_get_default_method() respectively, and
+DSA_set_method() and DSA_new_method() were altered to use B<ENGINE>s rather than
+B<DSA_METHOD>s during development of the engine version of OpenSSL 0.9.6. For
+0.9.7, the handling of defaults in the ENGINE API was restructured so that this
+change was reversed, and behaviour of the other functions resembled more closely
+the previous behaviour. The behaviour of defaults in the ENGINE API now
+transparently overrides the behaviour of defaults in the DSA API without
+requiring changing these function prototypes.
=cut
diff --git a/lib/libcrypto/doc/DSA_size.pod b/lib/libcrypto/doc/DSA_size.pod
index 23b6320a4d4..ba4f650361c 100644
--- a/lib/libcrypto/doc/DSA_size.pod
+++ b/lib/libcrypto/doc/DSA_size.pod
@@ -8,7 +8,7 @@ DSA_size - get DSA signature size
#include <openssl/dsa.h>
- int DSA_size(DSA *dsa);
+ int DSA_size(const DSA *dsa);
=head1 DESCRIPTION
diff --git a/lib/libcrypto/doc/EVP_SealInit.pod b/lib/libcrypto/doc/EVP_SealInit.pod
index 0451eb648a3..25ef07f7c7b 100644
--- a/lib/libcrypto/doc/EVP_SealInit.pod
+++ b/lib/libcrypto/doc/EVP_SealInit.pod
@@ -73,4 +73,6 @@ L<EVP_OpenInit(3)|EVP_OpenInit(3)>
=head1 HISTORY
+EVP_SealFinal() did not return a value before OpenSSL 0.9.7.
+
=cut
diff --git a/lib/libcrypto/doc/RAND_set_rand_method.pod b/lib/libcrypto/doc/RAND_set_rand_method.pod
index 464eba416d4..c9bb6d9f27b 100644
--- a/lib/libcrypto/doc/RAND_set_rand_method.pod
+++ b/lib/libcrypto/doc/RAND_set_rand_method.pod
@@ -8,22 +8,30 @@ RAND_set_rand_method, RAND_get_rand_method, RAND_SSLeay - select RAND method
#include <openssl/rand.h>
- void RAND_set_rand_method(RAND_METHOD *meth);
+ void RAND_set_rand_method(const RAND_METHOD *meth);
- RAND_METHOD *RAND_get_rand_method(void);
+ const RAND_METHOD *RAND_get_rand_method(void);
RAND_METHOD *RAND_SSLeay(void);
=head1 DESCRIPTION
-A B<RAND_METHOD> specifies the functions that OpenSSL uses for random
-number generation. By modifying the method, alternative
-implementations such as hardware RNGs may be used. Initially, the
-default is to use the OpenSSL internal implementation. RAND_SSLeay()
-returns a pointer to that method.
+A B<RAND_METHOD> specifies the functions that OpenSSL uses for random number
+generation. By modifying the method, alternative implementations such as
+hardware RNGs may be used. IMPORTANT: See the NOTES section for important
+information about how these RAND API functions are affected by the use of
+B<ENGINE> API calls.
-RAND_set_rand_method() sets the RAND method to B<meth>.
-RAND_get_rand_method() returns a pointer to the current method.
+Initially, the default RAND_METHOD is the OpenSSL internal implementation, as
+returned by RAND_SSLeay().
+
+RAND_set_default_method() makes B<meth> the method for PRNG use. B<NB>: This is
+true only whilst no ENGINE has been set as a default for RAND, so this function
+is no longer recommended.
+
+RAND_get_default_method() returns a pointer to the current RAND_METHOD.
+However, the meaningfulness of this result is dependant on whether the ENGINE
+API is being used, so this function is no longer recommended.
=head1 THE RAND_METHOD STRUCTURE
@@ -47,13 +55,29 @@ Each component may be NULL if the function is not implemented.
RAND_set_rand_method() returns no value. RAND_get_rand_method() and
RAND_SSLeay() return pointers to the respective methods.
+=head1 NOTES
+
+As of version 0.9.7, RAND_METHOD implementations are grouped together with other
+algorithmic APIs (eg. RSA_METHOD, EVP_CIPHER, etc) in B<ENGINE> modules. If a
+default ENGINE is specified for RAND functionality using an ENGINE API function,
+that will override any RAND defaults set using the RAND API (ie.
+RAND_set_rand_method()). For this reason, the ENGINE API is the recommended way
+to control default implementations for use in RAND and other cryptographic
+algorithms.
+
=head1 SEE ALSO
-L<rand(3)|rand(3)>
+L<rand(3)|rand(3)>, L<engine(3)|engine(3)>
=head1 HISTORY
RAND_set_rand_method(), RAND_get_rand_method() and RAND_SSLeay() are
available in all versions of OpenSSL.
+In the engine version of version 0.9.6, RAND_set_rand_method() was altered to
+take an ENGINE pointer as its argument. As of version 0.9.7, that has been
+reverted as the ENGINE API transparently overrides RAND defaults if used,
+otherwise RAND API functions work as before. RAND_set_rand_engine() was also
+introduced in version 0.9.7.
+
=cut
diff --git a/lib/libcrypto/doc/RSA_new.pod b/lib/libcrypto/doc/RSA_new.pod
index 299047f31fa..3d15b928243 100644
--- a/lib/libcrypto/doc/RSA_new.pod
+++ b/lib/libcrypto/doc/RSA_new.pod
@@ -14,7 +14,8 @@ RSA_new, RSA_free - allocate and free RSA objects
=head1 DESCRIPTION
-RSA_new() allocates and initializes an B<RSA> structure.
+RSA_new() allocates and initializes an B<RSA> structure. It is equivalent to
+calling RSA_new_method(NULL).
RSA_free() frees the B<RSA> structure and its components. The key is
erased before the memory is returned to the system.
@@ -30,7 +31,8 @@ RSA_free() returns no value.
=head1 SEE ALSO
L<ERR_get_error(3)|ERR_get_error(3)>, L<rsa(3)|rsa(3)>,
-L<RSA_generate_key(3)|RSA_generate_key(3)>
+L<RSA_generate_key(3)|RSA_generate_key(3)>,
+L<RSA_new_method(3)|RSA_new_method(3)>
=head1 HISTORY
diff --git a/lib/libcrypto/doc/RSA_set_method.pod b/lib/libcrypto/doc/RSA_set_method.pod
index 14917dd35f9..0687c2242a5 100644
--- a/lib/libcrypto/doc/RSA_set_method.pod
+++ b/lib/libcrypto/doc/RSA_set_method.pod
@@ -11,52 +11,64 @@ RSA_null_method, RSA_flags, RSA_new_method - select RSA method
#include <openssl/rsa.h>
#include <openssl/engine.h>
- void RSA_set_default_openssl_method(RSA_METHOD *meth);
+ void RSA_set_default_method(const RSA_METHOD *meth);
- RSA_METHOD *RSA_get_default_openssl_method(void);
+ RSA_METHOD *RSA_get_default_method(void);
- int RSA_set_method(RSA *rsa, ENGINE *engine);
+ int RSA_set_method(RSA *rsa, const RSA_METHOD *meth);
- RSA_METHOD *RSA_get_method(RSA *rsa);
+ RSA_METHOD *RSA_get_method(const RSA *rsa);
RSA_METHOD *RSA_PKCS1_SSLeay(void);
RSA_METHOD *RSA_null_method(void);
- int RSA_flags(RSA *rsa);
+ int RSA_flags(const RSA *rsa);
RSA *RSA_new_method(ENGINE *engine);
=head1 DESCRIPTION
An B<RSA_METHOD> specifies the functions that OpenSSL uses for RSA
-operations. By modifying the method, alternative implementations
-such as hardware accelerators may be used.
-
-Initially, the default is to use the OpenSSL internal implementation.
-RSA_PKCS1_SSLeay() returns a pointer to that method.
-
-RSA_set_default_openssl_method() makes B<meth> the default method for all B<RSA>
-structures created later. B<NB:> This is true only whilst the default engine
-for RSA operations remains as "openssl". ENGINEs provide an
-encapsulation for implementations of one or more algorithms at a time, and all
-the RSA functions mentioned here operate within the scope of the default
-"openssl" engine.
-
-RSA_get_default_openssl_method() returns a pointer to the current default
-method for the "openssl" engine.
-
-RSA_set_method() selects B<engine> for all operations using the key
-B<rsa>.
-
-RSA_get_method() returns a pointer to the RSA_METHOD from the currently
-selected ENGINE for B<rsa>.
-
-RSA_flags() returns the B<flags> that are set for B<rsa>'s current method.
+operations. By modifying the method, alternative implementations such as
+hardware accelerators may be used. IMPORTANT: See the NOTES section for
+important information about how these RSA API functions are affected by the
+use of B<ENGINE> API calls.
+
+Initially, the default RSA_METHOD is the OpenSSL internal implementation,
+as returned by RSA_PKCS1_SSLeay().
+
+RSA_set_default_method() makes B<meth> the default method for all RSA
+structures created later. B<NB>: This is true only whilst no ENGINE has
+been set as a default for RSA, so this function is no longer recommended.
+
+RSA_get_default_method() returns a pointer to the current default
+RSA_METHOD. However, the meaningfulness of this result is dependant on
+whether the ENGINE API is being used, so this function is no longer
+recommended.
+
+RSA_set_method() selects B<meth> to perform all operations using the key
+B<rsa>. This will replace the RSA_METHOD used by the RSA key and if the
+previous method was supplied by an ENGINE, the handle to that ENGINE will
+be released during the change. It is possible to have RSA keys that only
+work with certain RSA_METHOD implementations (eg. from an ENGINE module
+that supports embedded hardware-protected keys), and in such cases
+attempting to change the RSA_METHOD for the key can have unexpected
+results.
+
+RSA_get_method() returns a pointer to the RSA_METHOD being used by B<rsa>.
+This method may or may not be supplied by an ENGINE implementation, but if
+it is, the return value can only be guaranteed to be valid as long as the
+RSA key itself is valid and does not have its implementation changed by
+RSA_set_method().
+
+RSA_flags() returns the B<flags> that are set for B<rsa>'s current
+RSA_METHOD. See the BUGS section.
RSA_new_method() allocates and initializes an RSA structure so that
-B<engine> will be used for the RSA operations. If B<engine> is NULL,
-the default engine for RSA operations is used.
+B<engine> will be used for the RSA operations. If B<engine> is NULL, the
+default ENGINE for RSA operations is used, and if no default ENGINE is set,
+the RSA_METHOD controlled by RSA_set_default_method() is used.
=head1 THE RSA_METHOD STRUCTURE
@@ -121,22 +133,45 @@ the default engine for RSA operations is used.
=head1 RETURN VALUES
-RSA_PKCS1_SSLeay(), RSA_PKCS1_null_method(), RSA_get_default_openssl_method()
+RSA_PKCS1_SSLeay(), RSA_PKCS1_null_method(), RSA_get_default_method()
and RSA_get_method() return pointers to the respective RSA_METHODs.
-RSA_set_default_openssl_method() returns no value.
+RSA_set_default_method() returns no value.
-RSA_set_method() selects B<engine> as the engine that will be responsible for
-all operations using the structure B<rsa>. If this function completes successfully,
-then the B<rsa> structure will have its own functional reference of B<engine>, so
-the caller should remember to free their own reference to B<engine> when they are
-finished with it. NB: An ENGINE's RSA_METHOD can be retrieved (or set) by
-ENGINE_get_RSA() or ENGINE_set_RSA().
+RSA_set_method() returns a pointer to the old RSA_METHOD implementation
+that was replaced. However, this return value should probably be ignored
+because if it was supplied by an ENGINE, the pointer could be invalidated
+at any time if the ENGINE is unloaded (in fact it could be unloaded as a
+result of the RSA_set_method() function releasing its handle to the
+ENGINE). For this reason, the return type may be replaced with a B<void>
+declaration in a future release.
-RSA_new_method() returns NULL and sets an error code that can be
-obtained by L<ERR_get_error(3)|ERR_get_error(3)> if the allocation fails. Otherwise
+RSA_new_method() returns NULL and sets an error code that can be obtained
+by L<ERR_get_error(3)|ERR_get_error(3)> if the allocation fails. Otherwise
it returns a pointer to the newly allocated structure.
+=head1 NOTES
+
+As of version 0.9.7, RSA_METHOD implementations are grouped together with
+other algorithmic APIs (eg. DSA_METHOD, EVP_CIPHER, etc) into B<ENGINE>
+modules. If a default ENGINE is specified for RSA functionality using an
+ENGINE API function, that will override any RSA defaults set using the RSA
+API (ie. RSA_set_default_method()). For this reason, the ENGINE API is the
+recommended way to control default implementations for use in RSA and other
+cryptographic algorithms.
+
+=head1 BUGS
+
+The behaviour of RSA_flags() is a mis-feature that is left as-is for now
+to avoid creating compatibility problems. RSA functionality, such as the
+encryption functions, are controlled by the B<flags> value in the RSA key
+itself, not by the B<flags> value in the RSA_METHOD attached to the RSA key
+(which is what this function returns). If the flags element of an RSA key
+is changed, the changes will be honoured by RSA functionality but will not
+be reflected in the return value of the RSA_flags() function - in effect
+RSA_flags() behaves more like an RSA_default_flags() function (which does
+not currently exist).
+
=head1 SEE ALSO
L<rsa(3)|rsa(3)>, L<RSA_new(3)|RSA_new(3)>
@@ -149,8 +184,14 @@ well as the rsa_sign and rsa_verify components of RSA_METHOD were
added in OpenSSL 0.9.4.
RSA_set_default_openssl_method() and RSA_get_default_openssl_method()
-replaced RSA_set_default_method() and RSA_get_default_method() respectively,
-and RSA_set_method() and RSA_new_method() were altered to use B<ENGINE>s
-rather than B<RSA_METHOD>s during development of OpenSSL 0.9.6.
+replaced RSA_set_default_method() and RSA_get_default_method()
+respectively, and RSA_set_method() and RSA_new_method() were altered to use
+B<ENGINE>s rather than B<RSA_METHOD>s during development of the engine
+version of OpenSSL 0.9.6. For 0.9.7, the handling of defaults in the ENGINE
+API was restructured so that this change was reversed, and behaviour of the
+other functions resembled more closely the previous behaviour. The
+behaviour of defaults in the ENGINE API now transparently overrides the
+behaviour of defaults in the RSA API without requiring changing these
+function prototypes.
=cut
diff --git a/lib/libcrypto/doc/RSA_size.pod b/lib/libcrypto/doc/RSA_size.pod
index b36b4d58d54..5b7f835f95d 100644
--- a/lib/libcrypto/doc/RSA_size.pod
+++ b/lib/libcrypto/doc/RSA_size.pod
@@ -8,7 +8,7 @@ RSA_size - get RSA modulus size
#include <openssl/rsa.h>
- int RSA_size(RSA *rsa);
+ int RSA_size(const RSA *rsa);
=head1 DESCRIPTION
diff --git a/lib/libcrypto/doc/dh.pod b/lib/libcrypto/doc/dh.pod
index b4be4be4058..c3ccd062078 100644
--- a/lib/libcrypto/doc/dh.pod
+++ b/lib/libcrypto/doc/dh.pod
@@ -12,20 +12,20 @@ dh - Diffie-Hellman key agreement
DH * DH_new(void);
void DH_free(DH *dh);
- int DH_size(DH *dh);
+ int DH_size(const DH *dh);
DH * DH_generate_parameters(int prime_len, int generator,
void (*callback)(int, int, void *), void *cb_arg);
- int DH_check(DH *dh, int *codes);
+ int DH_check(const DH *dh, int *codes);
int DH_generate_key(DH *dh);
int DH_compute_key(unsigned char *key, BIGNUM *pub_key, DH *dh);
- void DH_set_default_openssl_method(DH_METHOD *meth);
- DH_METHOD *DH_get_default_openssl_method(void);
- int DH_set_method(DH *dh, ENGINE *engine);
+ void DH_set_default_method(const DH_METHOD *meth);
+ const DH_METHOD *DH_get_default_method(void);
+ int DH_set_method(DH *dh, const DH_METHOD *meth);
DH *DH_new_method(ENGINE *engine);
- DH_METHOD *DH_OpenSSL(void);
+ const DH_METHOD *DH_OpenSSL(void);
int DH_get_ex_new_index(long argl, char *argp, int (*new_func)(),
int (*dup_func)(), void (*free_func)());
@@ -33,10 +33,10 @@ dh - Diffie-Hellman key agreement
char *DH_get_ex_data(DH *d, int idx);
DH * d2i_DHparams(DH **a, unsigned char **pp, long length);
- int i2d_DHparams(DH *a, unsigned char **pp);
+ int i2d_DHparams(const DH *a, unsigned char **pp);
- int DHparams_print_fp(FILE *fp, DH *x);
- int DHparams_print(BIO *bp, DH *x);
+ int DHparams_print_fp(FILE *fp, const DH *x);
+ int DHparams_print(BIO *bp, const DH *x);
=head1 DESCRIPTION
@@ -57,11 +57,20 @@ The B<DH> structure consists of several BIGNUM components.
};
DH
+Note that DH keys may use non-standard B<DH_METHOD> implementations,
+either directly or by the use of B<ENGINE> modules. In some cases (eg. an
+ENGINE providing support for hardware-embedded keys), these BIGNUM values
+will not be used by the implementation or may be used for alternative data
+storage. For this reason, applications should generally avoid using DH
+structure elements directly and instead use API functions to query or
+modify keys.
+
=head1 SEE ALSO
L<dhparam(1)|dhparam(1)>, L<bn(3)|bn(3)>, L<dsa(3)|dsa(3)>, L<err(3)|err(3)>,
-L<rand(3)|rand(3)>, L<rsa(3)|rsa(3)>, L<DH_set_method(3)|DH_set_method(3)>,
-L<DH_new(3)|DH_new(3)>, L<DH_get_ex_new_index(3)|DH_get_ex_new_index(3)>,
+L<rand(3)|rand(3)>, L<rsa(3)|rsa(3)>, L<engine(3)|engine(3)>,
+L<DH_set_method(3)|DH_set_method(3)>, L<DH_new(3)|DH_new(3)>,
+L<DH_get_ex_new_index(3)|DH_get_ex_new_index(3)>,
L<DH_generate_parameters(3)|DH_generate_parameters(3)>,
L<DH_compute_key(3)|DH_compute_key(3)>, L<d2i_DHparams(3)|d2i_DHparams(3)>,
L<RSA_print(3)|RSA_print(3)>
diff --git a/lib/libcrypto/doc/dsa.pod b/lib/libcrypto/doc/dsa.pod
index 573500204bb..ae2e5d81f9a 100644
--- a/lib/libcrypto/doc/dsa.pod
+++ b/lib/libcrypto/doc/dsa.pod
@@ -12,13 +12,13 @@ dsa - Digital Signature Algorithm
DSA * DSA_new(void);
void DSA_free(DSA *dsa);
- int DSA_size(DSA *dsa);
+ int DSA_size(const DSA *dsa);
DSA * DSA_generate_parameters(int bits, unsigned char *seed,
int seed_len, int *counter_ret, unsigned long *h_ret,
void (*callback)(int, int, void *), void *cb_arg);
- DH * DSA_dup_DH(DSA *r);
+ DH * DSA_dup_DH(const DSA *r);
int DSA_generate_key(DSA *dsa);
@@ -27,13 +27,13 @@ dsa - Digital Signature Algorithm
int DSA_sign_setup(DSA *dsa, BN_CTX *ctx, BIGNUM **kinvp,
BIGNUM **rp);
int DSA_verify(int dummy, const unsigned char *dgst, int len,
- unsigned char *sigbuf, int siglen, DSA *dsa);
+ const unsigned char *sigbuf, int siglen, DSA *dsa);
- void DSA_set_default_openssl_method(DSA_METHOD *meth);
- DSA_METHOD *DSA_get_default_openssl_method(void);
- int DSA_set_method(DSA *dsa, ENGINE *engine);
+ void DSA_set_default_method(const DSA_METHOD *meth);
+ const DSA_METHOD *DSA_get_default_method(void);
+ int DSA_set_method(DSA *dsa, const DSA_METHOD *meth);
DSA *DSA_new_method(ENGINE *engine);
- DSA_METHOD *DSA_OpenSSL(void);
+ const DSA_METHOD *DSA_OpenSSL(void);
int DSA_get_ex_new_index(long argl, char *argp, int (*new_func)(),
int (*dup_func)(), void (*free_func)());
@@ -42,7 +42,7 @@ dsa - Digital Signature Algorithm
DSA_SIG *DSA_SIG_new(void);
void DSA_SIG_free(DSA_SIG *a);
- int i2d_DSA_SIG(DSA_SIG *a, unsigned char **pp);
+ int i2d_DSA_SIG(const DSA_SIG *a, unsigned char **pp);
DSA_SIG *d2i_DSA_SIG(DSA_SIG **v, unsigned char **pp, long length);
DSA_SIG *DSA_do_sign(const unsigned char *dgst, int dlen, DSA *dsa);
@@ -52,14 +52,14 @@ dsa - Digital Signature Algorithm
DSA * d2i_DSAPublicKey(DSA **a, unsigned char **pp, long length);
DSA * d2i_DSAPrivateKey(DSA **a, unsigned char **pp, long length);
DSA * d2i_DSAparams(DSA **a, unsigned char **pp, long length);
- int i2d_DSAPublicKey(DSA *a, unsigned char **pp);
- int i2d_DSAPrivateKey(DSA *a, unsigned char **pp);
- int i2d_DSAparams(DSA *a,unsigned char **pp);
+ int i2d_DSAPublicKey(const DSA *a, unsigned char **pp);
+ int i2d_DSAPrivateKey(const DSA *a, unsigned char **pp);
+ int i2d_DSAparams(const DSA *a,unsigned char **pp);
- int DSAparams_print(BIO *bp, DSA *x);
- int DSAparams_print_fp(FILE *fp, DSA *x);
- int DSA_print(BIO *bp, DSA *x, int off);
- int DSA_print_fp(FILE *bp, DSA *x, int off);
+ int DSAparams_print(BIO *bp, const DSA *x);
+ int DSAparams_print_fp(FILE *fp, const DSA *x);
+ int DSA_print(BIO *bp, const DSA *x, int off);
+ int DSA_print_fp(FILE *bp, const DSA *x, int off);
=head1 DESCRIPTION
@@ -85,6 +85,14 @@ The B<DSA> structure consists of several BIGNUM components.
In public keys, B<priv_key> is NULL.
+Note that DSA keys may use non-standard B<DSA_METHOD> implementations,
+either directly or by the use of B<ENGINE> modules. In some cases (eg. an
+ENGINE providing support for hardware-embedded keys), these BIGNUM values
+will not be used by the implementation or may be used for alternative data
+storage. For this reason, applications should generally avoid using DSA
+structure elements directly and instead use API functions to query or
+modify keys.
+
=head1 CONFORMING TO
US Federal Information Processing Standard FIPS 186 (Digital Signature
diff --git a/lib/libcrypto/doc/evp.pod b/lib/libcrypto/doc/evp.pod
index edf47dbde66..b3ca14314fa 100644
--- a/lib/libcrypto/doc/evp.pod
+++ b/lib/libcrypto/doc/evp.pod
@@ -24,6 +24,13 @@ functions. The B<EVP_Digest>I<...> functions provide message digests.
Algorithms are loaded with OpenSSL_add_all_algorithms(3).
+All the symmetric algorithms (ciphers) and digests can be replaced by ENGINE
+modules providing alternative implementations. If ENGINE implementations of
+ciphers or digests are registered as defaults, then the various EVP functions
+will automatically use those implementations automatically in preference to
+built in software implementations. For more information, consult the engine(3)
+man page.
+
=head1 SEE ALSO
L<EVP_DigestInit(3)|EVP_DigestInit(3)>,
@@ -32,6 +39,7 @@ L<EVP_OpenInit(3)|EVP_OpenInit(3)>,
L<EVP_SealInit(3)|EVP_SealInit(3)>,
L<EVP_SignInit(3)|EVP_SignInit(3)>,
L<EVP_VerifyInit(3)|EVP_VerifyInit(3)>,
-L<OpenSSL_add_all_algorithms(3)|OpenSSL_add_all_algorithms(3)>
+L<OpenSSL_add_all_algorithms(3)|OpenSSL_add_all_algorithms(3)>,
+L<engine(3)|engine(3)>
=cut
diff --git a/lib/libcrypto/doc/rsa.pod b/lib/libcrypto/doc/rsa.pod
index 2b93a12b654..45ac53ffc14 100644
--- a/lib/libcrypto/doc/rsa.pod
+++ b/lib/libcrypto/doc/rsa.pod
@@ -16,13 +16,17 @@ rsa - RSA public key cryptosystem
unsigned char *to, RSA *rsa, int padding);
int RSA_private_decrypt(int flen, unsigned char *from,
unsigned char *to, RSA *rsa, int padding);
+ int RSA_private_encrypt(int flen, unsigned char *from,
+ unsigned char *to, RSA *rsa,int padding);
+ int RSA_public_decrypt(int flen, unsigned char *from,
+ unsigned char *to, RSA *rsa,int padding);
int RSA_sign(int type, unsigned char *m, unsigned int m_len,
unsigned char *sigret, unsigned int *siglen, RSA *rsa);
int RSA_verify(int type, unsigned char *m, unsigned int m_len,
unsigned char *sigbuf, unsigned int siglen, RSA *rsa);
- int RSA_size(RSA *rsa);
+ int RSA_size(const RSA *rsa);
RSA *RSA_generate_key(int num, unsigned long e,
void (*callback)(int,int,void *), void *cb_arg);
@@ -32,13 +36,13 @@ rsa - RSA public key cryptosystem
int RSA_blinding_on(RSA *rsa, BN_CTX *ctx);
void RSA_blinding_off(RSA *rsa);
- void RSA_set_default_openssl_method(RSA_METHOD *meth);
- RSA_METHOD *RSA_get_default_openssl_method(void);
- int RSA_set_method(RSA *rsa, ENGINE *engine);
- RSA_METHOD *RSA_get_method(RSA *rsa);
+ void RSA_set_default_method(const RSA_METHOD *meth);
+ const RSA_METHOD *RSA_get_default_method(void);
+ int RSA_set_method(RSA *rsa, const RSA_METHOD *meth);
+ const RSA_METHOD *RSA_get_method(const RSA *rsa);
RSA_METHOD *RSA_PKCS1_SSLeay(void);
RSA_METHOD *RSA_null_method(void);
- int RSA_flags(RSA *rsa);
+ int RSA_flags(const RSA *rsa);
RSA *RSA_new_method(ENGINE *engine);
int RSA_print(BIO *bp, RSA *x, int offset);
@@ -49,11 +53,6 @@ rsa - RSA public key cryptosystem
int RSA_set_ex_data(RSA *r,int idx,char *arg);
char *RSA_get_ex_data(RSA *r, int idx);
- int RSA_private_encrypt(int flen, unsigned char *from,
- unsigned char *to, RSA *rsa,int padding);
- int RSA_public_decrypt(int flen, unsigned char *from,
- unsigned char *to, RSA *rsa,int padding);
-
int RSA_sign_ASN1_OCTET_STRING(int dummy, unsigned char *m,
unsigned int m_len, unsigned char *sigret, unsigned int *siglen,
RSA *rsa);
@@ -90,6 +89,14 @@ B<p>, B<q>, B<dmp1>, B<dmq1> and B<iqmp> may be B<NULL> in private
keys, but the RSA operations are much faster when these values are
available.
+Note that RSA keys may use non-standard B<RSA_METHOD> implementations,
+either directly or by the use of B<ENGINE> modules. In some cases (eg. an
+ENGINE providing support for hardware-embedded keys), these BIGNUM values
+will not be used by the implementation or may be used for alternative data
+storage. For this reason, applications should generally avoid using RSA
+structure elements directly and instead use API functions to query or
+modify keys.
+
=head1 CONFORMING TO
SSL, PKCS #1 v2.0
@@ -101,7 +108,7 @@ RSA was covered by a US patent which expired in September 2000.
=head1 SEE ALSO
L<rsa(1)|rsa(1)>, L<bn(3)|bn(3)>, L<dsa(3)|dsa(3)>, L<dh(3)|dh(3)>,
-L<rand(3)|rand(3)>, L<RSA_new(3)|RSA_new(3)>,
+L<rand(3)|rand(3)>, L<engine(3)|engine(3)>, L<RSA_new(3)|RSA_new(3)>,
L<RSA_public_encrypt(3)|RSA_public_encrypt(3)>,
L<RSA_sign(3)|RSA_sign(3)>, L<RSA_size(3)|RSA_size(3)>,
L<RSA_generate_key(3)|RSA_generate_key(3)>,
diff --git a/lib/libcrypto/engine/hw_4758_cca.c b/lib/libcrypto/engine/hw_4758_cca.c
index f404b1a3b8f..6d41b9ed2ad 100644
--- a/lib/libcrypto/engine/hw_4758_cca.c
+++ b/lib/libcrypto/engine/hw_4758_cca.c
@@ -953,7 +953,7 @@ static void cca_ex_free(void *obj, void *item, CRYPTO_EX_DATA *ad, int idx,
#ifdef ENGINE_DYNAMIC_SUPPORT
static int bind_fn(ENGINE *e, const char *id)
{
- if(id && (strcmp(id, engine_cswift_id) != 0))
+ if(id && (strcmp(id, engine_4758_cca_id) != 0))
return 0;
if(!bind_helper(e))
return 0;
diff --git a/lib/libcrypto/engine/hw_openbsd_dev_crypto.c b/lib/libcrypto/engine/hw_openbsd_dev_crypto.c
index f946389b8a3..b8aab545db6 100644
--- a/lib/libcrypto/engine/hw_openbsd_dev_crypto.c
+++ b/lib/libcrypto/engine/hw_openbsd_dev_crypto.c
@@ -408,7 +408,7 @@ static int do_digest(int ses,unsigned char *md,const void *data,int len)
cryp.op=COP_ENCRYPT;/* required to do the MAC rather than check it */
cryp.len=len;
cryp.src=(caddr_t)data;
- cryp.dst=(caddr_t)data; // FIXME!!!
+ cryp.dst=(caddr_t)data; /* FIXME!!! */
cryp.mac=(caddr_t)md;
if(ioctl(fd, CIOCCRYPT, &cryp) == -1)
@@ -420,7 +420,7 @@ static int do_digest(int ses,unsigned char *md,const void *data,int len)
dcopy=OPENSSL_malloc(len);
memcpy(dcopy,data,len);
cryp.src=dcopy;
- cryp.dst=cryp.src; // FIXME!!!
+ cryp.dst=cryp.src; /* FIXME!!! */
if(ioctl(fd, CIOCCRYPT, &cryp) == -1)
{
@@ -437,7 +437,7 @@ static int do_digest(int ses,unsigned char *md,const void *data,int len)
return 0;
}
}
- // printf("done\n");
+ /* printf("done\n"); */
return 1;
}
@@ -483,7 +483,7 @@ static int dev_crypto_md5_copy(EVP_MD_CTX *to,const EVP_MD_CTX *from)
const MD_DATA *from_md=from->md_data;
MD_DATA *to_md=to->md_data;
- // How do we copy sessions?
+ /* How do we copy sessions? */
assert(from->digest->flags&EVP_MD_FLAG_ONESHOT);
to_md->data=OPENSSL_malloc(from_md->len);
@@ -530,7 +530,7 @@ static const EVP_MD md5_md=
NID_md5,
NID_md5WithRSAEncryption,
MD5_DIGEST_LENGTH,
- EVP_MD_FLAG_ONESHOT, // XXX: set according to device info...
+ EVP_MD_FLAG_ONESHOT, /* XXX: set according to device info... */
dev_crypto_md5_init,
dev_crypto_md5_update,
dev_crypto_md5_final,
diff --git a/lib/libcrypto/engine/hw_ubsec.c b/lib/libcrypto/engine/hw_ubsec.c
index 63397f868c5..ed8401ec162 100644
--- a/lib/libcrypto/engine/hw_ubsec.c
+++ b/lib/libcrypto/engine/hw_ubsec.c
@@ -93,7 +93,7 @@ static int ubsec_rsa_mod_exp(BIGNUM *r0, const BIGNUM *I, RSA *rsa);
static int ubsec_mod_exp_mont(BIGNUM *r, const BIGNUM *a, const BIGNUM *p,
const BIGNUM *m, BN_CTX *ctx, BN_MONT_CTX *m_ctx);
#ifndef OPENSSL_NO_DSA
-#if NOT_USED
+#ifdef NOT_USED
static int ubsec_dsa_mod_exp(DSA *dsa, BIGNUM *rr, BIGNUM *a1,
BIGNUM *p1, BIGNUM *a2, BIGNUM *p2, BIGNUM *m,
BN_CTX *ctx, BN_MONT_CTX *in_mont);
@@ -113,7 +113,7 @@ static int ubsec_dh_compute_key(unsigned char *key,const BIGNUM *pub_key,DH *dh)
static int ubsec_dh_generate_key(DH *dh);
#endif
-#if NOT_USED
+#ifdef NOT_USED
static int ubsec_rand_bytes(unsigned char *buf, int num);
static int ubsec_rand_status(void);
#endif
@@ -663,7 +663,7 @@ static int ubsec_mod_exp_crt(BIGNUM *r, const BIGNUM *a, const BIGNUM *p,
}
#ifndef OPENSSL_NO_DSA
-#if NOT_USED
+#ifdef NOT_USED
static int ubsec_dsa_mod_exp(DSA *dsa, BIGNUM *rr, BIGNUM *a1,
BIGNUM *p1, BIGNUM *a2, BIGNUM *p2, BIGNUM *m,
BN_CTX *ctx, BN_MONT_CTX *in_mont)
@@ -987,7 +987,7 @@ err:
}
#endif
-#if NOT_USED
+#ifdef NOT_USED
static int ubsec_rand_bytes(unsigned char * buf,
int num)
{
diff --git a/lib/libcrypto/evp/evp_locl.h b/lib/libcrypto/evp/evp_locl.h
index 7b088b48480..4d81a3bf4c5 100644
--- a/lib/libcrypto/evp/evp_locl.h
+++ b/lib/libcrypto/evp/evp_locl.h
@@ -124,17 +124,17 @@ const EVP_CIPHER *EVP_##cname##_##mode(void) { return &cname##_##mode; }
BLOCK_CIPHER_def1(cname, cbc, cbc, CBC, kstruct, nid, block_size, key_len, \
iv_len, flags, init_key, cleanup, set_asn1, get_asn1, ctrl)
-#define BLOCK_CIPHER_def_cfb(cname, kstruct, nid, block_size, key_len, \
+#define BLOCK_CIPHER_def_cfb(cname, kstruct, nid, key_len, \
iv_len, cbits, flags, init_key, cleanup, \
set_asn1, get_asn1, ctrl) \
-BLOCK_CIPHER_def1(cname, cfb##cbits, cfb, CFB, kstruct, nid, block_size, \
+BLOCK_CIPHER_def1(cname, cfb##cbits, cfb, CFB, kstruct, nid, 1, \
key_len, iv_len, flags, init_key, cleanup, set_asn1, \
get_asn1, ctrl)
-#define BLOCK_CIPHER_def_ofb(cname, kstruct, nid, block_size, key_len, \
+#define BLOCK_CIPHER_def_ofb(cname, kstruct, nid, key_len, \
iv_len, cbits, flags, init_key, cleanup, \
set_asn1, get_asn1, ctrl) \
-BLOCK_CIPHER_def1(cname, ofb##cbits, ofb, OFB, kstruct, nid, block_size, \
+BLOCK_CIPHER_def1(cname, ofb##cbits, ofb, OFB, kstruct, nid, 1, \
key_len, iv_len, flags, init_key, cleanup, set_asn1, \
get_asn1, ctrl)
@@ -149,9 +149,9 @@ BLOCK_CIPHER_def1(cname, ecb, ecb, ECB, kstruct, nid, block_size, key_len, \
init_key, cleanup, set_asn1, get_asn1, ctrl) \
BLOCK_CIPHER_def_cbc(cname, kstruct, nid, block_size, key_len, iv_len, flags, \
init_key, cleanup, set_asn1, get_asn1, ctrl) \
-BLOCK_CIPHER_def_cfb(cname, kstruct, nid, block_size, key_len, iv_len, cbits, \
+BLOCK_CIPHER_def_cfb(cname, kstruct, nid, key_len, iv_len, cbits, \
flags, init_key, cleanup, set_asn1, get_asn1, ctrl) \
-BLOCK_CIPHER_def_ofb(cname, kstruct, nid, block_size, key_len, iv_len, cbits, \
+BLOCK_CIPHER_def_ofb(cname, kstruct, nid, key_len, iv_len, cbits, \
flags, init_key, cleanup, set_asn1, get_asn1, ctrl) \
BLOCK_CIPHER_def_ecb(cname, kstruct, nid, block_size, key_len, iv_len, flags, \
init_key, cleanup, set_asn1, get_asn1, ctrl)
diff --git a/lib/libcrypto/krb5/Makefile.ssl b/lib/libcrypto/krb5/Makefile.ssl
index caf111be8d3..7ad0cbb0bcc 100644
--- a/lib/libcrypto/krb5/Makefile.ssl
+++ b/lib/libcrypto/krb5/Makefile.ssl
@@ -45,13 +45,13 @@ lib: $(LIBOBJ)
@touch lib
files:
- perl $(TOP)/util/files.pl Makefile.ssl >> $(TOP)/MINFO
+ $(PERL) $(TOP)/util/files.pl Makefile.ssl >> $(TOP)/MINFO
links:
- @sh $(TOP)/util/point.sh Makefile.ssl Makefile
- $(PERL) $(TOP)/util/mklink.pl ../../include/openssl $(EXHEADER)
- $(PERL) $(TOP)/util/mklink.pl ../../test $(TEST)
- $(PERL) $(TOP)/util/mklink.pl ../../apps $(APPS)
+ @sh $(TOP)/util/point.sh Makefile.ssl Makefile ;
+ @$(PERL) $(TOP)/util/mklink.pl ../../include/openssl $(EXHEADER)
+ @$(PERL) $(TOP)/util/mklink.pl ../../test $(TEST)
+ @$(PERL) $(TOP)/util/mklink.pl ../../apps $(APPS)
install:
@for i in $(EXHEADER) ; \
diff --git a/lib/libcrypto/mem.c b/lib/libcrypto/mem.c
index effec714e82..a7826908e61 100644
--- a/lib/libcrypto/mem.c
+++ b/lib/libcrypto/mem.c
@@ -303,6 +303,9 @@ void *CRYPTO_realloc(void *str, int num, const char *file, int line)
{
void *ret = NULL;
+ if (str == NULL)
+ return CRYPTO_malloc(num, file, line);
+
if (realloc_debug_func != NULL)
realloc_debug_func(str, NULL, num, file, line, 0);
ret = realloc_ex_func(str,num,file,line);
diff --git a/lib/libcrypto/objects/obj_dat.c b/lib/libcrypto/objects/obj_dat.c
index 02c3719f04e..ce779dc1b5b 100644
--- a/lib/libcrypto/objects/obj_dat.c
+++ b/lib/libcrypto/objects/obj_dat.c
@@ -425,7 +425,7 @@ ASN1_OBJECT *OBJ_txt2obj(const char *s, int no_name)
a2d_ASN1_OBJECT(p,i,s,-1);
p=buf;
- op=d2i_ASN1_OBJECT(NULL,&p,i);
+ op=d2i_ASN1_OBJECT(NULL,&p,j);
OPENSSL_free(buf);
return op;
}
diff --git a/lib/libcrypto/ocsp/Makefile.ssl b/lib/libcrypto/ocsp/Makefile.ssl
index 44eacbbb138..2be98179aea 100644
--- a/lib/libcrypto/ocsp/Makefile.ssl
+++ b/lib/libcrypto/ocsp/Makefile.ssl
@@ -47,13 +47,13 @@ lib: $(LIBOBJ)
@touch lib
files:
- perl $(TOP)/util/files.pl Makefile.ssl >> $(TOP)/MINFO
+ $(PERL) $(TOP)/util/files.pl Makefile.ssl >> $(TOP)/MINFO
links:
- @sh $(TOP)/util/point.sh Makefile.ssl Makefile
- $(PERL) $(TOP)/util/mklink.pl ../../include/openssl $(EXHEADER)
- $(PERL) $(TOP)/util/mklink.pl ../../test $(TEST)
- $(PERL) $(TOP)/util/mklink.pl ../../apps $(APPS)
+ @sh $(TOP)/util/point.sh Makefile.ssl Makefile ;
+ @$(PERL) $(TOP)/util/mklink.pl ../../include/openssl $(EXHEADER)
+ @$(PERL) $(TOP)/util/mklink.pl ../../test $(TEST)
+ @$(PERL) $(TOP)/util/mklink.pl ../../apps $(APPS)
install:
@for i in $(EXHEADER) ; \
diff --git a/lib/libcrypto/pem/pem_lib.c b/lib/libcrypto/pem/pem_lib.c
index 18b751a91a8..a8db6ffbf5c 100644
--- a/lib/libcrypto/pem/pem_lib.c
+++ b/lib/libcrypto/pem/pem_lib.c
@@ -366,8 +366,11 @@ err:
memset(iv,0,sizeof(iv));
memset((char *)&ctx,0,sizeof(ctx));
memset(buf,0,PEM_BUFSIZE);
- memset(data,0,(unsigned int)dsize);
- OPENSSL_free(data);
+ if (data != NULL)
+ {
+ memset(data,0,(unsigned int)dsize);
+ OPENSSL_free(data);
+ }
return(ret);
}
diff --git a/lib/libcrypto/pkcs12/p12_asn.c b/lib/libcrypto/pkcs12/p12_asn.c
index c327bdba039..a3739fee1a6 100644
--- a/lib/libcrypto/pkcs12/p12_asn.c
+++ b/lib/libcrypto/pkcs12/p12_asn.c
@@ -83,8 +83,8 @@ ASN1_ADB_TEMPLATE(bag_default) = ASN1_EXP(PKCS12_BAGS, value.other, ASN1_ANY, 0)
ASN1_ADB(PKCS12_BAGS) = {
ADB_ENTRY(NID_x509Certificate, ASN1_EXP(PKCS12_BAGS, value.x509cert, ASN1_OCTET_STRING, 0)),
- ADB_ENTRY(NID_x509Certificate, ASN1_EXP(PKCS12_BAGS, value.x509crl, ASN1_OCTET_STRING, 0)),
- ADB_ENTRY(NID_x509Certificate, ASN1_EXP(PKCS12_BAGS, value.sdsicert, ASN1_IA5STRING, 0)),
+ ADB_ENTRY(NID_x509Crl, ASN1_EXP(PKCS12_BAGS, value.x509crl, ASN1_OCTET_STRING, 0)),
+ ADB_ENTRY(NID_sdsiCertificate, ASN1_EXP(PKCS12_BAGS, value.sdsicert, ASN1_IA5STRING, 0)),
} ASN1_ADB_END(PKCS12_BAGS, 0, type, 0, &bag_default_tt, NULL);
ASN1_SEQUENCE(PKCS12_BAGS) = {
@@ -98,7 +98,7 @@ ASN1_ADB_TEMPLATE(safebag_default) = ASN1_EXP(PKCS12_SAFEBAG, value.other, ASN1_
ASN1_ADB(PKCS12_SAFEBAG) = {
ADB_ENTRY(NID_keyBag, ASN1_EXP(PKCS12_SAFEBAG, value.keybag, PKCS8_PRIV_KEY_INFO, 0)),
- ADB_ENTRY(NID_pkcs8ShroudedKeyBag, ASN1_EXP(PKCS12_SAFEBAG, value.keybag, X509_SIG, 0)),
+ ADB_ENTRY(NID_pkcs8ShroudedKeyBag, ASN1_EXP(PKCS12_SAFEBAG, value.shkeybag, X509_SIG, 0)),
ADB_ENTRY(NID_safeContentsBag, ASN1_EXP_SET_OF(PKCS12_SAFEBAG, value.safes, PKCS12_SAFEBAG, 0)),
ADB_ENTRY(NID_certBag, ASN1_EXP(PKCS12_SAFEBAG, value.bag, PKCS12_BAGS, 0)),
ADB_ENTRY(NID_crlBag, ASN1_EXP(PKCS12_SAFEBAG, value.bag, PKCS12_BAGS, 0)),
diff --git a/lib/libcrypto/pkcs7/pk7_lib.c b/lib/libcrypto/pkcs7/pk7_lib.c
index c00ed6833a5..985b07245cc 100644
--- a/lib/libcrypto/pkcs7/pk7_lib.c
+++ b/lib/libcrypto/pkcs7/pk7_lib.c
@@ -74,6 +74,13 @@ long PKCS7_ctrl(PKCS7 *p7, int cmd, long larg, char *parg)
if (nid == NID_pkcs7_signed)
{
ret=p7->detached=(int)larg;
+ if (ret && PKCS7_type_is_data(p7->d.sign->contents))
+ {
+ ASN1_OCTET_STRING *os;
+ os=p7->d.sign->contents->d.data;
+ ASN1_OCTET_STRING_free(os);
+ p7->d.sign->contents->d.data = NULL;
+ }
}
else
{
diff --git a/lib/libcrypto/ripemd/rmdtest.c b/lib/libcrypto/ripemd/rmdtest.c
index 19e9741db2a..be1fb8b1f6d 100644
--- a/lib/libcrypto/ripemd/rmdtest.c
+++ b/lib/libcrypto/ripemd/rmdtest.c
@@ -59,7 +59,6 @@
#include <stdio.h>
#include <string.h>
#include <stdlib.h>
-#include <openssl/ripemd.h>
#ifdef OPENSSL_NO_RIPEMD
int main(int argc, char *argv[])
@@ -68,6 +67,7 @@ int main(int argc, char *argv[])
return(0);
}
#else
+#include <openssl/ripemd.h>
#include <openssl/evp.h>
#ifdef CHARSET_EBCDIC
diff --git a/lib/libcrypto/util/libeay.num b/lib/libcrypto/util/libeay.num
index 512185e2573..7e5728495f6 100644
--- a/lib/libcrypto/util/libeay.num
+++ b/lib/libcrypto/util/libeay.num
@@ -2792,3 +2792,4 @@ ASN1_UNIVERSALSTRING_it 3234 EXIST:!EXPORT_VAR_AS_FUNCTION:VARIA
ASN1_UNIVERSALSTRING_it 3234 EXIST:EXPORT_VAR_AS_FUNCTION:FUNCTION:
d2i_ASN1_UNIVERSALSTRING 3235 EXIST::FUNCTION:
EVP_des_ede3_ecb 3236 EXIST::FUNCTION:DES
+X509_REQ_print_ex 3237 EXIST::FUNCTION:BIO
diff --git a/lib/libcrypto/x509/x509.h b/lib/libcrypto/x509/x509.h
index c75aa0c7174..7095440d369 100644
--- a/lib/libcrypto/x509/x509.h
+++ b/lib/libcrypto/x509/x509.h
@@ -331,6 +331,7 @@ DECLARE_STACK_OF(X509_TRUST)
#define X509_FLAG_NO_EXTENSIONS (1L << 8)
#define X509_FLAG_NO_SIGDUMP (1L << 9)
#define X509_FLAG_NO_AUX (1L << 10)
+#define X509_FLAG_NO_ATTRIBUTES (1L << 11)
/* Flags specific to X509_NAME_print_ex() */
@@ -1015,6 +1016,7 @@ int X509_print(BIO *bp,X509 *x);
int X509_ocspid_print(BIO *bp,X509 *x);
int X509_CERT_AUX_print(BIO *bp,X509_CERT_AUX *x, int indent);
int X509_CRL_print(BIO *bp,X509_CRL *x);
+int X509_REQ_print_ex(BIO *bp, X509_REQ *x, unsigned long nmflag, unsigned long cflag);
int X509_REQ_print(BIO *bp,X509_REQ *req);
#endif