summaryrefslogtreecommitdiff
path: root/lib/libcrypto
diff options
context:
space:
mode:
authorDamien Miller <djm@cvs.openbsd.org>2006-06-27 05:07:04 +0000
committerDamien Miller <djm@cvs.openbsd.org>2006-06-27 05:07:04 +0000
commit0fa0c9fb7d6f4ad7a423044f28b55eaaedc63f28 (patch)
tree98d6947cd8474ab98b57494ebef50e97659be043 /lib/libcrypto
parentecc645c71513728e7357c84aa8997b4dc2301936 (diff)
resolve conflicts
Diffstat (limited to 'lib/libcrypto')
-rw-r--r--lib/libcrypto/aes/aes_cbc.c2
-rw-r--r--lib/libcrypto/asn1/asn1.h2
-rw-r--r--lib/libcrypto/asn1/asn1_err.c324
-rw-r--r--lib/libcrypto/asn1/tasn_dec.c78
-rw-r--r--lib/libcrypto/asn1/tasn_enc.c9
-rw-r--r--lib/libcrypto/bf/bf_skey.c1
-rw-r--r--lib/libcrypto/bio/b_print.c8
-rw-r--r--lib/libcrypto/bio/bio_err.c130
-rw-r--r--lib/libcrypto/bio/bss_conn.c2
-rw-r--r--lib/libcrypto/bn/asm/sparcv8plus.S16
-rw-r--r--lib/libcrypto/bn/bn.h34
-rw-r--r--lib/libcrypto/bn/bn_asm.c2
-rw-r--r--lib/libcrypto/bn/bn_err.c92
-rw-r--r--lib/libcrypto/bn/bn_exp.c244
-rw-r--r--lib/libcrypto/bn/bn_lcl.h39
-rw-r--r--lib/libcrypto/bn/bn_mont.c20
-rw-r--r--lib/libcrypto/bn/bntest.c56
-rw-r--r--lib/libcrypto/bn/expspeed.c2
-rw-r--r--lib/libcrypto/bn/exptest.c18
-rw-r--r--lib/libcrypto/buffer/buf_err.c16
-rw-r--r--lib/libcrypto/cast/c_skey.c1
-rw-r--r--lib/libcrypto/cast/cast_lcl.h21
-rw-r--r--lib/libcrypto/comp/c_zlib.c88
-rw-r--r--lib/libcrypto/conf/conf_def.c13
-rw-r--r--lib/libcrypto/conf/conf_err.c78
-rw-r--r--lib/libcrypto/cpt_err.c30
-rw-r--r--lib/libcrypto/cryptlib.c218
-rw-r--r--lib/libcrypto/cryptlib.h4
-rw-r--r--lib/libcrypto/crypto-lib.com23
-rw-r--r--lib/libcrypto/crypto.h5
-rw-r--r--lib/libcrypto/des/des_locl.h2
-rw-r--r--lib/libcrypto/dh/dh.h9
-rw-r--r--lib/libcrypto/dh/dh_err.c28
-rw-r--r--lib/libcrypto/dh/dh_key.c65
-rw-r--r--lib/libcrypto/dh/dhtest.c4
-rw-r--r--lib/libcrypto/doc/EVP_EncryptInit.pod6
-rw-r--r--lib/libcrypto/dsa/dsa.h14
-rw-r--r--lib/libcrypto/dsa/dsa_err.c42
-rw-r--r--lib/libcrypto/dsa/dsa_key.c16
-rw-r--r--lib/libcrypto/dsa/dsa_ossl.c55
-rw-r--r--lib/libcrypto/dsa/dsa_sign.c6
-rw-r--r--lib/libcrypto/dsa/dsa_vrf.c3
-rw-r--r--lib/libcrypto/dsa/dsatest.c9
-rw-r--r--lib/libcrypto/dso/dso_dl.c35
-rw-r--r--lib/libcrypto/dso/dso_dlfcn.c36
-rw-r--r--lib/libcrypto/dso/dso_err.c96
-rw-r--r--lib/libcrypto/dso/dso_win32.c21
-rw-r--r--lib/libcrypto/ec/ec_err.c124
-rw-r--r--lib/libcrypto/engine/eng_cnf.c2
-rw-r--r--lib/libcrypto/engine/eng_err.c158
-rw-r--r--lib/libcrypto/engine/hw_aep.c1
-rw-r--r--lib/libcrypto/engine/hw_atalla.c1
-rw-r--r--lib/libcrypto/engine/hw_cswift.c204
-rw-r--r--lib/libcrypto/engine/hw_ubsec.c1
-rw-r--r--lib/libcrypto/engine/tb_dsa.c2
-rw-r--r--lib/libcrypto/err/err.c6
-rw-r--r--lib/libcrypto/err/openssl.ec2
-rw-r--r--lib/libcrypto/evp/bio_enc.c2
-rw-r--r--lib/libcrypto/evp/c_alld.c10
-rw-r--r--lib/libcrypto/evp/e_aes.c6
-rw-r--r--lib/libcrypto/evp/encode.c2
-rw-r--r--lib/libcrypto/evp/evp.h12
-rw-r--r--lib/libcrypto/evp/evp_err.c158
-rw-r--r--lib/libcrypto/evp/evp_key.c3
-rw-r--r--lib/libcrypto/evp/m_dss1.c9
-rw-r--r--lib/libcrypto/evp/m_sha.c3
-rw-r--r--lib/libcrypto/evp/m_sha1.c119
-rw-r--r--lib/libcrypto/evp/p5_crpt2.c11
-rw-r--r--lib/libcrypto/hmac/hmac.c12
-rw-r--r--lib/libcrypto/hmac/hmac.h4
-rw-r--r--lib/libcrypto/md2/md2_one.c3
-rw-r--r--lib/libcrypto/md4/md4_one.c3
-rw-r--r--lib/libcrypto/md5/md5_one.c3
-rw-r--r--lib/libcrypto/mdc2/Makefile2
-rw-r--r--lib/libcrypto/objects/obj_err.c28
-rw-r--r--lib/libcrypto/objects/obj_mac.num16
-rw-r--r--lib/libcrypto/objects/objects.txt20
-rw-r--r--lib/libcrypto/ocsp/ocsp_err.c104
-rw-r--r--lib/libcrypto/opensslv.h6
-rw-r--r--lib/libcrypto/pem/pem_err.c88
-rw-r--r--lib/libcrypto/perlasm/x86asm.pl2
-rw-r--r--lib/libcrypto/perlasm/x86nasm.pl10
-rw-r--r--lib/libcrypto/pkcs12/p12_add.c11
-rw-r--r--lib/libcrypto/pkcs12/p12_crt.c10
-rw-r--r--lib/libcrypto/pkcs12/p12_mutl.c6
-rw-r--r--lib/libcrypto/pkcs12/pk12err.c107
-rw-r--r--lib/libcrypto/pkcs12/pkcs12.h3
-rw-r--r--lib/libcrypto/pkcs7/pk7_mime.c24
-rw-r--r--lib/libcrypto/pkcs7/pk7_smime.c6
-rw-r--r--lib/libcrypto/pkcs7/pkcs7err.c146
-rw-r--r--lib/libcrypto/rand/rand_err.c28
-rw-r--r--lib/libcrypto/rand/rand_lib.c26
-rw-r--r--lib/libcrypto/rand/randfile.c2
-rw-r--r--lib/libcrypto/rc2/rc2_skey.c1
-rw-r--r--lib/libcrypto/rc2/rc2speed.c6
-rw-r--r--lib/libcrypto/rc4/rc4.h4
-rw-r--r--lib/libcrypto/rc4/rc4_enc.c4
-rw-r--r--lib/libcrypto/rc4/rc4_skey.c5
-rw-r--r--lib/libcrypto/ripemd/rmd_one.c3
-rw-r--r--lib/libcrypto/rsa/rsa.h67
-rw-r--r--lib/libcrypto/rsa/rsa_eay.c247
-rw-r--r--lib/libcrypto/rsa/rsa_err.c135
-rw-r--r--lib/libcrypto/rsa/rsa_gen.c3
-rw-r--r--lib/libcrypto/rsa/rsa_oaep.c32
-rw-r--r--lib/libcrypto/rsa/rsa_test.c5
-rw-r--r--lib/libcrypto/sha/sha1_one.c5
-rw-r--r--lib/libcrypto/sha/sha_one.c3
-rw-r--r--lib/libcrypto/stack/safestack.h53
-rw-r--r--lib/libcrypto/ui/ui_err.c48
-rw-r--r--lib/libcrypto/util/libeay.num42
-rw-r--r--lib/libcrypto/util/mk1mf.pl337
-rw-r--r--lib/libcrypto/util/mkdef.pl11
-rw-r--r--lib/libcrypto/util/mkerr.pl37
-rw-r--r--lib/libcrypto/util/mkfiles.pl17
-rw-r--r--lib/libcrypto/util/mklink.pl7
-rw-r--r--lib/libcrypto/util/pl/BC-32.pl14
-rw-r--r--lib/libcrypto/util/pl/OS2-EMX.pl1
-rw-r--r--lib/libcrypto/util/pl/VC-32.pl99
-rw-r--r--lib/libcrypto/util/pod2man.pl1
-rw-r--r--lib/libcrypto/util/selftest.pl26
-rw-r--r--lib/libcrypto/x509/by_dir.c15
-rw-r--r--lib/libcrypto/x509/x509_err.c138
-rw-r--r--lib/libcrypto/x509/x509_vfy.c2
-rw-r--r--lib/libcrypto/x509v3/v3_cpols.c9
-rw-r--r--lib/libcrypto/x509v3/v3err.c210
125 files changed, 3398 insertions, 1718 deletions
diff --git a/lib/libcrypto/aes/aes_cbc.c b/lib/libcrypto/aes/aes_cbc.c
index d2ba6bcdb46..373864cd4bd 100644
--- a/lib/libcrypto/aes/aes_cbc.c
+++ b/lib/libcrypto/aes/aes_cbc.c
@@ -59,6 +59,7 @@
#include <openssl/aes.h>
#include "aes_locl.h"
+#if !defined(OPENSSL_FIPS_AES_ASM)
void AES_cbc_encrypt(const unsigned char *in, unsigned char *out,
const unsigned long length, const AES_KEY *key,
unsigned char *ivec, const int enc) {
@@ -129,3 +130,4 @@ void AES_cbc_encrypt(const unsigned char *in, unsigned char *out,
}
}
}
+#endif
diff --git a/lib/libcrypto/asn1/asn1.h b/lib/libcrypto/asn1/asn1.h
index ceaeb4cbe39..0184b475a72 100644
--- a/lib/libcrypto/asn1/asn1.h
+++ b/lib/libcrypto/asn1/asn1.h
@@ -962,6 +962,7 @@ void ERR_load_ASN1_strings(void);
#define ASN1_F_ASN1_DUP 111
#define ASN1_F_ASN1_ENUMERATED_SET 112
#define ASN1_F_ASN1_ENUMERATED_TO_BN 113
+#define ASN1_F_ASN1_FIND_END 182
#define ASN1_F_ASN1_GENERALIZEDTIME_SET 178
#define ASN1_F_ASN1_GET_OBJECT 114
#define ASN1_F_ASN1_HEADER_NEW 115
@@ -1075,6 +1076,7 @@ void ERR_load_ASN1_strings(void);
#define ASN1_R_MISSING_SECOND_NUMBER 138
#define ASN1_R_MSTRING_NOT_UNIVERSAL 139
#define ASN1_R_MSTRING_WRONG_TAG 140
+#define ASN1_R_NESTED_ASN1_STRING 174
#define ASN1_R_NON_HEX_CHARACTERS 141
#define ASN1_R_NOT_ENOUGH_DATA 142
#define ASN1_R_NO_MATCHING_CHOICE_TYPE 143
diff --git a/lib/libcrypto/asn1/asn1_err.c b/lib/libcrypto/asn1/asn1_err.c
index 3b57c8fbae9..315d0a08079 100644
--- a/lib/libcrypto/asn1/asn1_err.c
+++ b/lib/libcrypto/asn1/asn1_err.c
@@ -1,6 +1,6 @@
/* crypto/asn1/asn1_err.c */
/* ====================================================================
- * Copyright (c) 1999-2004 The OpenSSL Project. All rights reserved.
+ * Copyright (c) 1999-2005 The OpenSSL Project. All rights reserved.
*
* Redistribution and use in source and binary forms, with or without
* modification, are permitted provided that the following conditions
@@ -64,169 +64,175 @@
/* BEGIN ERROR CODES */
#ifndef OPENSSL_NO_ERR
+
+#define ERR_FUNC(func) ERR_PACK(ERR_LIB_ASN1,func,0)
+#define ERR_REASON(reason) ERR_PACK(ERR_LIB_ASN1,0,reason)
+
static ERR_STRING_DATA ASN1_str_functs[]=
{
-{ERR_PACK(0,ASN1_F_A2D_ASN1_OBJECT,0), "a2d_ASN1_OBJECT"},
-{ERR_PACK(0,ASN1_F_A2I_ASN1_ENUMERATED,0), "a2i_ASN1_ENUMERATED"},
-{ERR_PACK(0,ASN1_F_A2I_ASN1_INTEGER,0), "a2i_ASN1_INTEGER"},
-{ERR_PACK(0,ASN1_F_A2I_ASN1_STRING,0), "a2i_ASN1_STRING"},
-{ERR_PACK(0,ASN1_F_ASN1_BIT_STRING_SET_BIT,0), "ASN1_BIT_STRING_set_bit"},
-{ERR_PACK(0,ASN1_F_ASN1_CHECK_TLEN,0), "ASN1_CHECK_TLEN"},
-{ERR_PACK(0,ASN1_F_ASN1_COLLATE_PRIMITIVE,0), "ASN1_COLLATE_PRIMITIVE"},
-{ERR_PACK(0,ASN1_F_ASN1_COLLECT,0), "ASN1_COLLECT"},
-{ERR_PACK(0,ASN1_F_ASN1_D2I_BIO,0), "ASN1_d2i_bio"},
-{ERR_PACK(0,ASN1_F_ASN1_D2I_EX_PRIMITIVE,0), "ASN1_D2I_EX_PRIMITIVE"},
-{ERR_PACK(0,ASN1_F_ASN1_D2I_FP,0), "ASN1_d2i_fp"},
-{ERR_PACK(0,ASN1_F_ASN1_DIGEST,0), "ASN1_digest"},
-{ERR_PACK(0,ASN1_F_ASN1_DO_ADB,0), "ASN1_DO_ADB"},
-{ERR_PACK(0,ASN1_F_ASN1_DUP,0), "ASN1_dup"},
-{ERR_PACK(0,ASN1_F_ASN1_ENUMERATED_SET,0), "ASN1_ENUMERATED_set"},
-{ERR_PACK(0,ASN1_F_ASN1_ENUMERATED_TO_BN,0), "ASN1_ENUMERATED_to_BN"},
-{ERR_PACK(0,ASN1_F_ASN1_GENERALIZEDTIME_SET,0), "ASN1_GENERALIZEDTIME_set"},
-{ERR_PACK(0,ASN1_F_ASN1_GET_OBJECT,0), "ASN1_get_object"},
-{ERR_PACK(0,ASN1_F_ASN1_HEADER_NEW,0), "ASN1_HEADER_new"},
-{ERR_PACK(0,ASN1_F_ASN1_I2D_BIO,0), "ASN1_i2d_bio"},
-{ERR_PACK(0,ASN1_F_ASN1_I2D_FP,0), "ASN1_i2d_fp"},
-{ERR_PACK(0,ASN1_F_ASN1_INTEGER_SET,0), "ASN1_INTEGER_set"},
-{ERR_PACK(0,ASN1_F_ASN1_INTEGER_TO_BN,0), "ASN1_INTEGER_to_BN"},
-{ERR_PACK(0,ASN1_F_ASN1_ITEM_EX_D2I,0), "ASN1_ITEM_EX_D2I"},
-{ERR_PACK(0,ASN1_F_ASN1_ITEM_NEW,0), "ASN1_item_new"},
-{ERR_PACK(0,ASN1_F_ASN1_MBSTRING_COPY,0), "ASN1_mbstring_copy"},
-{ERR_PACK(0,ASN1_F_ASN1_OBJECT_NEW,0), "ASN1_OBJECT_new"},
-{ERR_PACK(0,ASN1_F_ASN1_PACK_STRING,0), "ASN1_pack_string"},
-{ERR_PACK(0,ASN1_F_ASN1_PBE_SET,0), "ASN1_PBE_SET"},
-{ERR_PACK(0,ASN1_F_ASN1_SEQ_PACK,0), "ASN1_seq_pack"},
-{ERR_PACK(0,ASN1_F_ASN1_SEQ_UNPACK,0), "ASN1_seq_unpack"},
-{ERR_PACK(0,ASN1_F_ASN1_SIGN,0), "ASN1_sign"},
-{ERR_PACK(0,ASN1_F_ASN1_STRING_SET,0), "ASN1_STRING_set"},
-{ERR_PACK(0,ASN1_F_ASN1_STRING_TABLE_ADD,0), "ASN1_STRING_TABLE_add"},
-{ERR_PACK(0,ASN1_F_ASN1_STRING_TYPE_NEW,0), "ASN1_STRING_type_new"},
-{ERR_PACK(0,ASN1_F_ASN1_TEMPLATE_D2I,0), "ASN1_TEMPLATE_D2I"},
-{ERR_PACK(0,ASN1_F_ASN1_TEMPLATE_EX_D2I,0), "ASN1_TEMPLATE_EX_D2I"},
-{ERR_PACK(0,ASN1_F_ASN1_TEMPLATE_NEW,0), "ASN1_TEMPLATE_NEW"},
-{ERR_PACK(0,ASN1_F_ASN1_TIME_SET,0), "ASN1_TIME_set"},
-{ERR_PACK(0,ASN1_F_ASN1_TYPE_GET_INT_OCTETSTRING,0), "ASN1_TYPE_get_int_octetstring"},
-{ERR_PACK(0,ASN1_F_ASN1_TYPE_GET_OCTETSTRING,0), "ASN1_TYPE_get_octetstring"},
-{ERR_PACK(0,ASN1_F_ASN1_UNPACK_STRING,0), "ASN1_unpack_string"},
-{ERR_PACK(0,ASN1_F_ASN1_UTCTIME_SET,0), "ASN1_UTCTIME_set"},
-{ERR_PACK(0,ASN1_F_ASN1_VERIFY,0), "ASN1_verify"},
-{ERR_PACK(0,ASN1_F_BN_TO_ASN1_ENUMERATED,0), "BN_to_ASN1_ENUMERATED"},
-{ERR_PACK(0,ASN1_F_BN_TO_ASN1_INTEGER,0), "BN_to_ASN1_INTEGER"},
-{ERR_PACK(0,ASN1_F_COLLECT_DATA,0), "COLLECT_DATA"},
-{ERR_PACK(0,ASN1_F_D2I_ASN1_BIT_STRING,0), "D2I_ASN1_BIT_STRING"},
-{ERR_PACK(0,ASN1_F_D2I_ASN1_BOOLEAN,0), "d2i_ASN1_BOOLEAN"},
-{ERR_PACK(0,ASN1_F_D2I_ASN1_BYTES,0), "d2i_ASN1_bytes"},
-{ERR_PACK(0,ASN1_F_D2I_ASN1_GENERALIZEDTIME,0), "D2I_ASN1_GENERALIZEDTIME"},
-{ERR_PACK(0,ASN1_F_D2I_ASN1_HEADER,0), "d2i_ASN1_HEADER"},
-{ERR_PACK(0,ASN1_F_D2I_ASN1_INTEGER,0), "D2I_ASN1_INTEGER"},
-{ERR_PACK(0,ASN1_F_D2I_ASN1_OBJECT,0), "d2i_ASN1_OBJECT"},
-{ERR_PACK(0,ASN1_F_D2I_ASN1_SET,0), "d2i_ASN1_SET"},
-{ERR_PACK(0,ASN1_F_D2I_ASN1_TYPE_BYTES,0), "d2i_ASN1_type_bytes"},
-{ERR_PACK(0,ASN1_F_D2I_ASN1_UINTEGER,0), "d2i_ASN1_UINTEGER"},
-{ERR_PACK(0,ASN1_F_D2I_ASN1_UTCTIME,0), "D2I_ASN1_UTCTIME"},
-{ERR_PACK(0,ASN1_F_D2I_NETSCAPE_RSA,0), "d2i_Netscape_RSA"},
-{ERR_PACK(0,ASN1_F_D2I_NETSCAPE_RSA_2,0), "D2I_NETSCAPE_RSA_2"},
-{ERR_PACK(0,ASN1_F_D2I_PRIVATEKEY,0), "d2i_PrivateKey"},
-{ERR_PACK(0,ASN1_F_D2I_PUBLICKEY,0), "d2i_PublicKey"},
-{ERR_PACK(0,ASN1_F_D2I_X509,0), "D2I_X509"},
-{ERR_PACK(0,ASN1_F_D2I_X509_CINF,0), "D2I_X509_CINF"},
-{ERR_PACK(0,ASN1_F_D2I_X509_NAME,0), "D2I_X509_NAME"},
-{ERR_PACK(0,ASN1_F_D2I_X509_PKEY,0), "d2i_X509_PKEY"},
-{ERR_PACK(0,ASN1_F_I2D_ASN1_SET,0), "i2d_ASN1_SET"},
-{ERR_PACK(0,ASN1_F_I2D_ASN1_TIME,0), "I2D_ASN1_TIME"},
-{ERR_PACK(0,ASN1_F_I2D_DSA_PUBKEY,0), "i2d_DSA_PUBKEY"},
-{ERR_PACK(0,ASN1_F_I2D_NETSCAPE_RSA,0), "i2d_Netscape_RSA"},
-{ERR_PACK(0,ASN1_F_I2D_PRIVATEKEY,0), "i2d_PrivateKey"},
-{ERR_PACK(0,ASN1_F_I2D_PUBLICKEY,0), "i2d_PublicKey"},
-{ERR_PACK(0,ASN1_F_I2D_RSA_PUBKEY,0), "i2d_RSA_PUBKEY"},
-{ERR_PACK(0,ASN1_F_LONG_C2I,0), "LONG_C2I"},
-{ERR_PACK(0,ASN1_F_OID_MODULE_INIT,0), "OID_MODULE_INIT"},
-{ERR_PACK(0,ASN1_F_PKCS5_PBE2_SET,0), "PKCS5_pbe2_set"},
-{ERR_PACK(0,ASN1_F_X509_CINF_NEW,0), "X509_CINF_NEW"},
-{ERR_PACK(0,ASN1_F_X509_CRL_ADD0_REVOKED,0), "X509_CRL_add0_revoked"},
-{ERR_PACK(0,ASN1_F_X509_INFO_NEW,0), "X509_INFO_new"},
-{ERR_PACK(0,ASN1_F_X509_NAME_NEW,0), "X509_NAME_NEW"},
-{ERR_PACK(0,ASN1_F_X509_NEW,0), "X509_NEW"},
-{ERR_PACK(0,ASN1_F_X509_PKEY_NEW,0), "X509_PKEY_new"},
+{ERR_FUNC(ASN1_F_A2D_ASN1_OBJECT), "a2d_ASN1_OBJECT"},
+{ERR_FUNC(ASN1_F_A2I_ASN1_ENUMERATED), "a2i_ASN1_ENUMERATED"},
+{ERR_FUNC(ASN1_F_A2I_ASN1_INTEGER), "a2i_ASN1_INTEGER"},
+{ERR_FUNC(ASN1_F_A2I_ASN1_STRING), "a2i_ASN1_STRING"},
+{ERR_FUNC(ASN1_F_ASN1_BIT_STRING_SET_BIT), "ASN1_BIT_STRING_set_bit"},
+{ERR_FUNC(ASN1_F_ASN1_CHECK_TLEN), "ASN1_CHECK_TLEN"},
+{ERR_FUNC(ASN1_F_ASN1_COLLATE_PRIMITIVE), "ASN1_COLLATE_PRIMITIVE"},
+{ERR_FUNC(ASN1_F_ASN1_COLLECT), "ASN1_COLLECT"},
+{ERR_FUNC(ASN1_F_ASN1_D2I_BIO), "ASN1_d2i_bio"},
+{ERR_FUNC(ASN1_F_ASN1_D2I_EX_PRIMITIVE), "ASN1_D2I_EX_PRIMITIVE"},
+{ERR_FUNC(ASN1_F_ASN1_D2I_FP), "ASN1_d2i_fp"},
+{ERR_FUNC(ASN1_F_ASN1_DIGEST), "ASN1_digest"},
+{ERR_FUNC(ASN1_F_ASN1_DO_ADB), "ASN1_DO_ADB"},
+{ERR_FUNC(ASN1_F_ASN1_DUP), "ASN1_dup"},
+{ERR_FUNC(ASN1_F_ASN1_ENUMERATED_SET), "ASN1_ENUMERATED_set"},
+{ERR_FUNC(ASN1_F_ASN1_ENUMERATED_TO_BN), "ASN1_ENUMERATED_to_BN"},
+{ERR_FUNC(ASN1_F_ASN1_FIND_END), "ASN1_FIND_END"},
+{ERR_FUNC(ASN1_F_ASN1_GENERALIZEDTIME_SET), "ASN1_GENERALIZEDTIME_set"},
+{ERR_FUNC(ASN1_F_ASN1_GET_OBJECT), "ASN1_get_object"},
+{ERR_FUNC(ASN1_F_ASN1_HEADER_NEW), "ASN1_HEADER_new"},
+{ERR_FUNC(ASN1_F_ASN1_I2D_BIO), "ASN1_i2d_bio"},
+{ERR_FUNC(ASN1_F_ASN1_I2D_FP), "ASN1_i2d_fp"},
+{ERR_FUNC(ASN1_F_ASN1_INTEGER_SET), "ASN1_INTEGER_set"},
+{ERR_FUNC(ASN1_F_ASN1_INTEGER_TO_BN), "ASN1_INTEGER_to_BN"},
+{ERR_FUNC(ASN1_F_ASN1_ITEM_EX_D2I), "ASN1_ITEM_EX_D2I"},
+{ERR_FUNC(ASN1_F_ASN1_ITEM_NEW), "ASN1_item_new"},
+{ERR_FUNC(ASN1_F_ASN1_MBSTRING_COPY), "ASN1_mbstring_copy"},
+{ERR_FUNC(ASN1_F_ASN1_OBJECT_NEW), "ASN1_OBJECT_new"},
+{ERR_FUNC(ASN1_F_ASN1_PACK_STRING), "ASN1_pack_string"},
+{ERR_FUNC(ASN1_F_ASN1_PBE_SET), "ASN1_PBE_SET"},
+{ERR_FUNC(ASN1_F_ASN1_SEQ_PACK), "ASN1_seq_pack"},
+{ERR_FUNC(ASN1_F_ASN1_SEQ_UNPACK), "ASN1_seq_unpack"},
+{ERR_FUNC(ASN1_F_ASN1_SIGN), "ASN1_sign"},
+{ERR_FUNC(ASN1_F_ASN1_STRING_SET), "ASN1_STRING_set"},
+{ERR_FUNC(ASN1_F_ASN1_STRING_TABLE_ADD), "ASN1_STRING_TABLE_add"},
+{ERR_FUNC(ASN1_F_ASN1_STRING_TYPE_NEW), "ASN1_STRING_type_new"},
+{ERR_FUNC(ASN1_F_ASN1_TEMPLATE_D2I), "ASN1_TEMPLATE_D2I"},
+{ERR_FUNC(ASN1_F_ASN1_TEMPLATE_EX_D2I), "ASN1_TEMPLATE_EX_D2I"},
+{ERR_FUNC(ASN1_F_ASN1_TEMPLATE_NEW), "ASN1_TEMPLATE_NEW"},
+{ERR_FUNC(ASN1_F_ASN1_TIME_SET), "ASN1_TIME_set"},
+{ERR_FUNC(ASN1_F_ASN1_TYPE_GET_INT_OCTETSTRING), "ASN1_TYPE_get_int_octetstring"},
+{ERR_FUNC(ASN1_F_ASN1_TYPE_GET_OCTETSTRING), "ASN1_TYPE_get_octetstring"},
+{ERR_FUNC(ASN1_F_ASN1_UNPACK_STRING), "ASN1_unpack_string"},
+{ERR_FUNC(ASN1_F_ASN1_UTCTIME_SET), "ASN1_UTCTIME_set"},
+{ERR_FUNC(ASN1_F_ASN1_VERIFY), "ASN1_verify"},
+{ERR_FUNC(ASN1_F_BN_TO_ASN1_ENUMERATED), "BN_to_ASN1_ENUMERATED"},
+{ERR_FUNC(ASN1_F_BN_TO_ASN1_INTEGER), "BN_to_ASN1_INTEGER"},
+{ERR_FUNC(ASN1_F_COLLECT_DATA), "COLLECT_DATA"},
+{ERR_FUNC(ASN1_F_D2I_ASN1_BIT_STRING), "D2I_ASN1_BIT_STRING"},
+{ERR_FUNC(ASN1_F_D2I_ASN1_BOOLEAN), "d2i_ASN1_BOOLEAN"},
+{ERR_FUNC(ASN1_F_D2I_ASN1_BYTES), "d2i_ASN1_bytes"},
+{ERR_FUNC(ASN1_F_D2I_ASN1_GENERALIZEDTIME), "D2I_ASN1_GENERALIZEDTIME"},
+{ERR_FUNC(ASN1_F_D2I_ASN1_HEADER), "d2i_ASN1_HEADER"},
+{ERR_FUNC(ASN1_F_D2I_ASN1_INTEGER), "D2I_ASN1_INTEGER"},
+{ERR_FUNC(ASN1_F_D2I_ASN1_OBJECT), "d2i_ASN1_OBJECT"},
+{ERR_FUNC(ASN1_F_D2I_ASN1_SET), "d2i_ASN1_SET"},
+{ERR_FUNC(ASN1_F_D2I_ASN1_TYPE_BYTES), "d2i_ASN1_type_bytes"},
+{ERR_FUNC(ASN1_F_D2I_ASN1_UINTEGER), "d2i_ASN1_UINTEGER"},
+{ERR_FUNC(ASN1_F_D2I_ASN1_UTCTIME), "D2I_ASN1_UTCTIME"},
+{ERR_FUNC(ASN1_F_D2I_NETSCAPE_RSA), "d2i_Netscape_RSA"},
+{ERR_FUNC(ASN1_F_D2I_NETSCAPE_RSA_2), "D2I_NETSCAPE_RSA_2"},
+{ERR_FUNC(ASN1_F_D2I_PRIVATEKEY), "d2i_PrivateKey"},
+{ERR_FUNC(ASN1_F_D2I_PUBLICKEY), "d2i_PublicKey"},
+{ERR_FUNC(ASN1_F_D2I_X509), "D2I_X509"},
+{ERR_FUNC(ASN1_F_D2I_X509_CINF), "D2I_X509_CINF"},
+{ERR_FUNC(ASN1_F_D2I_X509_NAME), "D2I_X509_NAME"},
+{ERR_FUNC(ASN1_F_D2I_X509_PKEY), "d2i_X509_PKEY"},
+{ERR_FUNC(ASN1_F_I2D_ASN1_SET), "i2d_ASN1_SET"},
+{ERR_FUNC(ASN1_F_I2D_ASN1_TIME), "I2D_ASN1_TIME"},
+{ERR_FUNC(ASN1_F_I2D_DSA_PUBKEY), "i2d_DSA_PUBKEY"},
+{ERR_FUNC(ASN1_F_I2D_NETSCAPE_RSA), "i2d_Netscape_RSA"},
+{ERR_FUNC(ASN1_F_I2D_PRIVATEKEY), "i2d_PrivateKey"},
+{ERR_FUNC(ASN1_F_I2D_PUBLICKEY), "i2d_PublicKey"},
+{ERR_FUNC(ASN1_F_I2D_RSA_PUBKEY), "i2d_RSA_PUBKEY"},
+{ERR_FUNC(ASN1_F_LONG_C2I), "LONG_C2I"},
+{ERR_FUNC(ASN1_F_OID_MODULE_INIT), "OID_MODULE_INIT"},
+{ERR_FUNC(ASN1_F_PKCS5_PBE2_SET), "PKCS5_pbe2_set"},
+{ERR_FUNC(ASN1_F_X509_CINF_NEW), "X509_CINF_NEW"},
+{ERR_FUNC(ASN1_F_X509_CRL_ADD0_REVOKED), "X509_CRL_add0_revoked"},
+{ERR_FUNC(ASN1_F_X509_INFO_NEW), "X509_INFO_new"},
+{ERR_FUNC(ASN1_F_X509_NAME_NEW), "X509_NAME_NEW"},
+{ERR_FUNC(ASN1_F_X509_NEW), "X509_NEW"},
+{ERR_FUNC(ASN1_F_X509_PKEY_NEW), "X509_PKEY_new"},
{0,NULL}
};
static ERR_STRING_DATA ASN1_str_reasons[]=
{
-{ASN1_R_ADDING_OBJECT ,"adding object"},
-{ASN1_R_AUX_ERROR ,"aux error"},
-{ASN1_R_BAD_CLASS ,"bad class"},
-{ASN1_R_BAD_OBJECT_HEADER ,"bad object header"},
-{ASN1_R_BAD_PASSWORD_READ ,"bad password read"},
-{ASN1_R_BAD_TAG ,"bad tag"},
-{ASN1_R_BN_LIB ,"bn lib"},
-{ASN1_R_BOOLEAN_IS_WRONG_LENGTH ,"boolean is wrong length"},
-{ASN1_R_BUFFER_TOO_SMALL ,"buffer too small"},
-{ASN1_R_CIPHER_HAS_NO_OBJECT_IDENTIFIER ,"cipher has no object identifier"},
-{ASN1_R_DATA_IS_WRONG ,"data is wrong"},
-{ASN1_R_DECODE_ERROR ,"decode error"},
-{ASN1_R_DECODING_ERROR ,"decoding error"},
-{ASN1_R_ENCODE_ERROR ,"encode error"},
-{ASN1_R_ERROR_GETTING_TIME ,"error getting time"},
-{ASN1_R_ERROR_LOADING_SECTION ,"error loading section"},
-{ASN1_R_ERROR_PARSING_SET_ELEMENT ,"error parsing set element"},
-{ASN1_R_ERROR_SETTING_CIPHER_PARAMS ,"error setting cipher params"},
-{ASN1_R_EXPECTING_AN_INTEGER ,"expecting an integer"},
-{ASN1_R_EXPECTING_AN_OBJECT ,"expecting an object"},
-{ASN1_R_EXPECTING_A_BOOLEAN ,"expecting a boolean"},
-{ASN1_R_EXPECTING_A_TIME ,"expecting a time"},
-{ASN1_R_EXPLICIT_LENGTH_MISMATCH ,"explicit length mismatch"},
-{ASN1_R_EXPLICIT_TAG_NOT_CONSTRUCTED ,"explicit tag not constructed"},
-{ASN1_R_FIELD_MISSING ,"field missing"},
-{ASN1_R_FIRST_NUM_TOO_LARGE ,"first num too large"},
-{ASN1_R_HEADER_TOO_LONG ,"header too long"},
-{ASN1_R_ILLEGAL_CHARACTERS ,"illegal characters"},
-{ASN1_R_ILLEGAL_NULL ,"illegal null"},
-{ASN1_R_ILLEGAL_OPTIONAL_ANY ,"illegal optional any"},
-{ASN1_R_ILLEGAL_OPTIONS_ON_ITEM_TEMPLATE ,"illegal options on item template"},
-{ASN1_R_ILLEGAL_TAGGED_ANY ,"illegal tagged any"},
-{ASN1_R_INTEGER_TOO_LARGE_FOR_LONG ,"integer too large for long"},
-{ASN1_R_INVALID_BMPSTRING_LENGTH ,"invalid bmpstring length"},
-{ASN1_R_INVALID_DIGIT ,"invalid digit"},
-{ASN1_R_INVALID_SEPARATOR ,"invalid separator"},
-{ASN1_R_INVALID_TIME_FORMAT ,"invalid time format"},
-{ASN1_R_INVALID_UNIVERSALSTRING_LENGTH ,"invalid universalstring length"},
-{ASN1_R_INVALID_UTF8STRING ,"invalid utf8string"},
-{ASN1_R_IV_TOO_LARGE ,"iv too large"},
-{ASN1_R_LENGTH_ERROR ,"length error"},
-{ASN1_R_MISSING_EOC ,"missing eoc"},
-{ASN1_R_MISSING_SECOND_NUMBER ,"missing second number"},
-{ASN1_R_MSTRING_NOT_UNIVERSAL ,"mstring not universal"},
-{ASN1_R_MSTRING_WRONG_TAG ,"mstring wrong tag"},
-{ASN1_R_NON_HEX_CHARACTERS ,"non hex characters"},
-{ASN1_R_NOT_ENOUGH_DATA ,"not enough data"},
-{ASN1_R_NO_MATCHING_CHOICE_TYPE ,"no matching choice type"},
-{ASN1_R_NULL_IS_WRONG_LENGTH ,"null is wrong length"},
-{ASN1_R_ODD_NUMBER_OF_CHARS ,"odd number of chars"},
-{ASN1_R_PRIVATE_KEY_HEADER_MISSING ,"private key header missing"},
-{ASN1_R_SECOND_NUMBER_TOO_LARGE ,"second number too large"},
-{ASN1_R_SEQUENCE_LENGTH_MISMATCH ,"sequence length mismatch"},
-{ASN1_R_SEQUENCE_NOT_CONSTRUCTED ,"sequence not constructed"},
-{ASN1_R_SHORT_LINE ,"short line"},
-{ASN1_R_STRING_TOO_LONG ,"string too long"},
-{ASN1_R_STRING_TOO_SHORT ,"string too short"},
-{ASN1_R_TAG_VALUE_TOO_HIGH ,"tag value too high"},
-{ASN1_R_THE_ASN1_OBJECT_IDENTIFIER_IS_NOT_KNOWN_FOR_THIS_MD,"the asn1 object identifier is not known for this md"},
-{ASN1_R_TOO_LONG ,"too long"},
-{ASN1_R_TYPE_NOT_CONSTRUCTED ,"type not constructed"},
-{ASN1_R_UNABLE_TO_DECODE_RSA_KEY ,"unable to decode rsa key"},
-{ASN1_R_UNABLE_TO_DECODE_RSA_PRIVATE_KEY ,"unable to decode rsa private key"},
-{ASN1_R_UNEXPECTED_EOC ,"unexpected eoc"},
-{ASN1_R_UNKNOWN_FORMAT ,"unknown format"},
-{ASN1_R_UNKNOWN_MESSAGE_DIGEST_ALGORITHM ,"unknown message digest algorithm"},
-{ASN1_R_UNKNOWN_OBJECT_TYPE ,"unknown object type"},
-{ASN1_R_UNKNOWN_PUBLIC_KEY_TYPE ,"unknown public key type"},
-{ASN1_R_UNSUPPORTED_ANY_DEFINED_BY_TYPE ,"unsupported any defined by type"},
-{ASN1_R_UNSUPPORTED_CIPHER ,"unsupported cipher"},
-{ASN1_R_UNSUPPORTED_ENCRYPTION_ALGORITHM ,"unsupported encryption algorithm"},
-{ASN1_R_UNSUPPORTED_PUBLIC_KEY_TYPE ,"unsupported public key type"},
-{ASN1_R_WRONG_TAG ,"wrong tag"},
-{ASN1_R_WRONG_TYPE ,"wrong type"},
+{ERR_REASON(ASN1_R_ADDING_OBJECT) ,"adding object"},
+{ERR_REASON(ASN1_R_AUX_ERROR) ,"aux error"},
+{ERR_REASON(ASN1_R_BAD_CLASS) ,"bad class"},
+{ERR_REASON(ASN1_R_BAD_OBJECT_HEADER) ,"bad object header"},
+{ERR_REASON(ASN1_R_BAD_PASSWORD_READ) ,"bad password read"},
+{ERR_REASON(ASN1_R_BAD_TAG) ,"bad tag"},
+{ERR_REASON(ASN1_R_BN_LIB) ,"bn lib"},
+{ERR_REASON(ASN1_R_BOOLEAN_IS_WRONG_LENGTH),"boolean is wrong length"},
+{ERR_REASON(ASN1_R_BUFFER_TOO_SMALL) ,"buffer too small"},
+{ERR_REASON(ASN1_R_CIPHER_HAS_NO_OBJECT_IDENTIFIER),"cipher has no object identifier"},
+{ERR_REASON(ASN1_R_DATA_IS_WRONG) ,"data is wrong"},
+{ERR_REASON(ASN1_R_DECODE_ERROR) ,"decode error"},
+{ERR_REASON(ASN1_R_DECODING_ERROR) ,"decoding error"},
+{ERR_REASON(ASN1_R_ENCODE_ERROR) ,"encode error"},
+{ERR_REASON(ASN1_R_ERROR_GETTING_TIME) ,"error getting time"},
+{ERR_REASON(ASN1_R_ERROR_LOADING_SECTION),"error loading section"},
+{ERR_REASON(ASN1_R_ERROR_PARSING_SET_ELEMENT),"error parsing set element"},
+{ERR_REASON(ASN1_R_ERROR_SETTING_CIPHER_PARAMS),"error setting cipher params"},
+{ERR_REASON(ASN1_R_EXPECTING_AN_INTEGER) ,"expecting an integer"},
+{ERR_REASON(ASN1_R_EXPECTING_AN_OBJECT) ,"expecting an object"},
+{ERR_REASON(ASN1_R_EXPECTING_A_BOOLEAN) ,"expecting a boolean"},
+{ERR_REASON(ASN1_R_EXPECTING_A_TIME) ,"expecting a time"},
+{ERR_REASON(ASN1_R_EXPLICIT_LENGTH_MISMATCH),"explicit length mismatch"},
+{ERR_REASON(ASN1_R_EXPLICIT_TAG_NOT_CONSTRUCTED),"explicit tag not constructed"},
+{ERR_REASON(ASN1_R_FIELD_MISSING) ,"field missing"},
+{ERR_REASON(ASN1_R_FIRST_NUM_TOO_LARGE) ,"first num too large"},
+{ERR_REASON(ASN1_R_HEADER_TOO_LONG) ,"header too long"},
+{ERR_REASON(ASN1_R_ILLEGAL_CHARACTERS) ,"illegal characters"},
+{ERR_REASON(ASN1_R_ILLEGAL_NULL) ,"illegal null"},
+{ERR_REASON(ASN1_R_ILLEGAL_OPTIONAL_ANY) ,"illegal optional any"},
+{ERR_REASON(ASN1_R_ILLEGAL_OPTIONS_ON_ITEM_TEMPLATE),"illegal options on item template"},
+{ERR_REASON(ASN1_R_ILLEGAL_TAGGED_ANY) ,"illegal tagged any"},
+{ERR_REASON(ASN1_R_INTEGER_TOO_LARGE_FOR_LONG),"integer too large for long"},
+{ERR_REASON(ASN1_R_INVALID_BMPSTRING_LENGTH),"invalid bmpstring length"},
+{ERR_REASON(ASN1_R_INVALID_DIGIT) ,"invalid digit"},
+{ERR_REASON(ASN1_R_INVALID_SEPARATOR) ,"invalid separator"},
+{ERR_REASON(ASN1_R_INVALID_TIME_FORMAT) ,"invalid time format"},
+{ERR_REASON(ASN1_R_INVALID_UNIVERSALSTRING_LENGTH),"invalid universalstring length"},
+{ERR_REASON(ASN1_R_INVALID_UTF8STRING) ,"invalid utf8string"},
+{ERR_REASON(ASN1_R_IV_TOO_LARGE) ,"iv too large"},
+{ERR_REASON(ASN1_R_LENGTH_ERROR) ,"length error"},
+{ERR_REASON(ASN1_R_MISSING_EOC) ,"missing eoc"},
+{ERR_REASON(ASN1_R_MISSING_SECOND_NUMBER),"missing second number"},
+{ERR_REASON(ASN1_R_MSTRING_NOT_UNIVERSAL),"mstring not universal"},
+{ERR_REASON(ASN1_R_MSTRING_WRONG_TAG) ,"mstring wrong tag"},
+{ERR_REASON(ASN1_R_NESTED_ASN1_STRING) ,"nested asn1 string"},
+{ERR_REASON(ASN1_R_NON_HEX_CHARACTERS) ,"non hex characters"},
+{ERR_REASON(ASN1_R_NOT_ENOUGH_DATA) ,"not enough data"},
+{ERR_REASON(ASN1_R_NO_MATCHING_CHOICE_TYPE),"no matching choice type"},
+{ERR_REASON(ASN1_R_NULL_IS_WRONG_LENGTH) ,"null is wrong length"},
+{ERR_REASON(ASN1_R_ODD_NUMBER_OF_CHARS) ,"odd number of chars"},
+{ERR_REASON(ASN1_R_PRIVATE_KEY_HEADER_MISSING),"private key header missing"},
+{ERR_REASON(ASN1_R_SECOND_NUMBER_TOO_LARGE),"second number too large"},
+{ERR_REASON(ASN1_R_SEQUENCE_LENGTH_MISMATCH),"sequence length mismatch"},
+{ERR_REASON(ASN1_R_SEQUENCE_NOT_CONSTRUCTED),"sequence not constructed"},
+{ERR_REASON(ASN1_R_SHORT_LINE) ,"short line"},
+{ERR_REASON(ASN1_R_STRING_TOO_LONG) ,"string too long"},
+{ERR_REASON(ASN1_R_STRING_TOO_SHORT) ,"string too short"},
+{ERR_REASON(ASN1_R_TAG_VALUE_TOO_HIGH) ,"tag value too high"},
+{ERR_REASON(ASN1_R_THE_ASN1_OBJECT_IDENTIFIER_IS_NOT_KNOWN_FOR_THIS_MD),"the asn1 object identifier is not known for this md"},
+{ERR_REASON(ASN1_R_TOO_LONG) ,"too long"},
+{ERR_REASON(ASN1_R_TYPE_NOT_CONSTRUCTED) ,"type not constructed"},
+{ERR_REASON(ASN1_R_UNABLE_TO_DECODE_RSA_KEY),"unable to decode rsa key"},
+{ERR_REASON(ASN1_R_UNABLE_TO_DECODE_RSA_PRIVATE_KEY),"unable to decode rsa private key"},
+{ERR_REASON(ASN1_R_UNEXPECTED_EOC) ,"unexpected eoc"},
+{ERR_REASON(ASN1_R_UNKNOWN_FORMAT) ,"unknown format"},
+{ERR_REASON(ASN1_R_UNKNOWN_MESSAGE_DIGEST_ALGORITHM),"unknown message digest algorithm"},
+{ERR_REASON(ASN1_R_UNKNOWN_OBJECT_TYPE) ,"unknown object type"},
+{ERR_REASON(ASN1_R_UNKNOWN_PUBLIC_KEY_TYPE),"unknown public key type"},
+{ERR_REASON(ASN1_R_UNSUPPORTED_ANY_DEFINED_BY_TYPE),"unsupported any defined by type"},
+{ERR_REASON(ASN1_R_UNSUPPORTED_CIPHER) ,"unsupported cipher"},
+{ERR_REASON(ASN1_R_UNSUPPORTED_ENCRYPTION_ALGORITHM),"unsupported encryption algorithm"},
+{ERR_REASON(ASN1_R_UNSUPPORTED_PUBLIC_KEY_TYPE),"unsupported public key type"},
+{ERR_REASON(ASN1_R_WRONG_TAG) ,"wrong tag"},
+{ERR_REASON(ASN1_R_WRONG_TYPE) ,"wrong type"},
{0,NULL}
};
@@ -240,8 +246,8 @@ void ERR_load_ASN1_strings(void)
{
init=0;
#ifndef OPENSSL_NO_ERR
- ERR_load_strings(ERR_LIB_ASN1,ASN1_str_functs);
- ERR_load_strings(ERR_LIB_ASN1,ASN1_str_reasons);
+ ERR_load_strings(0,ASN1_str_functs);
+ ERR_load_strings(0,ASN1_str_reasons);
#endif
}
diff --git a/lib/libcrypto/asn1/tasn_dec.c b/lib/libcrypto/asn1/tasn_dec.c
index 2426cb6253a..c22501fc63b 100644
--- a/lib/libcrypto/asn1/tasn_dec.c
+++ b/lib/libcrypto/asn1/tasn_dec.c
@@ -66,6 +66,7 @@
#include <openssl/err.h>
static int asn1_check_eoc(unsigned char **in, long len);
+static int asn1_find_end(unsigned char **in, long len, char inf);
static int asn1_collect(BUF_MEM *buf, unsigned char **in, long len, char inf, int tag, int aclass);
static int collect_data(BUF_MEM *buf, unsigned char **p, long plen);
static int asn1_check_tlen(long *olen, int *otag, unsigned char *oclass, char *inf, char *cst,
@@ -644,7 +645,7 @@ static int asn1_d2i_ex_primitive(ASN1_VALUE **pval, unsigned char **in, long inl
cont = *in;
/* If indefinite length constructed find the real end */
if(inf) {
- if(!asn1_collect(NULL, &p, plen, inf, -1, -1)) goto err;
+ if(!asn1_find_end(&p, plen, inf)) goto err;
len = p - cont;
} else {
len = p - cont + plen;
@@ -807,12 +808,66 @@ int asn1_ex_c2i(ASN1_VALUE **pval, unsigned char *cont, int len, int utype, char
return ret;
}
+/* This function finds the end of an ASN1 structure when passed its maximum
+ * length, whether it is indefinite length and a pointer to the content.
+ * This is more efficient than calling asn1_collect because it does not
+ * recurse on each indefinite length header.
+ */
+
+static int asn1_find_end(unsigned char **in, long len, char inf)
+ {
+ int expected_eoc;
+ long plen;
+ unsigned char *p = *in, *q;
+ /* If not indefinite length constructed just add length */
+ if (inf == 0)
+ {
+ *in += len;
+ return 1;
+ }
+ expected_eoc = 1;
+ /* Indefinite length constructed form. Find the end when enough EOCs
+ * are found. If more indefinite length constructed headers
+ * are encountered increment the expected eoc count otherwise justi
+ * skip to the end of the data.
+ */
+ while (len > 0)
+ {
+ if(asn1_check_eoc(&p, len))
+ {
+ expected_eoc--;
+ if (expected_eoc == 0)
+ break;
+ len -= 2;
+ continue;
+ }
+ q = p;
+ /* Just read in a header: only care about the length */
+ if(!asn1_check_tlen(&plen, NULL, NULL, &inf, NULL, &p, len,
+ -1, 0, 0, NULL))
+ {
+ ASN1err(ASN1_F_ASN1_FIND_END, ERR_R_NESTED_ASN1_ERROR);
+ return 0;
+ }
+ if (inf)
+ expected_eoc++;
+ else
+ p += plen;
+ len -= p - q;
+ }
+ if (expected_eoc)
+ {
+ ASN1err(ASN1_F_ASN1_FIND_END, ASN1_R_MISSING_EOC);
+ return 0;
+ }
+ *in = p;
+ return 1;
+ }
+
/* This function collects the asn1 data from a constructred string
* type into a buffer. The values of 'in' and 'len' should refer
* to the contents of the constructed type and 'inf' should be set
- * if it is indefinite length. If 'buf' is NULL then we just want
- * to find the end of the current structure: useful for indefinite
- * length constructed stuff.
+ * if it is indefinite length.
*/
static int asn1_collect(BUF_MEM *buf, unsigned char **in, long len, char inf, int tag, int aclass)
@@ -822,11 +877,6 @@ static int asn1_collect(BUF_MEM *buf, unsigned char **in, long len, char inf, in
char cst, ininf;
p = *in;
inf &= 1;
- /* If no buffer and not indefinite length constructed just pass over the encoded data */
- if(!buf && !inf) {
- *in += len;
- return 1;
- }
while(len > 0) {
q = p;
/* Check for EOC */
@@ -845,9 +895,15 @@ static int asn1_collect(BUF_MEM *buf, unsigned char **in, long len, char inf, in
}
/* If indefinite length constructed update max length */
if(cst) {
- if(!asn1_collect(buf, &p, plen, ininf, tag, aclass)) return 0;
+#ifdef OPENSSL_ALLOW_NESTED_ASN1_STRINGS
+ if (!asn1_collect(buf, &p, plen, ininf, tag, aclass))
+ return 0;
+#else
+ ASN1err(ASN1_F_ASN1_COLLECT, ASN1_R_NESTED_ASN1_STRING);
+ return 0;
+#endif
} else {
- if(!collect_data(buf, &p, plen)) return 0;
+ if(plen && !collect_data(buf, &p, plen)) return 0;
}
len -= p - q;
}
diff --git a/lib/libcrypto/asn1/tasn_enc.c b/lib/libcrypto/asn1/tasn_enc.c
index f6c8ddef0aa..c675c3c832d 100644
--- a/lib/libcrypto/asn1/tasn_enc.c
+++ b/lib/libcrypto/asn1/tasn_enc.c
@@ -445,9 +445,12 @@ int asn1_ex_i2c(ASN1_VALUE **pval, unsigned char *cout, int *putype, const ASN1_
case V_ASN1_BOOLEAN:
tbool = (ASN1_BOOLEAN *)pval;
if(*tbool == -1) return -1;
- /* Default handling if value == size field then omit */
- if(*tbool && (it->size > 0)) return -1;
- if(!*tbool && !it->size) return -1;
+ if (it->utype != V_ASN1_ANY)
+ {
+ /* Default handling if value == size field then omit */
+ if(*tbool && (it->size > 0)) return -1;
+ if(!*tbool && !it->size) return -1;
+ }
c = (unsigned char)*tbool;
cont = &c;
len = 1;
diff --git a/lib/libcrypto/bf/bf_skey.c b/lib/libcrypto/bf/bf_skey.c
index fc5bebefce4..1931aba83fb 100644
--- a/lib/libcrypto/bf/bf_skey.c
+++ b/lib/libcrypto/bf/bf_skey.c
@@ -60,6 +60,7 @@
#include <string.h>
#include <openssl/crypto.h>
#include <openssl/blowfish.h>
+#include <openssl/fips.h>
#include "bf_locl.h"
#include "bf_pi.h"
diff --git a/lib/libcrypto/bio/b_print.c b/lib/libcrypto/bio/b_print.c
index 8b753e7ca01..f2bd91d5a02 100644
--- a/lib/libcrypto/bio/b_print.c
+++ b/lib/libcrypto/bio/b_print.c
@@ -576,7 +576,7 @@ abs_val(LDOUBLE value)
}
static LDOUBLE
-pow10(int in_exp)
+pow_10(int in_exp)
{
LDOUBLE result = 1;
while (in_exp) {
@@ -639,11 +639,11 @@ fmtfp(
/* we "cheat" by converting the fractional part to integer by
multiplying by a factor of 10 */
- fracpart = roundv((pow10(max)) * (ufvalue - intpart));
+ fracpart = roundv((pow_10(max)) * (ufvalue - intpart));
- if (fracpart >= (long)pow10(max)) {
+ if (fracpart >= (long)pow_10(max)) {
intpart++;
- fracpart -= (long)pow10(max);
+ fracpart -= (long)pow_10(max);
}
/* convert integer part */
diff --git a/lib/libcrypto/bio/bio_err.c b/lib/libcrypto/bio/bio_err.c
index 68a119d895e..8859a58ae4f 100644
--- a/lib/libcrypto/bio/bio_err.c
+++ b/lib/libcrypto/bio/bio_err.c
@@ -1,6 +1,6 @@
/* crypto/bio/bio_err.c */
/* ====================================================================
- * Copyright (c) 1999 The OpenSSL Project. All rights reserved.
+ * Copyright (c) 1999-2005 The OpenSSL Project. All rights reserved.
*
* Redistribution and use in source and binary forms, with or without
* modification, are permitted provided that the following conditions
@@ -64,73 +64,77 @@
/* BEGIN ERROR CODES */
#ifndef OPENSSL_NO_ERR
+
+#define ERR_FUNC(func) ERR_PACK(ERR_LIB_BIO,func,0)
+#define ERR_REASON(reason) ERR_PACK(ERR_LIB_BIO,0,reason)
+
static ERR_STRING_DATA BIO_str_functs[]=
{
-{ERR_PACK(0,BIO_F_ACPT_STATE,0), "ACPT_STATE"},
-{ERR_PACK(0,BIO_F_BIO_ACCEPT,0), "BIO_accept"},
-{ERR_PACK(0,BIO_F_BIO_BER_GET_HEADER,0), "BIO_BER_GET_HEADER"},
-{ERR_PACK(0,BIO_F_BIO_CTRL,0), "BIO_ctrl"},
-{ERR_PACK(0,BIO_F_BIO_GETHOSTBYNAME,0), "BIO_gethostbyname"},
-{ERR_PACK(0,BIO_F_BIO_GETS,0), "BIO_gets"},
-{ERR_PACK(0,BIO_F_BIO_GET_ACCEPT_SOCKET,0), "BIO_get_accept_socket"},
-{ERR_PACK(0,BIO_F_BIO_GET_HOST_IP,0), "BIO_get_host_ip"},
-{ERR_PACK(0,BIO_F_BIO_GET_PORT,0), "BIO_get_port"},
-{ERR_PACK(0,BIO_F_BIO_MAKE_PAIR,0), "BIO_MAKE_PAIR"},
-{ERR_PACK(0,BIO_F_BIO_NEW,0), "BIO_new"},
-{ERR_PACK(0,BIO_F_BIO_NEW_FILE,0), "BIO_new_file"},
-{ERR_PACK(0,BIO_F_BIO_NEW_MEM_BUF,0), "BIO_new_mem_buf"},
-{ERR_PACK(0,BIO_F_BIO_NREAD,0), "BIO_nread"},
-{ERR_PACK(0,BIO_F_BIO_NREAD0,0), "BIO_nread0"},
-{ERR_PACK(0,BIO_F_BIO_NWRITE,0), "BIO_nwrite"},
-{ERR_PACK(0,BIO_F_BIO_NWRITE0,0), "BIO_nwrite0"},
-{ERR_PACK(0,BIO_F_BIO_PUTS,0), "BIO_puts"},
-{ERR_PACK(0,BIO_F_BIO_READ,0), "BIO_read"},
-{ERR_PACK(0,BIO_F_BIO_SOCK_INIT,0), "BIO_sock_init"},
-{ERR_PACK(0,BIO_F_BIO_WRITE,0), "BIO_write"},
-{ERR_PACK(0,BIO_F_BUFFER_CTRL,0), "BUFFER_CTRL"},
-{ERR_PACK(0,BIO_F_CONN_CTRL,0), "CONN_CTRL"},
-{ERR_PACK(0,BIO_F_CONN_STATE,0), "CONN_STATE"},
-{ERR_PACK(0,BIO_F_FILE_CTRL,0), "FILE_CTRL"},
-{ERR_PACK(0,BIO_F_FILE_READ,0), "FILE_READ"},
-{ERR_PACK(0,BIO_F_LINEBUFFER_CTRL,0), "LINEBUFFER_CTRL"},
-{ERR_PACK(0,BIO_F_MEM_READ,0), "MEM_READ"},
-{ERR_PACK(0,BIO_F_MEM_WRITE,0), "MEM_WRITE"},
-{ERR_PACK(0,BIO_F_SSL_NEW,0), "SSL_new"},
-{ERR_PACK(0,BIO_F_WSASTARTUP,0), "WSASTARTUP"},
+{ERR_FUNC(BIO_F_ACPT_STATE), "ACPT_STATE"},
+{ERR_FUNC(BIO_F_BIO_ACCEPT), "BIO_accept"},
+{ERR_FUNC(BIO_F_BIO_BER_GET_HEADER), "BIO_BER_GET_HEADER"},
+{ERR_FUNC(BIO_F_BIO_CTRL), "BIO_ctrl"},
+{ERR_FUNC(BIO_F_BIO_GETHOSTBYNAME), "BIO_gethostbyname"},
+{ERR_FUNC(BIO_F_BIO_GETS), "BIO_gets"},
+{ERR_FUNC(BIO_F_BIO_GET_ACCEPT_SOCKET), "BIO_get_accept_socket"},
+{ERR_FUNC(BIO_F_BIO_GET_HOST_IP), "BIO_get_host_ip"},
+{ERR_FUNC(BIO_F_BIO_GET_PORT), "BIO_get_port"},
+{ERR_FUNC(BIO_F_BIO_MAKE_PAIR), "BIO_MAKE_PAIR"},
+{ERR_FUNC(BIO_F_BIO_NEW), "BIO_new"},
+{ERR_FUNC(BIO_F_BIO_NEW_FILE), "BIO_new_file"},
+{ERR_FUNC(BIO_F_BIO_NEW_MEM_BUF), "BIO_new_mem_buf"},
+{ERR_FUNC(BIO_F_BIO_NREAD), "BIO_nread"},
+{ERR_FUNC(BIO_F_BIO_NREAD0), "BIO_nread0"},
+{ERR_FUNC(BIO_F_BIO_NWRITE), "BIO_nwrite"},
+{ERR_FUNC(BIO_F_BIO_NWRITE0), "BIO_nwrite0"},
+{ERR_FUNC(BIO_F_BIO_PUTS), "BIO_puts"},
+{ERR_FUNC(BIO_F_BIO_READ), "BIO_read"},
+{ERR_FUNC(BIO_F_BIO_SOCK_INIT), "BIO_sock_init"},
+{ERR_FUNC(BIO_F_BIO_WRITE), "BIO_write"},
+{ERR_FUNC(BIO_F_BUFFER_CTRL), "BUFFER_CTRL"},
+{ERR_FUNC(BIO_F_CONN_CTRL), "CONN_CTRL"},
+{ERR_FUNC(BIO_F_CONN_STATE), "CONN_STATE"},
+{ERR_FUNC(BIO_F_FILE_CTRL), "FILE_CTRL"},
+{ERR_FUNC(BIO_F_FILE_READ), "FILE_READ"},
+{ERR_FUNC(BIO_F_LINEBUFFER_CTRL), "LINEBUFFER_CTRL"},
+{ERR_FUNC(BIO_F_MEM_READ), "MEM_READ"},
+{ERR_FUNC(BIO_F_MEM_WRITE), "MEM_WRITE"},
+{ERR_FUNC(BIO_F_SSL_NEW), "SSL_new"},
+{ERR_FUNC(BIO_F_WSASTARTUP), "WSASTARTUP"},
{0,NULL}
};
static ERR_STRING_DATA BIO_str_reasons[]=
{
-{BIO_R_ACCEPT_ERROR ,"accept error"},
-{BIO_R_BAD_FOPEN_MODE ,"bad fopen mode"},
-{BIO_R_BAD_HOSTNAME_LOOKUP ,"bad hostname lookup"},
-{BIO_R_BROKEN_PIPE ,"broken pipe"},
-{BIO_R_CONNECT_ERROR ,"connect error"},
-{BIO_R_EOF_ON_MEMORY_BIO ,"EOF on memory BIO"},
-{BIO_R_ERROR_SETTING_NBIO ,"error setting nbio"},
-{BIO_R_ERROR_SETTING_NBIO_ON_ACCEPTED_SOCKET,"error setting nbio on accepted socket"},
-{BIO_R_ERROR_SETTING_NBIO_ON_ACCEPT_SOCKET,"error setting nbio on accept socket"},
-{BIO_R_GETHOSTBYNAME_ADDR_IS_NOT_AF_INET ,"gethostbyname addr is not af inet"},
-{BIO_R_INVALID_ARGUMENT ,"invalid argument"},
-{BIO_R_INVALID_IP_ADDRESS ,"invalid ip address"},
-{BIO_R_IN_USE ,"in use"},
-{BIO_R_KEEPALIVE ,"keepalive"},
-{BIO_R_NBIO_CONNECT_ERROR ,"nbio connect error"},
-{BIO_R_NO_ACCEPT_PORT_SPECIFIED ,"no accept port specified"},
-{BIO_R_NO_HOSTNAME_SPECIFIED ,"no hostname specified"},
-{BIO_R_NO_PORT_DEFINED ,"no port defined"},
-{BIO_R_NO_PORT_SPECIFIED ,"no port specified"},
-{BIO_R_NO_SUCH_FILE ,"no such file"},
-{BIO_R_NULL_PARAMETER ,"null parameter"},
-{BIO_R_TAG_MISMATCH ,"tag mismatch"},
-{BIO_R_UNABLE_TO_BIND_SOCKET ,"unable to bind socket"},
-{BIO_R_UNABLE_TO_CREATE_SOCKET ,"unable to create socket"},
-{BIO_R_UNABLE_TO_LISTEN_SOCKET ,"unable to listen socket"},
-{BIO_R_UNINITIALIZED ,"uninitialized"},
-{BIO_R_UNSUPPORTED_METHOD ,"unsupported method"},
-{BIO_R_WRITE_TO_READ_ONLY_BIO ,"write to read only BIO"},
-{BIO_R_WSASTARTUP ,"WSAStartup"},
+{ERR_REASON(BIO_R_ACCEPT_ERROR) ,"accept error"},
+{ERR_REASON(BIO_R_BAD_FOPEN_MODE) ,"bad fopen mode"},
+{ERR_REASON(BIO_R_BAD_HOSTNAME_LOOKUP) ,"bad hostname lookup"},
+{ERR_REASON(BIO_R_BROKEN_PIPE) ,"broken pipe"},
+{ERR_REASON(BIO_R_CONNECT_ERROR) ,"connect error"},
+{ERR_REASON(BIO_R_EOF_ON_MEMORY_BIO) ,"EOF on memory BIO"},
+{ERR_REASON(BIO_R_ERROR_SETTING_NBIO) ,"error setting nbio"},
+{ERR_REASON(BIO_R_ERROR_SETTING_NBIO_ON_ACCEPTED_SOCKET),"error setting nbio on accepted socket"},
+{ERR_REASON(BIO_R_ERROR_SETTING_NBIO_ON_ACCEPT_SOCKET),"error setting nbio on accept socket"},
+{ERR_REASON(BIO_R_GETHOSTBYNAME_ADDR_IS_NOT_AF_INET),"gethostbyname addr is not af inet"},
+{ERR_REASON(BIO_R_INVALID_ARGUMENT) ,"invalid argument"},
+{ERR_REASON(BIO_R_INVALID_IP_ADDRESS) ,"invalid ip address"},
+{ERR_REASON(BIO_R_IN_USE) ,"in use"},
+{ERR_REASON(BIO_R_KEEPALIVE) ,"keepalive"},
+{ERR_REASON(BIO_R_NBIO_CONNECT_ERROR) ,"nbio connect error"},
+{ERR_REASON(BIO_R_NO_ACCEPT_PORT_SPECIFIED),"no accept port specified"},
+{ERR_REASON(BIO_R_NO_HOSTNAME_SPECIFIED) ,"no hostname specified"},
+{ERR_REASON(BIO_R_NO_PORT_DEFINED) ,"no port defined"},
+{ERR_REASON(BIO_R_NO_PORT_SPECIFIED) ,"no port specified"},
+{ERR_REASON(BIO_R_NO_SUCH_FILE) ,"no such file"},
+{ERR_REASON(BIO_R_NULL_PARAMETER) ,"null parameter"},
+{ERR_REASON(BIO_R_TAG_MISMATCH) ,"tag mismatch"},
+{ERR_REASON(BIO_R_UNABLE_TO_BIND_SOCKET) ,"unable to bind socket"},
+{ERR_REASON(BIO_R_UNABLE_TO_CREATE_SOCKET),"unable to create socket"},
+{ERR_REASON(BIO_R_UNABLE_TO_LISTEN_SOCKET),"unable to listen socket"},
+{ERR_REASON(BIO_R_UNINITIALIZED) ,"uninitialized"},
+{ERR_REASON(BIO_R_UNSUPPORTED_METHOD) ,"unsupported method"},
+{ERR_REASON(BIO_R_WRITE_TO_READ_ONLY_BIO),"write to read only BIO"},
+{ERR_REASON(BIO_R_WSASTARTUP) ,"WSAStartup"},
{0,NULL}
};
@@ -144,8 +148,8 @@ void ERR_load_BIO_strings(void)
{
init=0;
#ifndef OPENSSL_NO_ERR
- ERR_load_strings(ERR_LIB_BIO,BIO_str_functs);
- ERR_load_strings(ERR_LIB_BIO,BIO_str_reasons);
+ ERR_load_strings(0,BIO_str_functs);
+ ERR_load_strings(0,BIO_str_reasons);
#endif
}
diff --git a/lib/libcrypto/bio/bss_conn.c b/lib/libcrypto/bio/bss_conn.c
index f5d0e759e23..216780ed5e9 100644
--- a/lib/libcrypto/bio/bss_conn.c
+++ b/lib/libcrypto/bio/bss_conn.c
@@ -469,7 +469,7 @@ static long conn_ctrl(BIO *b, int cmd, long num, void *ptr)
break;
case BIO_C_DO_STATE_MACHINE:
/* use this one to start the connection */
- if (!data->state != BIO_CONN_S_OK)
+ if (data->state != BIO_CONN_S_OK)
ret=(long)conn_state(b,data);
else
ret=1;
diff --git a/lib/libcrypto/bn/asm/sparcv8plus.S b/lib/libcrypto/bn/asm/sparcv8plus.S
index 0074dfdb750..8c56e2e7e7c 100644
--- a/lib/libcrypto/bn/asm/sparcv8plus.S
+++ b/lib/libcrypto/bn/asm/sparcv8plus.S
@@ -162,10 +162,14 @@
* BN_ULONG w;
*/
bn_mul_add_words:
+ sra %o2,%g0,%o2 ! signx %o2
brgz,a %o2,.L_bn_mul_add_words_proceed
lduw [%o1],%g2
retl
clr %o0
+ nop
+ nop
+ nop
.L_bn_mul_add_words_proceed:
srl %o3,%g0,%o3 ! clruw %o3
@@ -260,10 +264,14 @@ bn_mul_add_words:
* BN_ULONG w;
*/
bn_mul_words:
+ sra %o2,%g0,%o2 ! signx %o2
brgz,a %o2,.L_bn_mul_words_proceeed
lduw [%o1],%g2
retl
clr %o0
+ nop
+ nop
+ nop
.L_bn_mul_words_proceeed:
srl %o3,%g0,%o3 ! clruw %o3
@@ -344,10 +352,14 @@ bn_mul_words:
* int n;
*/
bn_sqr_words:
+ sra %o2,%g0,%o2 ! signx %o2
brgz,a %o2,.L_bn_sqr_words_proceeed
lduw [%o1],%g2
retl
clr %o0
+ nop
+ nop
+ nop
.L_bn_sqr_words_proceeed:
andcc %o2,-4,%g0
@@ -445,6 +457,7 @@ bn_div_words:
* int n;
*/
bn_add_words:
+ sra %o3,%g0,%o3 ! signx %o3
brgz,a %o3,.L_bn_add_words_proceed
lduw [%o1],%o4
retl
@@ -454,7 +467,6 @@ bn_add_words:
andcc %o3,-4,%g0
bz,pn %icc,.L_bn_add_words_tail
addcc %g0,0,%g0 ! clear carry flag
- nop
.L_bn_add_words_loop: ! wow! 32 aligned!
dec 4,%o3
@@ -523,6 +535,7 @@ bn_add_words:
* int n;
*/
bn_sub_words:
+ sra %o3,%g0,%o3 ! signx %o3
brgz,a %o3,.L_bn_sub_words_proceed
lduw [%o1],%o4
retl
@@ -532,7 +545,6 @@ bn_sub_words:
andcc %o3,-4,%g0
bz,pn %icc,.L_bn_sub_words_tail
addcc %g0,0,%g0 ! clear carry flag
- nop
.L_bn_sub_words_loop: ! wow! 32 aligned!
dec 4,%o3
diff --git a/lib/libcrypto/bn/bn.h b/lib/libcrypto/bn/bn.h
index 3da6d8ced90..1251521c54d 100644
--- a/lib/libcrypto/bn/bn.h
+++ b/lib/libcrypto/bn/bn.h
@@ -225,10 +225,23 @@ extern "C" {
#define BN_FLG_MALLOCED 0x01
#define BN_FLG_STATIC_DATA 0x02
+#define BN_FLG_EXP_CONSTTIME 0x04 /* avoid leaking exponent information through timings
+ * (BN_mod_exp_mont() will call BN_mod_exp_mont_consttime) */
#define BN_FLG_FREE 0x8000 /* used for debuging */
#define BN_set_flags(b,n) ((b)->flags|=(n))
#define BN_get_flags(b,n) ((b)->flags&(n))
+/* get a clone of a BIGNUM with changed flags, for *temporary* use only
+ * (the two BIGNUMs cannot not be used in parallel!) */
+#define BN_with_flags(dest,b,n) ((dest)->d=(b)->d, \
+ (dest)->top=(b)->top, \
+ (dest)->dmax=(b)->dmax, \
+ (dest)->neg=(b)->neg, \
+ (dest)->flags=(((dest)->flags & BN_FLG_MALLOCED) \
+ | ((b)->flags & ~BN_FLG_MALLOCED) \
+ | BN_FLG_STATIC_DATA \
+ | (n)))
+
typedef struct bignum_st
{
BN_ULONG *d; /* Pointer to an array of 'BN_BITS2' bit chunks. */
@@ -378,6 +391,8 @@ int BN_mod_exp(BIGNUM *r, const BIGNUM *a, const BIGNUM *p,
const BIGNUM *m,BN_CTX *ctx);
int BN_mod_exp_mont(BIGNUM *r, const BIGNUM *a, const BIGNUM *p,
const BIGNUM *m, BN_CTX *ctx, BN_MONT_CTX *m_ctx);
+int BN_mod_exp_mont_consttime(BIGNUM *rr, const BIGNUM *a, const BIGNUM *p,
+ const BIGNUM *m, BN_CTX *ctx, BN_MONT_CTX *in_mont);
int BN_mod_exp_mont_word(BIGNUM *r, BN_ULONG a, const BIGNUM *p,
const BIGNUM *m, BN_CTX *ctx, BN_MONT_CTX *m_ctx);
int BN_mod_exp2_mont(BIGNUM *r, const BIGNUM *a1, const BIGNUM *p1,
@@ -423,6 +438,19 @@ int BN_is_prime_fasttest(const BIGNUM *p,int nchecks,
void (*callback)(int,int,void *),BN_CTX *ctx,void *cb_arg,
int do_trial_division);
+#ifdef OPENSSL_FIPS
+int BN_X931_derive_prime(BIGNUM *p, BIGNUM *p1, BIGNUM *p2,
+ void (*cb)(int, int, void *), void *cb_arg,
+ const BIGNUM *Xp, const BIGNUM *Xp1, const BIGNUM *Xp2,
+ const BIGNUM *e, BN_CTX *ctx);
+int BN_X931_generate_Xpq(BIGNUM *Xp, BIGNUM *Xq, int nbits, BN_CTX *ctx);
+int BN_X931_generate_prime(BIGNUM *p, BIGNUM *p1, BIGNUM *p2,
+ BIGNUM *Xp1, BIGNUM *Xp2,
+ const BIGNUM *Xp,
+ const BIGNUM *e, BN_CTX *ctx,
+ void (*cb)(int, int, void *), void *cb_arg);
+#endif
+
BN_MONT_CTX *BN_MONT_CTX_new(void );
void BN_MONT_CTX_init(BN_MONT_CTX *ctx);
int BN_mod_mul_montgomery(BIGNUM *r,const BIGNUM *a,const BIGNUM *b,
@@ -434,6 +462,8 @@ int BN_from_montgomery(BIGNUM *r,const BIGNUM *a,
void BN_MONT_CTX_free(BN_MONT_CTX *mont);
int BN_MONT_CTX_set(BN_MONT_CTX *mont,const BIGNUM *mod,BN_CTX *ctx);
BN_MONT_CTX *BN_MONT_CTX_copy(BN_MONT_CTX *to,BN_MONT_CTX *from);
+BN_MONT_CTX *BN_MONT_CTX_set_locked(BN_MONT_CTX **pmont, int lock,
+ const BIGNUM *mod, BN_CTX *ctx);
BN_BLINDING *BN_BLINDING_new(BIGNUM *A,BIGNUM *Ai,BIGNUM *mod);
void BN_BLINDING_free(BN_BLINDING *b);
@@ -510,11 +540,15 @@ void ERR_load_BN_strings(void);
#define BN_F_BN_CTX_GET 116
#define BN_F_BN_CTX_NEW 106
#define BN_F_BN_DIV 107
+#define BN_F_BN_EXP 123
#define BN_F_BN_EXPAND2 108
#define BN_F_BN_EXPAND_INTERNAL 120
#define BN_F_BN_MOD_EXP2_MONT 118
#define BN_F_BN_MOD_EXP_MONT 109
+#define BN_F_BN_MOD_EXP_MONT_CONSTTIME 124
#define BN_F_BN_MOD_EXP_MONT_WORD 117
+#define BN_F_BN_MOD_EXP_RECP 125
+#define BN_F_BN_MOD_EXP_SIMPLE 126
#define BN_F_BN_MOD_INVERSE 110
#define BN_F_BN_MOD_LSHIFT_QUICK 119
#define BN_F_BN_MOD_MUL_RECIPROCAL 111
diff --git a/lib/libcrypto/bn/bn_asm.c b/lib/libcrypto/bn/bn_asm.c
index be8aa3ffc5a..19978085b26 100644
--- a/lib/libcrypto/bn/bn_asm.c
+++ b/lib/libcrypto/bn/bn_asm.c
@@ -237,7 +237,7 @@ BN_ULONG bn_div_words(BN_ULONG h, BN_ULONG l, BN_ULONG d)
if (d == 0) return(BN_MASK2);
i=BN_num_bits_word(d);
- assert((i == BN_BITS2) || (h > (BN_ULONG)1<<i));
+ assert((i == BN_BITS2) || (h <= (BN_ULONG)1<<i));
i=BN_BITS2-i;
if (h >= d) h-=d;
diff --git a/lib/libcrypto/bn/bn_err.c b/lib/libcrypto/bn/bn_err.c
index fb84ee96d8d..5dfac00c88a 100644
--- a/lib/libcrypto/bn/bn_err.c
+++ b/lib/libcrypto/bn/bn_err.c
@@ -1,6 +1,6 @@
/* crypto/bn/bn_err.c */
/* ====================================================================
- * Copyright (c) 1999 The OpenSSL Project. All rights reserved.
+ * Copyright (c) 1999-2005 The OpenSSL Project. All rights reserved.
*
* Redistribution and use in source and binary forms, with or without
* modification, are permitted provided that the following conditions
@@ -64,52 +64,60 @@
/* BEGIN ERROR CODES */
#ifndef OPENSSL_NO_ERR
+
+#define ERR_FUNC(func) ERR_PACK(ERR_LIB_BN,func,0)
+#define ERR_REASON(reason) ERR_PACK(ERR_LIB_BN,0,reason)
+
static ERR_STRING_DATA BN_str_functs[]=
{
-{ERR_PACK(0,BN_F_BN_BLINDING_CONVERT,0), "BN_BLINDING_convert"},
-{ERR_PACK(0,BN_F_BN_BLINDING_INVERT,0), "BN_BLINDING_invert"},
-{ERR_PACK(0,BN_F_BN_BLINDING_NEW,0), "BN_BLINDING_new"},
-{ERR_PACK(0,BN_F_BN_BLINDING_UPDATE,0), "BN_BLINDING_update"},
-{ERR_PACK(0,BN_F_BN_BN2DEC,0), "BN_bn2dec"},
-{ERR_PACK(0,BN_F_BN_BN2HEX,0), "BN_bn2hex"},
-{ERR_PACK(0,BN_F_BN_CTX_GET,0), "BN_CTX_get"},
-{ERR_PACK(0,BN_F_BN_CTX_NEW,0), "BN_CTX_new"},
-{ERR_PACK(0,BN_F_BN_DIV,0), "BN_div"},
-{ERR_PACK(0,BN_F_BN_EXPAND2,0), "bn_expand2"},
-{ERR_PACK(0,BN_F_BN_EXPAND_INTERNAL,0), "BN_EXPAND_INTERNAL"},
-{ERR_PACK(0,BN_F_BN_MOD_EXP2_MONT,0), "BN_mod_exp2_mont"},
-{ERR_PACK(0,BN_F_BN_MOD_EXP_MONT,0), "BN_mod_exp_mont"},
-{ERR_PACK(0,BN_F_BN_MOD_EXP_MONT_WORD,0), "BN_mod_exp_mont_word"},
-{ERR_PACK(0,BN_F_BN_MOD_INVERSE,0), "BN_mod_inverse"},
-{ERR_PACK(0,BN_F_BN_MOD_LSHIFT_QUICK,0), "BN_mod_lshift_quick"},
-{ERR_PACK(0,BN_F_BN_MOD_MUL_RECIPROCAL,0), "BN_mod_mul_reciprocal"},
-{ERR_PACK(0,BN_F_BN_MOD_SQRT,0), "BN_mod_sqrt"},
-{ERR_PACK(0,BN_F_BN_MPI2BN,0), "BN_mpi2bn"},
-{ERR_PACK(0,BN_F_BN_NEW,0), "BN_new"},
-{ERR_PACK(0,BN_F_BN_RAND,0), "BN_rand"},
-{ERR_PACK(0,BN_F_BN_RAND_RANGE,0), "BN_rand_range"},
-{ERR_PACK(0,BN_F_BN_USUB,0), "BN_usub"},
+{ERR_FUNC(BN_F_BN_BLINDING_CONVERT), "BN_BLINDING_convert"},
+{ERR_FUNC(BN_F_BN_BLINDING_INVERT), "BN_BLINDING_invert"},
+{ERR_FUNC(BN_F_BN_BLINDING_NEW), "BN_BLINDING_new"},
+{ERR_FUNC(BN_F_BN_BLINDING_UPDATE), "BN_BLINDING_update"},
+{ERR_FUNC(BN_F_BN_BN2DEC), "BN_bn2dec"},
+{ERR_FUNC(BN_F_BN_BN2HEX), "BN_bn2hex"},
+{ERR_FUNC(BN_F_BN_CTX_GET), "BN_CTX_get"},
+{ERR_FUNC(BN_F_BN_CTX_NEW), "BN_CTX_new"},
+{ERR_FUNC(BN_F_BN_DIV), "BN_div"},
+{ERR_FUNC(BN_F_BN_EXP), "BN_exp"},
+{ERR_FUNC(BN_F_BN_EXPAND2), "bn_expand2"},
+{ERR_FUNC(BN_F_BN_EXPAND_INTERNAL), "BN_EXPAND_INTERNAL"},
+{ERR_FUNC(BN_F_BN_MOD_EXP2_MONT), "BN_mod_exp2_mont"},
+{ERR_FUNC(BN_F_BN_MOD_EXP_MONT), "BN_mod_exp_mont"},
+{ERR_FUNC(BN_F_BN_MOD_EXP_MONT_CONSTTIME), "BN_mod_exp_mont_consttime"},
+{ERR_FUNC(BN_F_BN_MOD_EXP_MONT_WORD), "BN_mod_exp_mont_word"},
+{ERR_FUNC(BN_F_BN_MOD_EXP_RECP), "BN_mod_exp_recp"},
+{ERR_FUNC(BN_F_BN_MOD_EXP_SIMPLE), "BN_mod_exp_simple"},
+{ERR_FUNC(BN_F_BN_MOD_INVERSE), "BN_mod_inverse"},
+{ERR_FUNC(BN_F_BN_MOD_LSHIFT_QUICK), "BN_mod_lshift_quick"},
+{ERR_FUNC(BN_F_BN_MOD_MUL_RECIPROCAL), "BN_mod_mul_reciprocal"},
+{ERR_FUNC(BN_F_BN_MOD_SQRT), "BN_mod_sqrt"},
+{ERR_FUNC(BN_F_BN_MPI2BN), "BN_mpi2bn"},
+{ERR_FUNC(BN_F_BN_NEW), "BN_new"},
+{ERR_FUNC(BN_F_BN_RAND), "BN_rand"},
+{ERR_FUNC(BN_F_BN_RAND_RANGE), "BN_rand_range"},
+{ERR_FUNC(BN_F_BN_USUB), "BN_usub"},
{0,NULL}
};
static ERR_STRING_DATA BN_str_reasons[]=
{
-{BN_R_ARG2_LT_ARG3 ,"arg2 lt arg3"},
-{BN_R_BAD_RECIPROCAL ,"bad reciprocal"},
-{BN_R_BIGNUM_TOO_LONG ,"bignum too long"},
-{BN_R_CALLED_WITH_EVEN_MODULUS ,"called with even modulus"},
-{BN_R_DIV_BY_ZERO ,"div by zero"},
-{BN_R_ENCODING_ERROR ,"encoding error"},
-{BN_R_EXPAND_ON_STATIC_BIGNUM_DATA ,"expand on static bignum data"},
-{BN_R_INPUT_NOT_REDUCED ,"input not reduced"},
-{BN_R_INVALID_LENGTH ,"invalid length"},
-{BN_R_INVALID_RANGE ,"invalid range"},
-{BN_R_NOT_A_SQUARE ,"not a square"},
-{BN_R_NOT_INITIALIZED ,"not initialized"},
-{BN_R_NO_INVERSE ,"no inverse"},
-{BN_R_P_IS_NOT_PRIME ,"p is not prime"},
-{BN_R_TOO_MANY_ITERATIONS ,"too many iterations"},
-{BN_R_TOO_MANY_TEMPORARY_VARIABLES ,"too many temporary variables"},
+{ERR_REASON(BN_R_ARG2_LT_ARG3) ,"arg2 lt arg3"},
+{ERR_REASON(BN_R_BAD_RECIPROCAL) ,"bad reciprocal"},
+{ERR_REASON(BN_R_BIGNUM_TOO_LONG) ,"bignum too long"},
+{ERR_REASON(BN_R_CALLED_WITH_EVEN_MODULUS),"called with even modulus"},
+{ERR_REASON(BN_R_DIV_BY_ZERO) ,"div by zero"},
+{ERR_REASON(BN_R_ENCODING_ERROR) ,"encoding error"},
+{ERR_REASON(BN_R_EXPAND_ON_STATIC_BIGNUM_DATA),"expand on static bignum data"},
+{ERR_REASON(BN_R_INPUT_NOT_REDUCED) ,"input not reduced"},
+{ERR_REASON(BN_R_INVALID_LENGTH) ,"invalid length"},
+{ERR_REASON(BN_R_INVALID_RANGE) ,"invalid range"},
+{ERR_REASON(BN_R_NOT_A_SQUARE) ,"not a square"},
+{ERR_REASON(BN_R_NOT_INITIALIZED) ,"not initialized"},
+{ERR_REASON(BN_R_NO_INVERSE) ,"no inverse"},
+{ERR_REASON(BN_R_P_IS_NOT_PRIME) ,"p is not prime"},
+{ERR_REASON(BN_R_TOO_MANY_ITERATIONS) ,"too many iterations"},
+{ERR_REASON(BN_R_TOO_MANY_TEMPORARY_VARIABLES),"too many temporary variables"},
{0,NULL}
};
@@ -123,8 +131,8 @@ void ERR_load_BN_strings(void)
{
init=0;
#ifndef OPENSSL_NO_ERR
- ERR_load_strings(ERR_LIB_BN,BN_str_functs);
- ERR_load_strings(ERR_LIB_BN,BN_str_reasons);
+ ERR_load_strings(0,BN_str_functs);
+ ERR_load_strings(0,BN_str_reasons);
#endif
}
diff --git a/lib/libcrypto/bn/bn_exp.c b/lib/libcrypto/bn/bn_exp.c
index afdfd580fb4..9e1e88abe8d 100644
--- a/lib/libcrypto/bn/bn_exp.c
+++ b/lib/libcrypto/bn/bn_exp.c
@@ -56,7 +56,7 @@
* [including the GNU Public Licence.]
*/
/* ====================================================================
- * Copyright (c) 1998-2000 The OpenSSL Project. All rights reserved.
+ * Copyright (c) 1998-2005 The OpenSSL Project. All rights reserved.
*
* Redistribution and use in source and binary forms, with or without
* modification, are permitted provided that the following conditions
@@ -113,6 +113,7 @@
#include "cryptlib.h"
#include "bn_lcl.h"
+/* maximum precomputation table size for *variable* sliding windows */
#define TABLE_SIZE 32
/* this one works - simple but works */
@@ -121,6 +122,13 @@ int BN_exp(BIGNUM *r, const BIGNUM *a, const BIGNUM *p, BN_CTX *ctx)
int i,bits,ret=0;
BIGNUM *v,*rr;
+ if (BN_get_flags(p, BN_FLG_EXP_CONSTTIME) != 0)
+ {
+ /* BN_FLG_EXP_CONSTTIME only supported by BN_mod_exp_mont() */
+ BNerr(BN_F_BN_EXP,ERR_R_SHOULD_NOT_HAVE_BEEN_CALLED);
+ return -1;
+ }
+
BN_CTX_start(ctx);
if ((r == a) || (r == p))
rr = BN_CTX_get(ctx);
@@ -204,7 +212,7 @@ int BN_mod_exp(BIGNUM *r, const BIGNUM *a, const BIGNUM *p, const BIGNUM *m,
if (BN_is_odd(m))
{
# ifdef MONT_EXP_WORD
- if (a->top == 1 && !a->neg)
+ if (a->top == 1 && !a->neg && (BN_get_flags(p, BN_FLG_EXP_CONSTTIME) == 0))
{
BN_ULONG A = a->d[0];
ret=BN_mod_exp_mont_word(r,A,p,m,ctx,NULL);
@@ -234,6 +242,13 @@ int BN_mod_exp_recp(BIGNUM *r, const BIGNUM *a, const BIGNUM *p,
BIGNUM val[TABLE_SIZE];
BN_RECP_CTX recp;
+ if (BN_get_flags(p, BN_FLG_EXP_CONSTTIME) != 0)
+ {
+ /* BN_FLG_EXP_CONSTTIME only supported by BN_mod_exp_mont() */
+ BNerr(BN_F_BN_MOD_EXP_RECP,ERR_R_SHOULD_NOT_HAVE_BEEN_CALLED);
+ return -1;
+ }
+
bits=BN_num_bits(p);
if (bits == 0)
@@ -361,6 +376,11 @@ int BN_mod_exp_mont(BIGNUM *rr, const BIGNUM *a, const BIGNUM *p,
BIGNUM val[TABLE_SIZE];
BN_MONT_CTX *mont=NULL;
+ if (BN_get_flags(p, BN_FLG_EXP_CONSTTIME) != 0)
+ {
+ return BN_mod_exp_mont_consttime(rr, a, p, m, ctx, in_mont);
+ }
+
bn_check_top(a);
bn_check_top(p);
bn_check_top(m);
@@ -493,6 +513,212 @@ err:
return(ret);
}
+
+/* BN_mod_exp_mont_consttime() stores the precomputed powers in a specific layout
+ * so that accessing any of these table values shows the same access pattern as far
+ * as cache lines are concerned. The following functions are used to transfer a BIGNUM
+ * from/to that table. */
+
+static int MOD_EXP_CTIME_COPY_TO_PREBUF(BIGNUM *b, int top, unsigned char *buf, int idx, int width)
+ {
+ size_t i, j;
+
+ if (bn_wexpand(b, top) == NULL)
+ return 0;
+ while (b->top < top)
+ {
+ b->d[b->top++] = 0;
+ }
+
+ for (i = 0, j=idx; i < top * sizeof b->d[0]; i++, j+=width)
+ {
+ buf[j] = ((unsigned char*)b->d)[i];
+ }
+
+ bn_fix_top(b);
+ return 1;
+ }
+
+static int MOD_EXP_CTIME_COPY_FROM_PREBUF(BIGNUM *b, int top, unsigned char *buf, int idx, int width)
+ {
+ size_t i, j;
+
+ if (bn_wexpand(b, top) == NULL)
+ return 0;
+
+ for (i=0, j=idx; i < top * sizeof b->d[0]; i++, j+=width)
+ {
+ ((unsigned char*)b->d)[i] = buf[j];
+ }
+
+ b->top = top;
+ bn_fix_top(b);
+ return 1;
+ }
+
+/* Given a pointer value, compute the next address that is a cache line multiple. */
+#define MOD_EXP_CTIME_ALIGN(x_) \
+ ((unsigned char*)(x_) + (MOD_EXP_CTIME_MIN_CACHE_LINE_WIDTH - (((BN_ULONG)(x_)) & (MOD_EXP_CTIME_MIN_CACHE_LINE_MASK))))
+
+/* This variant of BN_mod_exp_mont() uses fixed windows and the special
+ * precomputation memory layout to limit data-dependency to a minimum
+ * to protect secret exponents (cf. the hyper-threading timing attacks
+ * pointed out by Colin Percival,
+ * http://www.daemonology.net/hyperthreading-considered-harmful/)
+ */
+int BN_mod_exp_mont_consttime(BIGNUM *rr, const BIGNUM *a, const BIGNUM *p,
+ const BIGNUM *m, BN_CTX *ctx, BN_MONT_CTX *in_mont)
+ {
+ int i,bits,ret=0,idx,window,wvalue;
+ int top;
+ BIGNUM *r;
+ const BIGNUM *aa;
+ BN_MONT_CTX *mont=NULL;
+
+ int numPowers;
+ unsigned char *powerbufFree=NULL;
+ int powerbufLen = 0;
+ unsigned char *powerbuf=NULL;
+ BIGNUM *computeTemp=NULL, *am=NULL;
+
+ bn_check_top(a);
+ bn_check_top(p);
+ bn_check_top(m);
+
+ top = m->top;
+
+ if (!(m->d[0] & 1))
+ {
+ BNerr(BN_F_BN_MOD_EXP_MONT_CONSTTIME,BN_R_CALLED_WITH_EVEN_MODULUS);
+ return(0);
+ }
+ bits=BN_num_bits(p);
+ if (bits == 0)
+ {
+ ret = BN_one(rr);
+ return ret;
+ }
+
+ /* Initialize BIGNUM context and allocate intermediate result */
+ BN_CTX_start(ctx);
+ r = BN_CTX_get(ctx);
+ if (r == NULL) goto err;
+
+ /* Allocate a montgomery context if it was not supplied by the caller.
+ * If this is not done, things will break in the montgomery part.
+ */
+ if (in_mont != NULL)
+ mont=in_mont;
+ else
+ {
+ if ((mont=BN_MONT_CTX_new()) == NULL) goto err;
+ if (!BN_MONT_CTX_set(mont,m,ctx)) goto err;
+ }
+
+ /* Get the window size to use with size of p. */
+ window = BN_window_bits_for_ctime_exponent_size(bits);
+
+ /* Allocate a buffer large enough to hold all of the pre-computed
+ * powers of a.
+ */
+ numPowers = 1 << window;
+ powerbufLen = sizeof(m->d[0])*top*numPowers;
+ if ((powerbufFree=(unsigned char*)OPENSSL_malloc(powerbufLen+MOD_EXP_CTIME_MIN_CACHE_LINE_WIDTH)) == NULL)
+ goto err;
+
+ powerbuf = MOD_EXP_CTIME_ALIGN(powerbufFree);
+ memset(powerbuf, 0, powerbufLen);
+
+ /* Initialize the intermediate result. Do this early to save double conversion,
+ * once each for a^0 and intermediate result.
+ */
+ if (!BN_to_montgomery(r,BN_value_one(),mont,ctx)) goto err;
+ if (!MOD_EXP_CTIME_COPY_TO_PREBUF(r, top, powerbuf, 0, numPowers)) goto err;
+
+ /* Initialize computeTemp as a^1 with montgomery precalcs */
+ computeTemp = BN_CTX_get(ctx);
+ am = BN_CTX_get(ctx);
+ if (computeTemp==NULL || am==NULL) goto err;
+
+ if (a->neg || BN_ucmp(a,m) >= 0)
+ {
+ if (!BN_mod(am,a,m,ctx))
+ goto err;
+ aa= am;
+ }
+ else
+ aa=a;
+ if (!BN_to_montgomery(am,aa,mont,ctx)) goto err;
+ if (!BN_copy(computeTemp, am)) goto err;
+ if (!MOD_EXP_CTIME_COPY_TO_PREBUF(am, top, powerbuf, 1, numPowers)) goto err;
+
+ /* If the window size is greater than 1, then calculate
+ * val[i=2..2^winsize-1]. Powers are computed as a*a^(i-1)
+ * (even powers could instead be computed as (a^(i/2))^2
+ * to use the slight performance advantage of sqr over mul).
+ */
+ if (window > 1)
+ {
+ for (i=2; i<numPowers; i++)
+ {
+ /* Calculate a^i = a^(i-1) * a */
+ if (!BN_mod_mul_montgomery(computeTemp,am,computeTemp,mont,ctx))
+ goto err;
+ if (!MOD_EXP_CTIME_COPY_TO_PREBUF(computeTemp, top, powerbuf, i, numPowers)) goto err;
+ }
+ }
+
+ /* Adjust the number of bits up to a multiple of the window size.
+ * If the exponent length is not a multiple of the window size, then
+ * this pads the most significant bits with zeros to normalize the
+ * scanning loop to there's no special cases.
+ *
+ * * NOTE: Making the window size a power of two less than the native
+ * * word size ensures that the padded bits won't go past the last
+ * * word in the internal BIGNUM structure. Going past the end will
+ * * still produce the correct result, but causes a different branch
+ * * to be taken in the BN_is_bit_set function.
+ */
+ bits = ((bits+window-1)/window)*window;
+ idx=bits-1; /* The top bit of the window */
+
+ /* Scan the exponent one window at a time starting from the most
+ * significant bits.
+ */
+ while (idx >= 0)
+ {
+ wvalue=0; /* The 'value' of the window */
+
+ /* Scan the window, squaring the result as we go */
+ for (i=0; i<window; i++,idx--)
+ {
+ if (!BN_mod_mul_montgomery(r,r,r,mont,ctx)) goto err;
+ wvalue = (wvalue<<1)+BN_is_bit_set(p,idx);
+ }
+
+ /* Fetch the appropriate pre-computed value from the pre-buf */
+ if (!MOD_EXP_CTIME_COPY_FROM_PREBUF(computeTemp, top, powerbuf, wvalue, numPowers)) goto err;
+
+ /* Multiply the result into the intermediate result */
+ if (!BN_mod_mul_montgomery(r,r,computeTemp,mont,ctx)) goto err;
+ }
+
+ /* Convert the final result from montgomery to standard format */
+ if (!BN_from_montgomery(rr,r,mont,ctx)) goto err;
+ ret=1;
+err:
+ if ((in_mont == NULL) && (mont != NULL)) BN_MONT_CTX_free(mont);
+ if (powerbuf!=NULL)
+ {
+ OPENSSL_cleanse(powerbuf,powerbufLen);
+ OPENSSL_free(powerbufFree);
+ }
+ if (am!=NULL) BN_clear(am);
+ if (computeTemp!=NULL) BN_clear(computeTemp);
+ BN_CTX_end(ctx);
+ return(ret);
+ }
+
int BN_mod_exp_mont_word(BIGNUM *rr, BN_ULONG a, const BIGNUM *p,
const BIGNUM *m, BN_CTX *ctx, BN_MONT_CTX *in_mont)
{
@@ -517,6 +743,13 @@ int BN_mod_exp_mont_word(BIGNUM *rr, BN_ULONG a, const BIGNUM *p,
#define BN_TO_MONTGOMERY_WORD(r, w, mont) \
(BN_set_word(r, (w)) && BN_to_montgomery(r, r, (mont), ctx))
+ if (BN_get_flags(p, BN_FLG_EXP_CONSTTIME) != 0)
+ {
+ /* BN_FLG_EXP_CONSTTIME only supported by BN_mod_exp_mont() */
+ BNerr(BN_F_BN_MOD_EXP_MONT_WORD,ERR_R_SHOULD_NOT_HAVE_BEEN_CALLED);
+ return -1;
+ }
+
bn_check_top(p);
bn_check_top(m);
@@ -644,6 +877,13 @@ int BN_mod_exp_simple(BIGNUM *r,
BIGNUM *d;
BIGNUM val[TABLE_SIZE];
+ if (BN_get_flags(p, BN_FLG_EXP_CONSTTIME) != 0)
+ {
+ /* BN_FLG_EXP_CONSTTIME only supported by BN_mod_exp_mont() */
+ BNerr(BN_F_BN_MOD_EXP_SIMPLE,ERR_R_SHOULD_NOT_HAVE_BEEN_CALLED);
+ return -1;
+ }
+
bits=BN_num_bits(p);
if (bits == 0)
diff --git a/lib/libcrypto/bn/bn_lcl.h b/lib/libcrypto/bn/bn_lcl.h
index 253e195e238..a84998f2bd4 100644
--- a/lib/libcrypto/bn/bn_lcl.h
+++ b/lib/libcrypto/bn/bn_lcl.h
@@ -177,6 +177,45 @@ struct bignum_ctx
+/* BN_mod_exp_mont_conttime is based on the assumption that the
+ * L1 data cache line width of the target processor is at least
+ * the following value.
+ */
+#define MOD_EXP_CTIME_MIN_CACHE_LINE_WIDTH ( 64 )
+#define MOD_EXP_CTIME_MIN_CACHE_LINE_MASK (MOD_EXP_CTIME_MIN_CACHE_LINE_WIDTH - 1)
+
+/* Window sizes optimized for fixed window size modular exponentiation
+ * algorithm (BN_mod_exp_mont_consttime).
+ *
+ * To achieve the security goals of BN_mode_exp_mont_consttime, the
+ * maximum size of the window must not exceed
+ * log_2(MOD_EXP_CTIME_MIN_CACHE_LINE_WIDTH).
+ *
+ * Window size thresholds are defined for cache line sizes of 32 and 64,
+ * cache line sizes where log_2(32)=5 and log_2(64)=6 respectively. A
+ * window size of 7 should only be used on processors that have a 128
+ * byte or greater cache line size.
+ */
+#if MOD_EXP_CTIME_MIN_CACHE_LINE_WIDTH == 64
+
+# define BN_window_bits_for_ctime_exponent_size(b) \
+ ((b) > 937 ? 6 : \
+ (b) > 306 ? 5 : \
+ (b) > 89 ? 4 : \
+ (b) > 22 ? 3 : 1)
+# define BN_MAX_WINDOW_BITS_FOR_CTIME_EXPONENT_SIZE (6)
+
+#elif MOD_EXP_CTIME_MIN_CACHE_LINE_WIDTH == 32
+
+# define BN_window_bits_for_ctime_exponent_size(b) \
+ ((b) > 306 ? 5 : \
+ (b) > 89 ? 4 : \
+ (b) > 22 ? 3 : 1)
+# define BN_MAX_WINDOW_BITS_FOR_CTIME_EXPONENT_SIZE (5)
+
+#endif
+
+
/* Pentium pro 16,16,16,32,64 */
/* Alpha 16,16,16,16.64 */
#define BN_MULL_SIZE_NORMAL (16) /* 32 */
diff --git a/lib/libcrypto/bn/bn_mont.c b/lib/libcrypto/bn/bn_mont.c
index b79b1b60da0..3572e5a6901 100644
--- a/lib/libcrypto/bn/bn_mont.c
+++ b/lib/libcrypto/bn/bn_mont.c
@@ -347,3 +347,23 @@ BN_MONT_CTX *BN_MONT_CTX_copy(BN_MONT_CTX *to, BN_MONT_CTX *from)
return(to);
}
+BN_MONT_CTX *BN_MONT_CTX_set_locked(BN_MONT_CTX **pmont, int lock,
+ const BIGNUM *mod, BN_CTX *ctx)
+ {
+ if (*pmont)
+ return *pmont;
+ CRYPTO_w_lock(lock);
+ if (!*pmont)
+ {
+ *pmont = BN_MONT_CTX_new();
+ if (*pmont && !BN_MONT_CTX_set(*pmont, mod, ctx))
+ {
+ BN_MONT_CTX_free(*pmont);
+ *pmont = NULL;
+ }
+ }
+ CRYPTO_w_unlock(lock);
+ return *pmont;
+ }
+
+
diff --git a/lib/libcrypto/bn/bntest.c b/lib/libcrypto/bn/bntest.c
index 79d813d85e1..792a75ff4f3 100644
--- a/lib/libcrypto/bn/bntest.c
+++ b/lib/libcrypto/bn/bntest.c
@@ -86,6 +86,7 @@ int test_mont(BIO *bp,BN_CTX *ctx);
int test_mod(BIO *bp,BN_CTX *ctx);
int test_mod_mul(BIO *bp,BN_CTX *ctx);
int test_mod_exp(BIO *bp,BN_CTX *ctx);
+int test_mod_exp_mont_consttime(BIO *bp,BN_CTX *ctx);
int test_exp(BIO *bp,BN_CTX *ctx);
int test_kron(BIO *bp,BN_CTX *ctx);
int test_sqrt(BIO *bp,BN_CTX *ctx);
@@ -213,6 +214,10 @@ int main(int argc, char *argv[])
if (!test_mod_exp(out,ctx)) goto err;
BIO_flush(out);
+ message(out,"BN_mod_exp_mont_consttime");
+ if (!test_mod_exp_mont_consttime(out,ctx)) goto err;
+ BIO_flush(out);
+
message(out,"BN_exp");
if (!test_exp(out,ctx)) goto err;
BIO_flush(out);
@@ -813,6 +818,57 @@ int test_mod_exp(BIO *bp, BN_CTX *ctx)
return(1);
}
+int test_mod_exp_mont_consttime(BIO *bp, BN_CTX *ctx)
+ {
+ BIGNUM *a,*b,*c,*d,*e;
+ int i;
+
+ a=BN_new();
+ b=BN_new();
+ c=BN_new();
+ d=BN_new();
+ e=BN_new();
+
+ BN_bntest_rand(c,30,0,1); /* must be odd for montgomery */
+ for (i=0; i<num2; i++)
+ {
+ BN_bntest_rand(a,20+i*5,0,0); /**/
+ BN_bntest_rand(b,2+i,0,0); /**/
+
+ if (!BN_mod_exp_mont_consttime(d,a,b,c,ctx,NULL))
+ return(00);
+
+ if (bp != NULL)
+ {
+ if (!results)
+ {
+ BN_print(bp,a);
+ BIO_puts(bp," ^ ");
+ BN_print(bp,b);
+ BIO_puts(bp," % ");
+ BN_print(bp,c);
+ BIO_puts(bp," - ");
+ }
+ BN_print(bp,d);
+ BIO_puts(bp,"\n");
+ }
+ BN_exp(e,a,b,ctx);
+ BN_sub(e,e,d);
+ BN_div(a,b,e,c,ctx);
+ if(!BN_is_zero(b))
+ {
+ fprintf(stderr,"Modulo exponentiation test failed!\n");
+ return 0;
+ }
+ }
+ BN_free(a);
+ BN_free(b);
+ BN_free(c);
+ BN_free(d);
+ BN_free(e);
+ return(1);
+ }
+
int test_exp(BIO *bp, BN_CTX *ctx)
{
BIGNUM *a,*b,*d,*e,*one;
diff --git a/lib/libcrypto/bn/expspeed.c b/lib/libcrypto/bn/expspeed.c
index 07a1bcf51cf..4d5f221f33a 100644
--- a/lib/libcrypto/bn/expspeed.c
+++ b/lib/libcrypto/bn/expspeed.c
@@ -321,7 +321,7 @@ void do_mul_exp(BIGNUM *r, BIGNUM *a, BIGNUM *b, BIGNUM *c, BN_CTX *ctx)
#else /* TEST_SQRT */
"2*sqrt [prime == %d (mod 64)] %4d %4d mod %4d"
#endif
- " -> %8.3fms %5.1f (%ld)\n",
+ " -> %8.6fms %5.1f (%ld)\n",
#ifdef TEST_SQRT
P_MOD_64,
#endif
diff --git a/lib/libcrypto/bn/exptest.c b/lib/libcrypto/bn/exptest.c
index b09cf887055..28aaac2ac11 100644
--- a/lib/libcrypto/bn/exptest.c
+++ b/lib/libcrypto/bn/exptest.c
@@ -77,7 +77,7 @@ int main(int argc, char *argv[])
BIO *out=NULL;
int i,ret;
unsigned char c;
- BIGNUM *r_mont,*r_recp,*r_simple,*a,*b,*m;
+ BIGNUM *r_mont,*r_mont_const,*r_recp,*r_simple,*a,*b,*m;
RAND_seed(rnd_seed, sizeof rnd_seed); /* or BN_rand may fail, and we don't
* even check its return value
@@ -88,6 +88,7 @@ int main(int argc, char *argv[])
ctx=BN_CTX_new();
if (ctx == NULL) EXIT(1);
r_mont=BN_new();
+ r_mont_const=BN_new();
r_recp=BN_new();
r_simple=BN_new();
a=BN_new();
@@ -143,8 +144,17 @@ int main(int argc, char *argv[])
EXIT(1);
}
+ ret=BN_mod_exp_mont_consttime(r_mont_const,a,b,m,ctx,NULL);
+ if (ret <= 0)
+ {
+ printf("BN_mod_exp_mont_consttime() problems\n");
+ ERR_print_errors(out);
+ EXIT(1);
+ }
+
if (BN_cmp(r_simple, r_mont) == 0
- && BN_cmp(r_simple,r_recp) == 0)
+ && BN_cmp(r_simple,r_recp) == 0
+ && BN_cmp(r_simple,r_mont_const) == 0)
{
printf(".");
fflush(stdout);
@@ -153,6 +163,8 @@ int main(int argc, char *argv[])
{
if (BN_cmp(r_simple,r_mont) != 0)
printf("\nsimple and mont results differ\n");
+ if (BN_cmp(r_simple,r_mont) != 0)
+ printf("\nsimple and mont const time results differ\n");
if (BN_cmp(r_simple,r_recp) != 0)
printf("\nsimple and recp results differ\n");
@@ -162,11 +174,13 @@ int main(int argc, char *argv[])
printf("\nsimple ="); BN_print(out,r_simple);
printf("\nrecp ="); BN_print(out,r_recp);
printf("\nmont ="); BN_print(out,r_mont);
+ printf("\nmont_ct ="); BN_print(out,r_mont_const);
printf("\n");
EXIT(1);
}
}
BN_free(r_mont);
+ BN_free(r_mont_const);
BN_free(r_recp);
BN_free(r_simple);
BN_free(a);
diff --git a/lib/libcrypto/buffer/buf_err.c b/lib/libcrypto/buffer/buf_err.c
index 5eee653e14d..1fc32a68618 100644
--- a/lib/libcrypto/buffer/buf_err.c
+++ b/lib/libcrypto/buffer/buf_err.c
@@ -1,6 +1,6 @@
/* crypto/buffer/buf_err.c */
/* ====================================================================
- * Copyright (c) 1999 The OpenSSL Project. All rights reserved.
+ * Copyright (c) 1999-2005 The OpenSSL Project. All rights reserved.
*
* Redistribution and use in source and binary forms, with or without
* modification, are permitted provided that the following conditions
@@ -64,11 +64,15 @@
/* BEGIN ERROR CODES */
#ifndef OPENSSL_NO_ERR
+
+#define ERR_FUNC(func) ERR_PACK(ERR_LIB_BUF,func,0)
+#define ERR_REASON(reason) ERR_PACK(ERR_LIB_BUF,0,reason)
+
static ERR_STRING_DATA BUF_str_functs[]=
{
-{ERR_PACK(0,BUF_F_BUF_MEM_GROW,0), "BUF_MEM_grow"},
-{ERR_PACK(0,BUF_F_BUF_MEM_NEW,0), "BUF_MEM_new"},
-{ERR_PACK(0,BUF_F_BUF_STRDUP,0), "BUF_strdup"},
+{ERR_FUNC(BUF_F_BUF_MEM_GROW), "BUF_MEM_grow"},
+{ERR_FUNC(BUF_F_BUF_MEM_NEW), "BUF_MEM_new"},
+{ERR_FUNC(BUF_F_BUF_STRDUP), "BUF_strdup"},
{0,NULL}
};
@@ -87,8 +91,8 @@ void ERR_load_BUF_strings(void)
{
init=0;
#ifndef OPENSSL_NO_ERR
- ERR_load_strings(ERR_LIB_BUF,BUF_str_functs);
- ERR_load_strings(ERR_LIB_BUF,BUF_str_reasons);
+ ERR_load_strings(0,BUF_str_functs);
+ ERR_load_strings(0,BUF_str_reasons);
#endif
}
diff --git a/lib/libcrypto/cast/c_skey.c b/lib/libcrypto/cast/c_skey.c
index dc4791a8cff..db9b7573e09 100644
--- a/lib/libcrypto/cast/c_skey.c
+++ b/lib/libcrypto/cast/c_skey.c
@@ -57,6 +57,7 @@
*/
#include <openssl/crypto.h>
+#include <openssl/fips.h>
#include <openssl/cast.h>
#include "cast_lcl.h"
diff --git a/lib/libcrypto/cast/cast_lcl.h b/lib/libcrypto/cast/cast_lcl.h
index 37f41cc6a4d..e756021a33d 100644
--- a/lib/libcrypto/cast/cast_lcl.h
+++ b/lib/libcrypto/cast/cast_lcl.h
@@ -64,11 +64,6 @@
#endif
-#ifdef OPENSSL_BUILD_SHLIBCRYPTO
-# undef OPENSSL_EXTERN
-# define OPENSSL_EXTERN OPENSSL_EXPORT
-#endif
-
#undef c2l
#define c2l(c,l) (l =((unsigned long)(*((c)++))) , \
l|=((unsigned long)(*((c)++)))<< 8L, \
@@ -222,11 +217,11 @@
}
#endif
-OPENSSL_EXTERN const CAST_LONG CAST_S_table0[256];
-OPENSSL_EXTERN const CAST_LONG CAST_S_table1[256];
-OPENSSL_EXTERN const CAST_LONG CAST_S_table2[256];
-OPENSSL_EXTERN const CAST_LONG CAST_S_table3[256];
-OPENSSL_EXTERN const CAST_LONG CAST_S_table4[256];
-OPENSSL_EXTERN const CAST_LONG CAST_S_table5[256];
-OPENSSL_EXTERN const CAST_LONG CAST_S_table6[256];
-OPENSSL_EXTERN const CAST_LONG CAST_S_table7[256];
+extern const CAST_LONG CAST_S_table0[256];
+extern const CAST_LONG CAST_S_table1[256];
+extern const CAST_LONG CAST_S_table2[256];
+extern const CAST_LONG CAST_S_table3[256];
+extern const CAST_LONG CAST_S_table4[256];
+extern const CAST_LONG CAST_S_table5[256];
+extern const CAST_LONG CAST_S_table6[256];
+extern const CAST_LONG CAST_S_table7[256];
diff --git a/lib/libcrypto/comp/c_zlib.c b/lib/libcrypto/comp/c_zlib.c
index 1bd2850d15b..5fcb521ffb4 100644
--- a/lib/libcrypto/comp/c_zlib.c
+++ b/lib/libcrypto/comp/c_zlib.c
@@ -51,30 +51,17 @@ static COMP_METHOD zlib_method={
*/
#if defined(OPENSSL_SYS_WINDOWS) || defined(OPENSSL_SYS_WIN32)
# include <windows.h>
-
-# define Z_CALLCONV _stdcall
-# define ZLIB_SHARED
-#else
-# define Z_CALLCONV
#endif /* !(OPENSSL_SYS_WINDOWS || OPENSSL_SYS_WIN32) */
#ifdef ZLIB_SHARED
#include <openssl/dso.h>
-/* Prototypes for built in stubs */
-static int stub_compress(Bytef *dest,uLongf *destLen,
- const Bytef *source, uLong sourceLen);
-static int stub_inflateEnd(z_streamp strm);
-static int stub_inflate(z_streamp strm, int flush);
-static int stub_inflateInit_(z_streamp strm, const char * version,
- int stream_size);
-
/* Function pointers */
-typedef int (Z_CALLCONV *compress_ft)(Bytef *dest,uLongf *destLen,
+typedef int (*compress_ft)(Bytef *dest,uLongf *destLen,
const Bytef *source, uLong sourceLen);
-typedef int (Z_CALLCONV *inflateEnd_ft)(z_streamp strm);
-typedef int (Z_CALLCONV *inflate_ft)(z_streamp strm, int flush);
-typedef int (Z_CALLCONV *inflateInit__ft)(z_streamp strm,
+typedef int (*inflateEnd_ft)(z_streamp strm);
+typedef int (*inflate_ft)(z_streamp strm, int flush);
+typedef int (*inflateInit__ft)(z_streamp strm,
const char * version, int stream_size);
static compress_ft p_compress=NULL;
static inflateEnd_ft p_inflateEnd=NULL;
@@ -84,10 +71,10 @@ static inflateInit__ft p_inflateInit_=NULL;
static int zlib_loaded = 0; /* only attempt to init func pts once */
static DSO *zlib_dso = NULL;
-#define compress stub_compress
-#define inflateEnd stub_inflateEnd
-#define inflate stub_inflate
-#define inflateInit_ stub_inflateInit_
+#define compress p_compress
+#define inflateEnd p_inflateEnd
+#define inflate p_inflate
+#define inflateInit_ p_inflateInit_
#endif /* ZLIB_SHARED */
static int zlib_compress_block(COMP_CTX *ctx, unsigned char *out,
@@ -191,16 +178,6 @@ COMP_METHOD *COMP_zlib(void)
{
#if defined(OPENSSL_SYS_WINDOWS) || defined(OPENSSL_SYS_WIN32)
zlib_dso = DSO_load(NULL, "ZLIB1", NULL, 0);
- if (!zlib_dso)
- {
- zlib_dso = DSO_load(NULL, "ZLIB", NULL, 0);
- if (zlib_dso)
- {
- /* Clear the errors from the first failed
- DSO_load() */
- ERR_clear_error();
- }
- }
#else
zlib_dso = DSO_load(NULL, "z", NULL, 0);
#endif
@@ -218,54 +195,21 @@ COMP_METHOD *COMP_zlib(void)
p_inflateInit_
= (inflateInit__ft) DSO_bind_func(zlib_dso,
"inflateInit_");
- zlib_loaded++;
+
+ if (p_compress && p_inflateEnd && p_inflate
+ && p_inflateInit_)
+ zlib_loaded++;
}
}
#endif
+#ifdef ZLIB_SHARED
+ if (zlib_loaded)
+#endif
#if defined(ZLIB) || defined(ZLIB_SHARED)
- meth = &zlib_method;
+ meth = &zlib_method;
#endif
return(meth);
}
-#ifdef ZLIB_SHARED
-/* Stubs for each function to be dynamicly loaded */
-static int
-stub_compress(Bytef *dest,uLongf *destLen,const Bytef *source, uLong sourceLen)
- {
- if (p_compress)
- return(p_compress(dest,destLen,source,sourceLen));
- else
- return(Z_MEM_ERROR);
- }
-
-static int
-stub_inflateEnd(z_streamp strm)
- {
- if ( p_inflateEnd )
- return(p_inflateEnd(strm));
- else
- return(Z_MEM_ERROR);
- }
-
-static int
-stub_inflate(z_streamp strm, int flush)
- {
- if ( p_inflate )
- return(p_inflate(strm,flush));
- else
- return(Z_MEM_ERROR);
- }
-
-static int
-stub_inflateInit_(z_streamp strm, const char * version, int stream_size)
- {
- if ( p_inflateInit_ )
- return(p_inflateInit_(strm,version,stream_size));
- else
- return(Z_MEM_ERROR);
- }
-
-#endif /* ZLIB_SHARED */
diff --git a/lib/libcrypto/conf/conf_def.c b/lib/libcrypto/conf/conf_def.c
index b5a876ae68a..2464f8ed902 100644
--- a/lib/libcrypto/conf/conf_def.c
+++ b/lib/libcrypto/conf/conf_def.c
@@ -613,13 +613,13 @@ static int str_copy(CONF *conf, char *section, char **pto, char *from)
e++;
}
/* So at this point we have
- * ns which is the start of the name string which is
+ * np which is the start of the name string which is
* '\0' terminated.
- * cs which is the start of the section string which is
+ * cp which is the start of the section string which is
* '\0' terminated.
* e is the 'next point after'.
- * r and s are the chars replaced by the '\0'
- * rp and sp is where 'r' and 's' came from.
+ * r and rr are the chars replaced by the '\0'
+ * rp and rrp is where 'r' and 'rr' came from.
*/
p=_CONF_get_string(conf,cp,np);
if (rrp != NULL) *rrp=rr;
@@ -638,6 +638,11 @@ static int str_copy(CONF *conf, char *section, char **pto, char *from)
points at. /RL */
len -= e-from;
from=e;
+
+ /* In case there were no braces or parenthesis around
+ the variable reference, we have to put back the
+ character that was replaced with a '\0'. /RL */
+ *rp = r;
}
else
buf->data[to++]= *(from++);
diff --git a/lib/libcrypto/conf/conf_err.c b/lib/libcrypto/conf/conf_err.c
index ee07bfe9d93..f5e2ca4bf04 100644
--- a/lib/libcrypto/conf/conf_err.c
+++ b/lib/libcrypto/conf/conf_err.c
@@ -1,6 +1,6 @@
/* crypto/conf/conf_err.c */
/* ====================================================================
- * Copyright (c) 1999 The OpenSSL Project. All rights reserved.
+ * Copyright (c) 1999-2005 The OpenSSL Project. All rights reserved.
*
* Redistribution and use in source and binary forms, with or without
* modification, are permitted provided that the following conditions
@@ -64,47 +64,51 @@
/* BEGIN ERROR CODES */
#ifndef OPENSSL_NO_ERR
+
+#define ERR_FUNC(func) ERR_PACK(ERR_LIB_CONF,func,0)
+#define ERR_REASON(reason) ERR_PACK(ERR_LIB_CONF,0,reason)
+
static ERR_STRING_DATA CONF_str_functs[]=
{
-{ERR_PACK(0,CONF_F_CONF_DUMP_FP,0), "CONF_dump_fp"},
-{ERR_PACK(0,CONF_F_CONF_LOAD,0), "CONF_load"},
-{ERR_PACK(0,CONF_F_CONF_LOAD_BIO,0), "CONF_load_bio"},
-{ERR_PACK(0,CONF_F_CONF_LOAD_FP,0), "CONF_load_fp"},
-{ERR_PACK(0,CONF_F_CONF_MODULES_LOAD,0), "CONF_modules_load"},
-{ERR_PACK(0,CONF_F_MODULE_INIT,0), "MODULE_INIT"},
-{ERR_PACK(0,CONF_F_MODULE_LOAD_DSO,0), "MODULE_LOAD_DSO"},
-{ERR_PACK(0,CONF_F_MODULE_RUN,0), "MODULE_RUN"},
-{ERR_PACK(0,CONF_F_NCONF_DUMP_BIO,0), "NCONF_dump_bio"},
-{ERR_PACK(0,CONF_F_NCONF_DUMP_FP,0), "NCONF_dump_fp"},
-{ERR_PACK(0,CONF_F_NCONF_GET_NUMBER,0), "NCONF_get_number"},
-{ERR_PACK(0,CONF_F_NCONF_GET_NUMBER_E,0), "NCONF_get_number_e"},
-{ERR_PACK(0,CONF_F_NCONF_GET_SECTION,0), "NCONF_get_section"},
-{ERR_PACK(0,CONF_F_NCONF_GET_STRING,0), "NCONF_get_string"},
-{ERR_PACK(0,CONF_F_NCONF_LOAD,0), "NCONF_load"},
-{ERR_PACK(0,CONF_F_NCONF_LOAD_BIO,0), "NCONF_load_bio"},
-{ERR_PACK(0,CONF_F_NCONF_LOAD_FP,0), "NCONF_load_fp"},
-{ERR_PACK(0,CONF_F_NCONF_NEW,0), "NCONF_new"},
-{ERR_PACK(0,CONF_F_STR_COPY,0), "STR_COPY"},
+{ERR_FUNC(CONF_F_CONF_DUMP_FP), "CONF_dump_fp"},
+{ERR_FUNC(CONF_F_CONF_LOAD), "CONF_load"},
+{ERR_FUNC(CONF_F_CONF_LOAD_BIO), "CONF_load_bio"},
+{ERR_FUNC(CONF_F_CONF_LOAD_FP), "CONF_load_fp"},
+{ERR_FUNC(CONF_F_CONF_MODULES_LOAD), "CONF_modules_load"},
+{ERR_FUNC(CONF_F_MODULE_INIT), "MODULE_INIT"},
+{ERR_FUNC(CONF_F_MODULE_LOAD_DSO), "MODULE_LOAD_DSO"},
+{ERR_FUNC(CONF_F_MODULE_RUN), "MODULE_RUN"},
+{ERR_FUNC(CONF_F_NCONF_DUMP_BIO), "NCONF_dump_bio"},
+{ERR_FUNC(CONF_F_NCONF_DUMP_FP), "NCONF_dump_fp"},
+{ERR_FUNC(CONF_F_NCONF_GET_NUMBER), "NCONF_get_number"},
+{ERR_FUNC(CONF_F_NCONF_GET_NUMBER_E), "NCONF_get_number_e"},
+{ERR_FUNC(CONF_F_NCONF_GET_SECTION), "NCONF_get_section"},
+{ERR_FUNC(CONF_F_NCONF_GET_STRING), "NCONF_get_string"},
+{ERR_FUNC(CONF_F_NCONF_LOAD), "NCONF_load"},
+{ERR_FUNC(CONF_F_NCONF_LOAD_BIO), "NCONF_load_bio"},
+{ERR_FUNC(CONF_F_NCONF_LOAD_FP), "NCONF_load_fp"},
+{ERR_FUNC(CONF_F_NCONF_NEW), "NCONF_new"},
+{ERR_FUNC(CONF_F_STR_COPY), "STR_COPY"},
{0,NULL}
};
static ERR_STRING_DATA CONF_str_reasons[]=
{
-{CONF_R_ERROR_LOADING_DSO ,"error loading dso"},
-{CONF_R_MISSING_CLOSE_SQUARE_BRACKET ,"missing close square bracket"},
-{CONF_R_MISSING_EQUAL_SIGN ,"missing equal sign"},
-{CONF_R_MISSING_FINISH_FUNCTION ,"missing finish function"},
-{CONF_R_MISSING_INIT_FUNCTION ,"missing init function"},
-{CONF_R_MODULE_INITIALIZATION_ERROR ,"module initialization error"},
-{CONF_R_NO_CLOSE_BRACE ,"no close brace"},
-{CONF_R_NO_CONF ,"no conf"},
-{CONF_R_NO_CONF_OR_ENVIRONMENT_VARIABLE ,"no conf or environment variable"},
-{CONF_R_NO_SECTION ,"no section"},
-{CONF_R_NO_SUCH_FILE ,"no such file"},
-{CONF_R_NO_VALUE ,"no value"},
-{CONF_R_UNABLE_TO_CREATE_NEW_SECTION ,"unable to create new section"},
-{CONF_R_UNKNOWN_MODULE_NAME ,"unknown module name"},
-{CONF_R_VARIABLE_HAS_NO_VALUE ,"variable has no value"},
+{ERR_REASON(CONF_R_ERROR_LOADING_DSO) ,"error loading dso"},
+{ERR_REASON(CONF_R_MISSING_CLOSE_SQUARE_BRACKET),"missing close square bracket"},
+{ERR_REASON(CONF_R_MISSING_EQUAL_SIGN) ,"missing equal sign"},
+{ERR_REASON(CONF_R_MISSING_FINISH_FUNCTION),"missing finish function"},
+{ERR_REASON(CONF_R_MISSING_INIT_FUNCTION),"missing init function"},
+{ERR_REASON(CONF_R_MODULE_INITIALIZATION_ERROR),"module initialization error"},
+{ERR_REASON(CONF_R_NO_CLOSE_BRACE) ,"no close brace"},
+{ERR_REASON(CONF_R_NO_CONF) ,"no conf"},
+{ERR_REASON(CONF_R_NO_CONF_OR_ENVIRONMENT_VARIABLE),"no conf or environment variable"},
+{ERR_REASON(CONF_R_NO_SECTION) ,"no section"},
+{ERR_REASON(CONF_R_NO_SUCH_FILE) ,"no such file"},
+{ERR_REASON(CONF_R_NO_VALUE) ,"no value"},
+{ERR_REASON(CONF_R_UNABLE_TO_CREATE_NEW_SECTION),"unable to create new section"},
+{ERR_REASON(CONF_R_UNKNOWN_MODULE_NAME) ,"unknown module name"},
+{ERR_REASON(CONF_R_VARIABLE_HAS_NO_VALUE),"variable has no value"},
{0,NULL}
};
@@ -118,8 +122,8 @@ void ERR_load_CONF_strings(void)
{
init=0;
#ifndef OPENSSL_NO_ERR
- ERR_load_strings(ERR_LIB_CONF,CONF_str_functs);
- ERR_load_strings(ERR_LIB_CONF,CONF_str_reasons);
+ ERR_load_strings(0,CONF_str_functs);
+ ERR_load_strings(0,CONF_str_reasons);
#endif
}
diff --git a/lib/libcrypto/cpt_err.c b/lib/libcrypto/cpt_err.c
index 1b4a1cb4d40..06a6109ccee 100644
--- a/lib/libcrypto/cpt_err.c
+++ b/lib/libcrypto/cpt_err.c
@@ -1,6 +1,6 @@
/* crypto/cpt_err.c */
/* ====================================================================
- * Copyright (c) 1999 The OpenSSL Project. All rights reserved.
+ * Copyright (c) 1999-2005 The OpenSSL Project. All rights reserved.
*
* Redistribution and use in source and binary forms, with or without
* modification, are permitted provided that the following conditions
@@ -64,23 +64,27 @@
/* BEGIN ERROR CODES */
#ifndef OPENSSL_NO_ERR
+
+#define ERR_FUNC(func) ERR_PACK(ERR_LIB_CRYPTO,func,0)
+#define ERR_REASON(reason) ERR_PACK(ERR_LIB_CRYPTO,0,reason)
+
static ERR_STRING_DATA CRYPTO_str_functs[]=
{
-{ERR_PACK(0,CRYPTO_F_CRYPTO_GET_EX_NEW_INDEX,0), "CRYPTO_get_ex_new_index"},
-{ERR_PACK(0,CRYPTO_F_CRYPTO_GET_NEW_DYNLOCKID,0), "CRYPTO_get_new_dynlockid"},
-{ERR_PACK(0,CRYPTO_F_CRYPTO_GET_NEW_LOCKID,0), "CRYPTO_get_new_lockid"},
-{ERR_PACK(0,CRYPTO_F_CRYPTO_SET_EX_DATA,0), "CRYPTO_set_ex_data"},
-{ERR_PACK(0,CRYPTO_F_DEF_ADD_INDEX,0), "DEF_ADD_INDEX"},
-{ERR_PACK(0,CRYPTO_F_DEF_GET_CLASS,0), "DEF_GET_CLASS"},
-{ERR_PACK(0,CRYPTO_F_INT_DUP_EX_DATA,0), "INT_DUP_EX_DATA"},
-{ERR_PACK(0,CRYPTO_F_INT_FREE_EX_DATA,0), "INT_FREE_EX_DATA"},
-{ERR_PACK(0,CRYPTO_F_INT_NEW_EX_DATA,0), "INT_NEW_EX_DATA"},
+{ERR_FUNC(CRYPTO_F_CRYPTO_GET_EX_NEW_INDEX), "CRYPTO_get_ex_new_index"},
+{ERR_FUNC(CRYPTO_F_CRYPTO_GET_NEW_DYNLOCKID), "CRYPTO_get_new_dynlockid"},
+{ERR_FUNC(CRYPTO_F_CRYPTO_GET_NEW_LOCKID), "CRYPTO_get_new_lockid"},
+{ERR_FUNC(CRYPTO_F_CRYPTO_SET_EX_DATA), "CRYPTO_set_ex_data"},
+{ERR_FUNC(CRYPTO_F_DEF_ADD_INDEX), "DEF_ADD_INDEX"},
+{ERR_FUNC(CRYPTO_F_DEF_GET_CLASS), "DEF_GET_CLASS"},
+{ERR_FUNC(CRYPTO_F_INT_DUP_EX_DATA), "INT_DUP_EX_DATA"},
+{ERR_FUNC(CRYPTO_F_INT_FREE_EX_DATA), "INT_FREE_EX_DATA"},
+{ERR_FUNC(CRYPTO_F_INT_NEW_EX_DATA), "INT_NEW_EX_DATA"},
{0,NULL}
};
static ERR_STRING_DATA CRYPTO_str_reasons[]=
{
-{CRYPTO_R_NO_DYNLOCK_CREATE_CALLBACK ,"no dynlock create callback"},
+{ERR_REASON(CRYPTO_R_NO_DYNLOCK_CREATE_CALLBACK),"no dynlock create callback"},
{0,NULL}
};
@@ -94,8 +98,8 @@ void ERR_load_CRYPTO_strings(void)
{
init=0;
#ifndef OPENSSL_NO_ERR
- ERR_load_strings(ERR_LIB_CRYPTO,CRYPTO_str_functs);
- ERR_load_strings(ERR_LIB_CRYPTO,CRYPTO_str_reasons);
+ ERR_load_strings(0,CRYPTO_str_functs);
+ ERR_load_strings(0,CRYPTO_str_reasons);
#endif
}
diff --git a/lib/libcrypto/cryptlib.c b/lib/libcrypto/cryptlib.c
index fef0afb29fc..e63bbe8dbad 100644
--- a/lib/libcrypto/cryptlib.c
+++ b/lib/libcrypto/cryptlib.c
@@ -480,6 +480,8 @@ const char *CRYPTO_get_lock_name(int type)
return(sk_value(app_locks,type-CRYPTO_NUM_LOCKS));
}
+int OPENSSL_NONPIC_relocated=0;
+
#if defined(_WIN32) && defined(_WINDLL)
/* All we really need to do is remove the 'error' state when a thread
@@ -491,6 +493,21 @@ BOOL WINAPI DllMain(HINSTANCE hinstDLL, DWORD fdwReason,
switch(fdwReason)
{
case DLL_PROCESS_ATTACH:
+#if defined(_WIN32_WINNT)
+ {
+ IMAGE_DOS_HEADER *dos_header = (IMAGE_DOS_HEADER *)hinstDLL;
+ IMAGE_NT_HEADERS *nt_headers;
+
+ if (dos_header->e_magic==IMAGE_DOS_SIGNATURE)
+ {
+ nt_headers = (IMAGE_NT_HEADERS *)((char *)dos_header
+ + dos_header->e_lfanew);
+ if (nt_headers->Signature==IMAGE_NT_SIGNATURE &&
+ hinstDLL!=(HINSTANCE)(nt_headers->OptionalHeader.ImageBase))
+ OPENSSL_NONPIC_relocated=1;
+ }
+ }
+#endif
break;
case DLL_THREAD_ATTACH:
break;
@@ -504,18 +521,160 @@ BOOL WINAPI DllMain(HINSTANCE hinstDLL, DWORD fdwReason,
}
#endif
+#if defined(_WIN32)
+#include <tchar.h>
+
+#if defined(_WIN32_WINNT) && _WIN32_WINNT>=0x0333
+static int IsService(void)
+{ HWINSTA h;
+ DWORD len;
+ WCHAR *name;
+
+ (void)GetDesktopWindow(); /* return value is ignored */
+
+ h = GetProcessWindowStation();
+ if (h==NULL) return -1;
+
+ if (GetUserObjectInformationW (h,UOI_NAME,NULL,0,&len) ||
+ GetLastError() != ERROR_INSUFFICIENT_BUFFER)
+ return -1;
+
+ if (len>512) return -1; /* paranoia */
+ len++,len&=~1; /* paranoia */
+#ifdef _MSC_VER
+ name=(WCHAR *)_alloca(len+sizeof(WCHAR));
+#else
+ name=(WCHAR *)alloca(len+sizeof(WCHAR));
+#endif
+ if (!GetUserObjectInformationW (h,UOI_NAME,name,len,&len))
+ return -1;
+
+ len++,len&=~1; /* paranoia */
+ name[len/sizeof(WCHAR)]=L'\0'; /* paranoia */
+#if 1
+ /* This doesn't cover "interactive" services [working with real
+ * WinSta0's] nor programs started non-interactively by Task
+ * Scheduler [those are working with SAWinSta]. */
+ if (wcsstr(name,L"Service-0x")) return 1;
+#else
+ /* This covers all non-interactive programs such as services. */
+ if (!wcsstr(name,L"WinSta0")) return 1;
+#endif
+ else return 0;
+}
+#endif
+
+void OPENSSL_showfatal (const char *fmta,...)
+{ va_list ap;
+ TCHAR buf[256];
+ const TCHAR *fmt;
+ HANDLE h;
+
+ if ((h=GetStdHandle(STD_ERROR_HANDLE)) != NULL &&
+ GetFileType(h)!=FILE_TYPE_UNKNOWN)
+ { /* must be console application */
+ va_start (ap,fmta);
+ vfprintf (stderr,fmta,ap);
+ va_end (ap);
+ return;
+ }
+
+ if (sizeof(TCHAR)==sizeof(char))
+ fmt=(const TCHAR *)fmta;
+ else do
+ { int keepgoing;
+ size_t len_0=strlen(fmta)+1,i;
+ WCHAR *fmtw;
+
+#ifdef _MSC_VER
+ fmtw = (WCHAR *)_alloca (len_0*sizeof(WCHAR));
+#else
+ fmtw = (WCHAR *)alloca (len_0*sizeof(WCHAR));
+#endif
+ if (fmtw == NULL) { fmt=(const TCHAR *)L"no stack?"; break; }
+
+#ifndef OPENSSL_NO_MULTIBYTE
+ if (!MultiByteToWideChar(CP_ACP,0,fmta,len_0,fmtw,len_0))
+#endif
+ for (i=0;i<len_0;i++) fmtw[i]=(WCHAR)fmta[i];
+
+ for (i=0;i<len_0;i++)
+ { if (fmtw[i]==L'%') do
+ { keepgoing=0;
+ switch (fmtw[i+1])
+ { case L'0': case L'1': case L'2': case L'3': case L'4':
+ case L'5': case L'6': case L'7': case L'8': case L'9':
+ case L'.': case L'*':
+ case L'-': i++; keepgoing=1; break;
+ case L's': fmtw[i+1]=L'S'; break;
+ case L'S': fmtw[i+1]=L's'; break;
+ case L'c': fmtw[i+1]=L'C'; break;
+ case L'C': fmtw[i+1]=L'c'; break;
+ }
+ } while (keepgoing);
+ }
+ fmt = (const TCHAR *)fmtw;
+ } while (0);
+
+ va_start (ap,fmta);
+ _vsntprintf (buf,sizeof(buf)/sizeof(TCHAR)-1,fmt,ap);
+ buf [sizeof(buf)/sizeof(TCHAR)-1] = _T('\0');
+ va_end (ap);
+
+#if defined(_WIN32_WINNT) && _WIN32_WINNT>=0x0333
+ /* this -------------v--- guards NT-specific calls */
+ if (GetVersion() < 0x80000000 && IsService())
+ { HANDLE h = RegisterEventSource(0,_T("OPENSSL"));
+ const TCHAR *pmsg=buf;
+ ReportEvent(h,EVENTLOG_ERROR_TYPE,0,0,0,1,0,&pmsg,0);
+ DeregisterEventSource(h);
+ }
+ else
+#endif
+ { MSGBOXPARAMS m;
+
+ m.cbSize = sizeof(m);
+ m.hwndOwner = NULL;
+ m.lpszCaption = _T("OpenSSL: FATAL");
+ m.dwStyle = MB_OK;
+ m.hInstance = NULL;
+ m.lpszIcon = IDI_ERROR;
+ m.dwContextHelpId = 0;
+ m.lpfnMsgBoxCallback = NULL;
+ m.dwLanguageId = MAKELANGID(LANG_ENGLISH,SUBLANG_ENGLISH_US);
+ m.lpszText = buf;
+
+ MessageBoxIndirect (&m);
+ }
+}
+#else
+void OPENSSL_showfatal (const char *fmta,...)
+{ va_list ap;
+
+ va_start (ap,fmta);
+ vfprintf (stderr,fmta,ap);
+ va_end (ap);
+}
+#endif
+
void OpenSSLDie(const char *file,int line,const char *assertion)
{
- fprintf(stderr,
+ OPENSSL_showfatal(
"%s(%d): OpenSSL internal error, assertion failed: %s\n",
file,line,assertion);
abort();
}
+void *OPENSSL_stderr(void) { return stderr; }
+
#ifdef OPENSSL_FIPS
+
+void fips_w_lock(void) { CRYPTO_w_lock(CRYPTO_LOCK_FIPS); }
+void fips_w_unlock(void) { CRYPTO_w_unlock(CRYPTO_LOCK_FIPS); }
+void fips_r_lock(void) { CRYPTO_r_lock(CRYPTO_LOCK_FIPS); }
+void fips_r_unlock(void) { CRYPTO_r_unlock(CRYPTO_LOCK_FIPS); }
+
static int fips_started = 0;
-static int fips_mode = 0;
-static void *fips_rand_check = 0;
static unsigned long fips_thread = 0;
void fips_set_started(void)
@@ -576,57 +735,10 @@ int fips_clear_owning_thread(void)
return ret;
}
-void fips_set_mode(int onoff)
- {
- int owning_thread = fips_is_owning_thread();
-
- if (fips_is_started())
- {
- if (!owning_thread) CRYPTO_w_lock(CRYPTO_LOCK_FIPS);
- fips_mode = onoff;
- if (!owning_thread) CRYPTO_w_unlock(CRYPTO_LOCK_FIPS);
- }
- }
-
-void fips_set_rand_check(void *rand_check)
- {
- int owning_thread = fips_is_owning_thread();
-
- if (fips_is_started())
- {
- if (!owning_thread) CRYPTO_w_lock(CRYPTO_LOCK_FIPS);
- fips_rand_check = rand_check;
- if (!owning_thread) CRYPTO_w_unlock(CRYPTO_LOCK_FIPS);
- }
- }
-
-int FIPS_mode(void)
- {
- int ret = 0;
- int owning_thread = fips_is_owning_thread();
-
- if (fips_is_started())
- {
- if (!owning_thread) CRYPTO_r_lock(CRYPTO_LOCK_FIPS);
- ret = fips_mode;
- if (!owning_thread) CRYPTO_r_unlock(CRYPTO_LOCK_FIPS);
- }
- return ret;
- }
-
-void *FIPS_rand_check(void)
+unsigned char *fips_signature_witness(void)
{
- void *ret = 0;
- int owning_thread = fips_is_owning_thread();
-
- if (fips_is_started())
- {
- if (!owning_thread) CRYPTO_r_lock(CRYPTO_LOCK_FIPS);
- ret = fips_rand_check;
- if (!owning_thread) CRYPTO_r_unlock(CRYPTO_LOCK_FIPS);
- }
- return ret;
+ extern unsigned char FIPS_signature[];
+ return FIPS_signature;
}
-
#endif /* OPENSSL_FIPS */
diff --git a/lib/libcrypto/cryptlib.h b/lib/libcrypto/cryptlib.h
index 0d6b9d59f0b..6f59e08ca63 100644
--- a/lib/libcrypto/cryptlib.h
+++ b/lib/libcrypto/cryptlib.h
@@ -93,6 +93,10 @@ extern "C" {
#define DECIMAL_SIZE(type) ((sizeof(type)*8+2)/3+1)
#define HEX_SIZE(type) (sizeof(type)*2)
+void OPENSSL_showfatal(const char *,...);
+void *OPENSSL_stderr(void);
+extern int OPENSSL_NONPIC_relocated;
+
#ifdef __cplusplus
}
#endif
diff --git a/lib/libcrypto/crypto-lib.com b/lib/libcrypto/crypto-lib.com
index c044ce0099d..427c321f259 100644
--- a/lib/libcrypto/crypto-lib.com
+++ b/lib/libcrypto/crypto-lib.com
@@ -184,10 +184,10 @@ $ IF F$TRNLNM("OPENSSL_NO_ASM").OR.ARCH.EQS."AXP" THEN LIB_BN_ASM = "bn_asm"
$ LIB_BN = "bn_add,bn_div,bn_exp,bn_lib,bn_ctx,bn_mul,bn_mod,"+ -
"bn_print,bn_rand,bn_shift,bn_word,bn_blind,"+ -
"bn_kron,bn_sqrt,bn_gcd,bn_prime,bn_err,bn_sqr,"+LIB_BN_ASM+","+ -
- "bn_recp,bn_mont,bn_mpi,bn_exp2"
+ "bn_recp,bn_mont,bn_mpi,bn_exp2,bn_x931p"
$ LIB_RSA = "rsa_eay,rsa_gen,rsa_lib,rsa_sign,rsa_saos,rsa_err,"+ -
"rsa_pk1,rsa_ssl,rsa_none,rsa_oaep,rsa_chk,rsa_null,"+ -
- "rsa_asn1"
+ "rsa_pss,rsa_x931,rsa_asn1"
$ LIB_EC = "ec_lib,ecp_smpl,ecp_mont,ecp_recp,ecp_nist,ec_cvt,ec_mult,"+ -
"ec_err"
$ LIB_DSA = "dsa_gen,dsa_key,dsa_lib,dsa_asn1,dsa_vrf,dsa_sign,dsa_err,dsa_ossl"
@@ -265,10 +265,15 @@ $ LIB_KRB5 = "krb5_asn"
$!
$! Setup exceptional compilations
$!
+$ ! Add definitions for no threads on OpenVMS 7.1 and higher
$ COMPILEWITH_CC3 = ",bss_rtcp,"
+$ ! Disable the DOLLARID warning
$ COMPILEWITH_CC4 = ",a_utctm,bss_log,o_time,"
+$ ! Disable disjoint optimization
$ COMPILEWITH_CC5 = ",md2_dgst,md4_dgst,md5_dgst,mdc2dgst," + -
"sha_dgst,sha1dgst,rmd_dgst,bf_enc,"
+$ ! Disable the MIXLINKAGE warning
+$ COMPILEWITH_CC6 = ",enc_read,set_key,"
$!
$! Figure Out What Other Modules We Are To Build.
$!
@@ -497,7 +502,12 @@ $ IF COMPILEWITH_CC5 - FILE_NAME0 .NES. COMPILEWITH_CC5
$ THEN
$ CC5/OBJECT='OBJECT_FILE' 'SOURCE_FILE'
$ ELSE
-$ CC/OBJECT='OBJECT_FILE' 'SOURCE_FILE'
+$ IF COMPILEWITH_CC6 - FILE_NAME0 .NES. COMPILEWITH_CC6
+$ THEN
+$ CC6/OBJECT='OBJECT_FILE' 'SOURCE_FILE'
+$ ELSE
+$ CC/OBJECT='OBJECT_FILE' 'SOURCE_FILE'
+$ ENDIF
$ ENDIF
$ ENDIF
$ ENDIF
@@ -960,7 +970,7 @@ $ CCDEFS = "TCPIP_TYPE_''P4',DSO_VMS"
$ IF F$TYPE(USER_CCDEFS) .NES. "" THEN CCDEFS = CCDEFS + "," + USER_CCDEFS
$ CCEXTRAFLAGS = ""
$ IF F$TYPE(USER_CCFLAGS) .NES. "" THEN CCEXTRAFLAGS = USER_CCFLAGS
-$ CCDISABLEWARNINGS = "LONGLONGTYPE,LONGLONGSUFX"
+$ CCDISABLEWARNINGS = "LONGLONGTYPE,LONGLONGSUFX,FOUNDCR"
$ IF F$TYPE(USER_CCDISABLEWARNINGS) .NES. "" THEN -
CCDISABLEWARNINGS = CCDISABLEWARNINGS + "," + USER_CCDISABLEWARNINGS
$!
@@ -1077,14 +1087,18 @@ $ THEN
$ IF CCDISABLEWARNINGS .EQS. ""
$ THEN
$ CC4DISABLEWARNINGS = "DOLLARID"
+$ CC6DISABLEWARNINGS = "MIXLINKAGE"
$ ELSE
$ CC4DISABLEWARNINGS = CCDISABLEWARNINGS + ",DOLLARID"
+$ CC6DISABLEWARNINGS = CCDISABLEWARNINGS + ",MIXLINKAGE"
$ CCDISABLEWARNINGS = "/WARNING=(DISABLE=(" + CCDISABLEWARNINGS + "))"
$ ENDIF
$ CC4DISABLEWARNINGS = "/WARNING=(DISABLE=(" + CC4DISABLEWARNINGS + "))"
+$ CC6DISABLEWARNINGS = "/WARNING=(DISABLE=(" + CC6DISABLEWARNINGS + "))"
$ ELSE
$ CCDISABLEWARNINGS = ""
$ CC4DISABLEWARNINGS = ""
+$ CC6DISABLEWARNINGS = ""
$ ENDIF
$ CC3 = CC + "/DEFINE=(" + CCDEFS + ISSEVEN + ")" + CCDISABLEWARNINGS
$ CC = CC + "/DEFINE=(" + CCDEFS + ")" + CCDISABLEWARNINGS
@@ -1095,6 +1109,7 @@ $ ELSE
$ CC5 = CC + "/NOOPTIMIZE"
$ ENDIF
$ CC4 = CC - CCDISABLEWARNINGS + CC4DISABLEWARNINGS
+$ CC6 = CC - CCDISABLEWARNINGS + CC6DISABLEWARNINGS
$!
$! Show user the result
$!
diff --git a/lib/libcrypto/crypto.h b/lib/libcrypto/crypto.h
index 4d1dfac7f1e..22fd939e65e 100644
--- a/lib/libcrypto/crypto.h
+++ b/lib/libcrypto/crypto.h
@@ -434,12 +434,9 @@ void CRYPTO_mem_leaks_cb(CRYPTO_MEM_LEAK_CB *cb);
/* die if we have to */
void OpenSSLDie(const char *file,int line,const char *assertion);
-#define OPENSSL_assert(e) ((e) ? (void)0 : OpenSSLDie(__FILE__, __LINE__, #e))
+#define OPENSSL_assert(e) (void)((e) ? 0 : (OpenSSLDie(__FILE__, __LINE__, #e),1))
#ifdef OPENSSL_FIPS
-int FIPS_mode(void);
-void *FIPS_rand_check(void);
-
#define FIPS_ERROR_IGNORED(alg) OpenSSLDie(__FILE__, __LINE__, \
alg " previous FIPS forbidden algorithm error ignored");
diff --git a/lib/libcrypto/des/des_locl.h b/lib/libcrypto/des/des_locl.h
index e44e8e98b25..8f04b18c50f 100644
--- a/lib/libcrypto/des/des_locl.h
+++ b/lib/libcrypto/des/des_locl.h
@@ -421,7 +421,7 @@
PERM_OP(l,r,tt, 4,0x0f0f0f0fL); \
}
-OPENSSL_EXTERN const DES_LONG DES_SPtrans[8][64];
+extern const DES_LONG DES_SPtrans[8][64];
void fcrypt_body(DES_LONG *out,DES_key_schedule *ks,
DES_LONG Eswap0, DES_LONG Eswap1);
diff --git a/lib/libcrypto/dh/dh.h b/lib/libcrypto/dh/dh.h
index 0aff7fe21f9..8562d16fb70 100644
--- a/lib/libcrypto/dh/dh.h
+++ b/lib/libcrypto/dh/dh.h
@@ -70,7 +70,14 @@
#include <openssl/crypto.h>
#include <openssl/ossl_typ.h>
-#define DH_FLAG_CACHE_MONT_P 0x01
+#define DH_FLAG_CACHE_MONT_P 0x01
+#define DH_FLAG_NO_EXP_CONSTTIME 0x02 /* new with 0.9.7h; the built-in DH
+ * implementation now uses constant time
+ * modular exponentiation for secret exponents
+ * by default. This flag causes the
+ * faster variable sliding window method to
+ * be used for all exponents.
+ */
#ifdef __cplusplus
extern "C" {
diff --git a/lib/libcrypto/dh/dh_err.c b/lib/libcrypto/dh/dh_err.c
index 914b8a9c530..9336bfce6bd 100644
--- a/lib/libcrypto/dh/dh_err.c
+++ b/lib/libcrypto/dh/dh_err.c
@@ -1,6 +1,6 @@
/* crypto/dh/dh_err.c */
/* ====================================================================
- * Copyright (c) 1999-2003 The OpenSSL Project. All rights reserved.
+ * Copyright (c) 1999-2005 The OpenSSL Project. All rights reserved.
*
* Redistribution and use in source and binary forms, with or without
* modification, are permitted provided that the following conditions
@@ -64,22 +64,26 @@
/* BEGIN ERROR CODES */
#ifndef OPENSSL_NO_ERR
+
+#define ERR_FUNC(func) ERR_PACK(ERR_LIB_DH,func,0)
+#define ERR_REASON(reason) ERR_PACK(ERR_LIB_DH,0,reason)
+
static ERR_STRING_DATA DH_str_functs[]=
{
-{ERR_PACK(0,DH_F_DHPARAMS_PRINT,0), "DHparams_print"},
-{ERR_PACK(0,DH_F_DHPARAMS_PRINT_FP,0), "DHparams_print_fp"},
-{ERR_PACK(0,DH_F_DH_COMPUTE_KEY,0), "DH_compute_key"},
-{ERR_PACK(0,DH_F_DH_GENERATE_KEY,0), "DH_generate_key"},
-{ERR_PACK(0,DH_F_DH_GENERATE_PARAMETERS,0), "DH_generate_parameters"},
-{ERR_PACK(0,DH_F_DH_NEW_METHOD,0), "DH_new_method"},
+{ERR_FUNC(DH_F_DHPARAMS_PRINT), "DHparams_print"},
+{ERR_FUNC(DH_F_DHPARAMS_PRINT_FP), "DHparams_print_fp"},
+{ERR_FUNC(DH_F_DH_COMPUTE_KEY), "DH_compute_key"},
+{ERR_FUNC(DH_F_DH_GENERATE_KEY), "DH_generate_key"},
+{ERR_FUNC(DH_F_DH_GENERATE_PARAMETERS), "DH_generate_parameters"},
+{ERR_FUNC(DH_F_DH_NEW_METHOD), "DH_new_method"},
{0,NULL}
};
static ERR_STRING_DATA DH_str_reasons[]=
{
-{DH_R_BAD_GENERATOR ,"bad generator"},
-{DH_R_NO_PRIVATE_VALUE ,"no private value"},
-{DH_R_INVALID_PUBKEY ,"invalid public key"},
+{ERR_REASON(DH_R_BAD_GENERATOR) ,"bad generator"},
+{ERR_REASON(DH_R_NO_PRIVATE_VALUE) ,"no private value"},
+{ERR_REASON(DH_R_INVALID_PUBKEY) ,"invalid public key"},
{0,NULL}
};
@@ -93,8 +97,8 @@ void ERR_load_DH_strings(void)
{
init=0;
#ifndef OPENSSL_NO_ERR
- ERR_load_strings(ERR_LIB_DH,DH_str_functs);
- ERR_load_strings(ERR_LIB_DH,DH_str_reasons);
+ ERR_load_strings(0,DH_str_functs);
+ ERR_load_strings(0,DH_str_reasons);
#endif
}
diff --git a/lib/libcrypto/dh/dh_key.c b/lib/libcrypto/dh/dh_key.c
index 648766a6ec4..e3641ec4686 100644
--- a/lib/libcrypto/dh/dh_key.c
+++ b/lib/libcrypto/dh/dh_key.c
@@ -105,7 +105,7 @@ static int generate_key(DH *dh)
int generate_new_key=0;
unsigned l;
BN_CTX *ctx;
- BN_MONT_CTX *mont;
+ BN_MONT_CTX *mont=NULL;
BIGNUM *pub_key=NULL,*priv_key=NULL;
ctx = BN_CTX_new();
@@ -128,21 +128,37 @@ static int generate_key(DH *dh)
else
pub_key=dh->pub_key;
- if ((dh->method_mont_p == NULL) && (dh->flags & DH_FLAG_CACHE_MONT_P))
+
+ if (dh->flags & DH_FLAG_CACHE_MONT_P)
{
- if ((dh->method_mont_p=(char *)BN_MONT_CTX_new()) != NULL)
- if (!BN_MONT_CTX_set((BN_MONT_CTX *)dh->method_mont_p,
- dh->p,ctx)) goto err;
+ mont = BN_MONT_CTX_set_locked(
+ (BN_MONT_CTX **)&dh->method_mont_p,
+ CRYPTO_LOCK_DH, dh->p, ctx);
+ if (!mont)
+ goto err;
}
- mont=(BN_MONT_CTX *)dh->method_mont_p;
if (generate_new_key)
{
l = dh->length ? dh->length : BN_num_bits(dh->p)-1; /* secret exponent length */
if (!BN_rand(priv_key, l, 0, 0)) goto err;
}
- if (!dh->meth->bn_mod_exp(dh, pub_key, dh->g, priv_key,dh->p,ctx,mont))
- goto err;
+
+ {
+ BIGNUM local_prk;
+ BIGNUM *prk;
+
+ if ((dh->flags & DH_FLAG_NO_EXP_CONSTTIME) == 0)
+ {
+ BN_init(&local_prk);
+ prk = &local_prk;
+ BN_with_flags(prk, priv_key, BN_FLG_EXP_CONSTTIME);
+ }
+ else
+ prk = priv_key;
+
+ if (!dh->meth->bn_mod_exp(dh, pub_key, dh->g, prk, dh->p, ctx, mont)) goto err;
+ }
dh->pub_key=pub_key;
dh->priv_key=priv_key;
@@ -160,7 +176,7 @@ err:
static int compute_key(unsigned char *key, const BIGNUM *pub_key, DH *dh)
{
BN_CTX *ctx;
- BN_MONT_CTX *mont;
+ BN_MONT_CTX *mont=NULL;
BIGNUM *tmp;
int ret= -1;
int check_result;
@@ -175,15 +191,20 @@ static int compute_key(unsigned char *key, const BIGNUM *pub_key, DH *dh)
DHerr(DH_F_DH_COMPUTE_KEY,DH_R_NO_PRIVATE_VALUE);
goto err;
}
- if ((dh->method_mont_p == NULL) && (dh->flags & DH_FLAG_CACHE_MONT_P))
+
+ if (dh->flags & DH_FLAG_CACHE_MONT_P)
{
- if ((dh->method_mont_p=(char *)BN_MONT_CTX_new()) != NULL)
- if (!BN_MONT_CTX_set((BN_MONT_CTX *)dh->method_mont_p,
- dh->p,ctx)) goto err;
+ mont = BN_MONT_CTX_set_locked(
+ (BN_MONT_CTX **)&dh->method_mont_p,
+ CRYPTO_LOCK_DH, dh->p, ctx);
+ if ((dh->flags & DH_FLAG_NO_EXP_CONSTTIME) == 0)
+ {
+ /* XXX */
+ BN_set_flags(dh->priv_key, BN_FLG_EXP_CONSTTIME);
+ }
+ if (!mont)
+ goto err;
}
-
- mont=(BN_MONT_CTX *)dh->method_mont_p;
-
if (!DH_check_pub_key(dh, pub_key, &check_result) || check_result)
{
DHerr(DH_F_DH_COMPUTE_KEY,DH_R_INVALID_PUBKEY);
@@ -197,8 +218,11 @@ static int compute_key(unsigned char *key, const BIGNUM *pub_key, DH *dh)
ret=BN_bn2bin(tmp,key);
err:
- BN_CTX_end(ctx);
- BN_CTX_free(ctx);
+ if (ctx != NULL)
+ {
+ BN_CTX_end(ctx);
+ BN_CTX_free(ctx);
+ }
return(ret);
}
@@ -207,7 +231,10 @@ static int dh_bn_mod_exp(const DH *dh, BIGNUM *r,
const BIGNUM *m, BN_CTX *ctx,
BN_MONT_CTX *m_ctx)
{
- if (a->top == 1)
+ /* If a is only one word long and constant time is false, use the faster
+ * exponenentiation function.
+ */
+ if (a->top == 1 && ((dh->flags & DH_FLAG_NO_EXP_CONSTTIME) != 0))
{
BN_ULONG A = a->d[0];
return BN_mod_exp_mont_word(r,A,p,m,ctx,m_ctx);
diff --git a/lib/libcrypto/dh/dhtest.c b/lib/libcrypto/dh/dhtest.c
index d75077f9fa0..b76dede7719 100644
--- a/lib/libcrypto/dh/dhtest.c
+++ b/lib/libcrypto/dh/dhtest.c
@@ -136,6 +136,10 @@ int main(int argc, char *argv[])
b->g=BN_dup(a->g);
if ((b->p == NULL) || (b->g == NULL)) goto err;
+ /* Set a to run with normal modexp and b to use constant time */
+ a->flags &= ~DH_FLAG_NO_EXP_CONSTTIME;
+ b->flags |= DH_FLAG_NO_EXP_CONSTTIME;
+
if (!DH_generate_key(a)) goto err;
BIO_puts(out,"pri 1=");
BN_print(out,a->priv_key);
diff --git a/lib/libcrypto/doc/EVP_EncryptInit.pod b/lib/libcrypto/doc/EVP_EncryptInit.pod
index 40e525dd56e..8271d3dfc41 100644
--- a/lib/libcrypto/doc/EVP_EncryptInit.pod
+++ b/lib/libcrypto/doc/EVP_EncryptInit.pod
@@ -22,7 +22,7 @@ EVP_CIPHER_CTX_set_padding - EVP cipher routines
#include <openssl/evp.h>
- int EVP_CIPHER_CTX_init(EVP_CIPHER_CTX *a);
+ void EVP_CIPHER_CTX_init(EVP_CIPHER_CTX *a);
int EVP_EncryptInit_ex(EVP_CIPHER_CTX *ctx, const EVP_CIPHER *type,
ENGINE *impl, unsigned char *key, unsigned char *iv);
@@ -236,8 +236,8 @@ RC5 can be set.
=head1 RETURN VALUES
-EVP_CIPHER_CTX_init, EVP_EncryptInit_ex(), EVP_EncryptUpdate() and
-EVP_EncryptFinal_ex() return 1 for success and 0 for failure.
+EVP_EncryptInit_ex(), EVP_EncryptUpdate() and EVP_EncryptFinal_ex()
+return 1 for success and 0 for failure.
EVP_DecryptInit_ex() and EVP_DecryptUpdate() return 1 for success and 0 for failure.
EVP_DecryptFinal_ex() returns 0 if the decrypt failed or 1 for success.
diff --git a/lib/libcrypto/dsa/dsa.h b/lib/libcrypto/dsa/dsa.h
index 225ff391f9b..851e3f0445c 100644
--- a/lib/libcrypto/dsa/dsa.h
+++ b/lib/libcrypto/dsa/dsa.h
@@ -80,6 +80,20 @@
#endif
#define DSA_FLAG_CACHE_MONT_P 0x01
+#define DSA_FLAG_NO_EXP_CONSTTIME 0x02 /* new with 0.9.7h; the built-in DSA
+ * implementation now uses constant time
+ * modular exponentiation for secret exponents
+ * by default. This flag causes the
+ * faster variable sliding window method to
+ * be used for all exponents.
+ */
+
+/* If this flag is set external DSA_METHOD callbacks are allowed in FIPS mode
+ * it is then the applications responsibility to ensure the external method
+ * is compliant.
+ */
+
+#define DSA_FLAG_FIPS_EXTERNAL_METHOD_ALLOW 0x04
#if defined(OPENSSL_FIPS)
#define FIPS_DSA_SIZE_T int
diff --git a/lib/libcrypto/dsa/dsa_err.c b/lib/libcrypto/dsa/dsa_err.c
index 79aa4ff526c..fd42053572b 100644
--- a/lib/libcrypto/dsa/dsa_err.c
+++ b/lib/libcrypto/dsa/dsa_err.c
@@ -1,6 +1,6 @@
/* crypto/dsa/dsa_err.c */
/* ====================================================================
- * Copyright (c) 1999 The OpenSSL Project. All rights reserved.
+ * Copyright (c) 1999-2005 The OpenSSL Project. All rights reserved.
*
* Redistribution and use in source and binary forms, with or without
* modification, are permitted provided that the following conditions
@@ -64,29 +64,33 @@
/* BEGIN ERROR CODES */
#ifndef OPENSSL_NO_ERR
+
+#define ERR_FUNC(func) ERR_PACK(ERR_LIB_DSA,func,0)
+#define ERR_REASON(reason) ERR_PACK(ERR_LIB_DSA,0,reason)
+
static ERR_STRING_DATA DSA_str_functs[]=
{
-{ERR_PACK(0,DSA_F_D2I_DSA_SIG,0), "d2i_DSA_SIG"},
-{ERR_PACK(0,DSA_F_DSAPARAMS_PRINT,0), "DSAparams_print"},
-{ERR_PACK(0,DSA_F_DSAPARAMS_PRINT_FP,0), "DSAparams_print_fp"},
-{ERR_PACK(0,DSA_F_DSA_DO_SIGN,0), "DSA_do_sign"},
-{ERR_PACK(0,DSA_F_DSA_DO_VERIFY,0), "DSA_do_verify"},
-{ERR_PACK(0,DSA_F_DSA_NEW_METHOD,0), "DSA_new_method"},
-{ERR_PACK(0,DSA_F_DSA_PRINT,0), "DSA_print"},
-{ERR_PACK(0,DSA_F_DSA_PRINT_FP,0), "DSA_print_fp"},
-{ERR_PACK(0,DSA_F_DSA_SIGN,0), "DSA_sign"},
-{ERR_PACK(0,DSA_F_DSA_SIGN_SETUP,0), "DSA_sign_setup"},
-{ERR_PACK(0,DSA_F_DSA_SIG_NEW,0), "DSA_SIG_new"},
-{ERR_PACK(0,DSA_F_DSA_VERIFY,0), "DSA_verify"},
-{ERR_PACK(0,DSA_F_I2D_DSA_SIG,0), "i2d_DSA_SIG"},
-{ERR_PACK(0,DSA_F_SIG_CB,0), "SIG_CB"},
+{ERR_FUNC(DSA_F_D2I_DSA_SIG), "d2i_DSA_SIG"},
+{ERR_FUNC(DSA_F_DSAPARAMS_PRINT), "DSAparams_print"},
+{ERR_FUNC(DSA_F_DSAPARAMS_PRINT_FP), "DSAparams_print_fp"},
+{ERR_FUNC(DSA_F_DSA_DO_SIGN), "DSA_do_sign"},
+{ERR_FUNC(DSA_F_DSA_DO_VERIFY), "DSA_do_verify"},
+{ERR_FUNC(DSA_F_DSA_NEW_METHOD), "DSA_new_method"},
+{ERR_FUNC(DSA_F_DSA_PRINT), "DSA_print"},
+{ERR_FUNC(DSA_F_DSA_PRINT_FP), "DSA_print_fp"},
+{ERR_FUNC(DSA_F_DSA_SIGN), "DSA_sign"},
+{ERR_FUNC(DSA_F_DSA_SIGN_SETUP), "DSA_sign_setup"},
+{ERR_FUNC(DSA_F_DSA_SIG_NEW), "DSA_SIG_new"},
+{ERR_FUNC(DSA_F_DSA_VERIFY), "DSA_verify"},
+{ERR_FUNC(DSA_F_I2D_DSA_SIG), "i2d_DSA_SIG"},
+{ERR_FUNC(DSA_F_SIG_CB), "SIG_CB"},
{0,NULL}
};
static ERR_STRING_DATA DSA_str_reasons[]=
{
-{DSA_R_DATA_TOO_LARGE_FOR_KEY_SIZE ,"data too large for key size"},
-{DSA_R_MISSING_PARAMETERS ,"missing parameters"},
+{ERR_REASON(DSA_R_DATA_TOO_LARGE_FOR_KEY_SIZE),"data too large for key size"},
+{ERR_REASON(DSA_R_MISSING_PARAMETERS) ,"missing parameters"},
{0,NULL}
};
@@ -100,8 +104,8 @@ void ERR_load_DSA_strings(void)
{
init=0;
#ifndef OPENSSL_NO_ERR
- ERR_load_strings(ERR_LIB_DSA,DSA_str_functs);
- ERR_load_strings(ERR_LIB_DSA,DSA_str_reasons);
+ ERR_load_strings(0,DSA_str_functs);
+ ERR_load_strings(0,DSA_str_reasons);
#endif
}
diff --git a/lib/libcrypto/dsa/dsa_key.c b/lib/libcrypto/dsa/dsa_key.c
index 30607ca579f..980b6dc2d30 100644
--- a/lib/libcrypto/dsa/dsa_key.c
+++ b/lib/libcrypto/dsa/dsa_key.c
@@ -90,8 +90,22 @@ int DSA_generate_key(DSA *dsa)
}
else
pub_key=dsa->pub_key;
+
+ {
+ BIGNUM local_prk;
+ BIGNUM *prk;
+
+ if ((dsa->flags & DSA_FLAG_NO_EXP_CONSTTIME) == 0)
+ {
+ BN_init(&local_prk);
+ prk = &local_prk;
+ BN_with_flags(prk, priv_key, BN_FLG_EXP_CONSTTIME);
+ }
+ else
+ prk = priv_key;
- if (!BN_mod_exp(pub_key,dsa->g,priv_key,dsa->p,ctx)) goto err;
+ if (!BN_mod_exp(pub_key,dsa->g,prk,dsa->p,ctx)) goto err;
+ }
dsa->priv_key=priv_key;
dsa->pub_key=pub_key;
diff --git a/lib/libcrypto/dsa/dsa_ossl.c b/lib/libcrypto/dsa/dsa_ossl.c
index f1a85afcde8..12509a70833 100644
--- a/lib/libcrypto/dsa/dsa_ossl.c
+++ b/lib/libcrypto/dsa/dsa_ossl.c
@@ -172,7 +172,7 @@ err:
static int dsa_sign_setup(DSA *dsa, BN_CTX *ctx_in, BIGNUM **kinvp, BIGNUM **rp)
{
BN_CTX *ctx;
- BIGNUM k,*kinv=NULL,*r=NULL;
+ BIGNUM k,kq,*K,*kinv=NULL,*r=NULL;
int ret=0;
if (!dsa->p || !dsa->q || !dsa->g)
@@ -182,6 +182,7 @@ static int dsa_sign_setup(DSA *dsa, BN_CTX *ctx_in, BIGNUM **kinvp, BIGNUM **rp)
}
BN_init(&k);
+ BN_init(&kq);
if (ctx_in == NULL)
{
@@ -191,22 +192,49 @@ static int dsa_sign_setup(DSA *dsa, BN_CTX *ctx_in, BIGNUM **kinvp, BIGNUM **rp)
ctx=ctx_in;
if ((r=BN_new()) == NULL) goto err;
- kinv=NULL;
/* Get random k */
do
if (!BN_rand_range(&k, dsa->q)) goto err;
while (BN_is_zero(&k));
+ if ((dsa->flags & DSA_FLAG_NO_EXP_CONSTTIME) == 0)
+ {
+ BN_set_flags(&k, BN_FLG_EXP_CONSTTIME);
+ }
- if ((dsa->method_mont_p == NULL) && (dsa->flags & DSA_FLAG_CACHE_MONT_P))
+ if (dsa->flags & DSA_FLAG_CACHE_MONT_P)
{
- if ((dsa->method_mont_p=(char *)BN_MONT_CTX_new()) != NULL)
- if (!BN_MONT_CTX_set((BN_MONT_CTX *)dsa->method_mont_p,
- dsa->p,ctx)) goto err;
+ if (!BN_MONT_CTX_set_locked((BN_MONT_CTX **)&dsa->method_mont_p,
+ CRYPTO_LOCK_DSA,
+ dsa->p, ctx))
+ goto err;
}
/* Compute r = (g^k mod p) mod q */
- if (!dsa->meth->bn_mod_exp(dsa, r,dsa->g,&k,dsa->p,ctx,
+
+ if ((dsa->flags & DSA_FLAG_NO_EXP_CONSTTIME) == 0)
+ {
+ if (!BN_copy(&kq, &k)) goto err;
+
+ /* We do not want timing information to leak the length of k,
+ * so we compute g^k using an equivalent exponent of fixed length.
+ *
+ * (This is a kludge that we need because the BN_mod_exp_mont()
+ * does not let us specify the desired timing behaviour.) */
+
+ if (!BN_add(&kq, &kq, dsa->q)) goto err;
+ if (BN_num_bits(&kq) <= BN_num_bits(dsa->q))
+ {
+ if (!BN_add(&kq, &kq, dsa->q)) goto err;
+ }
+
+ K = &kq;
+ }
+ else
+ {
+ K = &k;
+ }
+ if (!dsa->meth->bn_mod_exp(dsa, r,dsa->g,K,dsa->p,ctx,
(BN_MONT_CTX *)dsa->method_mont_p)) goto err;
if (!BN_mod(r,r,dsa->q,ctx)) goto err;
@@ -229,6 +257,7 @@ err:
if (ctx_in == NULL) BN_CTX_free(ctx);
if (kinv != NULL) BN_clear_free(kinv);
BN_clear_free(&k);
+ BN_clear_free(&kq);
return(ret);
}
@@ -275,13 +304,15 @@ static int dsa_do_verify(const unsigned char *dgst, int dgst_len, DSA_SIG *sig,
/* u2 = r * w mod q */
if (!BN_mod_mul(&u2,sig->r,&u2,dsa->q,ctx)) goto err;
- if ((dsa->method_mont_p == NULL) && (dsa->flags & DSA_FLAG_CACHE_MONT_P))
+
+ if (dsa->flags & DSA_FLAG_CACHE_MONT_P)
{
- if ((dsa->method_mont_p=(char *)BN_MONT_CTX_new()) != NULL)
- if (!BN_MONT_CTX_set((BN_MONT_CTX *)dsa->method_mont_p,
- dsa->p,ctx)) goto err;
+ mont = BN_MONT_CTX_set_locked(
+ (BN_MONT_CTX **)&dsa->method_mont_p,
+ CRYPTO_LOCK_DSA, dsa->p, ctx);
+ if (!mont)
+ goto err;
}
- mont=(BN_MONT_CTX *)dsa->method_mont_p;
#if 0
{
diff --git a/lib/libcrypto/dsa/dsa_sign.c b/lib/libcrypto/dsa/dsa_sign.c
index 3c9753bac39..37c65efb20e 100644
--- a/lib/libcrypto/dsa/dsa_sign.c
+++ b/lib/libcrypto/dsa/dsa_sign.c
@@ -72,7 +72,8 @@
DSA_SIG * DSA_do_sign(const unsigned char *dgst, int dlen, DSA *dsa)
{
#ifdef OPENSSL_FIPS
- if(FIPS_mode() && !FIPS_dsa_check(dsa))
+ if(FIPS_mode() && !(dsa->flags & DSA_FLAG_FIPS_EXTERNAL_METHOD_ALLOW)
+ && !FIPS_dsa_check(dsa))
return NULL;
#endif
return dsa->meth->dsa_do_sign(dgst, dlen, dsa);
@@ -96,7 +97,8 @@ int DSA_sign(int type, const unsigned char *dgst, int dlen, unsigned char *sig,
int DSA_sign_setup(DSA *dsa, BN_CTX *ctx_in, BIGNUM **kinvp, BIGNUM **rp)
{
#ifdef OPENSSL_FIPS
- if(FIPS_mode() && !FIPS_dsa_check(dsa))
+ if(FIPS_mode() && !(dsa->flags & DSA_FLAG_FIPS_EXTERNAL_METHOD_ALLOW)
+ && !FIPS_dsa_check(dsa))
return 0;
#endif
return dsa->meth->dsa_sign_setup(dsa, ctx_in, kinvp, rp);
diff --git a/lib/libcrypto/dsa/dsa_vrf.c b/lib/libcrypto/dsa/dsa_vrf.c
index 8ef0c450252..c9784bed48e 100644
--- a/lib/libcrypto/dsa/dsa_vrf.c
+++ b/lib/libcrypto/dsa/dsa_vrf.c
@@ -74,7 +74,8 @@ int DSA_do_verify(const unsigned char *dgst, int dgst_len, DSA_SIG *sig,
DSA *dsa)
{
#ifdef OPENSSL_FIPS
- if(FIPS_mode() && !FIPS_dsa_check(dsa))
+ if(FIPS_mode() && !(dsa->flags & DSA_FLAG_FIPS_EXTERNAL_METHOD_ALLOW)
+ && !FIPS_dsa_check(dsa))
return -1;
#endif
return dsa->meth->dsa_do_verify(dgst, dgst_len, sig, dsa);
diff --git a/lib/libcrypto/dsa/dsatest.c b/lib/libcrypto/dsa/dsatest.c
index 4734ce4af85..55a3756affb 100644
--- a/lib/libcrypto/dsa/dsatest.c
+++ b/lib/libcrypto/dsa/dsatest.c
@@ -194,10 +194,19 @@ int main(int argc, char **argv)
BIO_printf(bio_err,"g value is wrong\n");
goto end;
}
+
+ dsa->flags |= DSA_FLAG_NO_EXP_CONSTTIME;
DSA_generate_key(dsa);
DSA_sign(0, str1, 20, sig, &siglen, dsa);
if (DSA_verify(0, str1, 20, sig, siglen, dsa) == 1)
ret=1;
+
+ dsa->flags &= ~DSA_FLAG_NO_EXP_CONSTTIME;
+ DSA_generate_key(dsa);
+ DSA_sign(0, str1, 20, sig, &siglen, dsa);
+ if (DSA_verify(0, str1, 20, sig, siglen, dsa) == 1)
+ ret=1;
+
end:
if (!ret)
ERR_print_errors(bio_err);
diff --git a/lib/libcrypto/dso/dso_dl.c b/lib/libcrypto/dso/dso_dl.c
index 79d2cb4d8c8..f7b4dfc0c37 100644
--- a/lib/libcrypto/dso/dso_dl.c
+++ b/lib/libcrypto/dso/dso_dl.c
@@ -126,7 +126,8 @@ static int dl_load(DSO *dso)
DSOerr(DSO_F_DL_LOAD,DSO_R_NO_FILENAME);
goto err;
}
- ptr = shl_load(filename, BIND_IMMEDIATE|DYNAMIC_PATH, 0L);
+ ptr = shl_load(filename, BIND_IMMEDIATE |
+ (dso->flags&DSO_FLAG_NO_NAME_TRANSLATION?0:DYNAMIC_PATH), 0L);
if(ptr == NULL)
{
DSOerr(DSO_F_DL_LOAD,DSO_R_LOAD_FAILED);
@@ -281,4 +282,36 @@ static char *dl_name_converter(DSO *dso, const char *filename)
return(translated);
}
+#ifdef OPENSSL_FIPS
+static void dl_ref_point(){}
+
+int DSO_pathbyaddr(void *addr,char *path,int sz)
+ {
+ struct shl_descriptor inf;
+ int i,len;
+
+ if (addr == NULL)
+ {
+ union { void(*f)(); void *p; } t = { dl_ref_point };
+ addr = t.p;
+ }
+
+ for (i=-1;shl_get_r(i,&inf)==0;i++)
+ {
+ if (((size_t)addr >= inf.tstart && (size_t)addr < inf.tend) ||
+ ((size_t)addr >= inf.dstart && (size_t)addr < inf.dend))
+ {
+ len = (int)strlen(inf.filename);
+ if (sz <= 0) return len+1;
+ if (len >= sz) len=sz-1;
+ memcpy(path,inf.filename,len);
+ path[len++] = 0;
+ return len;
+ }
+ }
+
+ return -1;
+ }
+#endif
+
#endif /* DSO_DL */
diff --git a/lib/libcrypto/dso/dso_dlfcn.c b/lib/libcrypto/dso/dso_dlfcn.c
index 2e729694314..d48b4202f2c 100644
--- a/lib/libcrypto/dso/dso_dlfcn.c
+++ b/lib/libcrypto/dso/dso_dlfcn.c
@@ -56,6 +56,10 @@
*
*/
+#ifdef __linux
+#define _GNU_SOURCE
+#endif
+
#include <stdio.h>
#include "cryptlib.h"
#include <openssl/dso.h>
@@ -228,7 +232,7 @@ static void *dlfcn_bind_var(DSO *dso, const char *symname)
static DSO_FUNC_TYPE dlfcn_bind_func(DSO *dso, const char *symname)
{
void *ptr;
- DSO_FUNC_TYPE sym;
+ DSO_FUNC_TYPE sym, *tsym = &sym;
if((dso == NULL) || (symname == NULL))
{
@@ -246,7 +250,7 @@ static DSO_FUNC_TYPE dlfcn_bind_func(DSO *dso, const char *symname)
DSOerr(DSO_F_DLFCN_BIND_FUNC,DSO_R_NULL_HANDLE);
return(NULL);
}
- sym = (DSO_FUNC_TYPE)dlsym(ptr, symname);
+ *(void**)(tsym) = dlsym(ptr, symname);
if(sym == NULL)
{
DSOerr(DSO_F_DLFCN_BIND_FUNC,DSO_R_SYM_FAILURE);
@@ -290,4 +294,32 @@ static char *dlfcn_name_converter(DSO *dso, const char *filename)
return(translated);
}
+#ifdef OPENSSL_FIPS
+static void dlfcn_ref_point(){}
+
+int DSO_pathbyaddr(void *addr,char *path,int sz)
+ {
+ Dl_info dli;
+ int len;
+
+ if (addr == NULL)
+ {
+ union { void(*f)(void); void *p; } t = { dlfcn_ref_point };
+ addr = t.p;
+ }
+
+ if (dladdr(addr,&dli))
+ {
+ len = (int)strlen(dli.dli_fname);
+ if (sz <= 0) return len+1;
+ if (len >= sz) len=sz-1;
+ memcpy(path,dli.dli_fname,len);
+ path[len++]=0;
+ return len;
+ }
+
+ ERR_add_error_data(4, "dlfcn_pathbyaddr(): ", dlerror());
+ return -1;
+ }
+#endif
#endif /* DSO_DLFCN */
diff --git a/lib/libcrypto/dso/dso_err.c b/lib/libcrypto/dso/dso_err.c
index cf452de1aa0..581677cc366 100644
--- a/lib/libcrypto/dso/dso_err.c
+++ b/lib/libcrypto/dso/dso_err.c
@@ -1,6 +1,6 @@
/* crypto/dso/dso_err.c */
/* ====================================================================
- * Copyright (c) 1999 The OpenSSL Project. All rights reserved.
+ * Copyright (c) 1999-2005 The OpenSSL Project. All rights reserved.
*
* Redistribution and use in source and binary forms, with or without
* modification, are permitted provided that the following conditions
@@ -64,56 +64,60 @@
/* BEGIN ERROR CODES */
#ifndef OPENSSL_NO_ERR
+
+#define ERR_FUNC(func) ERR_PACK(ERR_LIB_DSO,func,0)
+#define ERR_REASON(reason) ERR_PACK(ERR_LIB_DSO,0,reason)
+
static ERR_STRING_DATA DSO_str_functs[]=
{
-{ERR_PACK(0,DSO_F_DLFCN_BIND_FUNC,0), "DLFCN_BIND_FUNC"},
-{ERR_PACK(0,DSO_F_DLFCN_BIND_VAR,0), "DLFCN_BIND_VAR"},
-{ERR_PACK(0,DSO_F_DLFCN_LOAD,0), "DLFCN_LOAD"},
-{ERR_PACK(0,DSO_F_DLFCN_NAME_CONVERTER,0), "DLFCN_NAME_CONVERTER"},
-{ERR_PACK(0,DSO_F_DLFCN_UNLOAD,0), "DLFCN_UNLOAD"},
-{ERR_PACK(0,DSO_F_DL_BIND_FUNC,0), "DL_BIND_FUNC"},
-{ERR_PACK(0,DSO_F_DL_BIND_VAR,0), "DL_BIND_VAR"},
-{ERR_PACK(0,DSO_F_DL_LOAD,0), "DL_LOAD"},
-{ERR_PACK(0,DSO_F_DL_NAME_CONVERTER,0), "DL_NAME_CONVERTER"},
-{ERR_PACK(0,DSO_F_DL_UNLOAD,0), "DL_UNLOAD"},
-{ERR_PACK(0,DSO_F_DSO_BIND_FUNC,0), "DSO_bind_func"},
-{ERR_PACK(0,DSO_F_DSO_BIND_VAR,0), "DSO_bind_var"},
-{ERR_PACK(0,DSO_F_DSO_CONVERT_FILENAME,0), "DSO_convert_filename"},
-{ERR_PACK(0,DSO_F_DSO_CTRL,0), "DSO_ctrl"},
-{ERR_PACK(0,DSO_F_DSO_FREE,0), "DSO_free"},
-{ERR_PACK(0,DSO_F_DSO_GET_FILENAME,0), "DSO_get_filename"},
-{ERR_PACK(0,DSO_F_DSO_GET_LOADED_FILENAME,0), "DSO_get_loaded_filename"},
-{ERR_PACK(0,DSO_F_DSO_LOAD,0), "DSO_load"},
-{ERR_PACK(0,DSO_F_DSO_NEW_METHOD,0), "DSO_new_method"},
-{ERR_PACK(0,DSO_F_DSO_SET_FILENAME,0), "DSO_set_filename"},
-{ERR_PACK(0,DSO_F_DSO_SET_NAME_CONVERTER,0), "DSO_set_name_converter"},
-{ERR_PACK(0,DSO_F_DSO_UP_REF,0), "DSO_up_ref"},
-{ERR_PACK(0,DSO_F_VMS_BIND_VAR,0), "VMS_BIND_VAR"},
-{ERR_PACK(0,DSO_F_VMS_LOAD,0), "VMS_LOAD"},
-{ERR_PACK(0,DSO_F_VMS_UNLOAD,0), "VMS_UNLOAD"},
-{ERR_PACK(0,DSO_F_WIN32_BIND_FUNC,0), "WIN32_BIND_FUNC"},
-{ERR_PACK(0,DSO_F_WIN32_BIND_VAR,0), "WIN32_BIND_VAR"},
-{ERR_PACK(0,DSO_F_WIN32_LOAD,0), "WIN32_LOAD"},
-{ERR_PACK(0,DSO_F_WIN32_NAME_CONVERTER,0), "WIN32_NAME_CONVERTER"},
-{ERR_PACK(0,DSO_F_WIN32_UNLOAD,0), "WIN32_UNLOAD"},
+{ERR_FUNC(DSO_F_DLFCN_BIND_FUNC), "DLFCN_BIND_FUNC"},
+{ERR_FUNC(DSO_F_DLFCN_BIND_VAR), "DLFCN_BIND_VAR"},
+{ERR_FUNC(DSO_F_DLFCN_LOAD), "DLFCN_LOAD"},
+{ERR_FUNC(DSO_F_DLFCN_NAME_CONVERTER), "DLFCN_NAME_CONVERTER"},
+{ERR_FUNC(DSO_F_DLFCN_UNLOAD), "DLFCN_UNLOAD"},
+{ERR_FUNC(DSO_F_DL_BIND_FUNC), "DL_BIND_FUNC"},
+{ERR_FUNC(DSO_F_DL_BIND_VAR), "DL_BIND_VAR"},
+{ERR_FUNC(DSO_F_DL_LOAD), "DL_LOAD"},
+{ERR_FUNC(DSO_F_DL_NAME_CONVERTER), "DL_NAME_CONVERTER"},
+{ERR_FUNC(DSO_F_DL_UNLOAD), "DL_UNLOAD"},
+{ERR_FUNC(DSO_F_DSO_BIND_FUNC), "DSO_bind_func"},
+{ERR_FUNC(DSO_F_DSO_BIND_VAR), "DSO_bind_var"},
+{ERR_FUNC(DSO_F_DSO_CONVERT_FILENAME), "DSO_convert_filename"},
+{ERR_FUNC(DSO_F_DSO_CTRL), "DSO_ctrl"},
+{ERR_FUNC(DSO_F_DSO_FREE), "DSO_free"},
+{ERR_FUNC(DSO_F_DSO_GET_FILENAME), "DSO_get_filename"},
+{ERR_FUNC(DSO_F_DSO_GET_LOADED_FILENAME), "DSO_get_loaded_filename"},
+{ERR_FUNC(DSO_F_DSO_LOAD), "DSO_load"},
+{ERR_FUNC(DSO_F_DSO_NEW_METHOD), "DSO_new_method"},
+{ERR_FUNC(DSO_F_DSO_SET_FILENAME), "DSO_set_filename"},
+{ERR_FUNC(DSO_F_DSO_SET_NAME_CONVERTER), "DSO_set_name_converter"},
+{ERR_FUNC(DSO_F_DSO_UP_REF), "DSO_up_ref"},
+{ERR_FUNC(DSO_F_VMS_BIND_VAR), "VMS_BIND_VAR"},
+{ERR_FUNC(DSO_F_VMS_LOAD), "VMS_LOAD"},
+{ERR_FUNC(DSO_F_VMS_UNLOAD), "VMS_UNLOAD"},
+{ERR_FUNC(DSO_F_WIN32_BIND_FUNC), "WIN32_BIND_FUNC"},
+{ERR_FUNC(DSO_F_WIN32_BIND_VAR), "WIN32_BIND_VAR"},
+{ERR_FUNC(DSO_F_WIN32_LOAD), "WIN32_LOAD"},
+{ERR_FUNC(DSO_F_WIN32_NAME_CONVERTER), "WIN32_NAME_CONVERTER"},
+{ERR_FUNC(DSO_F_WIN32_UNLOAD), "WIN32_UNLOAD"},
{0,NULL}
};
static ERR_STRING_DATA DSO_str_reasons[]=
{
-{DSO_R_CTRL_FAILED ,"control command failed"},
-{DSO_R_DSO_ALREADY_LOADED ,"dso already loaded"},
-{DSO_R_FILENAME_TOO_BIG ,"filename too big"},
-{DSO_R_FINISH_FAILED ,"cleanup method function failed"},
-{DSO_R_LOAD_FAILED ,"could not load the shared library"},
-{DSO_R_NAME_TRANSLATION_FAILED ,"name translation failed"},
-{DSO_R_NO_FILENAME ,"no filename"},
-{DSO_R_NULL_HANDLE ,"a null shared library handle was used"},
-{DSO_R_SET_FILENAME_FAILED ,"set filename failed"},
-{DSO_R_STACK_ERROR ,"the meth_data stack is corrupt"},
-{DSO_R_SYM_FAILURE ,"could not bind to the requested symbol name"},
-{DSO_R_UNLOAD_FAILED ,"could not unload the shared library"},
-{DSO_R_UNSUPPORTED ,"functionality not supported"},
+{ERR_REASON(DSO_R_CTRL_FAILED) ,"control command failed"},
+{ERR_REASON(DSO_R_DSO_ALREADY_LOADED) ,"dso already loaded"},
+{ERR_REASON(DSO_R_FILENAME_TOO_BIG) ,"filename too big"},
+{ERR_REASON(DSO_R_FINISH_FAILED) ,"cleanup method function failed"},
+{ERR_REASON(DSO_R_LOAD_FAILED) ,"could not load the shared library"},
+{ERR_REASON(DSO_R_NAME_TRANSLATION_FAILED),"name translation failed"},
+{ERR_REASON(DSO_R_NO_FILENAME) ,"no filename"},
+{ERR_REASON(DSO_R_NULL_HANDLE) ,"a null shared library handle was used"},
+{ERR_REASON(DSO_R_SET_FILENAME_FAILED) ,"set filename failed"},
+{ERR_REASON(DSO_R_STACK_ERROR) ,"the meth_data stack is corrupt"},
+{ERR_REASON(DSO_R_SYM_FAILURE) ,"could not bind to the requested symbol name"},
+{ERR_REASON(DSO_R_UNLOAD_FAILED) ,"could not unload the shared library"},
+{ERR_REASON(DSO_R_UNSUPPORTED) ,"functionality not supported"},
{0,NULL}
};
@@ -127,8 +131,8 @@ void ERR_load_DSO_strings(void)
{
init=0;
#ifndef OPENSSL_NO_ERR
- ERR_load_strings(ERR_LIB_DSO,DSO_str_functs);
- ERR_load_strings(ERR_LIB_DSO,DSO_str_reasons);
+ ERR_load_strings(0,DSO_str_functs);
+ ERR_load_strings(0,DSO_str_reasons);
#endif
}
diff --git a/lib/libcrypto/dso/dso_win32.c b/lib/libcrypto/dso/dso_win32.c
index 3fa90eb27cf..cc4ac686965 100644
--- a/lib/libcrypto/dso/dso_win32.c
+++ b/lib/libcrypto/dso/dso_win32.c
@@ -68,6 +68,25 @@ DSO_METHOD *DSO_METHOD_win32(void)
}
#else
+#ifdef _WIN32_WCE
+# if _WIN32_WCE < 300
+static FARPROC GetProcAddressA(HMODULE hModule,LPCSTR lpProcName)
+ {
+ WCHAR lpProcNameW[64];
+ int i;
+
+ for (i=0;lpProcName[i] && i<64;i++)
+ lpProcNameW[i] = (WCHAR)lpProcName[i];
+ if (i==64) return NULL;
+ lpProcNameW[i] = 0;
+
+ return GetProcAddressW(hModule,lpProcNameW);
+ }
+# endif
+# undef GetProcAddress
+# define GetProcAddress GetProcAddressA
+#endif
+
/* Part of the hack in "win32_load" ... */
#define DSO_MAX_TRANSLATED_SIZE 256
@@ -122,7 +141,7 @@ static int win32_load(DSO *dso)
DSOerr(DSO_F_WIN32_LOAD,DSO_R_NO_FILENAME);
goto err;
}
- h = LoadLibrary(filename);
+ h = LoadLibraryA(filename);
if(h == NULL)
{
DSOerr(DSO_F_WIN32_LOAD,DSO_R_LOAD_FAILED);
diff --git a/lib/libcrypto/ec/ec_err.c b/lib/libcrypto/ec/ec_err.c
index d37b6aba87f..5b70f943822 100644
--- a/lib/libcrypto/ec/ec_err.c
+++ b/lib/libcrypto/ec/ec_err.c
@@ -1,6 +1,6 @@
/* crypto/ec/ec_err.c */
/* ====================================================================
- * Copyright (c) 1999 The OpenSSL Project. All rights reserved.
+ * Copyright (c) 1999-2005 The OpenSSL Project. All rights reserved.
*
* Redistribution and use in source and binary forms, with or without
* modification, are permitted provided that the following conditions
@@ -64,70 +64,74 @@
/* BEGIN ERROR CODES */
#ifndef OPENSSL_NO_ERR
+
+#define ERR_FUNC(func) ERR_PACK(ERR_LIB_EC,func,0)
+#define ERR_REASON(reason) ERR_PACK(ERR_LIB_EC,0,reason)
+
static ERR_STRING_DATA EC_str_functs[]=
{
-{ERR_PACK(0,EC_F_COMPUTE_WNAF,0), "COMPUTE_WNAF"},
-{ERR_PACK(0,EC_F_EC_GFP_MONT_FIELD_DECODE,0), "ec_GFp_mont_field_decode"},
-{ERR_PACK(0,EC_F_EC_GFP_MONT_FIELD_ENCODE,0), "ec_GFp_mont_field_encode"},
-{ERR_PACK(0,EC_F_EC_GFP_MONT_FIELD_MUL,0), "ec_GFp_mont_field_mul"},
-{ERR_PACK(0,EC_F_EC_GFP_MONT_FIELD_SQR,0), "ec_GFp_mont_field_sqr"},
-{ERR_PACK(0,EC_F_EC_GFP_SIMPLE_GROUP_SET_CURVE_GFP,0), "ec_GFp_simple_group_set_curve_GFp"},
-{ERR_PACK(0,EC_F_EC_GFP_SIMPLE_GROUP_SET_GENERATOR,0), "ec_GFp_simple_group_set_generator"},
-{ERR_PACK(0,EC_F_EC_GFP_SIMPLE_MAKE_AFFINE,0), "ec_GFp_simple_make_affine"},
-{ERR_PACK(0,EC_F_EC_GFP_SIMPLE_OCT2POINT,0), "ec_GFp_simple_oct2point"},
-{ERR_PACK(0,EC_F_EC_GFP_SIMPLE_POINT2OCT,0), "ec_GFp_simple_point2oct"},
-{ERR_PACK(0,EC_F_EC_GFP_SIMPLE_POINTS_MAKE_AFFINE,0), "ec_GFp_simple_points_make_affine"},
-{ERR_PACK(0,EC_F_EC_GFP_SIMPLE_POINT_GET_AFFINE_COORDINATES_GFP,0), "ec_GFp_simple_point_get_affine_coordinates_GFp"},
-{ERR_PACK(0,EC_F_EC_GFP_SIMPLE_POINT_SET_AFFINE_COORDINATES_GFP,0), "ec_GFp_simple_point_set_affine_coordinates_GFp"},
-{ERR_PACK(0,EC_F_EC_GFP_SIMPLE_SET_COMPRESSED_COORDINATES_GFP,0), "ec_GFp_simple_set_compressed_coordinates_GFp"},
-{ERR_PACK(0,EC_F_EC_GROUP_COPY,0), "EC_GROUP_copy"},
-{ERR_PACK(0,EC_F_EC_GROUP_GET0_GENERATOR,0), "EC_GROUP_get0_generator"},
-{ERR_PACK(0,EC_F_EC_GROUP_GET_COFACTOR,0), "EC_GROUP_get_cofactor"},
-{ERR_PACK(0,EC_F_EC_GROUP_GET_CURVE_GFP,0), "EC_GROUP_get_curve_GFp"},
-{ERR_PACK(0,EC_F_EC_GROUP_GET_ORDER,0), "EC_GROUP_get_order"},
-{ERR_PACK(0,EC_F_EC_GROUP_NEW,0), "EC_GROUP_new"},
-{ERR_PACK(0,EC_F_EC_GROUP_PRECOMPUTE_MULT,0), "EC_GROUP_precompute_mult"},
-{ERR_PACK(0,EC_F_EC_GROUP_SET_CURVE_GFP,0), "EC_GROUP_set_curve_GFp"},
-{ERR_PACK(0,EC_F_EC_GROUP_SET_EXTRA_DATA,0), "EC_GROUP_set_extra_data"},
-{ERR_PACK(0,EC_F_EC_GROUP_SET_GENERATOR,0), "EC_GROUP_set_generator"},
-{ERR_PACK(0,EC_F_EC_POINTS_MAKE_AFFINE,0), "EC_POINTs_make_affine"},
-{ERR_PACK(0,EC_F_EC_POINTS_MUL,0), "EC_POINTs_mul"},
-{ERR_PACK(0,EC_F_EC_POINT_ADD,0), "EC_POINT_add"},
-{ERR_PACK(0,EC_F_EC_POINT_CMP,0), "EC_POINT_cmp"},
-{ERR_PACK(0,EC_F_EC_POINT_COPY,0), "EC_POINT_copy"},
-{ERR_PACK(0,EC_F_EC_POINT_DBL,0), "EC_POINT_dbl"},
-{ERR_PACK(0,EC_F_EC_POINT_GET_AFFINE_COORDINATES_GFP,0), "EC_POINT_get_affine_coordinates_GFp"},
-{ERR_PACK(0,EC_F_EC_POINT_GET_JPROJECTIVE_COORDINATES_GFP,0), "EC_POINT_get_Jprojective_coordinates_GFp"},
-{ERR_PACK(0,EC_F_EC_POINT_IS_AT_INFINITY,0), "EC_POINT_is_at_infinity"},
-{ERR_PACK(0,EC_F_EC_POINT_IS_ON_CURVE,0), "EC_POINT_is_on_curve"},
-{ERR_PACK(0,EC_F_EC_POINT_MAKE_AFFINE,0), "EC_POINT_make_affine"},
-{ERR_PACK(0,EC_F_EC_POINT_NEW,0), "EC_POINT_new"},
-{ERR_PACK(0,EC_F_EC_POINT_OCT2POINT,0), "EC_POINT_oct2point"},
-{ERR_PACK(0,EC_F_EC_POINT_POINT2OCT,0), "EC_POINT_point2oct"},
-{ERR_PACK(0,EC_F_EC_POINT_SET_AFFINE_COORDINATES_GFP,0), "EC_POINT_set_affine_coordinates_GFp"},
-{ERR_PACK(0,EC_F_EC_POINT_SET_COMPRESSED_COORDINATES_GFP,0), "EC_POINT_set_compressed_coordinates_GFp"},
-{ERR_PACK(0,EC_F_EC_POINT_SET_JPROJECTIVE_COORDINATES_GFP,0), "EC_POINT_set_Jprojective_coordinates_GFp"},
-{ERR_PACK(0,EC_F_EC_POINT_SET_TO_INFINITY,0), "EC_POINT_set_to_infinity"},
-{ERR_PACK(0,EC_F_GFP_MONT_GROUP_SET_CURVE_GFP,0), "GFP_MONT_GROUP_SET_CURVE_GFP"},
+{ERR_FUNC(EC_F_COMPUTE_WNAF), "COMPUTE_WNAF"},
+{ERR_FUNC(EC_F_EC_GFP_MONT_FIELD_DECODE), "ec_GFp_mont_field_decode"},
+{ERR_FUNC(EC_F_EC_GFP_MONT_FIELD_ENCODE), "ec_GFp_mont_field_encode"},
+{ERR_FUNC(EC_F_EC_GFP_MONT_FIELD_MUL), "ec_GFp_mont_field_mul"},
+{ERR_FUNC(EC_F_EC_GFP_MONT_FIELD_SQR), "ec_GFp_mont_field_sqr"},
+{ERR_FUNC(EC_F_EC_GFP_SIMPLE_GROUP_SET_CURVE_GFP), "ec_GFp_simple_group_set_curve_GFp"},
+{ERR_FUNC(EC_F_EC_GFP_SIMPLE_GROUP_SET_GENERATOR), "ec_GFp_simple_group_set_generator"},
+{ERR_FUNC(EC_F_EC_GFP_SIMPLE_MAKE_AFFINE), "ec_GFp_simple_make_affine"},
+{ERR_FUNC(EC_F_EC_GFP_SIMPLE_OCT2POINT), "ec_GFp_simple_oct2point"},
+{ERR_FUNC(EC_F_EC_GFP_SIMPLE_POINT2OCT), "ec_GFp_simple_point2oct"},
+{ERR_FUNC(EC_F_EC_GFP_SIMPLE_POINTS_MAKE_AFFINE), "ec_GFp_simple_points_make_affine"},
+{ERR_FUNC(EC_F_EC_GFP_SIMPLE_POINT_GET_AFFINE_COORDINATES_GFP), "ec_GFp_simple_point_get_affine_coordinates_GFp"},
+{ERR_FUNC(EC_F_EC_GFP_SIMPLE_POINT_SET_AFFINE_COORDINATES_GFP), "ec_GFp_simple_point_set_affine_coordinates_GFp"},
+{ERR_FUNC(EC_F_EC_GFP_SIMPLE_SET_COMPRESSED_COORDINATES_GFP), "ec_GFp_simple_set_compressed_coordinates_GFp"},
+{ERR_FUNC(EC_F_EC_GROUP_COPY), "EC_GROUP_copy"},
+{ERR_FUNC(EC_F_EC_GROUP_GET0_GENERATOR), "EC_GROUP_get0_generator"},
+{ERR_FUNC(EC_F_EC_GROUP_GET_COFACTOR), "EC_GROUP_get_cofactor"},
+{ERR_FUNC(EC_F_EC_GROUP_GET_CURVE_GFP), "EC_GROUP_get_curve_GFp"},
+{ERR_FUNC(EC_F_EC_GROUP_GET_ORDER), "EC_GROUP_get_order"},
+{ERR_FUNC(EC_F_EC_GROUP_NEW), "EC_GROUP_new"},
+{ERR_FUNC(EC_F_EC_GROUP_PRECOMPUTE_MULT), "EC_GROUP_precompute_mult"},
+{ERR_FUNC(EC_F_EC_GROUP_SET_CURVE_GFP), "EC_GROUP_set_curve_GFp"},
+{ERR_FUNC(EC_F_EC_GROUP_SET_EXTRA_DATA), "EC_GROUP_set_extra_data"},
+{ERR_FUNC(EC_F_EC_GROUP_SET_GENERATOR), "EC_GROUP_set_generator"},
+{ERR_FUNC(EC_F_EC_POINTS_MAKE_AFFINE), "EC_POINTs_make_affine"},
+{ERR_FUNC(EC_F_EC_POINTS_MUL), "EC_POINTs_mul"},
+{ERR_FUNC(EC_F_EC_POINT_ADD), "EC_POINT_add"},
+{ERR_FUNC(EC_F_EC_POINT_CMP), "EC_POINT_cmp"},
+{ERR_FUNC(EC_F_EC_POINT_COPY), "EC_POINT_copy"},
+{ERR_FUNC(EC_F_EC_POINT_DBL), "EC_POINT_dbl"},
+{ERR_FUNC(EC_F_EC_POINT_GET_AFFINE_COORDINATES_GFP), "EC_POINT_get_affine_coordinates_GFp"},
+{ERR_FUNC(EC_F_EC_POINT_GET_JPROJECTIVE_COORDINATES_GFP), "EC_POINT_get_Jprojective_coordinates_GFp"},
+{ERR_FUNC(EC_F_EC_POINT_IS_AT_INFINITY), "EC_POINT_is_at_infinity"},
+{ERR_FUNC(EC_F_EC_POINT_IS_ON_CURVE), "EC_POINT_is_on_curve"},
+{ERR_FUNC(EC_F_EC_POINT_MAKE_AFFINE), "EC_POINT_make_affine"},
+{ERR_FUNC(EC_F_EC_POINT_NEW), "EC_POINT_new"},
+{ERR_FUNC(EC_F_EC_POINT_OCT2POINT), "EC_POINT_oct2point"},
+{ERR_FUNC(EC_F_EC_POINT_POINT2OCT), "EC_POINT_point2oct"},
+{ERR_FUNC(EC_F_EC_POINT_SET_AFFINE_COORDINATES_GFP), "EC_POINT_set_affine_coordinates_GFp"},
+{ERR_FUNC(EC_F_EC_POINT_SET_COMPRESSED_COORDINATES_GFP), "EC_POINT_set_compressed_coordinates_GFp"},
+{ERR_FUNC(EC_F_EC_POINT_SET_JPROJECTIVE_COORDINATES_GFP), "EC_POINT_set_Jprojective_coordinates_GFp"},
+{ERR_FUNC(EC_F_EC_POINT_SET_TO_INFINITY), "EC_POINT_set_to_infinity"},
+{ERR_FUNC(EC_F_GFP_MONT_GROUP_SET_CURVE_GFP), "GFP_MONT_GROUP_SET_CURVE_GFP"},
{0,NULL}
};
static ERR_STRING_DATA EC_str_reasons[]=
{
-{EC_R_BUFFER_TOO_SMALL ,"buffer too small"},
-{EC_R_INCOMPATIBLE_OBJECTS ,"incompatible objects"},
-{EC_R_INVALID_ARGUMENT ,"invalid argument"},
-{EC_R_INVALID_COMPRESSED_POINT ,"invalid compressed point"},
-{EC_R_INVALID_COMPRESSION_BIT ,"invalid compression bit"},
-{EC_R_INVALID_ENCODING ,"invalid encoding"},
-{EC_R_INVALID_FIELD ,"invalid field"},
-{EC_R_INVALID_FORM ,"invalid form"},
-{EC_R_NOT_INITIALIZED ,"not initialized"},
-{EC_R_POINT_AT_INFINITY ,"point at infinity"},
-{EC_R_POINT_IS_NOT_ON_CURVE ,"point is not on curve"},
-{EC_R_SLOT_FULL ,"slot full"},
-{EC_R_UNDEFINED_GENERATOR ,"undefined generator"},
-{EC_R_UNKNOWN_ORDER ,"unknown order"},
+{ERR_REASON(EC_R_BUFFER_TOO_SMALL) ,"buffer too small"},
+{ERR_REASON(EC_R_INCOMPATIBLE_OBJECTS) ,"incompatible objects"},
+{ERR_REASON(EC_R_INVALID_ARGUMENT) ,"invalid argument"},
+{ERR_REASON(EC_R_INVALID_COMPRESSED_POINT),"invalid compressed point"},
+{ERR_REASON(EC_R_INVALID_COMPRESSION_BIT),"invalid compression bit"},
+{ERR_REASON(EC_R_INVALID_ENCODING) ,"invalid encoding"},
+{ERR_REASON(EC_R_INVALID_FIELD) ,"invalid field"},
+{ERR_REASON(EC_R_INVALID_FORM) ,"invalid form"},
+{ERR_REASON(EC_R_NOT_INITIALIZED) ,"not initialized"},
+{ERR_REASON(EC_R_POINT_AT_INFINITY) ,"point at infinity"},
+{ERR_REASON(EC_R_POINT_IS_NOT_ON_CURVE) ,"point is not on curve"},
+{ERR_REASON(EC_R_SLOT_FULL) ,"slot full"},
+{ERR_REASON(EC_R_UNDEFINED_GENERATOR) ,"undefined generator"},
+{ERR_REASON(EC_R_UNKNOWN_ORDER) ,"unknown order"},
{0,NULL}
};
@@ -141,8 +145,8 @@ void ERR_load_EC_strings(void)
{
init=0;
#ifndef OPENSSL_NO_ERR
- ERR_load_strings(ERR_LIB_EC,EC_str_functs);
- ERR_load_strings(ERR_LIB_EC,EC_str_reasons);
+ ERR_load_strings(0,EC_str_functs);
+ ERR_load_strings(0,EC_str_reasons);
#endif
}
diff --git a/lib/libcrypto/engine/eng_cnf.c b/lib/libcrypto/engine/eng_cnf.c
index cdf670901ad..4225760af10 100644
--- a/lib/libcrypto/engine/eng_cnf.c
+++ b/lib/libcrypto/engine/eng_cnf.c
@@ -158,7 +158,7 @@ static int int_engine_configure(char *name, char *value, const CONF *cnf)
*/
if (!strcmp(ctrlvalue, "EMPTY"))
ctrlvalue = NULL;
- else if (!strcmp(ctrlname, "init"))
+ if (!strcmp(ctrlname, "init"))
{
if (!NCONF_get_number_e(cnf, value, "init", &do_init))
goto err;
diff --git a/lib/libcrypto/engine/eng_err.c b/lib/libcrypto/engine/eng_err.c
index 814d95ee328..fdc0e7be0f8 100644
--- a/lib/libcrypto/engine/eng_err.c
+++ b/lib/libcrypto/engine/eng_err.c
@@ -1,6 +1,6 @@
/* crypto/engine/eng_err.c */
/* ====================================================================
- * Copyright (c) 1999-2002 The OpenSSL Project. All rights reserved.
+ * Copyright (c) 1999-2005 The OpenSSL Project. All rights reserved.
*
* Redistribution and use in source and binary forms, with or without
* modification, are permitted provided that the following conditions
@@ -64,87 +64,91 @@
/* BEGIN ERROR CODES */
#ifndef OPENSSL_NO_ERR
+
+#define ERR_FUNC(func) ERR_PACK(ERR_LIB_ENGINE,func,0)
+#define ERR_REASON(reason) ERR_PACK(ERR_LIB_ENGINE,0,reason)
+
static ERR_STRING_DATA ENGINE_str_functs[]=
{
-{ERR_PACK(0,ENGINE_F_DYNAMIC_CTRL,0), "DYNAMIC_CTRL"},
-{ERR_PACK(0,ENGINE_F_DYNAMIC_GET_DATA_CTX,0), "DYNAMIC_GET_DATA_CTX"},
-{ERR_PACK(0,ENGINE_F_DYNAMIC_LOAD,0), "DYNAMIC_LOAD"},
-{ERR_PACK(0,ENGINE_F_ENGINE_ADD,0), "ENGINE_add"},
-{ERR_PACK(0,ENGINE_F_ENGINE_BY_ID,0), "ENGINE_by_id"},
-{ERR_PACK(0,ENGINE_F_ENGINE_CMD_IS_EXECUTABLE,0), "ENGINE_cmd_is_executable"},
-{ERR_PACK(0,ENGINE_F_ENGINE_CTRL,0), "ENGINE_ctrl"},
-{ERR_PACK(0,ENGINE_F_ENGINE_CTRL_CMD,0), "ENGINE_ctrl_cmd"},
-{ERR_PACK(0,ENGINE_F_ENGINE_CTRL_CMD_STRING,0), "ENGINE_ctrl_cmd_string"},
-{ERR_PACK(0,ENGINE_F_ENGINE_FINISH,0), "ENGINE_finish"},
-{ERR_PACK(0,ENGINE_F_ENGINE_FREE,0), "ENGINE_free"},
-{ERR_PACK(0,ENGINE_F_ENGINE_GET_CIPHER,0), "ENGINE_get_cipher"},
-{ERR_PACK(0,ENGINE_F_ENGINE_GET_DEFAULT_TYPE,0), "ENGINE_GET_DEFAULT_TYPE"},
-{ERR_PACK(0,ENGINE_F_ENGINE_GET_DIGEST,0), "ENGINE_get_digest"},
-{ERR_PACK(0,ENGINE_F_ENGINE_GET_NEXT,0), "ENGINE_get_next"},
-{ERR_PACK(0,ENGINE_F_ENGINE_GET_PREV,0), "ENGINE_get_prev"},
-{ERR_PACK(0,ENGINE_F_ENGINE_INIT,0), "ENGINE_init"},
-{ERR_PACK(0,ENGINE_F_ENGINE_LIST_ADD,0), "ENGINE_LIST_ADD"},
-{ERR_PACK(0,ENGINE_F_ENGINE_LIST_REMOVE,0), "ENGINE_LIST_REMOVE"},
-{ERR_PACK(0,ENGINE_F_ENGINE_LOAD_PRIVATE_KEY,0), "ENGINE_load_private_key"},
-{ERR_PACK(0,ENGINE_F_ENGINE_LOAD_PUBLIC_KEY,0), "ENGINE_load_public_key"},
-{ERR_PACK(0,ENGINE_F_ENGINE_MODULE_INIT,0), "ENGINE_MODULE_INIT"},
-{ERR_PACK(0,ENGINE_F_ENGINE_NEW,0), "ENGINE_new"},
-{ERR_PACK(0,ENGINE_F_ENGINE_REMOVE,0), "ENGINE_remove"},
-{ERR_PACK(0,ENGINE_F_ENGINE_SET_DEFAULT_STRING,0), "ENGINE_set_default_string"},
-{ERR_PACK(0,ENGINE_F_ENGINE_SET_DEFAULT_TYPE,0), "ENGINE_SET_DEFAULT_TYPE"},
-{ERR_PACK(0,ENGINE_F_ENGINE_SET_ID,0), "ENGINE_set_id"},
-{ERR_PACK(0,ENGINE_F_ENGINE_SET_NAME,0), "ENGINE_set_name"},
-{ERR_PACK(0,ENGINE_F_ENGINE_TABLE_REGISTER,0), "ENGINE_TABLE_REGISTER"},
-{ERR_PACK(0,ENGINE_F_ENGINE_UNLOAD_KEY,0), "ENGINE_UNLOAD_KEY"},
-{ERR_PACK(0,ENGINE_F_ENGINE_UP_REF,0), "ENGINE_up_ref"},
-{ERR_PACK(0,ENGINE_F_INT_CTRL_HELPER,0), "INT_CTRL_HELPER"},
-{ERR_PACK(0,ENGINE_F_INT_ENGINE_CONFIGURE,0), "INT_ENGINE_CONFIGURE"},
-{ERR_PACK(0,ENGINE_F_LOG_MESSAGE,0), "LOG_MESSAGE"},
-{ERR_PACK(0,ENGINE_F_SET_DATA_CTX,0), "SET_DATA_CTX"},
+{ERR_FUNC(ENGINE_F_DYNAMIC_CTRL), "DYNAMIC_CTRL"},
+{ERR_FUNC(ENGINE_F_DYNAMIC_GET_DATA_CTX), "DYNAMIC_GET_DATA_CTX"},
+{ERR_FUNC(ENGINE_F_DYNAMIC_LOAD), "DYNAMIC_LOAD"},
+{ERR_FUNC(ENGINE_F_ENGINE_ADD), "ENGINE_add"},
+{ERR_FUNC(ENGINE_F_ENGINE_BY_ID), "ENGINE_by_id"},
+{ERR_FUNC(ENGINE_F_ENGINE_CMD_IS_EXECUTABLE), "ENGINE_cmd_is_executable"},
+{ERR_FUNC(ENGINE_F_ENGINE_CTRL), "ENGINE_ctrl"},
+{ERR_FUNC(ENGINE_F_ENGINE_CTRL_CMD), "ENGINE_ctrl_cmd"},
+{ERR_FUNC(ENGINE_F_ENGINE_CTRL_CMD_STRING), "ENGINE_ctrl_cmd_string"},
+{ERR_FUNC(ENGINE_F_ENGINE_FINISH), "ENGINE_finish"},
+{ERR_FUNC(ENGINE_F_ENGINE_FREE), "ENGINE_free"},
+{ERR_FUNC(ENGINE_F_ENGINE_GET_CIPHER), "ENGINE_get_cipher"},
+{ERR_FUNC(ENGINE_F_ENGINE_GET_DEFAULT_TYPE), "ENGINE_GET_DEFAULT_TYPE"},
+{ERR_FUNC(ENGINE_F_ENGINE_GET_DIGEST), "ENGINE_get_digest"},
+{ERR_FUNC(ENGINE_F_ENGINE_GET_NEXT), "ENGINE_get_next"},
+{ERR_FUNC(ENGINE_F_ENGINE_GET_PREV), "ENGINE_get_prev"},
+{ERR_FUNC(ENGINE_F_ENGINE_INIT), "ENGINE_init"},
+{ERR_FUNC(ENGINE_F_ENGINE_LIST_ADD), "ENGINE_LIST_ADD"},
+{ERR_FUNC(ENGINE_F_ENGINE_LIST_REMOVE), "ENGINE_LIST_REMOVE"},
+{ERR_FUNC(ENGINE_F_ENGINE_LOAD_PRIVATE_KEY), "ENGINE_load_private_key"},
+{ERR_FUNC(ENGINE_F_ENGINE_LOAD_PUBLIC_KEY), "ENGINE_load_public_key"},
+{ERR_FUNC(ENGINE_F_ENGINE_MODULE_INIT), "ENGINE_MODULE_INIT"},
+{ERR_FUNC(ENGINE_F_ENGINE_NEW), "ENGINE_new"},
+{ERR_FUNC(ENGINE_F_ENGINE_REMOVE), "ENGINE_remove"},
+{ERR_FUNC(ENGINE_F_ENGINE_SET_DEFAULT_STRING), "ENGINE_set_default_string"},
+{ERR_FUNC(ENGINE_F_ENGINE_SET_DEFAULT_TYPE), "ENGINE_SET_DEFAULT_TYPE"},
+{ERR_FUNC(ENGINE_F_ENGINE_SET_ID), "ENGINE_set_id"},
+{ERR_FUNC(ENGINE_F_ENGINE_SET_NAME), "ENGINE_set_name"},
+{ERR_FUNC(ENGINE_F_ENGINE_TABLE_REGISTER), "ENGINE_TABLE_REGISTER"},
+{ERR_FUNC(ENGINE_F_ENGINE_UNLOAD_KEY), "ENGINE_UNLOAD_KEY"},
+{ERR_FUNC(ENGINE_F_ENGINE_UP_REF), "ENGINE_up_ref"},
+{ERR_FUNC(ENGINE_F_INT_CTRL_HELPER), "INT_CTRL_HELPER"},
+{ERR_FUNC(ENGINE_F_INT_ENGINE_CONFIGURE), "INT_ENGINE_CONFIGURE"},
+{ERR_FUNC(ENGINE_F_LOG_MESSAGE), "LOG_MESSAGE"},
+{ERR_FUNC(ENGINE_F_SET_DATA_CTX), "SET_DATA_CTX"},
{0,NULL}
};
static ERR_STRING_DATA ENGINE_str_reasons[]=
{
-{ENGINE_R_ALREADY_LOADED ,"already loaded"},
-{ENGINE_R_ARGUMENT_IS_NOT_A_NUMBER ,"argument is not a number"},
-{ENGINE_R_CMD_NOT_EXECUTABLE ,"cmd not executable"},
-{ENGINE_R_COMMAND_TAKES_INPUT ,"command takes input"},
-{ENGINE_R_COMMAND_TAKES_NO_INPUT ,"command takes no input"},
-{ENGINE_R_CONFLICTING_ENGINE_ID ,"conflicting engine id"},
-{ENGINE_R_CTRL_COMMAND_NOT_IMPLEMENTED ,"ctrl command not implemented"},
-{ENGINE_R_DH_NOT_IMPLEMENTED ,"dh not implemented"},
-{ENGINE_R_DSA_NOT_IMPLEMENTED ,"dsa not implemented"},
-{ENGINE_R_DSO_FAILURE ,"DSO failure"},
-{ENGINE_R_DSO_NOT_FOUND ,"dso not found"},
-{ENGINE_R_ENGINES_SECTION_ERROR ,"engines section error"},
-{ENGINE_R_ENGINE_IS_NOT_IN_LIST ,"engine is not in the list"},
-{ENGINE_R_ENGINE_SECTION_ERROR ,"engine section error"},
-{ENGINE_R_FAILED_LOADING_PRIVATE_KEY ,"failed loading private key"},
-{ENGINE_R_FAILED_LOADING_PUBLIC_KEY ,"failed loading public key"},
-{ENGINE_R_FINISH_FAILED ,"finish failed"},
-{ENGINE_R_GET_HANDLE_FAILED ,"could not obtain hardware handle"},
-{ENGINE_R_ID_OR_NAME_MISSING ,"'id' or 'name' missing"},
-{ENGINE_R_INIT_FAILED ,"init failed"},
-{ENGINE_R_INTERNAL_LIST_ERROR ,"internal list error"},
-{ENGINE_R_INVALID_ARGUMENT ,"invalid argument"},
-{ENGINE_R_INVALID_CMD_NAME ,"invalid cmd name"},
-{ENGINE_R_INVALID_CMD_NUMBER ,"invalid cmd number"},
-{ENGINE_R_INVALID_INIT_VALUE ,"invalid init value"},
-{ENGINE_R_INVALID_STRING ,"invalid string"},
-{ENGINE_R_NOT_INITIALISED ,"not initialised"},
-{ENGINE_R_NOT_LOADED ,"not loaded"},
-{ENGINE_R_NO_CONTROL_FUNCTION ,"no control function"},
-{ENGINE_R_NO_INDEX ,"no index"},
-{ENGINE_R_NO_LOAD_FUNCTION ,"no load function"},
-{ENGINE_R_NO_REFERENCE ,"no reference"},
-{ENGINE_R_NO_SUCH_ENGINE ,"no such engine"},
-{ENGINE_R_NO_UNLOAD_FUNCTION ,"no unload function"},
-{ENGINE_R_PROVIDE_PARAMETERS ,"provide parameters"},
-{ENGINE_R_RSA_NOT_IMPLEMENTED ,"rsa not implemented"},
-{ENGINE_R_UNIMPLEMENTED_CIPHER ,"unimplemented cipher"},
-{ENGINE_R_UNIMPLEMENTED_DIGEST ,"unimplemented digest"},
-{ENGINE_R_VERSION_INCOMPATIBILITY ,"version incompatibility"},
+{ERR_REASON(ENGINE_R_ALREADY_LOADED) ,"already loaded"},
+{ERR_REASON(ENGINE_R_ARGUMENT_IS_NOT_A_NUMBER),"argument is not a number"},
+{ERR_REASON(ENGINE_R_CMD_NOT_EXECUTABLE) ,"cmd not executable"},
+{ERR_REASON(ENGINE_R_COMMAND_TAKES_INPUT),"command takes input"},
+{ERR_REASON(ENGINE_R_COMMAND_TAKES_NO_INPUT),"command takes no input"},
+{ERR_REASON(ENGINE_R_CONFLICTING_ENGINE_ID),"conflicting engine id"},
+{ERR_REASON(ENGINE_R_CTRL_COMMAND_NOT_IMPLEMENTED),"ctrl command not implemented"},
+{ERR_REASON(ENGINE_R_DH_NOT_IMPLEMENTED) ,"dh not implemented"},
+{ERR_REASON(ENGINE_R_DSA_NOT_IMPLEMENTED),"dsa not implemented"},
+{ERR_REASON(ENGINE_R_DSO_FAILURE) ,"DSO failure"},
+{ERR_REASON(ENGINE_R_DSO_NOT_FOUND) ,"dso not found"},
+{ERR_REASON(ENGINE_R_ENGINES_SECTION_ERROR),"engines section error"},
+{ERR_REASON(ENGINE_R_ENGINE_IS_NOT_IN_LIST),"engine is not in the list"},
+{ERR_REASON(ENGINE_R_ENGINE_SECTION_ERROR),"engine section error"},
+{ERR_REASON(ENGINE_R_FAILED_LOADING_PRIVATE_KEY),"failed loading private key"},
+{ERR_REASON(ENGINE_R_FAILED_LOADING_PUBLIC_KEY),"failed loading public key"},
+{ERR_REASON(ENGINE_R_FINISH_FAILED) ,"finish failed"},
+{ERR_REASON(ENGINE_R_GET_HANDLE_FAILED) ,"could not obtain hardware handle"},
+{ERR_REASON(ENGINE_R_ID_OR_NAME_MISSING) ,"'id' or 'name' missing"},
+{ERR_REASON(ENGINE_R_INIT_FAILED) ,"init failed"},
+{ERR_REASON(ENGINE_R_INTERNAL_LIST_ERROR),"internal list error"},
+{ERR_REASON(ENGINE_R_INVALID_ARGUMENT) ,"invalid argument"},
+{ERR_REASON(ENGINE_R_INVALID_CMD_NAME) ,"invalid cmd name"},
+{ERR_REASON(ENGINE_R_INVALID_CMD_NUMBER) ,"invalid cmd number"},
+{ERR_REASON(ENGINE_R_INVALID_INIT_VALUE) ,"invalid init value"},
+{ERR_REASON(ENGINE_R_INVALID_STRING) ,"invalid string"},
+{ERR_REASON(ENGINE_R_NOT_INITIALISED) ,"not initialised"},
+{ERR_REASON(ENGINE_R_NOT_LOADED) ,"not loaded"},
+{ERR_REASON(ENGINE_R_NO_CONTROL_FUNCTION),"no control function"},
+{ERR_REASON(ENGINE_R_NO_INDEX) ,"no index"},
+{ERR_REASON(ENGINE_R_NO_LOAD_FUNCTION) ,"no load function"},
+{ERR_REASON(ENGINE_R_NO_REFERENCE) ,"no reference"},
+{ERR_REASON(ENGINE_R_NO_SUCH_ENGINE) ,"no such engine"},
+{ERR_REASON(ENGINE_R_NO_UNLOAD_FUNCTION) ,"no unload function"},
+{ERR_REASON(ENGINE_R_PROVIDE_PARAMETERS) ,"provide parameters"},
+{ERR_REASON(ENGINE_R_RSA_NOT_IMPLEMENTED),"rsa not implemented"},
+{ERR_REASON(ENGINE_R_UNIMPLEMENTED_CIPHER),"unimplemented cipher"},
+{ERR_REASON(ENGINE_R_UNIMPLEMENTED_DIGEST),"unimplemented digest"},
+{ERR_REASON(ENGINE_R_VERSION_INCOMPATIBILITY),"version incompatibility"},
{0,NULL}
};
@@ -158,8 +162,8 @@ void ERR_load_ENGINE_strings(void)
{
init=0;
#ifndef OPENSSL_NO_ERR
- ERR_load_strings(ERR_LIB_ENGINE,ENGINE_str_functs);
- ERR_load_strings(ERR_LIB_ENGINE,ENGINE_str_reasons);
+ ERR_load_strings(0,ENGINE_str_functs);
+ ERR_load_strings(0,ENGINE_str_reasons);
#endif
}
diff --git a/lib/libcrypto/engine/hw_aep.c b/lib/libcrypto/engine/hw_aep.c
index 8b8380a582b..5f1772ea995 100644
--- a/lib/libcrypto/engine/hw_aep.c
+++ b/lib/libcrypto/engine/hw_aep.c
@@ -474,6 +474,7 @@ static int aep_init(ENGINE *e)
if(aep_dso)
DSO_free(aep_dso);
+ aep_dso = NULL;
p_AEP_OpenConnection = NULL;
p_AEP_ModExp = NULL;
diff --git a/lib/libcrypto/engine/hw_atalla.c b/lib/libcrypto/engine/hw_atalla.c
index e9eff9fad11..2b8342bbdd9 100644
--- a/lib/libcrypto/engine/hw_atalla.c
+++ b/lib/libcrypto/engine/hw_atalla.c
@@ -375,6 +375,7 @@ static int atalla_init(ENGINE *e)
err:
if(atalla_dso)
DSO_free(atalla_dso);
+ atalla_dso = NULL;
p_Atalla_GetHardwareConfig = NULL;
p_Atalla_RSAPrivateKeyOpFn = NULL;
p_Atalla_GetPerformanceStatistics = NULL;
diff --git a/lib/libcrypto/engine/hw_cswift.c b/lib/libcrypto/engine/hw_cswift.c
index f128ee5a68d..1411fd83331 100644
--- a/lib/libcrypto/engine/hw_cswift.c
+++ b/lib/libcrypto/engine/hw_cswift.c
@@ -90,6 +90,7 @@ static int cswift_destroy(ENGINE *e);
static int cswift_init(ENGINE *e);
static int cswift_finish(ENGINE *e);
static int cswift_ctrl(ENGINE *e, int cmd, long i, void *p, void (*f)());
+static int cswift_bn_32copy(SW_LARGENUMBER * out, const BIGNUM * in);
/* BIGNUM stuff */
static int cswift_mod_exp(BIGNUM *r, const BIGNUM *a, const BIGNUM *p,
@@ -403,7 +404,10 @@ static int cswift_init(ENGINE *e)
return 1;
err:
if(cswift_dso)
+ {
DSO_free(cswift_dso);
+ cswift_dso = NULL;
+ }
p_CSwift_AcquireAccContext = NULL;
p_CSwift_AttachKeyParam = NULL;
p_CSwift_SimpleRequest = NULL;
@@ -553,6 +557,29 @@ err:
return to_return;
}
+
+int cswift_bn_32copy(SW_LARGENUMBER * out, const BIGNUM * in)
+{
+ int mod;
+ int numbytes = BN_num_bytes(in);
+
+ mod = 0;
+ while( ((out->nbytes = (numbytes+mod)) % 32) )
+ {
+ mod++;
+ }
+ out->value = (unsigned char*)OPENSSL_malloc(out->nbytes);
+ if(!out->value)
+ {
+ return 0;
+ }
+ BN_bn2bin(in, &out->value[mod]);
+ if(mod)
+ memset(out->value, 0, mod);
+
+ return 1;
+}
+
/* Un petit mod_exp chinois */
static int cswift_mod_exp_crt(BIGNUM *r, const BIGNUM *a, const BIGNUM *p,
const BIGNUM *q, const BIGNUM *dmp1,
@@ -562,15 +589,16 @@ static int cswift_mod_exp_crt(BIGNUM *r, const BIGNUM *a, const BIGNUM *p,
SW_LARGENUMBER arg, res;
SW_PARAM sw_param;
SW_CONTEXT_HANDLE hac;
- BIGNUM *rsa_p = NULL;
- BIGNUM *rsa_q = NULL;
- BIGNUM *rsa_dmp1 = NULL;
- BIGNUM *rsa_dmq1 = NULL;
- BIGNUM *rsa_iqmp = NULL;
- BIGNUM *argument = NULL;
BIGNUM *result = NULL;
+ BIGNUM *argument = NULL;
int to_return = 0; /* expect failure */
int acquired = 0;
+
+ sw_param.up.crt.p.value = NULL;
+ sw_param.up.crt.q.value = NULL;
+ sw_param.up.crt.dmp1.value = NULL;
+ sw_param.up.crt.dmq1.value = NULL;
+ sw_param.up.crt.iqmp.value = NULL;
if(!get_context(&hac))
{
@@ -578,44 +606,55 @@ static int cswift_mod_exp_crt(BIGNUM *r, const BIGNUM *a, const BIGNUM *p,
goto err;
}
acquired = 1;
+
/* Prepare the params */
- BN_CTX_start(ctx);
- rsa_p = BN_CTX_get(ctx);
- rsa_q = BN_CTX_get(ctx);
- rsa_dmp1 = BN_CTX_get(ctx);
- rsa_dmq1 = BN_CTX_get(ctx);
- rsa_iqmp = BN_CTX_get(ctx);
- argument = BN_CTX_get(ctx);
- result = BN_CTX_get(ctx);
- if(!result)
+ argument = BN_new();
+ result = BN_new();
+ if(!result || !argument)
{
CSWIFTerr(CSWIFT_F_CSWIFT_MOD_EXP_CRT,CSWIFT_R_BN_CTX_FULL);
goto err;
}
- if(!bn_wexpand(rsa_p, p->top) || !bn_wexpand(rsa_q, q->top) ||
- !bn_wexpand(rsa_dmp1, dmp1->top) ||
- !bn_wexpand(rsa_dmq1, dmq1->top) ||
- !bn_wexpand(rsa_iqmp, iqmp->top) ||
- !bn_wexpand(argument, a->top) ||
+
+
+ sw_param.type = SW_ALG_CRT;
+ /************************************************************************/
+ /* 04/02/2003 */
+ /* Modified by Frederic Giudicelli (deny-all.com) to overcome the */
+ /* limitation of cswift with values not a multiple of 32 */
+ /************************************************************************/
+ if(!cswift_bn_32copy(&sw_param.up.crt.p, p))
+ {
+ CSWIFTerr(CSWIFT_F_CSWIFT_MOD_EXP_CRT,CSWIFT_R_BN_EXPAND_FAIL);
+ goto err;
+ }
+ if(!cswift_bn_32copy(&sw_param.up.crt.q, q))
+ {
+ CSWIFTerr(CSWIFT_F_CSWIFT_MOD_EXP_CRT,CSWIFT_R_BN_EXPAND_FAIL);
+ goto err;
+ }
+ if(!cswift_bn_32copy(&sw_param.up.crt.dmp1, dmp1))
+ {
+ CSWIFTerr(CSWIFT_F_CSWIFT_MOD_EXP_CRT,CSWIFT_R_BN_EXPAND_FAIL);
+ goto err;
+ }
+ if(!cswift_bn_32copy(&sw_param.up.crt.dmq1, dmq1))
+ {
+ CSWIFTerr(CSWIFT_F_CSWIFT_MOD_EXP_CRT,CSWIFT_R_BN_EXPAND_FAIL);
+ goto err;
+ }
+ if(!cswift_bn_32copy(&sw_param.up.crt.iqmp, iqmp))
+ {
+ CSWIFTerr(CSWIFT_F_CSWIFT_MOD_EXP_CRT,CSWIFT_R_BN_EXPAND_FAIL);
+ goto err;
+ }
+ if( !bn_wexpand(argument, a->top) ||
!bn_wexpand(result, p->top + q->top))
{
CSWIFTerr(CSWIFT_F_CSWIFT_MOD_EXP_CRT,CSWIFT_R_BN_EXPAND_FAIL);
goto err;
}
- sw_param.type = SW_ALG_CRT;
- sw_param.up.crt.p.nbytes = BN_bn2bin(p, (unsigned char *)rsa_p->d);
- sw_param.up.crt.p.value = (unsigned char *)rsa_p->d;
- sw_param.up.crt.q.nbytes = BN_bn2bin(q, (unsigned char *)rsa_q->d);
- sw_param.up.crt.q.value = (unsigned char *)rsa_q->d;
- sw_param.up.crt.dmp1.nbytes = BN_bn2bin(dmp1,
- (unsigned char *)rsa_dmp1->d);
- sw_param.up.crt.dmp1.value = (unsigned char *)rsa_dmp1->d;
- sw_param.up.crt.dmq1.nbytes = BN_bn2bin(dmq1,
- (unsigned char *)rsa_dmq1->d);
- sw_param.up.crt.dmq1.value = (unsigned char *)rsa_dmq1->d;
- sw_param.up.crt.iqmp.nbytes = BN_bn2bin(iqmp,
- (unsigned char *)rsa_iqmp->d);
- sw_param.up.crt.iqmp.value = (unsigned char *)rsa_iqmp->d;
+
/* Attach the key params */
sw_status = p_CSwift_AttachKeyParam(hac, &sw_param);
switch(sw_status)
@@ -654,9 +693,22 @@ static int cswift_mod_exp_crt(BIGNUM *r, const BIGNUM *a, const BIGNUM *p,
BN_bin2bn((unsigned char *)result->d, res.nbytes, r);
to_return = 1;
err:
+ if(sw_param.up.crt.p.value)
+ OPENSSL_free(sw_param.up.crt.p.value);
+ if(sw_param.up.crt.q.value)
+ OPENSSL_free(sw_param.up.crt.q.value);
+ if(sw_param.up.crt.dmp1.value)
+ OPENSSL_free(sw_param.up.crt.dmp1.value);
+ if(sw_param.up.crt.dmq1.value)
+ OPENSSL_free(sw_param.up.crt.dmq1.value);
+ if(sw_param.up.crt.iqmp.value)
+ OPENSSL_free(sw_param.up.crt.iqmp.value);
+ if(result)
+ BN_free(result);
+ if(argument)
+ BN_free(argument);
if(acquired)
release_context(hac);
- BN_CTX_end(ctx);
return to_return;
}
@@ -665,6 +717,27 @@ static int cswift_rsa_mod_exp(BIGNUM *r0, const BIGNUM *I, RSA *rsa)
{
BN_CTX *ctx;
int to_return = 0;
+ const RSA_METHOD * def_rsa_method;
+
+ /* Try the limits of RSA (2048 bits) */
+ if(BN_num_bytes(rsa->p) > 128 ||
+ BN_num_bytes(rsa->q) > 128 ||
+ BN_num_bytes(rsa->dmp1) > 128 ||
+ BN_num_bytes(rsa->dmq1) > 128 ||
+ BN_num_bytes(rsa->iqmp) > 128)
+ {
+#ifdef RSA_NULL
+ def_rsa_method=RSA_null_method();
+#else
+#if 0
+ def_rsa_method=RSA_PKCS1_RSAref();
+#else
+ def_rsa_method=RSA_PKCS1_SSLeay();
+#endif
+#endif
+ if(def_rsa_method)
+ return def_rsa_method->rsa_mod_exp(r0, I, rsa);
+ }
if((ctx = BN_CTX_new()) == NULL)
goto err;
@@ -686,6 +759,26 @@ err:
static int cswift_mod_exp_mont(BIGNUM *r, const BIGNUM *a, const BIGNUM *p,
const BIGNUM *m, BN_CTX *ctx, BN_MONT_CTX *m_ctx)
{
+ const RSA_METHOD * def_rsa_method;
+
+ /* Try the limits of RSA (2048 bits) */
+ if(BN_num_bytes(r) > 256 ||
+ BN_num_bytes(a) > 256 ||
+ BN_num_bytes(m) > 256)
+ {
+#ifdef RSA_NULL
+ def_rsa_method=RSA_null_method();
+#else
+#if 0
+ def_rsa_method=RSA_PKCS1_RSAref();
+#else
+ def_rsa_method=RSA_PKCS1_SSLeay();
+#endif
+#endif
+ if(def_rsa_method)
+ return def_rsa_method->bn_mod_exp(r, a, p, m, ctx, m_ctx);
+ }
+
return cswift_mod_exp(r, a, p, m, ctx);
}
@@ -930,9 +1023,10 @@ static int cswift_rand_bytes(unsigned char *buf, int num)
SW_CONTEXT_HANDLE hac;
SW_STATUS swrc;
SW_LARGENUMBER largenum;
- size_t nbytes = 0;
int acquired = 0;
int to_return = 0; /* assume failure */
+ unsigned char buf32[1024];
+
if (!get_context(&hac))
{
@@ -941,17 +1035,19 @@ static int cswift_rand_bytes(unsigned char *buf, int num)
}
acquired = 1;
- while (nbytes < (size_t)num)
+ /************************************************************************/
+ /* 04/02/2003 */
+ /* Modified by Frederic Giudicelli (deny-all.com) to overcome the */
+ /* limitation of cswift with values not a multiple of 32 */
+ /************************************************************************/
+
+ while(num >= sizeof(buf32))
{
+ largenum.value = buf;
+ largenum.nbytes = sizeof(buf32);
/* tell CryptoSwift how many bytes we want and where we want it.
* Note: - CryptoSwift cannot do more than 4096 bytes at a time.
* - CryptoSwift can only do multiple of 32-bits. */
- largenum.value = (SW_BYTE *) buf + nbytes;
- if (4096 > num - nbytes)
- largenum.nbytes = num - nbytes;
- else
- largenum.nbytes = 4096;
-
swrc = p_CSwift_SimpleRequest(hac, SW_CMD_RAND, NULL, 0, &largenum, 1);
if (swrc != SW_OK)
{
@@ -961,14 +1057,30 @@ static int cswift_rand_bytes(unsigned char *buf, int num)
ERR_add_error_data(2, "CryptoSwift error number is ", tmpbuf);
goto err;
}
-
- nbytes += largenum.nbytes;
+ buf += sizeof(buf32);
+ num -= sizeof(buf32);
+ }
+ if(num)
+ {
+ largenum.nbytes = sizeof(buf32);
+ largenum.value = buf32;
+ swrc = p_CSwift_SimpleRequest(hac, SW_CMD_RAND, NULL, 0, &largenum, 1);
+ if (swrc != SW_OK)
+ {
+ char tmpbuf[20];
+ CSWIFTerr(CSWIFT_F_CSWIFT_CTRL, CSWIFT_R_REQUEST_FAILED);
+ sprintf(tmpbuf, "%ld", swrc);
+ ERR_add_error_data(2, "CryptoSwift error number is ", tmpbuf);
+ goto err;
+ }
+ memcpy(buf, largenum.value, num);
}
- to_return = 1; /* success */
+ to_return = 1; /* success */
err:
if (acquired)
release_context(hac);
+
return to_return;
}
diff --git a/lib/libcrypto/engine/hw_ubsec.c b/lib/libcrypto/engine/hw_ubsec.c
index 5234a08a07b..8fb834af31e 100644
--- a/lib/libcrypto/engine/hw_ubsec.c
+++ b/lib/libcrypto/engine/hw_ubsec.c
@@ -454,6 +454,7 @@ static int ubsec_init(ENGINE *e)
err:
if(ubsec_dso)
DSO_free(ubsec_dso);
+ ubsec_dso = NULL;
p_UBSEC_ubsec_bytes_to_bits = NULL;
p_UBSEC_ubsec_bits_to_bytes = NULL;
p_UBSEC_ubsec_open = NULL;
diff --git a/lib/libcrypto/engine/tb_dsa.c b/lib/libcrypto/engine/tb_dsa.c
index 80170591f20..7efe1819277 100644
--- a/lib/libcrypto/engine/tb_dsa.c
+++ b/lib/libcrypto/engine/tb_dsa.c
@@ -94,7 +94,7 @@ int ENGINE_set_default_DSA(ENGINE *e)
{
if(e->dsa_meth)
return engine_table_register(&dsa_table,
- engine_unregister_all_DSA, e, &dummy_nid, 1, 0);
+ engine_unregister_all_DSA, e, &dummy_nid, 1, 1);
return 1;
}
diff --git a/lib/libcrypto/err/err.c b/lib/libcrypto/err/err.c
index c78790a54cc..53687d79ab6 100644
--- a/lib/libcrypto/err/err.c
+++ b/lib/libcrypto/err/err.c
@@ -621,7 +621,8 @@ static void err_load_strings(int lib, ERR_STRING_DATA *str)
{
while (str->error)
{
- str->error|=ERR_PACK(lib,0,0);
+ if (lib)
+ str->error|=ERR_PACK(lib,0,0);
ERRFN(err_set_item)(str);
str++;
}
@@ -637,7 +638,8 @@ void ERR_unload_strings(int lib, ERR_STRING_DATA *str)
{
while (str->error)
{
- str->error|=ERR_PACK(lib,0,0);
+ if (lib)
+ str->error|=ERR_PACK(lib,0,0);
ERRFN(err_del_item)(str);
str++;
}
diff --git a/lib/libcrypto/err/openssl.ec b/lib/libcrypto/err/openssl.ec
index 447a7f87ed8..f8cd6937e7e 100644
--- a/lib/libcrypto/err/openssl.ec
+++ b/lib/libcrypto/err/openssl.ec
@@ -27,7 +27,7 @@ L DSO crypto/dso/dso.h crypto/dso/dso_err.c
L ENGINE crypto/engine/engine.h crypto/engine/eng_err.c
L OCSP crypto/ocsp/ocsp.h crypto/ocsp/ocsp_err.c
L UI crypto/ui/ui.h crypto/ui/ui_err.c
-L FIPS fips/fips.h fips/fips_err.h
+L FIPS fips-1.0/fips.h fips-1.0/fips_err.h
# additional header files to be scanned for function names
L NONE crypto/x509/x509_vfy.h NONE
diff --git a/lib/libcrypto/evp/bio_enc.c b/lib/libcrypto/evp/bio_enc.c
index ab818515034..b8cda1a9f07 100644
--- a/lib/libcrypto/evp/bio_enc.c
+++ b/lib/libcrypto/evp/bio_enc.c
@@ -71,7 +71,7 @@ static int enc_new(BIO *h);
static int enc_free(BIO *data);
static long enc_callback_ctrl(BIO *h, int cmd, bio_info_cb *fps);
#define ENC_BLOCK_SIZE (1024*4)
-#define BUF_OFFSET EVP_MAX_BLOCK_LENGTH
+#define BUF_OFFSET (EVP_MAX_BLOCK_LENGTH*2)
typedef struct enc_struct
{
diff --git a/lib/libcrypto/evp/c_alld.c b/lib/libcrypto/evp/c_alld.c
index aae7bf7482a..929ea56a3eb 100644
--- a/lib/libcrypto/evp/c_alld.c
+++ b/lib/libcrypto/evp/c_alld.c
@@ -100,4 +100,14 @@ void OpenSSL_add_all_digests(void)
EVP_add_digest_alias(SN_ripemd160,"ripemd");
EVP_add_digest_alias(SN_ripemd160,"rmd160");
#endif
+#ifdef OPENSSL_FIPS
+#ifndef OPENSSL_NO_SHA256
+ EVP_add_digest(EVP_sha224());
+ EVP_add_digest(EVP_sha256());
+#endif
+#ifndef OPENSSL_NO_SHA512
+ EVP_add_digest(EVP_sha384());
+ EVP_add_digest(EVP_sha512());
+#endif
+#endif
}
diff --git a/lib/libcrypto/evp/e_aes.c b/lib/libcrypto/evp/e_aes.c
index f35036c9d76..7b67984fa10 100644
--- a/lib/libcrypto/evp/e_aes.c
+++ b/lib/libcrypto/evp/e_aes.c
@@ -86,9 +86,9 @@ IMPLEMENT_BLOCK_CIPHER(aes_256, ks, AES, EVP_AES_KEY,
#define IMPLEMENT_AES_CFBR(ksize,cbits,flags) IMPLEMENT_CFBR(aes,AES,EVP_AES_KEY,ks,ksize,cbits,16,flags)
-IMPLEMENT_AES_CFBR(128,1,0)
-IMPLEMENT_AES_CFBR(192,1,0)
-IMPLEMENT_AES_CFBR(256,1,0)
+IMPLEMENT_AES_CFBR(128,1,EVP_CIPH_FLAG_FIPS)
+IMPLEMENT_AES_CFBR(192,1,EVP_CIPH_FLAG_FIPS)
+IMPLEMENT_AES_CFBR(256,1,EVP_CIPH_FLAG_FIPS)
IMPLEMENT_AES_CFBR(128,8,EVP_CIPH_FLAG_FIPS)
IMPLEMENT_AES_CFBR(192,8,EVP_CIPH_FLAG_FIPS)
diff --git a/lib/libcrypto/evp/encode.c b/lib/libcrypto/evp/encode.c
index 08209357ce0..33e540087d5 100644
--- a/lib/libcrypto/evp/encode.c
+++ b/lib/libcrypto/evp/encode.c
@@ -313,7 +313,7 @@ int EVP_DecodeUpdate(EVP_ENCODE_CTX *ctx, unsigned char *out, int *outl,
/* There will never be more than two '=' */
}
- if ((v == B64_EOF) || (n >= 64))
+ if ((v == B64_EOF && (n&3) == 0) || (n >= 64))
{
/* This is needed to work correctly on 64 byte input
* lines. We process the line and then need to
diff --git a/lib/libcrypto/evp/evp.h b/lib/libcrypto/evp/evp.h
index 09e597f631b..f29e0ba8f00 100644
--- a/lib/libcrypto/evp/evp.h
+++ b/lib/libcrypto/evp/evp.h
@@ -86,7 +86,7 @@
#define EVP_CAST5_KEY_SIZE 16
#define EVP_RC5_32_12_16_KEY_SIZE 16
*/
-#define EVP_MAX_MD_SIZE 64 /* to fit SHA512 */
+#define EVP_MAX_MD_SIZE 64 /* longest known SHA512 */
#define EVP_MAX_KEY_LENGTH 32
#define EVP_MAX_IV_LENGTH 16
#define EVP_MAX_BLOCK_LENGTH 32
@@ -589,6 +589,16 @@ const EVP_MD *EVP_sha(void);
const EVP_MD *EVP_sha1(void);
const EVP_MD *EVP_dss(void);
const EVP_MD *EVP_dss1(void);
+#ifdef OPENSSL_FIPS
+#ifndef OPENSSL_NO_SHA256
+const EVP_MD *EVP_sha224(void);
+const EVP_MD *EVP_sha256(void);
+#endif
+#ifndef OPENSSL_NO_SHA512
+const EVP_MD *EVP_sha384(void);
+const EVP_MD *EVP_sha512(void);
+#endif
+#endif
#endif
#ifndef OPENSSL_NO_MDC2
const EVP_MD *EVP_mdc2(void);
diff --git a/lib/libcrypto/evp/evp_err.c b/lib/libcrypto/evp/evp_err.c
index 40135d07292..77eee070d38 100644
--- a/lib/libcrypto/evp/evp_err.c
+++ b/lib/libcrypto/evp/evp_err.c
@@ -64,88 +64,92 @@
/* BEGIN ERROR CODES */
#ifndef OPENSSL_NO_ERR
+
+#define ERR_FUNC(func) ERR_PACK(ERR_LIB_EVP,func,0)
+#define ERR_REASON(reason) ERR_PACK(ERR_LIB_EVP,0,reason)
+
static ERR_STRING_DATA EVP_str_functs[]=
{
-{ERR_PACK(0,EVP_F_AES_INIT_KEY,0), "AES_INIT_KEY"},
-{ERR_PACK(0,EVP_F_D2I_PKEY,0), "D2I_PKEY"},
-{ERR_PACK(0,EVP_F_EVP_ADD_CIPHER,0), "EVP_add_cipher"},
-{ERR_PACK(0,EVP_F_EVP_ADD_DIGEST,0), "EVP_add_digest"},
-{ERR_PACK(0,EVP_F_EVP_CIPHERINIT,0), "EVP_CipherInit"},
-{ERR_PACK(0,EVP_F_EVP_CIPHER_CTX_CTRL,0), "EVP_CIPHER_CTX_ctrl"},
-{ERR_PACK(0,EVP_F_EVP_CIPHER_CTX_SET_KEY_LENGTH,0), "EVP_CIPHER_CTX_set_key_length"},
-{ERR_PACK(0,EVP_F_EVP_DECRYPTFINAL,0), "EVP_DecryptFinal"},
-{ERR_PACK(0,EVP_F_EVP_DIGESTINIT,0), "EVP_DigestInit"},
-{ERR_PACK(0,EVP_F_EVP_ENCRYPTFINAL,0), "EVP_EncryptFinal"},
-{ERR_PACK(0,EVP_F_EVP_GET_CIPHERBYNAME,0), "EVP_get_cipherbyname"},
-{ERR_PACK(0,EVP_F_EVP_GET_DIGESTBYNAME,0), "EVP_get_digestbyname"},
-{ERR_PACK(0,EVP_F_EVP_MD_CTX_COPY,0), "EVP_MD_CTX_copy"},
-{ERR_PACK(0,EVP_F_EVP_OPENINIT,0), "EVP_OpenInit"},
-{ERR_PACK(0,EVP_F_EVP_PBE_ALG_ADD,0), "EVP_PBE_alg_add"},
-{ERR_PACK(0,EVP_F_EVP_PBE_CIPHERINIT,0), "EVP_PBE_CipherInit"},
-{ERR_PACK(0,EVP_F_EVP_PKCS82PKEY,0), "EVP_PKCS82PKEY"},
-{ERR_PACK(0,EVP_F_EVP_PKCS8_SET_BROKEN,0), "EVP_PKCS8_SET_BROKEN"},
-{ERR_PACK(0,EVP_F_EVP_PKEY2PKCS8,0), "EVP_PKEY2PKCS8"},
-{ERR_PACK(0,EVP_F_EVP_PKEY_COPY_PARAMETERS,0), "EVP_PKEY_copy_parameters"},
-{ERR_PACK(0,EVP_F_EVP_PKEY_DECRYPT,0), "EVP_PKEY_decrypt"},
-{ERR_PACK(0,EVP_F_EVP_PKEY_ENCRYPT,0), "EVP_PKEY_encrypt"},
-{ERR_PACK(0,EVP_F_EVP_PKEY_GET1_DH,0), "EVP_PKEY_get1_DH"},
-{ERR_PACK(0,EVP_F_EVP_PKEY_GET1_DSA,0), "EVP_PKEY_get1_DSA"},
-{ERR_PACK(0,EVP_F_EVP_PKEY_GET1_RSA,0), "EVP_PKEY_get1_RSA"},
-{ERR_PACK(0,EVP_F_EVP_PKEY_NEW,0), "EVP_PKEY_new"},
-{ERR_PACK(0,EVP_F_EVP_RIJNDAEL,0), "EVP_RIJNDAEL"},
-{ERR_PACK(0,EVP_F_EVP_SIGNFINAL,0), "EVP_SignFinal"},
-{ERR_PACK(0,EVP_F_EVP_VERIFYFINAL,0), "EVP_VerifyFinal"},
-{ERR_PACK(0,EVP_F_PKCS5_PBE_KEYIVGEN,0), "PKCS5_PBE_keyivgen"},
-{ERR_PACK(0,EVP_F_PKCS5_V2_PBE_KEYIVGEN,0), "PKCS5_v2_PBE_keyivgen"},
-{ERR_PACK(0,EVP_F_RC2_MAGIC_TO_METH,0), "RC2_MAGIC_TO_METH"},
-{ERR_PACK(0,EVP_F_RC5_CTRL,0), "RC5_CTRL"},
+{ERR_FUNC(EVP_F_AES_INIT_KEY), "AES_INIT_KEY"},
+{ERR_FUNC(EVP_F_D2I_PKEY), "D2I_PKEY"},
+{ERR_FUNC(EVP_F_EVP_ADD_CIPHER), "EVP_add_cipher"},
+{ERR_FUNC(EVP_F_EVP_ADD_DIGEST), "EVP_add_digest"},
+{ERR_FUNC(EVP_F_EVP_CIPHERINIT), "EVP_CipherInit"},
+{ERR_FUNC(EVP_F_EVP_CIPHER_CTX_CTRL), "EVP_CIPHER_CTX_ctrl"},
+{ERR_FUNC(EVP_F_EVP_CIPHER_CTX_SET_KEY_LENGTH), "EVP_CIPHER_CTX_set_key_length"},
+{ERR_FUNC(EVP_F_EVP_DECRYPTFINAL), "EVP_DecryptFinal"},
+{ERR_FUNC(EVP_F_EVP_DIGESTINIT), "EVP_DigestInit"},
+{ERR_FUNC(EVP_F_EVP_ENCRYPTFINAL), "EVP_EncryptFinal"},
+{ERR_FUNC(EVP_F_EVP_GET_CIPHERBYNAME), "EVP_get_cipherbyname"},
+{ERR_FUNC(EVP_F_EVP_GET_DIGESTBYNAME), "EVP_get_digestbyname"},
+{ERR_FUNC(EVP_F_EVP_MD_CTX_COPY), "EVP_MD_CTX_copy"},
+{ERR_FUNC(EVP_F_EVP_OPENINIT), "EVP_OpenInit"},
+{ERR_FUNC(EVP_F_EVP_PBE_ALG_ADD), "EVP_PBE_alg_add"},
+{ERR_FUNC(EVP_F_EVP_PBE_CIPHERINIT), "EVP_PBE_CipherInit"},
+{ERR_FUNC(EVP_F_EVP_PKCS82PKEY), "EVP_PKCS82PKEY"},
+{ERR_FUNC(EVP_F_EVP_PKCS8_SET_BROKEN), "EVP_PKCS8_SET_BROKEN"},
+{ERR_FUNC(EVP_F_EVP_PKEY2PKCS8), "EVP_PKEY2PKCS8"},
+{ERR_FUNC(EVP_F_EVP_PKEY_COPY_PARAMETERS), "EVP_PKEY_copy_parameters"},
+{ERR_FUNC(EVP_F_EVP_PKEY_DECRYPT), "EVP_PKEY_decrypt"},
+{ERR_FUNC(EVP_F_EVP_PKEY_ENCRYPT), "EVP_PKEY_encrypt"},
+{ERR_FUNC(EVP_F_EVP_PKEY_GET1_DH), "EVP_PKEY_get1_DH"},
+{ERR_FUNC(EVP_F_EVP_PKEY_GET1_DSA), "EVP_PKEY_get1_DSA"},
+{ERR_FUNC(EVP_F_EVP_PKEY_GET1_RSA), "EVP_PKEY_get1_RSA"},
+{ERR_FUNC(EVP_F_EVP_PKEY_NEW), "EVP_PKEY_new"},
+{ERR_FUNC(EVP_F_EVP_RIJNDAEL), "EVP_RIJNDAEL"},
+{ERR_FUNC(EVP_F_EVP_SIGNFINAL), "EVP_SignFinal"},
+{ERR_FUNC(EVP_F_EVP_VERIFYFINAL), "EVP_VerifyFinal"},
+{ERR_FUNC(EVP_F_PKCS5_PBE_KEYIVGEN), "PKCS5_PBE_keyivgen"},
+{ERR_FUNC(EVP_F_PKCS5_V2_PBE_KEYIVGEN), "PKCS5_v2_PBE_keyivgen"},
+{ERR_FUNC(EVP_F_RC2_MAGIC_TO_METH), "RC2_MAGIC_TO_METH"},
+{ERR_FUNC(EVP_F_RC5_CTRL), "RC5_CTRL"},
{0,NULL}
};
static ERR_STRING_DATA EVP_str_reasons[]=
{
-{EVP_R_AES_KEY_SETUP_FAILED ,"aes key setup failed"},
-{EVP_R_BAD_BLOCK_LENGTH ,"bad block length"},
-{EVP_R_BAD_DECRYPT ,"bad decrypt"},
-{EVP_R_BAD_KEY_LENGTH ,"bad key length"},
-{EVP_R_BN_DECODE_ERROR ,"bn decode error"},
-{EVP_R_BN_PUBKEY_ERROR ,"bn pubkey error"},
-{EVP_R_CIPHER_PARAMETER_ERROR ,"cipher parameter error"},
-{EVP_R_CTRL_NOT_IMPLEMENTED ,"ctrl not implemented"},
-{EVP_R_CTRL_OPERATION_NOT_IMPLEMENTED ,"ctrl operation not implemented"},
-{EVP_R_DATA_NOT_MULTIPLE_OF_BLOCK_LENGTH ,"data not multiple of block length"},
-{EVP_R_DECODE_ERROR ,"decode error"},
-{EVP_R_DIFFERENT_KEY_TYPES ,"different key types"},
-{EVP_R_DISABLED_FOR_FIPS ,"disabled for fips"},
-{EVP_R_ENCODE_ERROR ,"encode error"},
-{EVP_R_EVP_PBE_CIPHERINIT_ERROR ,"evp pbe cipherinit error"},
-{EVP_R_EXPECTING_AN_RSA_KEY ,"expecting an rsa key"},
-{EVP_R_EXPECTING_A_DH_KEY ,"expecting a dh key"},
-{EVP_R_EXPECTING_A_DSA_KEY ,"expecting a dsa key"},
-{EVP_R_INITIALIZATION_ERROR ,"initialization error"},
-{EVP_R_INPUT_NOT_INITIALIZED ,"input not initialized"},
-{EVP_R_INVALID_KEY_LENGTH ,"invalid key length"},
-{EVP_R_IV_TOO_LARGE ,"iv too large"},
-{EVP_R_KEYGEN_FAILURE ,"keygen failure"},
-{EVP_R_MISSING_PARAMETERS ,"missing parameters"},
-{EVP_R_NO_CIPHER_SET ,"no cipher set"},
-{EVP_R_NO_DIGEST_SET ,"no digest set"},
-{EVP_R_NO_DSA_PARAMETERS ,"no dsa parameters"},
-{EVP_R_NO_SIGN_FUNCTION_CONFIGURED ,"no sign function configured"},
-{EVP_R_NO_VERIFY_FUNCTION_CONFIGURED ,"no verify function configured"},
-{EVP_R_PKCS8_UNKNOWN_BROKEN_TYPE ,"pkcs8 unknown broken type"},
-{EVP_R_PUBLIC_KEY_NOT_RSA ,"public key not rsa"},
-{EVP_R_UNKNOWN_PBE_ALGORITHM ,"unknown pbe algorithm"},
-{EVP_R_UNSUPORTED_NUMBER_OF_ROUNDS ,"unsuported number of rounds"},
-{EVP_R_UNSUPPORTED_CIPHER ,"unsupported cipher"},
-{EVP_R_UNSUPPORTED_KEYLENGTH ,"unsupported keylength"},
-{EVP_R_UNSUPPORTED_KEY_DERIVATION_FUNCTION,"unsupported key derivation function"},
-{EVP_R_UNSUPPORTED_KEY_SIZE ,"unsupported key size"},
-{EVP_R_UNSUPPORTED_PRF ,"unsupported prf"},
-{EVP_R_UNSUPPORTED_PRIVATE_KEY_ALGORITHM ,"unsupported private key algorithm"},
-{EVP_R_UNSUPPORTED_SALT_TYPE ,"unsupported salt type"},
-{EVP_R_WRONG_FINAL_BLOCK_LENGTH ,"wrong final block length"},
-{EVP_R_WRONG_PUBLIC_KEY_TYPE ,"wrong public key type"},
+{ERR_REASON(EVP_R_AES_KEY_SETUP_FAILED) ,"aes key setup failed"},
+{ERR_REASON(EVP_R_BAD_BLOCK_LENGTH) ,"bad block length"},
+{ERR_REASON(EVP_R_BAD_DECRYPT) ,"bad decrypt"},
+{ERR_REASON(EVP_R_BAD_KEY_LENGTH) ,"bad key length"},
+{ERR_REASON(EVP_R_BN_DECODE_ERROR) ,"bn decode error"},
+{ERR_REASON(EVP_R_BN_PUBKEY_ERROR) ,"bn pubkey error"},
+{ERR_REASON(EVP_R_CIPHER_PARAMETER_ERROR),"cipher parameter error"},
+{ERR_REASON(EVP_R_CTRL_NOT_IMPLEMENTED) ,"ctrl not implemented"},
+{ERR_REASON(EVP_R_CTRL_OPERATION_NOT_IMPLEMENTED),"ctrl operation not implemented"},
+{ERR_REASON(EVP_R_DATA_NOT_MULTIPLE_OF_BLOCK_LENGTH),"data not multiple of block length"},
+{ERR_REASON(EVP_R_DECODE_ERROR) ,"decode error"},
+{ERR_REASON(EVP_R_DIFFERENT_KEY_TYPES) ,"different key types"},
+{ERR_REASON(EVP_R_DISABLED_FOR_FIPS) ,"disabled for fips"},
+{ERR_REASON(EVP_R_ENCODE_ERROR) ,"encode error"},
+{ERR_REASON(EVP_R_EVP_PBE_CIPHERINIT_ERROR),"evp pbe cipherinit error"},
+{ERR_REASON(EVP_R_EXPECTING_AN_RSA_KEY) ,"expecting an rsa key"},
+{ERR_REASON(EVP_R_EXPECTING_A_DH_KEY) ,"expecting a dh key"},
+{ERR_REASON(EVP_R_EXPECTING_A_DSA_KEY) ,"expecting a dsa key"},
+{ERR_REASON(EVP_R_INITIALIZATION_ERROR) ,"initialization error"},
+{ERR_REASON(EVP_R_INPUT_NOT_INITIALIZED) ,"input not initialized"},
+{ERR_REASON(EVP_R_INVALID_KEY_LENGTH) ,"invalid key length"},
+{ERR_REASON(EVP_R_IV_TOO_LARGE) ,"iv too large"},
+{ERR_REASON(EVP_R_KEYGEN_FAILURE) ,"keygen failure"},
+{ERR_REASON(EVP_R_MISSING_PARAMETERS) ,"missing parameters"},
+{ERR_REASON(EVP_R_NO_CIPHER_SET) ,"no cipher set"},
+{ERR_REASON(EVP_R_NO_DIGEST_SET) ,"no digest set"},
+{ERR_REASON(EVP_R_NO_DSA_PARAMETERS) ,"no dsa parameters"},
+{ERR_REASON(EVP_R_NO_SIGN_FUNCTION_CONFIGURED),"no sign function configured"},
+{ERR_REASON(EVP_R_NO_VERIFY_FUNCTION_CONFIGURED),"no verify function configured"},
+{ERR_REASON(EVP_R_PKCS8_UNKNOWN_BROKEN_TYPE),"pkcs8 unknown broken type"},
+{ERR_REASON(EVP_R_PUBLIC_KEY_NOT_RSA) ,"public key not rsa"},
+{ERR_REASON(EVP_R_UNKNOWN_PBE_ALGORITHM) ,"unknown pbe algorithm"},
+{ERR_REASON(EVP_R_UNSUPORTED_NUMBER_OF_ROUNDS),"unsuported number of rounds"},
+{ERR_REASON(EVP_R_UNSUPPORTED_CIPHER) ,"unsupported cipher"},
+{ERR_REASON(EVP_R_UNSUPPORTED_KEYLENGTH) ,"unsupported keylength"},
+{ERR_REASON(EVP_R_UNSUPPORTED_KEY_DERIVATION_FUNCTION),"unsupported key derivation function"},
+{ERR_REASON(EVP_R_UNSUPPORTED_KEY_SIZE) ,"unsupported key size"},
+{ERR_REASON(EVP_R_UNSUPPORTED_PRF) ,"unsupported prf"},
+{ERR_REASON(EVP_R_UNSUPPORTED_PRIVATE_KEY_ALGORITHM),"unsupported private key algorithm"},
+{ERR_REASON(EVP_R_UNSUPPORTED_SALT_TYPE) ,"unsupported salt type"},
+{ERR_REASON(EVP_R_WRONG_FINAL_BLOCK_LENGTH),"wrong final block length"},
+{ERR_REASON(EVP_R_WRONG_PUBLIC_KEY_TYPE) ,"wrong public key type"},
{0,NULL}
};
@@ -159,8 +163,8 @@ void ERR_load_EVP_strings(void)
{
init=0;
#ifndef OPENSSL_NO_ERR
- ERR_load_strings(ERR_LIB_EVP,EVP_str_functs);
- ERR_load_strings(ERR_LIB_EVP,EVP_str_reasons);
+ ERR_load_strings(0,EVP_str_functs);
+ ERR_load_strings(0,EVP_str_reasons);
#endif
}
diff --git a/lib/libcrypto/evp/evp_key.c b/lib/libcrypto/evp/evp_key.c
index 5f387a94d32..f8650d5df69 100644
--- a/lib/libcrypto/evp/evp_key.c
+++ b/lib/libcrypto/evp/evp_key.c
@@ -126,7 +126,8 @@ int EVP_BytesToKey(const EVP_CIPHER *type, const EVP_MD *md,
EVP_MD_CTX_init(&c);
for (;;)
{
- EVP_DigestInit_ex(&c,md, NULL);
+ if (!EVP_DigestInit_ex(&c,md, NULL))
+ return 0;
if (addmd++)
EVP_DigestUpdate(&c,&(md_buf[0]),mds);
EVP_DigestUpdate(&c,data,datal);
diff --git a/lib/libcrypto/evp/m_dss1.c b/lib/libcrypto/evp/m_dss1.c
index f5668ebda0a..23b90d05386 100644
--- a/lib/libcrypto/evp/m_dss1.c
+++ b/lib/libcrypto/evp/m_dss1.c
@@ -67,7 +67,14 @@ static int init(EVP_MD_CTX *ctx)
{ return SHA1_Init(ctx->md_data); }
static int update(EVP_MD_CTX *ctx,const void *data,unsigned long count)
+#ifndef OPENSSL_FIPS
{ return SHA1_Update(ctx->md_data,data,count); }
+#else
+ {
+ OPENSSL_assert(sizeof(count)<=sizeof(size_t));
+ return SHA1_Update(ctx->md_data,data,count);
+ }
+#endif
static int final(EVP_MD_CTX *ctx,unsigned char *md)
{ return SHA1_Final(md,ctx->md_data); }
@@ -77,7 +84,7 @@ static const EVP_MD dss1_md=
NID_dsa,
NID_dsaWithSHA1,
SHA_DIGEST_LENGTH,
- 0,
+ EVP_MD_FLAG_FIPS,
init,
update,
final,
diff --git a/lib/libcrypto/evp/m_sha.c b/lib/libcrypto/evp/m_sha.c
index d1785e5f745..ed54909b162 100644
--- a/lib/libcrypto/evp/m_sha.c
+++ b/lib/libcrypto/evp/m_sha.c
@@ -59,6 +59,9 @@
#if !defined(OPENSSL_NO_SHA) && !defined(OPENSSL_NO_SHA0)
#include <stdio.h>
#include "cryptlib.h"
+/* Including sha.h prior evp.h masks FIPS SHA declarations, but that's
+ * exactly what we want to achieve here... */
+#include <openssl/sha.h>
#include <openssl/evp.h>
#include "evp_locl.h"
#include <openssl/objects.h>
diff --git a/lib/libcrypto/evp/m_sha1.c b/lib/libcrypto/evp/m_sha1.c
index fe4402389ae..60da93873c2 100644
--- a/lib/libcrypto/evp/m_sha1.c
+++ b/lib/libcrypto/evp/m_sha1.c
@@ -67,7 +67,14 @@ static int init(EVP_MD_CTX *ctx)
{ return SHA1_Init(ctx->md_data); }
static int update(EVP_MD_CTX *ctx,const void *data,unsigned long count)
+#ifndef OPENSSL_FIPS
{ return SHA1_Update(ctx->md_data,data,count); }
+#else
+ {
+ OPENSSL_assert(sizeof(count)<=sizeof(size_t));
+ return SHA1_Update(ctx->md_data,data,count);
+ }
+#endif
static int final(EVP_MD_CTX *ctx,unsigned char *md)
{ return SHA1_Final(md,ctx->md_data); }
@@ -93,3 +100,115 @@ const EVP_MD *EVP_sha1(void)
return(&sha1_md);
}
#endif
+
+#ifdef OPENSSL_FIPS
+#ifndef OPENSSL_NO_SHA256
+static int init224(EVP_MD_CTX *ctx)
+ { return SHA224_Init(ctx->md_data); }
+static int init256(EVP_MD_CTX *ctx)
+ { return SHA256_Init(ctx->md_data); }
+/*
+ * Even though there're separate SHA224_[Update|Final], we call
+ * SHA256 functions even in SHA224 context. This is what happens
+ * there anyway, so we can spare few CPU cycles:-)
+ */
+static int update256(EVP_MD_CTX *ctx,const void *data,unsigned long count)
+ {
+ OPENSSL_assert(sizeof(count)<=sizeof(size_t));
+ return SHA256_Update(ctx->md_data,data,count);
+ }
+static int final256(EVP_MD_CTX *ctx,unsigned char *md)
+ { return SHA256_Final(md,ctx->md_data); }
+
+static const EVP_MD sha224_md=
+ {
+ NID_sha224,
+ NID_sha224WithRSAEncryption,
+ SHA224_DIGEST_LENGTH,
+ EVP_MD_FLAG_FIPS,
+ init224,
+ update256,
+ final256,
+ NULL,
+ NULL,
+ EVP_PKEY_RSA_method,
+ SHA256_CBLOCK,
+ sizeof(EVP_MD *)+sizeof(SHA256_CTX),
+ };
+
+const EVP_MD *EVP_sha224(void)
+ { return(&sha224_md); }
+
+static const EVP_MD sha256_md=
+ {
+ NID_sha256,
+ NID_sha256WithRSAEncryption,
+ SHA256_DIGEST_LENGTH,
+ EVP_MD_FLAG_FIPS,
+ init256,
+ update256,
+ final256,
+ NULL,
+ NULL,
+ EVP_PKEY_RSA_method,
+ SHA256_CBLOCK,
+ sizeof(EVP_MD *)+sizeof(SHA256_CTX),
+ };
+
+const EVP_MD *EVP_sha256(void)
+ { return(&sha256_md); }
+#endif /* ifndef OPENSSL_NO_SHA256 */
+
+#ifndef OPENSSL_NO_SHA512
+static int init384(EVP_MD_CTX *ctx)
+ { return SHA384_Init(ctx->md_data); }
+static int init512(EVP_MD_CTX *ctx)
+ { return SHA512_Init(ctx->md_data); }
+/* See comment in SHA224/256 section */
+static int update512(EVP_MD_CTX *ctx,const void *data,unsigned long count)
+ {
+ OPENSSL_assert(sizeof(count)<=sizeof(size_t));
+ return SHA512_Update(ctx->md_data,data,count);
+ }
+static int final512(EVP_MD_CTX *ctx,unsigned char *md)
+ { return SHA512_Final(md,ctx->md_data); }
+
+static const EVP_MD sha384_md=
+ {
+ NID_sha384,
+ NID_sha384WithRSAEncryption,
+ SHA384_DIGEST_LENGTH,
+ EVP_MD_FLAG_FIPS,
+ init384,
+ update512,
+ final512,
+ NULL,
+ NULL,
+ EVP_PKEY_RSA_method,
+ SHA512_CBLOCK,
+ sizeof(EVP_MD *)+sizeof(SHA512_CTX),
+ };
+
+const EVP_MD *EVP_sha384(void)
+ { return(&sha384_md); }
+
+static const EVP_MD sha512_md=
+ {
+ NID_sha512,
+ NID_sha512WithRSAEncryption,
+ SHA512_DIGEST_LENGTH,
+ EVP_MD_FLAG_FIPS,
+ init512,
+ update512,
+ final512,
+ NULL,
+ NULL,
+ EVP_PKEY_RSA_method,
+ SHA512_CBLOCK,
+ sizeof(EVP_MD *)+sizeof(SHA512_CTX),
+ };
+
+const EVP_MD *EVP_sha512(void)
+ { return(&sha512_md); }
+#endif /* ifndef OPENSSL_NO_SHA512 */
+#endif /* ifdef OPENSSL_FIPS */
diff --git a/lib/libcrypto/evp/p5_crpt2.c b/lib/libcrypto/evp/p5_crpt2.c
index 1f94e1ef88b..1d5fabc4b2a 100644
--- a/lib/libcrypto/evp/p5_crpt2.c
+++ b/lib/libcrypto/evp/p5_crpt2.c
@@ -194,11 +194,16 @@ int PKCS5_v2_PBE_keyivgen(EVP_CIPHER_CTX *ctx, const char *pass, int passlen,
/* Now decode key derivation function */
+ if(!pbe2->keyfunc->parameter ||
+ (pbe2->keyfunc->parameter->type != V_ASN1_SEQUENCE))
+ {
+ EVPerr(EVP_F_PKCS5_V2_PBE_KEYIVGEN,EVP_R_DECODE_ERROR);
+ goto err;
+ }
+
pbuf = pbe2->keyfunc->parameter->value.sequence->data;
plen = pbe2->keyfunc->parameter->value.sequence->length;
- if(!pbe2->keyfunc->parameter ||
- (pbe2->keyfunc->parameter->type != V_ASN1_SEQUENCE) ||
- !(kdf = d2i_PBKDF2PARAM(NULL, &pbuf, plen)) ) {
+ if(!(kdf = d2i_PBKDF2PARAM(NULL, &pbuf, plen)) ) {
EVPerr(EVP_F_PKCS5_V2_PBE_KEYIVGEN,EVP_R_DECODE_ERROR);
goto err;
}
diff --git a/lib/libcrypto/hmac/hmac.c b/lib/libcrypto/hmac/hmac.c
index 06ee80761ff..6c110bd52bb 100644
--- a/lib/libcrypto/hmac/hmac.c
+++ b/lib/libcrypto/hmac/hmac.c
@@ -61,6 +61,8 @@
#include <openssl/hmac.h>
#include "cryptlib.h"
+#ifndef OPENSSL_FIPS
+
void HMAC_Init_ex(HMAC_CTX *ctx, const void *key, int len,
const EVP_MD *md, ENGINE *impl)
{
@@ -77,15 +79,6 @@ void HMAC_Init_ex(HMAC_CTX *ctx, const void *key, int len,
if (key != NULL)
{
-#ifdef OPENSSL_FIPS
- if (FIPS_mode() && !(md->flags & EVP_MD_FLAG_FIPS)
- && (!(ctx->md_ctx.flags & EVP_MD_CTX_FLAG_NON_FIPS_ALLOW)
- || !(ctx->i_ctx.flags & EVP_MD_CTX_FLAG_NON_FIPS_ALLOW)
- || !(ctx->o_ctx.flags & EVP_MD_CTX_FLAG_NON_FIPS_ALLOW)))
- OpenSSLDie(__FILE__,__LINE__,
- "HMAC: digest not allowed in FIPS mode");
-#endif
-
reset=1;
j=EVP_MD_block_size(md);
OPENSSL_assert(j <= sizeof ctx->key);
@@ -187,3 +180,4 @@ void HMAC_CTX_set_flags(HMAC_CTX *ctx, unsigned long flags)
EVP_MD_CTX_set_flags(&ctx->md_ctx, flags);
}
+#endif
diff --git a/lib/libcrypto/hmac/hmac.h b/lib/libcrypto/hmac/hmac.h
index 294ab3b36a0..c6489c04c85 100644
--- a/lib/libcrypto/hmac/hmac.h
+++ b/lib/libcrypto/hmac/hmac.h
@@ -64,7 +64,11 @@
#include <openssl/evp.h>
+#ifdef OPENSSL_FIPS
+#define HMAC_MAX_MD_CBLOCK 128
+#else
#define HMAC_MAX_MD_CBLOCK 64
+#endif
#ifdef __cplusplus
extern "C" {
diff --git a/lib/libcrypto/md2/md2_one.c b/lib/libcrypto/md2/md2_one.c
index 835160ef56d..8c36ba5779a 100644
--- a/lib/libcrypto/md2/md2_one.c
+++ b/lib/libcrypto/md2/md2_one.c
@@ -69,7 +69,8 @@ unsigned char *MD2(const unsigned char *d, unsigned long n, unsigned char *md)
static unsigned char m[MD2_DIGEST_LENGTH];
if (md == NULL) md=m;
- MD2_Init(&c);
+ if (!MD2_Init(&c))
+ return NULL;
#ifndef CHARSET_EBCDIC
MD2_Update(&c,d,n);
#else
diff --git a/lib/libcrypto/md4/md4_one.c b/lib/libcrypto/md4/md4_one.c
index 00565507e4b..50f79352f6b 100644
--- a/lib/libcrypto/md4/md4_one.c
+++ b/lib/libcrypto/md4/md4_one.c
@@ -71,7 +71,8 @@ unsigned char *MD4(const unsigned char *d, unsigned long n, unsigned char *md)
static unsigned char m[MD4_DIGEST_LENGTH];
if (md == NULL) md=m;
- MD4_Init(&c);
+ if (!MD4_Init(&c))
+ return NULL;
#ifndef CHARSET_EBCDIC
MD4_Update(&c,d,n);
#else
diff --git a/lib/libcrypto/md5/md5_one.c b/lib/libcrypto/md5/md5_one.c
index c5dd2d81db4..44c6c455d12 100644
--- a/lib/libcrypto/md5/md5_one.c
+++ b/lib/libcrypto/md5/md5_one.c
@@ -71,7 +71,8 @@ unsigned char *MD5(const unsigned char *d, unsigned long n, unsigned char *md)
static unsigned char m[MD5_DIGEST_LENGTH];
if (md == NULL) md=m;
- MD5_Init(&c);
+ if (!MD5_Init(&c))
+ return NULL;
#ifndef CHARSET_EBCDIC
MD5_Update(&c,d,n);
#else
diff --git a/lib/libcrypto/mdc2/Makefile b/lib/libcrypto/mdc2/Makefile
index 38c785bf959..b8e9a9a4fa2 100644
--- a/lib/libcrypto/mdc2/Makefile
+++ b/lib/libcrypto/mdc2/Makefile
@@ -1,5 +1,5 @@
#
-# SSLeay/crypto/mdc2/Makefile
+# OpenSSL/crypto/mdc2/Makefile
#
DIR= mdc2
diff --git a/lib/libcrypto/objects/obj_err.c b/lib/libcrypto/objects/obj_err.c
index 2b5f43e3ccd..0682979b381 100644
--- a/lib/libcrypto/objects/obj_err.c
+++ b/lib/libcrypto/objects/obj_err.c
@@ -1,6 +1,6 @@
/* crypto/objects/obj_err.c */
/* ====================================================================
- * Copyright (c) 1999-2004 The OpenSSL Project. All rights reserved.
+ * Copyright (c) 1999-2005 The OpenSSL Project. All rights reserved.
*
* Redistribution and use in source and binary forms, with or without
* modification, are permitted provided that the following conditions
@@ -64,22 +64,26 @@
/* BEGIN ERROR CODES */
#ifndef OPENSSL_NO_ERR
+
+#define ERR_FUNC(func) ERR_PACK(ERR_LIB_OBJ,func,0)
+#define ERR_REASON(reason) ERR_PACK(ERR_LIB_OBJ,0,reason)
+
static ERR_STRING_DATA OBJ_str_functs[]=
{
-{ERR_PACK(0,OBJ_F_OBJ_ADD_OBJECT,0), "OBJ_add_object"},
-{ERR_PACK(0,OBJ_F_OBJ_CREATE,0), "OBJ_create"},
-{ERR_PACK(0,OBJ_F_OBJ_DUP,0), "OBJ_dup"},
-{ERR_PACK(0,OBJ_F_OBJ_NAME_NEW_INDEX,0), "OBJ_NAME_new_index"},
-{ERR_PACK(0,OBJ_F_OBJ_NID2LN,0), "OBJ_nid2ln"},
-{ERR_PACK(0,OBJ_F_OBJ_NID2OBJ,0), "OBJ_nid2obj"},
-{ERR_PACK(0,OBJ_F_OBJ_NID2SN,0), "OBJ_nid2sn"},
+{ERR_FUNC(OBJ_F_OBJ_ADD_OBJECT), "OBJ_add_object"},
+{ERR_FUNC(OBJ_F_OBJ_CREATE), "OBJ_create"},
+{ERR_FUNC(OBJ_F_OBJ_DUP), "OBJ_dup"},
+{ERR_FUNC(OBJ_F_OBJ_NAME_NEW_INDEX), "OBJ_NAME_new_index"},
+{ERR_FUNC(OBJ_F_OBJ_NID2LN), "OBJ_nid2ln"},
+{ERR_FUNC(OBJ_F_OBJ_NID2OBJ), "OBJ_nid2obj"},
+{ERR_FUNC(OBJ_F_OBJ_NID2SN), "OBJ_nid2sn"},
{0,NULL}
};
static ERR_STRING_DATA OBJ_str_reasons[]=
{
-{OBJ_R_MALLOC_FAILURE ,"malloc failure"},
-{OBJ_R_UNKNOWN_NID ,"unknown nid"},
+{ERR_REASON(OBJ_R_MALLOC_FAILURE) ,"malloc failure"},
+{ERR_REASON(OBJ_R_UNKNOWN_NID) ,"unknown nid"},
{0,NULL}
};
@@ -93,8 +97,8 @@ void ERR_load_OBJ_strings(void)
{
init=0;
#ifndef OPENSSL_NO_ERR
- ERR_load_strings(ERR_LIB_OBJ,OBJ_str_functs);
- ERR_load_strings(ERR_LIB_OBJ,OBJ_str_reasons);
+ ERR_load_strings(0,OBJ_str_functs);
+ ERR_load_strings(0,OBJ_str_reasons);
#endif
}
diff --git a/lib/libcrypto/objects/obj_mac.num b/lib/libcrypto/objects/obj_mac.num
index 0e64a929bab..84555d936e8 100644
--- a/lib/libcrypto/objects/obj_mac.num
+++ b/lib/libcrypto/objects/obj_mac.num
@@ -287,9 +287,9 @@ qcStatements 286
ac_auditEntity 287
ac_targeting 288
aaControls 289
-sbqp_ipAddrBlock 290
-sbqp_autonomousSysNum 291
-sbqp_routerIdentifier 292
+sbgp_ipAddrBlock 290
+sbgp_autonomousSysNum 291
+sbgp_routerIdentifier 292
textNotice 293
ipsecEndSystem 294
ipsecTunnel 295
@@ -663,5 +663,13 @@ id_ppl 662
proxyCertInfo 663
id_ppl_anyLanguage 664
id_ppl_inheritAll 665
-id_ppl_independent 666
+name_constraints 666
Independent 667
+sha256WithRSAEncryption 668
+sha384WithRSAEncryption 669
+sha512WithRSAEncryption 670
+sha224WithRSAEncryption 671
+sha256 672
+sha384 673
+sha512 674
+sha224 675
diff --git a/lib/libcrypto/objects/objects.txt b/lib/libcrypto/objects/objects.txt
index 50e9031e61e..2635c4e6676 100644
--- a/lib/libcrypto/objects/objects.txt
+++ b/lib/libcrypto/objects/objects.txt
@@ -63,6 +63,11 @@ pkcs1 2 : RSA-MD2 : md2WithRSAEncryption
pkcs1 3 : RSA-MD4 : md4WithRSAEncryption
pkcs1 4 : RSA-MD5 : md5WithRSAEncryption
pkcs1 5 : RSA-SHA1 : sha1WithRSAEncryption
+# According to PKCS #1 version 2.1
+pkcs1 11 : RSA-SHA256 : sha256WithRSAEncryption
+pkcs1 12 : RSA-SHA384 : sha384WithRSAEncryption
+pkcs1 13 : RSA-SHA512 : sha512WithRSAEncryption
+pkcs1 14 : RSA-SHA224 : sha224WithRSAEncryption
pkcs 3 : pkcs3
pkcs3 1 : : dhKeyAgreement
@@ -341,9 +346,9 @@ id-pe 3 : qcStatements
id-pe 4 : ac-auditEntity
id-pe 5 : ac-targeting
id-pe 6 : aaControls
-id-pe 7 : sbqp-ipAddrBlock
-id-pe 8 : sbqp-autonomousSysNum
-id-pe 9 : sbqp-routerIdentifier
+id-pe 7 : sbgp-ipAddrBlock
+id-pe 8 : sbgp-autonomousSysNum
+id-pe 9 : sbgp-routerIdentifier
id-pe 10 : ac-proxying
!Cname sinfo-access
id-pe 11 : subjectInfoAccess : Subject Information Access
@@ -584,6 +589,8 @@ id-ce 21 : CRLReason : X509v3 CRL Reason Code
id-ce 24 : invalidityDate : Invalidity Date
!Cname delta-crl
id-ce 27 : deltaCRL : X509v3 Delta CRL Indicator
+!Cname name-constraints
+id-ce 30 : nameConstraints : X509v3 Name Constraints
!Cname crl-distribution-points
id-ce 31 : crlDistributionPoints : X509v3 CRL Distribution Points
!Cname certificate-policies
@@ -703,6 +710,13 @@ aes 44 : AES-256-CFB : aes-256-cfb
: DES-EDE3-CFB1 : des-ede3-cfb1
: DES-EDE3-CFB8 : des-ede3-cfb8
+# OIDs for SHA224, SHA256, SHA385 and SHA512, according to x9.84.
+!Alias nist_hashalgs nistAlgorithms 2
+nist_hashalgs 1 : SHA256 : sha256
+nist_hashalgs 2 : SHA384 : sha384
+nist_hashalgs 3 : SHA512 : sha512
+nist_hashalgs 4 : SHA224 : sha224
+
# Hold instruction CRL entry extension
!Cname hold-instruction-code
id-ce 23 : holdInstructionCode : Hold Instruction Code
diff --git a/lib/libcrypto/ocsp/ocsp_err.c b/lib/libcrypto/ocsp/ocsp_err.c
index 4c4d8306f8a..65e6093fbc0 100644
--- a/lib/libcrypto/ocsp/ocsp_err.c
+++ b/lib/libcrypto/ocsp/ocsp_err.c
@@ -1,6 +1,6 @@
/* crypto/ocsp/ocsp_err.c */
/* ====================================================================
- * Copyright (c) 1999 The OpenSSL Project. All rights reserved.
+ * Copyright (c) 1999-2005 The OpenSSL Project. All rights reserved.
*
* Redistribution and use in source and binary forms, with or without
* modification, are permitted provided that the following conditions
@@ -64,60 +64,64 @@
/* BEGIN ERROR CODES */
#ifndef OPENSSL_NO_ERR
+
+#define ERR_FUNC(func) ERR_PACK(ERR_LIB_OCSP,func,0)
+#define ERR_REASON(reason) ERR_PACK(ERR_LIB_OCSP,0,reason)
+
static ERR_STRING_DATA OCSP_str_functs[]=
{
-{ERR_PACK(0,OCSP_F_ASN1_STRING_ENCODE,0), "ASN1_STRING_encode"},
-{ERR_PACK(0,OCSP_F_CERT_ID_NEW,0), "CERT_ID_NEW"},
-{ERR_PACK(0,OCSP_F_D2I_OCSP_NONCE,0), "D2I_OCSP_NONCE"},
-{ERR_PACK(0,OCSP_F_OCSP_BASIC_ADD1_STATUS,0), "OCSP_basic_add1_status"},
-{ERR_PACK(0,OCSP_F_OCSP_BASIC_SIGN,0), "OCSP_basic_sign"},
-{ERR_PACK(0,OCSP_F_OCSP_BASIC_VERIFY,0), "OCSP_basic_verify"},
-{ERR_PACK(0,OCSP_F_OCSP_CHECK_DELEGATED,0), "OCSP_CHECK_DELEGATED"},
-{ERR_PACK(0,OCSP_F_OCSP_CHECK_IDS,0), "OCSP_CHECK_IDS"},
-{ERR_PACK(0,OCSP_F_OCSP_CHECK_ISSUER,0), "OCSP_CHECK_ISSUER"},
-{ERR_PACK(0,OCSP_F_OCSP_CHECK_VALIDITY,0), "OCSP_check_validity"},
-{ERR_PACK(0,OCSP_F_OCSP_MATCH_ISSUERID,0), "OCSP_MATCH_ISSUERID"},
-{ERR_PACK(0,OCSP_F_OCSP_PARSE_URL,0), "OCSP_parse_url"},
-{ERR_PACK(0,OCSP_F_OCSP_REQUEST_SIGN,0), "OCSP_request_sign"},
-{ERR_PACK(0,OCSP_F_OCSP_REQUEST_VERIFY,0), "OCSP_request_verify"},
-{ERR_PACK(0,OCSP_F_OCSP_RESPONSE_GET1_BASIC,0), "OCSP_response_get1_basic"},
-{ERR_PACK(0,OCSP_F_OCSP_SENDREQ_BIO,0), "OCSP_sendreq_bio"},
-{ERR_PACK(0,OCSP_F_REQUEST_VERIFY,0), "REQUEST_VERIFY"},
+{ERR_FUNC(OCSP_F_ASN1_STRING_ENCODE), "ASN1_STRING_encode"},
+{ERR_FUNC(OCSP_F_CERT_ID_NEW), "CERT_ID_NEW"},
+{ERR_FUNC(OCSP_F_D2I_OCSP_NONCE), "D2I_OCSP_NONCE"},
+{ERR_FUNC(OCSP_F_OCSP_BASIC_ADD1_STATUS), "OCSP_basic_add1_status"},
+{ERR_FUNC(OCSP_F_OCSP_BASIC_SIGN), "OCSP_basic_sign"},
+{ERR_FUNC(OCSP_F_OCSP_BASIC_VERIFY), "OCSP_basic_verify"},
+{ERR_FUNC(OCSP_F_OCSP_CHECK_DELEGATED), "OCSP_CHECK_DELEGATED"},
+{ERR_FUNC(OCSP_F_OCSP_CHECK_IDS), "OCSP_CHECK_IDS"},
+{ERR_FUNC(OCSP_F_OCSP_CHECK_ISSUER), "OCSP_CHECK_ISSUER"},
+{ERR_FUNC(OCSP_F_OCSP_CHECK_VALIDITY), "OCSP_check_validity"},
+{ERR_FUNC(OCSP_F_OCSP_MATCH_ISSUERID), "OCSP_MATCH_ISSUERID"},
+{ERR_FUNC(OCSP_F_OCSP_PARSE_URL), "OCSP_parse_url"},
+{ERR_FUNC(OCSP_F_OCSP_REQUEST_SIGN), "OCSP_request_sign"},
+{ERR_FUNC(OCSP_F_OCSP_REQUEST_VERIFY), "OCSP_request_verify"},
+{ERR_FUNC(OCSP_F_OCSP_RESPONSE_GET1_BASIC), "OCSP_response_get1_basic"},
+{ERR_FUNC(OCSP_F_OCSP_SENDREQ_BIO), "OCSP_sendreq_bio"},
+{ERR_FUNC(OCSP_F_REQUEST_VERIFY), "REQUEST_VERIFY"},
{0,NULL}
};
static ERR_STRING_DATA OCSP_str_reasons[]=
{
-{OCSP_R_BAD_DATA ,"bad data"},
-{OCSP_R_CERTIFICATE_VERIFY_ERROR ,"certificate verify error"},
-{OCSP_R_DIGEST_ERR ,"digest err"},
-{OCSP_R_ERROR_IN_NEXTUPDATE_FIELD ,"error in nextupdate field"},
-{OCSP_R_ERROR_IN_THISUPDATE_FIELD ,"error in thisupdate field"},
-{OCSP_R_ERROR_PARSING_URL ,"error parsing url"},
-{OCSP_R_MISSING_OCSPSIGNING_USAGE ,"missing ocspsigning usage"},
-{OCSP_R_NEXTUPDATE_BEFORE_THISUPDATE ,"nextupdate before thisupdate"},
-{OCSP_R_NOT_BASIC_RESPONSE ,"not basic response"},
-{OCSP_R_NO_CERTIFICATES_IN_CHAIN ,"no certificates in chain"},
-{OCSP_R_NO_CONTENT ,"no content"},
-{OCSP_R_NO_PUBLIC_KEY ,"no public key"},
-{OCSP_R_NO_RESPONSE_DATA ,"no response data"},
-{OCSP_R_NO_REVOKED_TIME ,"no revoked time"},
-{OCSP_R_PRIVATE_KEY_DOES_NOT_MATCH_CERTIFICATE,"private key does not match certificate"},
-{OCSP_R_REQUEST_NOT_SIGNED ,"request not signed"},
-{OCSP_R_RESPONSE_CONTAINS_NO_REVOCATION_DATA,"response contains no revocation data"},
-{OCSP_R_ROOT_CA_NOT_TRUSTED ,"root ca not trusted"},
-{OCSP_R_SERVER_READ_ERROR ,"server read error"},
-{OCSP_R_SERVER_RESPONSE_ERROR ,"server response error"},
-{OCSP_R_SERVER_RESPONSE_PARSE_ERROR ,"server response parse error"},
-{OCSP_R_SERVER_WRITE_ERROR ,"server write error"},
-{OCSP_R_SIGNATURE_FAILURE ,"signature failure"},
-{OCSP_R_SIGNER_CERTIFICATE_NOT_FOUND ,"signer certificate not found"},
-{OCSP_R_STATUS_EXPIRED ,"status expired"},
-{OCSP_R_STATUS_NOT_YET_VALID ,"status not yet valid"},
-{OCSP_R_STATUS_TOO_OLD ,"status too old"},
-{OCSP_R_UNKNOWN_MESSAGE_DIGEST ,"unknown message digest"},
-{OCSP_R_UNKNOWN_NID ,"unknown nid"},
-{OCSP_R_UNSUPPORTED_REQUESTORNAME_TYPE ,"unsupported requestorname type"},
+{ERR_REASON(OCSP_R_BAD_DATA) ,"bad data"},
+{ERR_REASON(OCSP_R_CERTIFICATE_VERIFY_ERROR),"certificate verify error"},
+{ERR_REASON(OCSP_R_DIGEST_ERR) ,"digest err"},
+{ERR_REASON(OCSP_R_ERROR_IN_NEXTUPDATE_FIELD),"error in nextupdate field"},
+{ERR_REASON(OCSP_R_ERROR_IN_THISUPDATE_FIELD),"error in thisupdate field"},
+{ERR_REASON(OCSP_R_ERROR_PARSING_URL) ,"error parsing url"},
+{ERR_REASON(OCSP_R_MISSING_OCSPSIGNING_USAGE),"missing ocspsigning usage"},
+{ERR_REASON(OCSP_R_NEXTUPDATE_BEFORE_THISUPDATE),"nextupdate before thisupdate"},
+{ERR_REASON(OCSP_R_NOT_BASIC_RESPONSE) ,"not basic response"},
+{ERR_REASON(OCSP_R_NO_CERTIFICATES_IN_CHAIN),"no certificates in chain"},
+{ERR_REASON(OCSP_R_NO_CONTENT) ,"no content"},
+{ERR_REASON(OCSP_R_NO_PUBLIC_KEY) ,"no public key"},
+{ERR_REASON(OCSP_R_NO_RESPONSE_DATA) ,"no response data"},
+{ERR_REASON(OCSP_R_NO_REVOKED_TIME) ,"no revoked time"},
+{ERR_REASON(OCSP_R_PRIVATE_KEY_DOES_NOT_MATCH_CERTIFICATE),"private key does not match certificate"},
+{ERR_REASON(OCSP_R_REQUEST_NOT_SIGNED) ,"request not signed"},
+{ERR_REASON(OCSP_R_RESPONSE_CONTAINS_NO_REVOCATION_DATA),"response contains no revocation data"},
+{ERR_REASON(OCSP_R_ROOT_CA_NOT_TRUSTED) ,"root ca not trusted"},
+{ERR_REASON(OCSP_R_SERVER_READ_ERROR) ,"server read error"},
+{ERR_REASON(OCSP_R_SERVER_RESPONSE_ERROR),"server response error"},
+{ERR_REASON(OCSP_R_SERVER_RESPONSE_PARSE_ERROR),"server response parse error"},
+{ERR_REASON(OCSP_R_SERVER_WRITE_ERROR) ,"server write error"},
+{ERR_REASON(OCSP_R_SIGNATURE_FAILURE) ,"signature failure"},
+{ERR_REASON(OCSP_R_SIGNER_CERTIFICATE_NOT_FOUND),"signer certificate not found"},
+{ERR_REASON(OCSP_R_STATUS_EXPIRED) ,"status expired"},
+{ERR_REASON(OCSP_R_STATUS_NOT_YET_VALID) ,"status not yet valid"},
+{ERR_REASON(OCSP_R_STATUS_TOO_OLD) ,"status too old"},
+{ERR_REASON(OCSP_R_UNKNOWN_MESSAGE_DIGEST),"unknown message digest"},
+{ERR_REASON(OCSP_R_UNKNOWN_NID) ,"unknown nid"},
+{ERR_REASON(OCSP_R_UNSUPPORTED_REQUESTORNAME_TYPE),"unsupported requestorname type"},
{0,NULL}
};
@@ -131,8 +135,8 @@ void ERR_load_OCSP_strings(void)
{
init=0;
#ifndef OPENSSL_NO_ERR
- ERR_load_strings(ERR_LIB_OCSP,OCSP_str_functs);
- ERR_load_strings(ERR_LIB_OCSP,OCSP_str_reasons);
+ ERR_load_strings(0,OCSP_str_functs);
+ ERR_load_strings(0,OCSP_str_reasons);
#endif
}
diff --git a/lib/libcrypto/opensslv.h b/lib/libcrypto/opensslv.h
index 5d5f688edd7..e50c1baf004 100644
--- a/lib/libcrypto/opensslv.h
+++ b/lib/libcrypto/opensslv.h
@@ -25,11 +25,11 @@
* (Prior to 0.9.5a beta1, a different scheme was used: MMNNFFRBB for
* major minor fix final patch/beta)
*/
-#define OPENSSL_VERSION_NUMBER 0x0090707fL
+#define OPENSSL_VERSION_NUMBER 0x009070afL
#ifdef OPENSSL_FIPS
-#define OPENSSL_VERSION_TEXT "OpenSSL 0.9.7g-fips 11 Apr 2005"
+#define OPENSSL_VERSION_TEXT "OpenSSL 0.9.7j-fips 04 May 2006"
#else
-#define OPENSSL_VERSION_TEXT "OpenSSL 0.9.7g 11 Apr 2005"
+#define OPENSSL_VERSION_TEXT "OpenSSL 0.9.7j 04 May 2006"
#endif
#define OPENSSL_VERSION_PTEXT " part of " OPENSSL_VERSION_TEXT
diff --git a/lib/libcrypto/pem/pem_err.c b/lib/libcrypto/pem/pem_err.c
index 3b39b84d66e..8527028ebc9 100644
--- a/lib/libcrypto/pem/pem_err.c
+++ b/lib/libcrypto/pem/pem_err.c
@@ -1,6 +1,6 @@
/* crypto/pem/pem_err.c */
/* ====================================================================
- * Copyright (c) 1999 The OpenSSL Project. All rights reserved.
+ * Copyright (c) 1999-2005 The OpenSSL Project. All rights reserved.
*
* Redistribution and use in source and binary forms, with or without
* modification, are permitted provided that the following conditions
@@ -64,52 +64,56 @@
/* BEGIN ERROR CODES */
#ifndef OPENSSL_NO_ERR
+
+#define ERR_FUNC(func) ERR_PACK(ERR_LIB_PEM,func,0)
+#define ERR_REASON(reason) ERR_PACK(ERR_LIB_PEM,0,reason)
+
static ERR_STRING_DATA PEM_str_functs[]=
{
-{ERR_PACK(0,PEM_F_D2I_PKCS8PRIVATEKEY_BIO,0), "d2i_PKCS8PrivateKey_bio"},
-{ERR_PACK(0,PEM_F_D2I_PKCS8PRIVATEKEY_FP,0), "d2i_PKCS8PrivateKey_fp"},
-{ERR_PACK(0,PEM_F_DEF_CALLBACK,0), "DEF_CALLBACK"},
-{ERR_PACK(0,PEM_F_LOAD_IV,0), "LOAD_IV"},
-{ERR_PACK(0,PEM_F_PEM_ASN1_READ,0), "PEM_ASN1_read"},
-{ERR_PACK(0,PEM_F_PEM_ASN1_READ_BIO,0), "PEM_ASN1_read_bio"},
-{ERR_PACK(0,PEM_F_PEM_ASN1_WRITE,0), "PEM_ASN1_write"},
-{ERR_PACK(0,PEM_F_PEM_ASN1_WRITE_BIO,0), "PEM_ASN1_write_bio"},
-{ERR_PACK(0,PEM_F_PEM_DO_HEADER,0), "PEM_do_header"},
-{ERR_PACK(0,PEM_F_PEM_F_DO_PK8KEY_FP,0), "PEM_F_DO_PK8KEY_FP"},
-{ERR_PACK(0,PEM_F_PEM_F_PEM_WRITE_PKCS8PRIVATEKEY,0), "PEM_F_PEM_WRITE_PKCS8PRIVATEKEY"},
-{ERR_PACK(0,PEM_F_PEM_GET_EVP_CIPHER_INFO,0), "PEM_get_EVP_CIPHER_INFO"},
-{ERR_PACK(0,PEM_F_PEM_READ,0), "PEM_read"},
-{ERR_PACK(0,PEM_F_PEM_READ_BIO,0), "PEM_read_bio"},
-{ERR_PACK(0,PEM_F_PEM_SEALFINAL,0), "PEM_SealFinal"},
-{ERR_PACK(0,PEM_F_PEM_SEALINIT,0), "PEM_SealInit"},
-{ERR_PACK(0,PEM_F_PEM_SIGNFINAL,0), "PEM_SignFinal"},
-{ERR_PACK(0,PEM_F_PEM_WRITE,0), "PEM_write"},
-{ERR_PACK(0,PEM_F_PEM_WRITE_BIO,0), "PEM_write_bio"},
-{ERR_PACK(0,PEM_F_PEM_WRITE_BIO_PKCS8PRIVATEKEY,0), "PEM_write_bio_PKCS8PrivateKey"},
-{ERR_PACK(0,PEM_F_PEM_X509_INFO_READ,0), "PEM_X509_INFO_read"},
-{ERR_PACK(0,PEM_F_PEM_X509_INFO_READ_BIO,0), "PEM_X509_INFO_read_bio"},
-{ERR_PACK(0,PEM_F_PEM_X509_INFO_WRITE_BIO,0), "PEM_X509_INFO_write_bio"},
+{ERR_FUNC(PEM_F_D2I_PKCS8PRIVATEKEY_BIO), "d2i_PKCS8PrivateKey_bio"},
+{ERR_FUNC(PEM_F_D2I_PKCS8PRIVATEKEY_FP), "d2i_PKCS8PrivateKey_fp"},
+{ERR_FUNC(PEM_F_DEF_CALLBACK), "DEF_CALLBACK"},
+{ERR_FUNC(PEM_F_LOAD_IV), "LOAD_IV"},
+{ERR_FUNC(PEM_F_PEM_ASN1_READ), "PEM_ASN1_read"},
+{ERR_FUNC(PEM_F_PEM_ASN1_READ_BIO), "PEM_ASN1_read_bio"},
+{ERR_FUNC(PEM_F_PEM_ASN1_WRITE), "PEM_ASN1_write"},
+{ERR_FUNC(PEM_F_PEM_ASN1_WRITE_BIO), "PEM_ASN1_write_bio"},
+{ERR_FUNC(PEM_F_PEM_DO_HEADER), "PEM_do_header"},
+{ERR_FUNC(PEM_F_PEM_F_DO_PK8KEY_FP), "PEM_F_DO_PK8KEY_FP"},
+{ERR_FUNC(PEM_F_PEM_F_PEM_WRITE_PKCS8PRIVATEKEY), "PEM_F_PEM_WRITE_PKCS8PRIVATEKEY"},
+{ERR_FUNC(PEM_F_PEM_GET_EVP_CIPHER_INFO), "PEM_get_EVP_CIPHER_INFO"},
+{ERR_FUNC(PEM_F_PEM_READ), "PEM_read"},
+{ERR_FUNC(PEM_F_PEM_READ_BIO), "PEM_read_bio"},
+{ERR_FUNC(PEM_F_PEM_SEALFINAL), "PEM_SealFinal"},
+{ERR_FUNC(PEM_F_PEM_SEALINIT), "PEM_SealInit"},
+{ERR_FUNC(PEM_F_PEM_SIGNFINAL), "PEM_SignFinal"},
+{ERR_FUNC(PEM_F_PEM_WRITE), "PEM_write"},
+{ERR_FUNC(PEM_F_PEM_WRITE_BIO), "PEM_write_bio"},
+{ERR_FUNC(PEM_F_PEM_WRITE_BIO_PKCS8PRIVATEKEY), "PEM_write_bio_PKCS8PrivateKey"},
+{ERR_FUNC(PEM_F_PEM_X509_INFO_READ), "PEM_X509_INFO_read"},
+{ERR_FUNC(PEM_F_PEM_X509_INFO_READ_BIO), "PEM_X509_INFO_read_bio"},
+{ERR_FUNC(PEM_F_PEM_X509_INFO_WRITE_BIO), "PEM_X509_INFO_write_bio"},
{0,NULL}
};
static ERR_STRING_DATA PEM_str_reasons[]=
{
-{PEM_R_BAD_BASE64_DECODE ,"bad base64 decode"},
-{PEM_R_BAD_DECRYPT ,"bad decrypt"},
-{PEM_R_BAD_END_LINE ,"bad end line"},
-{PEM_R_BAD_IV_CHARS ,"bad iv chars"},
-{PEM_R_BAD_PASSWORD_READ ,"bad password read"},
-{PEM_R_ERROR_CONVERTING_PRIVATE_KEY ,"error converting private key"},
-{PEM_R_NOT_DEK_INFO ,"not dek info"},
-{PEM_R_NOT_ENCRYPTED ,"not encrypted"},
-{PEM_R_NOT_PROC_TYPE ,"not proc type"},
-{PEM_R_NO_START_LINE ,"no start line"},
-{PEM_R_PROBLEMS_GETTING_PASSWORD ,"problems getting password"},
-{PEM_R_PUBLIC_KEY_NO_RSA ,"public key no rsa"},
-{PEM_R_READ_KEY ,"read key"},
-{PEM_R_SHORT_HEADER ,"short header"},
-{PEM_R_UNSUPPORTED_CIPHER ,"unsupported cipher"},
-{PEM_R_UNSUPPORTED_ENCRYPTION ,"unsupported encryption"},
+{ERR_REASON(PEM_R_BAD_BASE64_DECODE) ,"bad base64 decode"},
+{ERR_REASON(PEM_R_BAD_DECRYPT) ,"bad decrypt"},
+{ERR_REASON(PEM_R_BAD_END_LINE) ,"bad end line"},
+{ERR_REASON(PEM_R_BAD_IV_CHARS) ,"bad iv chars"},
+{ERR_REASON(PEM_R_BAD_PASSWORD_READ) ,"bad password read"},
+{ERR_REASON(PEM_R_ERROR_CONVERTING_PRIVATE_KEY),"error converting private key"},
+{ERR_REASON(PEM_R_NOT_DEK_INFO) ,"not dek info"},
+{ERR_REASON(PEM_R_NOT_ENCRYPTED) ,"not encrypted"},
+{ERR_REASON(PEM_R_NOT_PROC_TYPE) ,"not proc type"},
+{ERR_REASON(PEM_R_NO_START_LINE) ,"no start line"},
+{ERR_REASON(PEM_R_PROBLEMS_GETTING_PASSWORD),"problems getting password"},
+{ERR_REASON(PEM_R_PUBLIC_KEY_NO_RSA) ,"public key no rsa"},
+{ERR_REASON(PEM_R_READ_KEY) ,"read key"},
+{ERR_REASON(PEM_R_SHORT_HEADER) ,"short header"},
+{ERR_REASON(PEM_R_UNSUPPORTED_CIPHER) ,"unsupported cipher"},
+{ERR_REASON(PEM_R_UNSUPPORTED_ENCRYPTION),"unsupported encryption"},
{0,NULL}
};
@@ -123,8 +127,8 @@ void ERR_load_PEM_strings(void)
{
init=0;
#ifndef OPENSSL_NO_ERR
- ERR_load_strings(ERR_LIB_PEM,PEM_str_functs);
- ERR_load_strings(ERR_LIB_PEM,PEM_str_reasons);
+ ERR_load_strings(0,PEM_str_functs);
+ ERR_load_strings(0,PEM_str_reasons);
#endif
}
diff --git a/lib/libcrypto/perlasm/x86asm.pl b/lib/libcrypto/perlasm/x86asm.pl
index 60233f80e85..c3de90c65d7 100644
--- a/lib/libcrypto/perlasm/x86asm.pl
+++ b/lib/libcrypto/perlasm/x86asm.pl
@@ -96,7 +96,7 @@ $tmp
#ifdef OUT
#define OK 1
#define ALIGN 4
-#if defined(__CYGWIN__) || defined(__DJGPP__)
+#if defined(__CYGWIN__) || defined(__DJGPP__) || defined(__MINGW32__)
#undef SIZE
#undef TYPE
#define SIZE(a,b)
diff --git a/lib/libcrypto/perlasm/x86nasm.pl b/lib/libcrypto/perlasm/x86nasm.pl
index 5009acb4b31..4bdb3fe1809 100644
--- a/lib/libcrypto/perlasm/x86nasm.pl
+++ b/lib/libcrypto/perlasm/x86nasm.pl
@@ -221,7 +221,15 @@ sub using486
sub main'file
{
- push(@out, "segment .text use32\n");
+ local $tmp;
+ $tmp=<<___;
+%ifdef __omf__
+section code use32 class=code
+%else
+section .text
+%endif
+___
+ push(@out,$tmp);
}
sub main'function_begin
diff --git a/lib/libcrypto/pkcs12/p12_add.c b/lib/libcrypto/pkcs12/p12_add.c
index 1909f285065..27015dd8c30 100644
--- a/lib/libcrypto/pkcs12/p12_add.c
+++ b/lib/libcrypto/pkcs12/p12_add.c
@@ -148,7 +148,11 @@ PKCS7 *PKCS12_pack_p7data(STACK_OF(PKCS12_SAFEBAG) *sk)
/* Unpack SAFEBAGS from PKCS#7 data ContentInfo */
STACK_OF(PKCS12_SAFEBAG) *PKCS12_unpack_p7data(PKCS7 *p7)
{
- if(!PKCS7_type_is_data(p7)) return NULL;
+ if(!PKCS7_type_is_data(p7))
+ {
+ PKCS12err(PKCS12_F_PKCS12_UNPACK_P7DATA,PKCS12_R_CONTENT_TYPE_NOT_DATA);
+ return NULL;
+ }
return ASN1_item_unpack(p7->d.data, ASN1_ITEM_rptr(PKCS12_SAFEBAGS));
}
@@ -211,5 +215,10 @@ int PKCS12_pack_authsafes(PKCS12 *p12, STACK_OF(PKCS7) *safes)
STACK_OF(PKCS7) *PKCS12_unpack_authsafes(PKCS12 *p12)
{
+ if (!PKCS7_type_is_data(p12->authsafes))
+ {
+ PKCS12err(PKCS12_F_PKCS12_UNPACK_AUTHSAFES,PKCS12_R_CONTENT_TYPE_NOT_DATA);
+ return NULL;
+ }
return ASN1_item_unpack(p12->authsafes->d.data, ASN1_ITEM_rptr(PKCS12_AUTHSAFES));
}
diff --git a/lib/libcrypto/pkcs12/p12_crt.c b/lib/libcrypto/pkcs12/p12_crt.c
index 4c36c643ce6..40340a7bef6 100644
--- a/lib/libcrypto/pkcs12/p12_crt.c
+++ b/lib/libcrypto/pkcs12/p12_crt.c
@@ -76,7 +76,15 @@ PKCS12 *PKCS12_create(char *pass, char *name, EVP_PKEY *pkey, X509 *cert,
unsigned int keyidlen;
/* Set defaults */
- if(!nid_cert) nid_cert = NID_pbe_WithSHA1And40BitRC2_CBC;
+ if(!nid_cert)
+ {
+#ifdef OPENSSL_FIPS
+ if (FIPS_mode())
+ nid_cert = NID_pbe_WithSHA1And3_Key_TripleDES_CBC;
+ else
+#endif
+ nid_cert = NID_pbe_WithSHA1And40BitRC2_CBC;
+ }
if(!nid_key) nid_key = NID_pbe_WithSHA1And3_Key_TripleDES_CBC;
if(!iter) iter = PKCS12_DEFAULT_ITER;
if(!mac_iter) mac_iter = 1;
diff --git a/lib/libcrypto/pkcs12/p12_mutl.c b/lib/libcrypto/pkcs12/p12_mutl.c
index 4886b9b2899..140d21155e7 100644
--- a/lib/libcrypto/pkcs12/p12_mutl.c
+++ b/lib/libcrypto/pkcs12/p12_mutl.c
@@ -72,6 +72,12 @@ int PKCS12_gen_mac (PKCS12 *p12, const char *pass, int passlen,
unsigned char key[PKCS12_MAC_KEY_LENGTH], *salt;
int saltlen, iter;
+ if (!PKCS7_type_is_data(p12->authsafes))
+ {
+ PKCS12err(PKCS12_F_PKCS12_GEN_MAC,PKCS12_R_CONTENT_TYPE_NOT_DATA);
+ return 0;
+ }
+
salt = p12->mac->salt->data;
saltlen = p12->mac->salt->length;
if (!p12->mac->iter) iter = 1;
diff --git a/lib/libcrypto/pkcs12/pk12err.c b/lib/libcrypto/pkcs12/pk12err.c
index 10ab80502c1..a33b37b1c79 100644
--- a/lib/libcrypto/pkcs12/pk12err.c
+++ b/lib/libcrypto/pkcs12/pk12err.c
@@ -1,6 +1,6 @@
/* crypto/pkcs12/pk12err.c */
/* ====================================================================
- * Copyright (c) 1999 The OpenSSL Project. All rights reserved.
+ * Copyright (c) 1999-2005 The OpenSSL Project. All rights reserved.
*
* Redistribution and use in source and binary forms, with or without
* modification, are permitted provided that the following conditions
@@ -64,60 +64,67 @@
/* BEGIN ERROR CODES */
#ifndef OPENSSL_NO_ERR
+
+#define ERR_FUNC(func) ERR_PACK(ERR_LIB_PKCS12,func,0)
+#define ERR_REASON(reason) ERR_PACK(ERR_LIB_PKCS12,0,reason)
+
static ERR_STRING_DATA PKCS12_str_functs[]=
{
-{ERR_PACK(0,PKCS12_F_PARSE_BAGS,0), "PARSE_BAGS"},
-{ERR_PACK(0,PKCS12_F_PKCS12_ADD_FRIENDLYNAME,0), "PKCS12_ADD_FRIENDLYNAME"},
-{ERR_PACK(0,PKCS12_F_PKCS12_ADD_FRIENDLYNAME_ASC,0), "PKCS12_add_friendlyname_asc"},
-{ERR_PACK(0,PKCS12_F_PKCS12_ADD_FRIENDLYNAME_UNI,0), "PKCS12_add_friendlyname_uni"},
-{ERR_PACK(0,PKCS12_F_PKCS12_ADD_LOCALKEYID,0), "PKCS12_add_localkeyid"},
-{ERR_PACK(0,PKCS12_F_PKCS12_CREATE,0), "PKCS12_create"},
-{ERR_PACK(0,PKCS12_F_PKCS12_DECRYPT_D2I,0), "PKCS12_decrypt_d2i"},
-{ERR_PACK(0,PKCS12_F_PKCS12_GEN_MAC,0), "PKCS12_gen_mac"},
-{ERR_PACK(0,PKCS12_F_PKCS12_I2D_ENCRYPT,0), "PKCS12_i2d_encrypt"},
-{ERR_PACK(0,PKCS12_F_PKCS12_INIT,0), "PKCS12_init"},
-{ERR_PACK(0,PKCS12_F_PKCS12_KEY_GEN_ASC,0), "PKCS12_key_gen_asc"},
-{ERR_PACK(0,PKCS12_F_PKCS12_KEY_GEN_UNI,0), "PKCS12_key_gen_uni"},
-{ERR_PACK(0,PKCS12_F_PKCS12_MAKE_KEYBAG,0), "PKCS12_MAKE_KEYBAG"},
-{ERR_PACK(0,PKCS12_F_PKCS12_MAKE_SHKEYBAG,0), "PKCS12_MAKE_SHKEYBAG"},
-{ERR_PACK(0,PKCS12_F_PKCS12_NEWPASS,0), "PKCS12_newpass"},
-{ERR_PACK(0,PKCS12_F_PKCS12_PACK_P7DATA,0), "PKCS12_pack_p7data"},
-{ERR_PACK(0,PKCS12_F_PKCS12_PACK_P7ENCDATA,0), "PKCS12_pack_p7encdata"},
-{ERR_PACK(0,PKCS12_F_PKCS12_PACK_SAFEBAG,0), "PKCS12_pack_safebag"},
-{ERR_PACK(0,PKCS12_F_PKCS12_PARSE,0), "PKCS12_parse"},
-{ERR_PACK(0,PKCS12_F_PKCS12_PBE_CRYPT,0), "PKCS12_pbe_crypt"},
-{ERR_PACK(0,PKCS12_F_PKCS12_PBE_KEYIVGEN,0), "PKCS12_PBE_keyivgen"},
-{ERR_PACK(0,PKCS12_F_PKCS12_SETUP_MAC,0), "PKCS12_setup_mac"},
-{ERR_PACK(0,PKCS12_F_PKCS12_SET_MAC,0), "PKCS12_set_mac"},
-{ERR_PACK(0,PKCS12_F_PKCS8_ADD_KEYUSAGE,0), "PKCS8_add_keyusage"},
-{ERR_PACK(0,PKCS12_F_PKCS8_ENCRYPT,0), "PKCS8_encrypt"},
-{ERR_PACK(0,PKCS12_F_VERIFY_MAC,0), "VERIFY_MAC"},
+{ERR_FUNC(PKCS12_F_PARSE_BAGS), "PARSE_BAGS"},
+{ERR_FUNC(PKCS12_F_PKCS12_ADD_FRIENDLYNAME), "PKCS12_ADD_FRIENDLYNAME"},
+{ERR_FUNC(PKCS12_F_PKCS12_ADD_FRIENDLYNAME_ASC), "PKCS12_add_friendlyname_asc"},
+{ERR_FUNC(PKCS12_F_PKCS12_ADD_FRIENDLYNAME_UNI), "PKCS12_add_friendlyname_uni"},
+{ERR_FUNC(PKCS12_F_PKCS12_ADD_LOCALKEYID), "PKCS12_add_localkeyid"},
+{ERR_FUNC(PKCS12_F_PKCS12_CREATE), "PKCS12_create"},
+{ERR_FUNC(PKCS12_F_PKCS12_DECRYPT_D2I), "PKCS12_DECRYPT_D2I"},
+{ERR_FUNC(PKCS12_F_PKCS12_GEN_MAC), "PKCS12_gen_mac"},
+{ERR_FUNC(PKCS12_F_PKCS12_I2D_ENCRYPT), "PKCS12_I2D_ENCRYPT"},
+{ERR_FUNC(PKCS12_F_PKCS12_INIT), "PKCS12_init"},
+{ERR_FUNC(PKCS12_F_PKCS12_KEY_GEN_ASC), "PKCS12_key_gen_asc"},
+{ERR_FUNC(PKCS12_F_PKCS12_KEY_GEN_UNI), "PKCS12_key_gen_uni"},
+{ERR_FUNC(PKCS12_F_PKCS12_MAKE_KEYBAG), "PKCS12_MAKE_KEYBAG"},
+{ERR_FUNC(PKCS12_F_PKCS12_MAKE_SHKEYBAG), "PKCS12_MAKE_SHKEYBAG"},
+{ERR_FUNC(PKCS12_F_PKCS12_NEWPASS), "PKCS12_newpass"},
+{ERR_FUNC(PKCS12_F_PKCS12_PACK_P7DATA), "PKCS12_pack_p7data"},
+{ERR_FUNC(PKCS12_F_PKCS12_PACK_P7ENCDATA), "PKCS12_pack_p7encdata"},
+{ERR_FUNC(PKCS12_F_PKCS12_PACK_SAFEBAG), "PKCS12_PACK_SAFEBAG"},
+{ERR_FUNC(PKCS12_F_PKCS12_PARSE), "PKCS12_parse"},
+{ERR_FUNC(PKCS12_F_PKCS12_PBE_CRYPT), "PKCS12_pbe_crypt"},
+{ERR_FUNC(PKCS12_F_PKCS12_PBE_KEYIVGEN), "PKCS12_PBE_keyivgen"},
+{ERR_FUNC(PKCS12_F_PKCS12_SETUP_MAC), "PKCS12_setup_mac"},
+{ERR_FUNC(PKCS12_F_PKCS12_SET_MAC), "PKCS12_set_mac"},
+{ERR_FUNC(PKCS12_F_PKCS12_UNPACK_AUTHSAFES), "PKCS12_unpack_authsafes"},
+{ERR_FUNC(PKCS12_F_PKCS12_UNPACK_P7DATA), "PKCS12_unpack_p7data"},
+{ERR_FUNC(PKCS12_F_PKCS8_ADD_KEYUSAGE), "PKCS8_add_keyusage"},
+{ERR_FUNC(PKCS12_F_PKCS8_ENCRYPT), "PKCS8_encrypt"},
+{ERR_FUNC(PKCS12_F_VERIFY_MAC), "VERIFY_MAC"},
{0,NULL}
};
static ERR_STRING_DATA PKCS12_str_reasons[]=
{
-{PKCS12_R_CANT_PACK_STRUCTURE ,"cant pack structure"},
-{PKCS12_R_DECODE_ERROR ,"decode error"},
-{PKCS12_R_ENCODE_ERROR ,"encode error"},
-{PKCS12_R_ENCRYPT_ERROR ,"encrypt error"},
-{PKCS12_R_ERROR_SETTING_ENCRYPTED_DATA_TYPE,"error setting encrypted data type"},
-{PKCS12_R_INVALID_NULL_ARGUMENT ,"invalid null argument"},
-{PKCS12_R_INVALID_NULL_PKCS12_POINTER ,"invalid null pkcs12 pointer"},
-{PKCS12_R_IV_GEN_ERROR ,"iv gen error"},
-{PKCS12_R_KEY_GEN_ERROR ,"key gen error"},
-{PKCS12_R_MAC_ABSENT ,"mac absent"},
-{PKCS12_R_MAC_GENERATION_ERROR ,"mac generation error"},
-{PKCS12_R_MAC_SETUP_ERROR ,"mac setup error"},
-{PKCS12_R_MAC_STRING_SET_ERROR ,"mac string set error"},
-{PKCS12_R_MAC_VERIFY_ERROR ,"mac verify error"},
-{PKCS12_R_MAC_VERIFY_FAILURE ,"mac verify failure"},
-{PKCS12_R_PARSE_ERROR ,"parse error"},
-{PKCS12_R_PKCS12_ALGOR_CIPHERINIT_ERROR ,"pkcs12 algor cipherinit error"},
-{PKCS12_R_PKCS12_CIPHERFINAL_ERROR ,"pkcs12 cipherfinal error"},
-{PKCS12_R_PKCS12_PBE_CRYPT_ERROR ,"pkcs12 pbe crypt error"},
-{PKCS12_R_UNKNOWN_DIGEST_ALGORITHM ,"unknown digest algorithm"},
-{PKCS12_R_UNSUPPORTED_PKCS12_MODE ,"unsupported pkcs12 mode"},
+{ERR_REASON(PKCS12_R_CANT_PACK_STRUCTURE),"cant pack structure"},
+{ERR_REASON(PKCS12_R_CONTENT_TYPE_NOT_DATA),"content type not data"},
+{ERR_REASON(PKCS12_R_DECODE_ERROR) ,"decode error"},
+{ERR_REASON(PKCS12_R_ENCODE_ERROR) ,"encode error"},
+{ERR_REASON(PKCS12_R_ENCRYPT_ERROR) ,"encrypt error"},
+{ERR_REASON(PKCS12_R_ERROR_SETTING_ENCRYPTED_DATA_TYPE),"error setting encrypted data type"},
+{ERR_REASON(PKCS12_R_INVALID_NULL_ARGUMENT),"invalid null argument"},
+{ERR_REASON(PKCS12_R_INVALID_NULL_PKCS12_POINTER),"invalid null pkcs12 pointer"},
+{ERR_REASON(PKCS12_R_IV_GEN_ERROR) ,"iv gen error"},
+{ERR_REASON(PKCS12_R_KEY_GEN_ERROR) ,"key gen error"},
+{ERR_REASON(PKCS12_R_MAC_ABSENT) ,"mac absent"},
+{ERR_REASON(PKCS12_R_MAC_GENERATION_ERROR),"mac generation error"},
+{ERR_REASON(PKCS12_R_MAC_SETUP_ERROR) ,"mac setup error"},
+{ERR_REASON(PKCS12_R_MAC_STRING_SET_ERROR),"mac string set error"},
+{ERR_REASON(PKCS12_R_MAC_VERIFY_ERROR) ,"mac verify error"},
+{ERR_REASON(PKCS12_R_MAC_VERIFY_FAILURE) ,"mac verify failure"},
+{ERR_REASON(PKCS12_R_PARSE_ERROR) ,"parse error"},
+{ERR_REASON(PKCS12_R_PKCS12_ALGOR_CIPHERINIT_ERROR),"pkcs12 algor cipherinit error"},
+{ERR_REASON(PKCS12_R_PKCS12_CIPHERFINAL_ERROR),"pkcs12 cipherfinal error"},
+{ERR_REASON(PKCS12_R_PKCS12_PBE_CRYPT_ERROR),"pkcs12 pbe crypt error"},
+{ERR_REASON(PKCS12_R_UNKNOWN_DIGEST_ALGORITHM),"unknown digest algorithm"},
+{ERR_REASON(PKCS12_R_UNSUPPORTED_PKCS12_MODE),"unsupported pkcs12 mode"},
{0,NULL}
};
@@ -131,8 +138,8 @@ void ERR_load_PKCS12_strings(void)
{
init=0;
#ifndef OPENSSL_NO_ERR
- ERR_load_strings(ERR_LIB_PKCS12,PKCS12_str_functs);
- ERR_load_strings(ERR_LIB_PKCS12,PKCS12_str_reasons);
+ ERR_load_strings(0,PKCS12_str_functs);
+ ERR_load_strings(0,PKCS12_str_reasons);
#endif
}
diff --git a/lib/libcrypto/pkcs12/pkcs12.h b/lib/libcrypto/pkcs12/pkcs12.h
index dd338f266cc..fb8af82d4f5 100644
--- a/lib/libcrypto/pkcs12/pkcs12.h
+++ b/lib/libcrypto/pkcs12/pkcs12.h
@@ -287,12 +287,15 @@ void ERR_load_PKCS12_strings(void);
#define PKCS12_F_PKCS12_PBE_KEYIVGEN 120
#define PKCS12_F_PKCS12_SETUP_MAC 122
#define PKCS12_F_PKCS12_SET_MAC 123
+#define PKCS12_F_PKCS12_UNPACK_AUTHSAFES 129
+#define PKCS12_F_PKCS12_UNPACK_P7DATA 130
#define PKCS12_F_PKCS8_ADD_KEYUSAGE 124
#define PKCS12_F_PKCS8_ENCRYPT 125
#define PKCS12_F_VERIFY_MAC 126
/* Reason codes. */
#define PKCS12_R_CANT_PACK_STRUCTURE 100
+#define PKCS12_R_CONTENT_TYPE_NOT_DATA 121
#define PKCS12_R_DECODE_ERROR 101
#define PKCS12_R_ENCODE_ERROR 102
#define PKCS12_R_ENCRYPT_ERROR 103
diff --git a/lib/libcrypto/pkcs7/pk7_mime.c b/lib/libcrypto/pkcs7/pk7_mime.c
index 5d2a97839d2..927b88c3e75 100644
--- a/lib/libcrypto/pkcs7/pk7_mime.c
+++ b/lib/libcrypto/pkcs7/pk7_mime.c
@@ -3,7 +3,7 @@
* project 1999.
*/
/* ====================================================================
- * Copyright (c) 1999-2003 The OpenSSL Project. All rights reserved.
+ * Copyright (c) 1999-2005 The OpenSSL Project. All rights reserved.
*
* Redistribution and use in source and binary forms, with or without
* modification, are permitted provided that the following conditions
@@ -152,11 +152,12 @@ int SMIME_write_PKCS7(BIO *bio, PKCS7 *p7, BIO *data, int flags)
{
char bound[33], c;
int i;
- char *mime_prefix, *mime_eol;
+ char *mime_prefix, *mime_eol, *msg_type=NULL;
if (flags & PKCS7_NOOLDMIMETYPE)
mime_prefix = "application/pkcs7-";
else
mime_prefix = "application/x-pkcs7-";
+
if (flags & PKCS7_CRLFEOL)
mime_eol = "\r\n";
else
@@ -198,11 +199,30 @@ int SMIME_write_PKCS7(BIO *bio, PKCS7 *p7, BIO *data, int flags)
mime_eol, mime_eol);
return 1;
}
+
+ /* Determine smime-type header */
+
+ if (PKCS7_type_is_enveloped(p7))
+ msg_type = "enveloped-data";
+ else if (PKCS7_type_is_signed(p7))
+ {
+ /* If we have any signers it is signed-data othewise
+ * certs-only.
+ */
+ STACK_OF(PKCS7_SIGNER_INFO) *sinfos;
+ sinfos = PKCS7_get_signer_info(p7);
+ if (sk_PKCS7_SIGNER_INFO_num(sinfos) > 0)
+ msg_type = "signed-data";
+ else
+ msg_type = "certs-only";
+ }
/* MIME headers */
BIO_printf(bio, "MIME-Version: 1.0%s", mime_eol);
BIO_printf(bio, "Content-Disposition: attachment;");
BIO_printf(bio, " filename=\"smime.p7m\"%s", mime_eol);
BIO_printf(bio, "Content-Type: %smime;", mime_prefix);
+ if (msg_type)
+ BIO_printf(bio, " smime-type=%s;", msg_type);
BIO_printf(bio, " name=\"smime.p7m\"%s", mime_eol);
BIO_printf(bio, "Content-Transfer-Encoding: base64%s%s",
mime_eol, mime_eol);
diff --git a/lib/libcrypto/pkcs7/pk7_smime.c b/lib/libcrypto/pkcs7/pk7_smime.c
index a852b492358..99a0d63f38f 100644
--- a/lib/libcrypto/pkcs7/pk7_smime.c
+++ b/lib/libcrypto/pkcs7/pk7_smime.c
@@ -296,11 +296,9 @@ int PKCS7_verify(PKCS7 *p7, STACK_OF(X509) *certs, X509_STORE *store,
if (tmpin == indata)
{
- if(indata) BIO_pop(p7bio);
- BIO_free_all(p7bio);
+ if (indata) BIO_pop(p7bio);
}
- else
- BIO_free_all(tmpin);
+ BIO_free_all(p7bio);
sk_X509_free(signers);
diff --git a/lib/libcrypto/pkcs7/pkcs7err.c b/lib/libcrypto/pkcs7/pkcs7err.c
index 5e51527a407..19894c80a45 100644
--- a/lib/libcrypto/pkcs7/pkcs7err.c
+++ b/lib/libcrypto/pkcs7/pkcs7err.c
@@ -1,6 +1,6 @@
/* crypto/pkcs7/pkcs7err.c */
/* ====================================================================
- * Copyright (c) 1999 The OpenSSL Project. All rights reserved.
+ * Copyright (c) 1999-2005 The OpenSSL Project. All rights reserved.
*
* Redistribution and use in source and binary forms, with or without
* modification, are permitted provided that the following conditions
@@ -64,81 +64,85 @@
/* BEGIN ERROR CODES */
#ifndef OPENSSL_NO_ERR
+
+#define ERR_FUNC(func) ERR_PACK(ERR_LIB_PKCS7,func,0)
+#define ERR_REASON(reason) ERR_PACK(ERR_LIB_PKCS7,0,reason)
+
static ERR_STRING_DATA PKCS7_str_functs[]=
{
-{ERR_PACK(0,PKCS7_F_B64_READ_PKCS7,0), "B64_READ_PKCS7"},
-{ERR_PACK(0,PKCS7_F_B64_WRITE_PKCS7,0), "B64_WRITE_PKCS7"},
-{ERR_PACK(0,PKCS7_F_PKCS7_ADD_ATTRIB_SMIMECAP,0), "PKCS7_add_attrib_smimecap"},
-{ERR_PACK(0,PKCS7_F_PKCS7_ADD_CERTIFICATE,0), "PKCS7_add_certificate"},
-{ERR_PACK(0,PKCS7_F_PKCS7_ADD_CRL,0), "PKCS7_add_crl"},
-{ERR_PACK(0,PKCS7_F_PKCS7_ADD_RECIPIENT_INFO,0), "PKCS7_add_recipient_info"},
-{ERR_PACK(0,PKCS7_F_PKCS7_ADD_SIGNER,0), "PKCS7_add_signer"},
-{ERR_PACK(0,PKCS7_F_PKCS7_CTRL,0), "PKCS7_ctrl"},
-{ERR_PACK(0,PKCS7_F_PKCS7_DATADECODE,0), "PKCS7_dataDecode"},
-{ERR_PACK(0,PKCS7_F_PKCS7_DATAINIT,0), "PKCS7_dataInit"},
-{ERR_PACK(0,PKCS7_F_PKCS7_DATASIGN,0), "PKCS7_DATASIGN"},
-{ERR_PACK(0,PKCS7_F_PKCS7_DATAVERIFY,0), "PKCS7_dataVerify"},
-{ERR_PACK(0,PKCS7_F_PKCS7_DECRYPT,0), "PKCS7_decrypt"},
-{ERR_PACK(0,PKCS7_F_PKCS7_ENCRYPT,0), "PKCS7_encrypt"},
-{ERR_PACK(0,PKCS7_F_PKCS7_GET0_SIGNERS,0), "PKCS7_get0_signers"},
-{ERR_PACK(0,PKCS7_F_PKCS7_SET_CIPHER,0), "PKCS7_set_cipher"},
-{ERR_PACK(0,PKCS7_F_PKCS7_SET_CONTENT,0), "PKCS7_set_content"},
-{ERR_PACK(0,PKCS7_F_PKCS7_SET_TYPE,0), "PKCS7_set_type"},
-{ERR_PACK(0,PKCS7_F_PKCS7_SIGN,0), "PKCS7_sign"},
-{ERR_PACK(0,PKCS7_F_PKCS7_SIGNATUREVERIFY,0), "PKCS7_signatureVerify"},
-{ERR_PACK(0,PKCS7_F_PKCS7_SIMPLE_SMIMECAP,0), "PKCS7_simple_smimecap"},
-{ERR_PACK(0,PKCS7_F_PKCS7_VERIFY,0), "PKCS7_verify"},
-{ERR_PACK(0,PKCS7_F_SMIME_READ_PKCS7,0), "SMIME_read_PKCS7"},
-{ERR_PACK(0,PKCS7_F_SMIME_TEXT,0), "SMIME_text"},
+{ERR_FUNC(PKCS7_F_B64_READ_PKCS7), "B64_READ_PKCS7"},
+{ERR_FUNC(PKCS7_F_B64_WRITE_PKCS7), "B64_WRITE_PKCS7"},
+{ERR_FUNC(PKCS7_F_PKCS7_ADD_ATTRIB_SMIMECAP), "PKCS7_add_attrib_smimecap"},
+{ERR_FUNC(PKCS7_F_PKCS7_ADD_CERTIFICATE), "PKCS7_add_certificate"},
+{ERR_FUNC(PKCS7_F_PKCS7_ADD_CRL), "PKCS7_add_crl"},
+{ERR_FUNC(PKCS7_F_PKCS7_ADD_RECIPIENT_INFO), "PKCS7_add_recipient_info"},
+{ERR_FUNC(PKCS7_F_PKCS7_ADD_SIGNER), "PKCS7_add_signer"},
+{ERR_FUNC(PKCS7_F_PKCS7_CTRL), "PKCS7_ctrl"},
+{ERR_FUNC(PKCS7_F_PKCS7_DATADECODE), "PKCS7_dataDecode"},
+{ERR_FUNC(PKCS7_F_PKCS7_DATAINIT), "PKCS7_dataInit"},
+{ERR_FUNC(PKCS7_F_PKCS7_DATASIGN), "PKCS7_DATASIGN"},
+{ERR_FUNC(PKCS7_F_PKCS7_DATAVERIFY), "PKCS7_dataVerify"},
+{ERR_FUNC(PKCS7_F_PKCS7_DECRYPT), "PKCS7_decrypt"},
+{ERR_FUNC(PKCS7_F_PKCS7_ENCRYPT), "PKCS7_encrypt"},
+{ERR_FUNC(PKCS7_F_PKCS7_GET0_SIGNERS), "PKCS7_get0_signers"},
+{ERR_FUNC(PKCS7_F_PKCS7_SET_CIPHER), "PKCS7_set_cipher"},
+{ERR_FUNC(PKCS7_F_PKCS7_SET_CONTENT), "PKCS7_set_content"},
+{ERR_FUNC(PKCS7_F_PKCS7_SET_TYPE), "PKCS7_set_type"},
+{ERR_FUNC(PKCS7_F_PKCS7_SIGN), "PKCS7_sign"},
+{ERR_FUNC(PKCS7_F_PKCS7_SIGNATUREVERIFY), "PKCS7_signatureVerify"},
+{ERR_FUNC(PKCS7_F_PKCS7_SIMPLE_SMIMECAP), "PKCS7_simple_smimecap"},
+{ERR_FUNC(PKCS7_F_PKCS7_VERIFY), "PKCS7_verify"},
+{ERR_FUNC(PKCS7_F_SMIME_READ_PKCS7), "SMIME_read_PKCS7"},
+{ERR_FUNC(PKCS7_F_SMIME_TEXT), "SMIME_text"},
{0,NULL}
};
static ERR_STRING_DATA PKCS7_str_reasons[]=
{
-{PKCS7_R_CERTIFICATE_VERIFY_ERROR ,"certificate verify error"},
-{PKCS7_R_CIPHER_HAS_NO_OBJECT_IDENTIFIER ,"cipher has no object identifier"},
-{PKCS7_R_CIPHER_NOT_INITIALIZED ,"cipher not initialized"},
-{PKCS7_R_CONTENT_AND_DATA_PRESENT ,"content and data present"},
-{PKCS7_R_DECODE_ERROR ,"decode error"},
-{PKCS7_R_DECRYPTED_KEY_IS_WRONG_LENGTH ,"decrypted key is wrong length"},
-{PKCS7_R_DECRYPT_ERROR ,"decrypt error"},
-{PKCS7_R_DIGEST_FAILURE ,"digest failure"},
-{PKCS7_R_ERROR_ADDING_RECIPIENT ,"error adding recipient"},
-{PKCS7_R_ERROR_SETTING_CIPHER ,"error setting cipher"},
-{PKCS7_R_INVALID_MIME_TYPE ,"invalid mime type"},
-{PKCS7_R_INVALID_NULL_POINTER ,"invalid null pointer"},
-{PKCS7_R_MIME_NO_CONTENT_TYPE ,"mime no content type"},
-{PKCS7_R_MIME_PARSE_ERROR ,"mime parse error"},
-{PKCS7_R_MIME_SIG_PARSE_ERROR ,"mime sig parse error"},
-{PKCS7_R_MISSING_CERIPEND_INFO ,"missing ceripend info"},
-{PKCS7_R_NO_CONTENT ,"no content"},
-{PKCS7_R_NO_CONTENT_TYPE ,"no content type"},
-{PKCS7_R_NO_MULTIPART_BODY_FAILURE ,"no multipart body failure"},
-{PKCS7_R_NO_MULTIPART_BOUNDARY ,"no multipart boundary"},
-{PKCS7_R_NO_RECIPIENT_MATCHES_CERTIFICATE,"no recipient matches certificate"},
-{PKCS7_R_NO_SIGNATURES_ON_DATA ,"no signatures on data"},
-{PKCS7_R_NO_SIGNERS ,"no signers"},
-{PKCS7_R_NO_SIG_CONTENT_TYPE ,"no sig content type"},
-{PKCS7_R_OPERATION_NOT_SUPPORTED_ON_THIS_TYPE,"operation not supported on this type"},
-{PKCS7_R_PKCS7_ADD_SIGNATURE_ERROR ,"pkcs7 add signature error"},
-{PKCS7_R_PKCS7_DATAFINAL_ERROR ,"pkcs7 datafinal error"},
-{PKCS7_R_PKCS7_DATASIGN ,"pkcs7 datasign"},
-{PKCS7_R_PKCS7_PARSE_ERROR ,"pkcs7 parse error"},
-{PKCS7_R_PKCS7_SIG_PARSE_ERROR ,"pkcs7 sig parse error"},
-{PKCS7_R_PRIVATE_KEY_DOES_NOT_MATCH_CERTIFICATE,"private key does not match certificate"},
-{PKCS7_R_SIGNATURE_FAILURE ,"signature failure"},
-{PKCS7_R_SIGNER_CERTIFICATE_NOT_FOUND ,"signer certificate not found"},
-{PKCS7_R_SIG_INVALID_MIME_TYPE ,"sig invalid mime type"},
-{PKCS7_R_SMIME_TEXT_ERROR ,"smime text error"},
-{PKCS7_R_UNABLE_TO_FIND_CERTIFICATE ,"unable to find certificate"},
-{PKCS7_R_UNABLE_TO_FIND_MEM_BIO ,"unable to find mem bio"},
-{PKCS7_R_UNABLE_TO_FIND_MESSAGE_DIGEST ,"unable to find message digest"},
-{PKCS7_R_UNKNOWN_DIGEST_TYPE ,"unknown digest type"},
-{PKCS7_R_UNKNOWN_OPERATION ,"unknown operation"},
-{PKCS7_R_UNSUPPORTED_CIPHER_TYPE ,"unsupported cipher type"},
-{PKCS7_R_UNSUPPORTED_CONTENT_TYPE ,"unsupported content type"},
-{PKCS7_R_WRONG_CONTENT_TYPE ,"wrong content type"},
-{PKCS7_R_WRONG_PKCS7_TYPE ,"wrong pkcs7 type"},
+{ERR_REASON(PKCS7_R_CERTIFICATE_VERIFY_ERROR),"certificate verify error"},
+{ERR_REASON(PKCS7_R_CIPHER_HAS_NO_OBJECT_IDENTIFIER),"cipher has no object identifier"},
+{ERR_REASON(PKCS7_R_CIPHER_NOT_INITIALIZED),"cipher not initialized"},
+{ERR_REASON(PKCS7_R_CONTENT_AND_DATA_PRESENT),"content and data present"},
+{ERR_REASON(PKCS7_R_DECODE_ERROR) ,"decode error"},
+{ERR_REASON(PKCS7_R_DECRYPTED_KEY_IS_WRONG_LENGTH),"decrypted key is wrong length"},
+{ERR_REASON(PKCS7_R_DECRYPT_ERROR) ,"decrypt error"},
+{ERR_REASON(PKCS7_R_DIGEST_FAILURE) ,"digest failure"},
+{ERR_REASON(PKCS7_R_ERROR_ADDING_RECIPIENT),"error adding recipient"},
+{ERR_REASON(PKCS7_R_ERROR_SETTING_CIPHER),"error setting cipher"},
+{ERR_REASON(PKCS7_R_INVALID_MIME_TYPE) ,"invalid mime type"},
+{ERR_REASON(PKCS7_R_INVALID_NULL_POINTER),"invalid null pointer"},
+{ERR_REASON(PKCS7_R_MIME_NO_CONTENT_TYPE),"mime no content type"},
+{ERR_REASON(PKCS7_R_MIME_PARSE_ERROR) ,"mime parse error"},
+{ERR_REASON(PKCS7_R_MIME_SIG_PARSE_ERROR),"mime sig parse error"},
+{ERR_REASON(PKCS7_R_MISSING_CERIPEND_INFO),"missing ceripend info"},
+{ERR_REASON(PKCS7_R_NO_CONTENT) ,"no content"},
+{ERR_REASON(PKCS7_R_NO_CONTENT_TYPE) ,"no content type"},
+{ERR_REASON(PKCS7_R_NO_MULTIPART_BODY_FAILURE),"no multipart body failure"},
+{ERR_REASON(PKCS7_R_NO_MULTIPART_BOUNDARY),"no multipart boundary"},
+{ERR_REASON(PKCS7_R_NO_RECIPIENT_MATCHES_CERTIFICATE),"no recipient matches certificate"},
+{ERR_REASON(PKCS7_R_NO_SIGNATURES_ON_DATA),"no signatures on data"},
+{ERR_REASON(PKCS7_R_NO_SIGNERS) ,"no signers"},
+{ERR_REASON(PKCS7_R_NO_SIG_CONTENT_TYPE) ,"no sig content type"},
+{ERR_REASON(PKCS7_R_OPERATION_NOT_SUPPORTED_ON_THIS_TYPE),"operation not supported on this type"},
+{ERR_REASON(PKCS7_R_PKCS7_ADD_SIGNATURE_ERROR),"pkcs7 add signature error"},
+{ERR_REASON(PKCS7_R_PKCS7_DATAFINAL_ERROR),"pkcs7 datafinal error"},
+{ERR_REASON(PKCS7_R_PKCS7_DATASIGN) ,"pkcs7 datasign"},
+{ERR_REASON(PKCS7_R_PKCS7_PARSE_ERROR) ,"pkcs7 parse error"},
+{ERR_REASON(PKCS7_R_PKCS7_SIG_PARSE_ERROR),"pkcs7 sig parse error"},
+{ERR_REASON(PKCS7_R_PRIVATE_KEY_DOES_NOT_MATCH_CERTIFICATE),"private key does not match certificate"},
+{ERR_REASON(PKCS7_R_SIGNATURE_FAILURE) ,"signature failure"},
+{ERR_REASON(PKCS7_R_SIGNER_CERTIFICATE_NOT_FOUND),"signer certificate not found"},
+{ERR_REASON(PKCS7_R_SIG_INVALID_MIME_TYPE),"sig invalid mime type"},
+{ERR_REASON(PKCS7_R_SMIME_TEXT_ERROR) ,"smime text error"},
+{ERR_REASON(PKCS7_R_UNABLE_TO_FIND_CERTIFICATE),"unable to find certificate"},
+{ERR_REASON(PKCS7_R_UNABLE_TO_FIND_MEM_BIO),"unable to find mem bio"},
+{ERR_REASON(PKCS7_R_UNABLE_TO_FIND_MESSAGE_DIGEST),"unable to find message digest"},
+{ERR_REASON(PKCS7_R_UNKNOWN_DIGEST_TYPE) ,"unknown digest type"},
+{ERR_REASON(PKCS7_R_UNKNOWN_OPERATION) ,"unknown operation"},
+{ERR_REASON(PKCS7_R_UNSUPPORTED_CIPHER_TYPE),"unsupported cipher type"},
+{ERR_REASON(PKCS7_R_UNSUPPORTED_CONTENT_TYPE),"unsupported content type"},
+{ERR_REASON(PKCS7_R_WRONG_CONTENT_TYPE) ,"wrong content type"},
+{ERR_REASON(PKCS7_R_WRONG_PKCS7_TYPE) ,"wrong pkcs7 type"},
{0,NULL}
};
@@ -152,8 +156,8 @@ void ERR_load_PKCS7_strings(void)
{
init=0;
#ifndef OPENSSL_NO_ERR
- ERR_load_strings(ERR_LIB_PKCS7,PKCS7_str_functs);
- ERR_load_strings(ERR_LIB_PKCS7,PKCS7_str_reasons);
+ ERR_load_strings(0,PKCS7_str_functs);
+ ERR_load_strings(0,PKCS7_str_reasons);
#endif
}
diff --git a/lib/libcrypto/rand/rand_err.c b/lib/libcrypto/rand/rand_err.c
index 95574659ace..97f96e1aeee 100644
--- a/lib/libcrypto/rand/rand_err.c
+++ b/lib/libcrypto/rand/rand_err.c
@@ -1,6 +1,6 @@
/* crypto/rand/rand_err.c */
/* ====================================================================
- * Copyright (c) 1999-2003 The OpenSSL Project. All rights reserved.
+ * Copyright (c) 1999-2005 The OpenSSL Project. All rights reserved.
*
* Redistribution and use in source and binary forms, with or without
* modification, are permitted provided that the following conditions
@@ -64,22 +64,26 @@
/* BEGIN ERROR CODES */
#ifndef OPENSSL_NO_ERR
+
+#define ERR_FUNC(func) ERR_PACK(ERR_LIB_RAND,func,0)
+#define ERR_REASON(reason) ERR_PACK(ERR_LIB_RAND,0,reason)
+
static ERR_STRING_DATA RAND_str_functs[]=
{
-{ERR_PACK(0,RAND_F_FIPS_RAND_BYTES,0), "FIPS_RAND_BYTES"},
-{ERR_PACK(0,RAND_F_RAND_GET_RAND_METHOD,0), "RAND_get_rand_method"},
-{ERR_PACK(0,RAND_F_SSLEAY_RAND_BYTES,0), "SSLEAY_RAND_BYTES"},
+{ERR_FUNC(RAND_F_FIPS_RAND_BYTES), "FIPS_RAND_BYTES"},
+{ERR_FUNC(RAND_F_RAND_GET_RAND_METHOD), "RAND_get_rand_method"},
+{ERR_FUNC(RAND_F_SSLEAY_RAND_BYTES), "SSLEAY_RAND_BYTES"},
{0,NULL}
};
static ERR_STRING_DATA RAND_str_reasons[]=
{
-{RAND_R_NON_FIPS_METHOD ,"non fips method"},
-{RAND_R_PRNG_ASKING_FOR_TOO_MUCH ,"prng asking for too much"},
-{RAND_R_PRNG_NOT_REKEYED ,"prng not rekeyed"},
-{RAND_R_PRNG_NOT_RESEEDED ,"prng not reseeded"},
-{RAND_R_PRNG_NOT_SEEDED ,"PRNG not seeded"},
-{RAND_R_PRNG_STUCK ,"prng stuck"},
+{ERR_REASON(RAND_R_NON_FIPS_METHOD) ,"non fips method"},
+{ERR_REASON(RAND_R_PRNG_ASKING_FOR_TOO_MUCH),"prng asking for too much"},
+{ERR_REASON(RAND_R_PRNG_NOT_REKEYED) ,"prng not rekeyed"},
+{ERR_REASON(RAND_R_PRNG_NOT_RESEEDED) ,"prng not reseeded"},
+{ERR_REASON(RAND_R_PRNG_NOT_SEEDED) ,"PRNG not seeded"},
+{ERR_REASON(RAND_R_PRNG_STUCK) ,"prng stuck"},
{0,NULL}
};
@@ -93,8 +97,8 @@ void ERR_load_RAND_strings(void)
{
init=0;
#ifndef OPENSSL_NO_ERR
- ERR_load_strings(ERR_LIB_RAND,RAND_str_functs);
- ERR_load_strings(ERR_LIB_RAND,RAND_str_reasons);
+ ERR_load_strings(0,RAND_str_functs);
+ ERR_load_strings(0,RAND_str_reasons);
#endif
}
diff --git a/lib/libcrypto/rand/rand_lib.c b/lib/libcrypto/rand/rand_lib.c
index 88f1b56d91e..a21bde79de0 100644
--- a/lib/libcrypto/rand/rand_lib.c
+++ b/lib/libcrypto/rand/rand_lib.c
@@ -87,16 +87,6 @@ int RAND_set_rand_method(const RAND_METHOD *meth)
const RAND_METHOD *RAND_get_rand_method(void)
{
-#ifdef OPENSSL_FIPS
- if(FIPS_mode()
- && default_RAND_meth != FIPS_rand_check())
- {
- RANDerr(RAND_F_RAND_GET_RAND_METHOD,RAND_R_NON_FIPS_METHOD);
- return 0;
- }
-#endif
-
-
if (!default_RAND_meth)
{
#ifndef OPENSSL_NO_ENGINE
@@ -114,8 +104,22 @@ const RAND_METHOD *RAND_get_rand_method(void)
funct_ref = e;
else
#endif
- default_RAND_meth = RAND_SSLeay();
+#ifdef OPENSSL_FIPS
+ if(FIPS_mode())
+ default_RAND_meth=FIPS_rand_method();
+ else
+#endif
+ default_RAND_meth = RAND_SSLeay();
}
+
+#ifdef OPENSSL_FIPS
+ if(FIPS_mode()
+ && default_RAND_meth != FIPS_rand_check())
+ {
+ RANDerr(RAND_F_RAND_GET_RAND_METHOD,RAND_R_NON_FIPS_METHOD);
+ return 0;
+ }
+#endif
return default_RAND_meth;
}
diff --git a/lib/libcrypto/rand/randfile.c b/lib/libcrypto/rand/randfile.c
index 9bd89ba495d..d847d8ebdff 100644
--- a/lib/libcrypto/rand/randfile.c
+++ b/lib/libcrypto/rand/randfile.c
@@ -57,7 +57,7 @@
*/
/* We need to define this to get macros like S_IFBLK and S_IFCHR */
-#define _XOPEN_SOURCE 1
+#define _XOPEN_SOURCE 500
#include <errno.h>
#include <stdio.h>
diff --git a/lib/libcrypto/rc2/rc2_skey.c b/lib/libcrypto/rc2/rc2_skey.c
index 22f372f85cc..96528651887 100644
--- a/lib/libcrypto/rc2/rc2_skey.c
+++ b/lib/libcrypto/rc2/rc2_skey.c
@@ -58,6 +58,7 @@
#include <openssl/rc2.h>
#include <openssl/crypto.h>
+#include <openssl/fips.h>
#include "rc2_locl.h"
static unsigned char key_table[256]={
diff --git a/lib/libcrypto/rc2/rc2speed.c b/lib/libcrypto/rc2/rc2speed.c
index 47d34b444e5..4d0e1242eaf 100644
--- a/lib/libcrypto/rc2/rc2speed.c
+++ b/lib/libcrypto/rc2/rc2speed.c
@@ -102,10 +102,10 @@ OPENSSL_DECLARE_EXIT
#ifndef HZ
#ifndef CLK_TCK
#define HZ 100.0
-#endif
-#else /* CLK_TCK */
+#else /* CLK_TCK */
#define HZ ((double)CLK_TCK)
-#endif
+#endif /* CLK_TCK */
+#endif /* HZ */
#define BUFSIZE ((long)1024)
long run=0;
diff --git a/lib/libcrypto/rc4/rc4.h b/lib/libcrypto/rc4/rc4.h
index dd90d9fde09..ae0cea75b8e 100644
--- a/lib/libcrypto/rc4/rc4.h
+++ b/lib/libcrypto/rc4/rc4.h
@@ -73,10 +73,6 @@ typedef struct rc4_key_st
{
RC4_INT x,y;
RC4_INT data[256];
-#if defined(__ia64) || defined(__ia64__) || defined(_M_IA64)
- /* see crypto/rc4/asm/rc4-ia64.S for further details... */
- RC4_INT pad[512-256-2];
-#endif
} RC4_KEY;
diff --git a/lib/libcrypto/rc4/rc4_enc.c b/lib/libcrypto/rc4/rc4_enc.c
index 81a97ea3b7c..d5f18a3a707 100644
--- a/lib/libcrypto/rc4/rc4_enc.c
+++ b/lib/libcrypto/rc4/rc4_enc.c
@@ -77,10 +77,6 @@ void RC4(RC4_KEY *key, unsigned long len, const unsigned char *indata,
x=key->x;
y=key->y;
d=key->data;
-#if defined(__ia64) || defined(__ia64__) || defined(_M_IA64)
- /* see crypto/rc4/asm/rc4-ia64.S for further details... */
- d=(RC4_INT *)(((size_t)(d+255))&~(sizeof(key->data)-1));
-#endif
#if defined(RC4_CHUNK)
/*
diff --git a/lib/libcrypto/rc4/rc4_skey.c b/lib/libcrypto/rc4/rc4_skey.c
index 07234f061af..60510624fd8 100644
--- a/lib/libcrypto/rc4/rc4_skey.c
+++ b/lib/libcrypto/rc4/rc4_skey.c
@@ -58,6 +58,7 @@
#include <openssl/rc4.h>
#include <openssl/crypto.h>
+#include <openssl/fips.h>
#include "rc4_locl.h"
#include <openssl/opensslv.h>
@@ -94,10 +95,6 @@ FIPS_NON_FIPS_VCIPHER_Init(RC4)
unsigned int i;
d= &(key->data[0]);
-#if defined(__ia64) || defined(__ia64__) || defined(_M_IA64)
- /* see crypto/rc4/asm/rc4-ia64.S for further details... */
- d=(RC4_INT *)(((size_t)(d+255))&~(sizeof(key->data)-1));
-#endif
for (i=0; i<256; i++)
d[i]=i;
diff --git a/lib/libcrypto/ripemd/rmd_one.c b/lib/libcrypto/ripemd/rmd_one.c
index f8b580c33a3..b88446b267b 100644
--- a/lib/libcrypto/ripemd/rmd_one.c
+++ b/lib/libcrypto/ripemd/rmd_one.c
@@ -68,7 +68,8 @@ unsigned char *RIPEMD160(const unsigned char *d, unsigned long n,
static unsigned char m[RIPEMD160_DIGEST_LENGTH];
if (md == NULL) md=m;
- RIPEMD160_Init(&c);
+ if (!RIPEMD160_Init(&c))
+ return NULL;
RIPEMD160_Update(&c,d,n);
RIPEMD160_Final(md,&c);
OPENSSL_cleanse(&c,sizeof(c)); /* security consideration */
diff --git a/lib/libcrypto/rsa/rsa.h b/lib/libcrypto/rsa/rsa.h
index fc3bb5f86de..0b639cd37ff 100644
--- a/lib/libcrypto/rsa/rsa.h
+++ b/lib/libcrypto/rsa/rsa.h
@@ -157,33 +157,41 @@ struct rsa_st
#define RSA_3 0x3L
#define RSA_F4 0x10001L
-#define RSA_METHOD_FLAG_NO_CHECK 0x01 /* don't check pub/private match */
+#define RSA_METHOD_FLAG_NO_CHECK 0x0001 /* don't check pub/private match */
-#define RSA_FLAG_CACHE_PUBLIC 0x02
-#define RSA_FLAG_CACHE_PRIVATE 0x04
-#define RSA_FLAG_BLINDING 0x08
-#define RSA_FLAG_THREAD_SAFE 0x10
+#define RSA_FLAG_CACHE_PUBLIC 0x0002
+#define RSA_FLAG_CACHE_PRIVATE 0x0004
+#define RSA_FLAG_BLINDING 0x0008
+#define RSA_FLAG_THREAD_SAFE 0x0010
/* This flag means the private key operations will be handled by rsa_mod_exp
* and that they do not depend on the private key components being present:
* for example a key stored in external hardware. Without this flag bn_mod_exp
* gets called when private key components are absent.
*/
-#define RSA_FLAG_EXT_PKEY 0x20
+#define RSA_FLAG_EXT_PKEY 0x0020
/* This flag in the RSA_METHOD enables the new rsa_sign, rsa_verify functions.
*/
-#define RSA_FLAG_SIGN_VER 0x40
-
-#define RSA_FLAG_NO_BLINDING 0x80 /* new with 0.9.6j and 0.9.7b; the built-in
- * RSA implementation now uses blinding by
- * default (ignoring RSA_FLAG_BLINDING),
- * but other engines might not need it
- */
+#define RSA_FLAG_SIGN_VER 0x0040
+
+#define RSA_FLAG_NO_BLINDING 0x0080 /* new with 0.9.6j and 0.9.7b; the built-in
+ * RSA implementation now uses blinding by
+ * default (ignoring RSA_FLAG_BLINDING),
+ * but other engines might not need it
+ */
+#define RSA_FLAG_NO_EXP_CONSTTIME 0x0100 /* new with 0.9.7h; the built-in RSA
+ * implementation now uses constant time
+ * modular exponentiation for secret exponents
+ * by default. This flag causes the
+ * faster variable sliding window method to
+ * be used for all exponents.
+ */
#define RSA_PKCS1_PADDING 1
#define RSA_SSLV23_PADDING 2
#define RSA_NO_PADDING 3
#define RSA_PKCS1_OAEP_PADDING 4
+#define RSA_X931_PADDING 5
#define RSA_PKCS1_PADDING_SIZE 11
@@ -196,6 +204,15 @@ int RSA_size(const RSA *);
RSA * RSA_generate_key(int bits, unsigned long e,void
(*callback)(int,int,void *),void *cb_arg);
int RSA_check_key(const RSA *);
+#ifdef OPENSSL_FIPS
+int RSA_X931_derive(RSA *rsa, BIGNUM *p1, BIGNUM *p2, BIGNUM *q1, BIGNUM *q2,
+ void (*cb)(int, int, void *), void *cb_arg,
+ const BIGNUM *Xp1, const BIGNUM *Xp2, const BIGNUM *Xp,
+ const BIGNUM *Xq1, const BIGNUM *Xq2, const BIGNUM *Xq,
+ const BIGNUM *e);
+RSA *RSA_X931_generate_key(int bits, const BIGNUM *e,
+ void (*cb)(int,int,void *), void *cb_arg);
+#endif
/* next 4 return -1 on error */
int RSA_public_encrypt(int flen, const unsigned char *from,
unsigned char *to, RSA *rsa,int padding);
@@ -268,6 +285,8 @@ int RSA_padding_add_PKCS1_type_2(unsigned char *to,int tlen,
const unsigned char *f,int fl);
int RSA_padding_check_PKCS1_type_2(unsigned char *to,int tlen,
const unsigned char *f,int fl,int rsa_len);
+int PKCS1_MGF1(unsigned char *mask, long len,
+ const unsigned char *seed, long seedlen, const EVP_MD *dgst);
int RSA_padding_add_PKCS1_OAEP(unsigned char *to,int tlen,
const unsigned char *f,int fl,
const unsigned char *p,int pl);
@@ -282,6 +301,17 @@ int RSA_padding_add_none(unsigned char *to,int tlen,
const unsigned char *f,int fl);
int RSA_padding_check_none(unsigned char *to,int tlen,
const unsigned char *f,int fl,int rsa_len);
+int RSA_padding_add_X931(unsigned char *to,int tlen,
+ const unsigned char *f,int fl);
+int RSA_padding_check_X931(unsigned char *to,int tlen,
+ const unsigned char *f,int fl,int rsa_len);
+int RSA_X931_hash_id(int nid);
+
+int RSA_verify_PKCS1_PSS(RSA *rsa, const unsigned char *mHash,
+ const EVP_MD *Hash, const unsigned char *EM, int sLen);
+int RSA_padding_add_PKCS1_PSS(RSA *rsa, unsigned char *EM,
+ const unsigned char *mHash,
+ const EVP_MD *Hash, int sLen);
int RSA_get_ex_new_index(long argl, void *argp, CRYPTO_EX_new *new_func,
CRYPTO_EX_dup *dup_func, CRYPTO_EX_free *free_func);
@@ -311,20 +341,24 @@ void ERR_load_RSA_strings(void);
#define RSA_F_RSA_NULL 124
#define RSA_F_RSA_PADDING_ADD_NONE 107
#define RSA_F_RSA_PADDING_ADD_PKCS1_OAEP 121
+#define RSA_F_RSA_PADDING_ADD_PKCS1_PSS 125
#define RSA_F_RSA_PADDING_ADD_PKCS1_TYPE_1 108
#define RSA_F_RSA_PADDING_ADD_PKCS1_TYPE_2 109
#define RSA_F_RSA_PADDING_ADD_SSLV23 110
+#define RSA_F_RSA_PADDING_ADD_X931 127
#define RSA_F_RSA_PADDING_CHECK_NONE 111
#define RSA_F_RSA_PADDING_CHECK_PKCS1_OAEP 122
#define RSA_F_RSA_PADDING_CHECK_PKCS1_TYPE_1 112
#define RSA_F_RSA_PADDING_CHECK_PKCS1_TYPE_2 113
#define RSA_F_RSA_PADDING_CHECK_SSLV23 114
+#define RSA_F_RSA_PADDING_CHECK_X931 128
#define RSA_F_RSA_PRINT 115
#define RSA_F_RSA_PRINT_FP 116
#define RSA_F_RSA_SIGN 117
#define RSA_F_RSA_SIGN_ASN1_OCTET_STRING 118
#define RSA_F_RSA_VERIFY 119
#define RSA_F_RSA_VERIFY_ASN1_OCTET_STRING 120
+#define RSA_F_RSA_VERIFY_PKCS1_PSS 126
/* Reason codes. */
#define RSA_R_ALGORITHM_MISMATCH 100
@@ -344,9 +378,14 @@ void ERR_load_RSA_strings(void);
#define RSA_R_DMP1_NOT_CONGRUENT_TO_D 124
#define RSA_R_DMQ1_NOT_CONGRUENT_TO_D 125
#define RSA_R_D_E_NOT_CONGRUENT_TO_1 123
+#define RSA_R_FIRST_OCTET_INVALID 133
+#define RSA_R_INVALID_HEADER 137
#define RSA_R_INVALID_MESSAGE_LENGTH 131
+#define RSA_R_INVALID_PADDING 138
+#define RSA_R_INVALID_TRAILER 139
#define RSA_R_IQMP_NOT_INVERSE_OF_Q 126
#define RSA_R_KEY_SIZE_TOO_SMALL 120
+#define RSA_R_LAST_OCTET_INVALID 134
#define RSA_R_NULL_BEFORE_BLOCK_MISSING 113
#define RSA_R_N_DOES_NOT_EQUAL_P_Q 127
#define RSA_R_OAEP_DECODING_ERROR 121
@@ -354,6 +393,8 @@ void ERR_load_RSA_strings(void);
#define RSA_R_P_NOT_PRIME 128
#define RSA_R_Q_NOT_PRIME 129
#define RSA_R_RSA_OPERATIONS_NOT_SUPPORTED 130
+#define RSA_R_SLEN_CHECK_FAILED 136
+#define RSA_R_SLEN_RECOVERY_FAILED 135
#define RSA_R_SSLV3_ROLLBACK_ATTACK 115
#define RSA_R_THE_ASN1_OBJECT_IDENTIFIER_IS_NOT_KNOWN_FOR_THIS_MD 116
#define RSA_R_UNKNOWN_ALGORITHM_TYPE 117
diff --git a/lib/libcrypto/rsa/rsa_eay.c b/lib/libcrypto/rsa/rsa_eay.c
index d4caab3f953..be4ac96ce33 100644
--- a/lib/libcrypto/rsa/rsa_eay.c
+++ b/lib/libcrypto/rsa/rsa_eay.c
@@ -55,6 +55,59 @@
* copied and put under another distribution licence
* [including the GNU Public Licence.]
*/
+/* ====================================================================
+ * Copyright (c) 1998-2005 The OpenSSL Project. All rights reserved.
+ *
+ * Redistribution and use in source and binary forms, with or without
+ * modification, are permitted provided that the following conditions
+ * are met:
+ *
+ * 1. Redistributions of source code must retain the above copyright
+ * notice, this list of conditions and the following disclaimer.
+ *
+ * 2. Redistributions in binary form must reproduce the above copyright
+ * notice, this list of conditions and the following disclaimer in
+ * the documentation and/or other materials provided with the
+ * distribution.
+ *
+ * 3. All advertising materials mentioning features or use of this
+ * software must display the following acknowledgment:
+ * "This product includes software developed by the OpenSSL Project
+ * for use in the OpenSSL Toolkit. (http://www.openssl.org/)"
+ *
+ * 4. The names "OpenSSL Toolkit" and "OpenSSL Project" must not be used to
+ * endorse or promote products derived from this software without
+ * prior written permission. For written permission, please contact
+ * openssl-core@openssl.org.
+ *
+ * 5. Products derived from this software may not be called "OpenSSL"
+ * nor may "OpenSSL" appear in their names without prior written
+ * permission of the OpenSSL Project.
+ *
+ * 6. Redistributions of any form whatsoever must retain the following
+ * acknowledgment:
+ * "This product includes software developed by the OpenSSL Project
+ * for use in the OpenSSL Toolkit (http://www.openssl.org/)"
+ *
+ * THIS SOFTWARE IS PROVIDED BY THE OpenSSL PROJECT ``AS IS'' AND ANY
+ * EXPRESSED OR IMPLIED WARRANTIES, INCLUDING, BUT NOT LIMITED TO, THE
+ * IMPLIED WARRANTIES OF MERCHANTABILITY AND FITNESS FOR A PARTICULAR
+ * PURPOSE ARE DISCLAIMED. IN NO EVENT SHALL THE OpenSSL PROJECT OR
+ * ITS CONTRIBUTORS BE LIABLE FOR ANY DIRECT, INDIRECT, INCIDENTAL,
+ * SPECIAL, EXEMPLARY, OR CONSEQUENTIAL DAMAGES (INCLUDING, BUT
+ * NOT LIMITED TO, PROCUREMENT OF SUBSTITUTE GOODS OR SERVICES;
+ * LOSS OF USE, DATA, OR PROFITS; OR BUSINESS INTERRUPTION)
+ * HOWEVER CAUSED AND ON ANY THEORY OF LIABILITY, WHETHER IN CONTRACT,
+ * STRICT LIABILITY, OR TORT (INCLUDING NEGLIGENCE OR OTHERWISE)
+ * ARISING IN ANY WAY OUT OF THE USE OF THIS SOFTWARE, EVEN IF ADVISED
+ * OF THE POSSIBILITY OF SUCH DAMAGE.
+ * ====================================================================
+ *
+ * This product includes cryptographic software written by Eric Young
+ * (eay@cryptsoft.com). This product includes software written by Tim
+ * Hudson (tjh@cryptsoft.com).
+ *
+ */
#include <stdio.h>
#include "cryptlib.h"
@@ -145,30 +198,13 @@ static int RSA_eay_public_encrypt(int flen, const unsigned char *from,
goto err;
}
- if ((rsa->_method_mod_n == NULL) && (rsa->flags & RSA_FLAG_CACHE_PUBLIC))
+ if (rsa->flags & RSA_FLAG_CACHE_PUBLIC)
{
- BN_MONT_CTX* bn_mont_ctx;
- if ((bn_mont_ctx=BN_MONT_CTX_new()) == NULL)
- goto err;
- if (!BN_MONT_CTX_set(bn_mont_ctx,rsa->n,ctx))
- {
- BN_MONT_CTX_free(bn_mont_ctx);
+ if (!BN_MONT_CTX_set_locked(&rsa->_method_mod_n,
+ CRYPTO_LOCK_RSA, rsa->n, ctx))
goto err;
- }
- if (rsa->_method_mod_n == NULL) /* other thread may have finished first */
- {
- CRYPTO_w_lock(CRYPTO_LOCK_RSA);
- if (rsa->_method_mod_n == NULL)
- {
- rsa->_method_mod_n = bn_mont_ctx;
- bn_mont_ctx = NULL;
- }
- CRYPTO_w_unlock(CRYPTO_LOCK_RSA);
- }
- if (bn_mont_ctx)
- BN_MONT_CTX_free(bn_mont_ctx);
}
-
+
if (!rsa->meth->bn_mod_exp(&ret,&f,rsa->e,rsa->n,ctx,
rsa->_method_mod_n)) goto err;
@@ -249,7 +285,7 @@ err:
static int RSA_eay_private_encrypt(int flen, const unsigned char *from,
unsigned char *to, RSA *rsa, int padding)
{
- BIGNUM f,ret;
+ BIGNUM f,ret, *res;
int i,j,k,num=0,r= -1;
unsigned char *buf=NULL;
BN_CTX *ctx=NULL;
@@ -331,19 +367,43 @@ static int RSA_eay_private_encrypt(int flen, const unsigned char *from,
(rsa->dmp1 != NULL) &&
(rsa->dmq1 != NULL) &&
(rsa->iqmp != NULL)) )
- { if (!rsa->meth->rsa_mod_exp(&ret,&f,rsa)) goto err; }
+ {
+ if (!rsa->meth->rsa_mod_exp(&ret,&f,rsa)) goto err;
+ }
else
{
- if (!rsa->meth->bn_mod_exp(&ret,&f,rsa->d,rsa->n,ctx,NULL)) goto err;
+ BIGNUM local_d;
+ BIGNUM *d = NULL;
+
+ if (!(rsa->flags & RSA_FLAG_NO_EXP_CONSTTIME))
+ {
+ BN_init(&local_d);
+ d = &local_d;
+ BN_with_flags(d, rsa->d, BN_FLG_EXP_CONSTTIME);
+ }
+ else
+ d = rsa->d;
+ if (!rsa->meth->bn_mod_exp(&ret,&f,d,rsa->n,ctx,NULL)) goto err;
}
if (blinding)
if (!BN_BLINDING_invert(&ret, blinding, ctx)) goto err;
+ if (padding == RSA_X931_PADDING)
+ {
+ BN_sub(&f, rsa->n, &ret);
+ if (BN_cmp(&ret, &f))
+ res = &f;
+ else
+ res = &ret;
+ }
+ else
+ res = &ret;
+
/* put in leading 0 bytes if the number is less than the
* length of the modulus */
- j=BN_num_bytes(&ret);
- i=BN_bn2bin(&ret,&(to[num-j]));
+ j=BN_num_bytes(res);
+ i=BN_bn2bin(res,&(to[num-j]));
for (k=0; k<(num-i); k++)
to[k]=0;
@@ -444,10 +504,22 @@ static int RSA_eay_private_decrypt(int flen, const unsigned char *from,
(rsa->dmp1 != NULL) &&
(rsa->dmq1 != NULL) &&
(rsa->iqmp != NULL)) )
- { if (!rsa->meth->rsa_mod_exp(&ret,&f,rsa)) goto err; }
+ {
+ if (!rsa->meth->rsa_mod_exp(&ret,&f,rsa)) goto err;
+ }
else
{
- if (!rsa->meth->bn_mod_exp(&ret,&f,rsa->d,rsa->n,ctx,NULL))
+ BIGNUM local_d;
+ BIGNUM *d = NULL;
+
+ if (!(rsa->flags & RSA_FLAG_NO_EXP_CONSTTIME))
+ {
+ d = &local_d;
+ BN_with_flags(d, rsa->d, BN_FLG_EXP_CONSTTIME);
+ }
+ else
+ d = rsa->d;
+ if (!rsa->meth->bn_mod_exp(&ret,&f,d,rsa->n,ctx,NULL))
goto err;
}
@@ -534,33 +606,20 @@ static int RSA_eay_public_decrypt(int flen, const unsigned char *from,
}
/* do the decrypt */
- if ((rsa->_method_mod_n == NULL) && (rsa->flags & RSA_FLAG_CACHE_PUBLIC))
+
+ if (rsa->flags & RSA_FLAG_CACHE_PUBLIC)
{
- BN_MONT_CTX* bn_mont_ctx;
- if ((bn_mont_ctx=BN_MONT_CTX_new()) == NULL)
- goto err;
- if (!BN_MONT_CTX_set(bn_mont_ctx,rsa->n,ctx))
- {
- BN_MONT_CTX_free(bn_mont_ctx);
+ if (!BN_MONT_CTX_set_locked(&rsa->_method_mod_n,
+ CRYPTO_LOCK_RSA, rsa->n, ctx))
goto err;
- }
- if (rsa->_method_mod_n == NULL) /* other thread may have finished first */
- {
- CRYPTO_w_lock(CRYPTO_LOCK_RSA);
- if (rsa->_method_mod_n == NULL)
- {
- rsa->_method_mod_n = bn_mont_ctx;
- bn_mont_ctx = NULL;
- }
- CRYPTO_w_unlock(CRYPTO_LOCK_RSA);
- }
- if (bn_mont_ctx)
- BN_MONT_CTX_free(bn_mont_ctx);
}
-
+
if (!rsa->meth->bn_mod_exp(&ret,&f,rsa->e,rsa->n,ctx,
rsa->_method_mod_n)) goto err;
+ if ((padding == RSA_X931_PADDING) && ((ret.d[0] & 0xf) != 12))
+ BN_sub(&ret, rsa->n, &ret);
+
p=buf;
i=BN_bn2bin(&ret,p);
@@ -594,6 +653,8 @@ err:
static int RSA_eay_mod_exp(BIGNUM *r0, const BIGNUM *I, RSA *rsa)
{
BIGNUM r1,m1,vrfy;
+ BIGNUM local_dmp1, local_dmq1;
+ BIGNUM *dmp1, *dmq1;
int ret=0;
BN_CTX *ctx;
@@ -604,61 +665,34 @@ static int RSA_eay_mod_exp(BIGNUM *r0, const BIGNUM *I, RSA *rsa)
if (rsa->flags & RSA_FLAG_CACHE_PRIVATE)
{
- if (rsa->_method_mod_p == NULL)
- {
- BN_MONT_CTX* bn_mont_ctx;
- if ((bn_mont_ctx=BN_MONT_CTX_new()) == NULL)
- goto err;
- if (!BN_MONT_CTX_set(bn_mont_ctx,rsa->p,ctx))
- {
- BN_MONT_CTX_free(bn_mont_ctx);
- goto err;
- }
- if (rsa->_method_mod_p == NULL) /* other thread may have finished first */
- {
- CRYPTO_w_lock(CRYPTO_LOCK_RSA);
- if (rsa->_method_mod_p == NULL)
- {
- rsa->_method_mod_p = bn_mont_ctx;
- bn_mont_ctx = NULL;
- }
- CRYPTO_w_unlock(CRYPTO_LOCK_RSA);
- }
- if (bn_mont_ctx)
- BN_MONT_CTX_free(bn_mont_ctx);
- }
-
- if (rsa->_method_mod_q == NULL)
- {
- BN_MONT_CTX* bn_mont_ctx;
- if ((bn_mont_ctx=BN_MONT_CTX_new()) == NULL)
- goto err;
- if (!BN_MONT_CTX_set(bn_mont_ctx,rsa->q,ctx))
- {
- BN_MONT_CTX_free(bn_mont_ctx);
- goto err;
- }
- if (rsa->_method_mod_q == NULL) /* other thread may have finished first */
- {
- CRYPTO_w_lock(CRYPTO_LOCK_RSA);
- if (rsa->_method_mod_q == NULL)
- {
- rsa->_method_mod_q = bn_mont_ctx;
- bn_mont_ctx = NULL;
- }
- CRYPTO_w_unlock(CRYPTO_LOCK_RSA);
- }
- if (bn_mont_ctx)
- BN_MONT_CTX_free(bn_mont_ctx);
- }
+ if (!BN_MONT_CTX_set_locked(&rsa->_method_mod_p,
+ CRYPTO_LOCK_RSA, rsa->p, ctx))
+ goto err;
+ if (!BN_MONT_CTX_set_locked(&rsa->_method_mod_q,
+ CRYPTO_LOCK_RSA, rsa->q, ctx))
+ goto err;
}
-
+
if (!BN_mod(&r1,I,rsa->q,ctx)) goto err;
- if (!rsa->meth->bn_mod_exp(&m1,&r1,rsa->dmq1,rsa->q,ctx,
+ if (!(rsa->flags & RSA_FLAG_NO_EXP_CONSTTIME))
+ {
+ dmq1 = &local_dmq1;
+ BN_with_flags(dmq1, rsa->dmq1, BN_FLG_EXP_CONSTTIME);
+ }
+ else
+ dmq1 = rsa->dmq1;
+ if (!rsa->meth->bn_mod_exp(&m1,&r1,dmq1,rsa->q,ctx,
rsa->_method_mod_q)) goto err;
if (!BN_mod(&r1,I,rsa->p,ctx)) goto err;
- if (!rsa->meth->bn_mod_exp(r0,&r1,rsa->dmp1,rsa->p,ctx,
+ if (!(rsa->flags & RSA_FLAG_NO_EXP_CONSTTIME))
+ {
+ dmp1 = &local_dmp1;
+ BN_with_flags(dmp1, rsa->dmp1, BN_FLG_EXP_CONSTTIME);
+ }
+ else
+ dmp1 = rsa->dmp1;
+ if (!rsa->meth->bn_mod_exp(r0,&r1,dmp1,rsa->p,ctx,
rsa->_method_mod_p)) goto err;
if (!BN_sub(r0,r0,&m1)) goto err;
@@ -693,10 +727,23 @@ static int RSA_eay_mod_exp(BIGNUM *r0, const BIGNUM *I, RSA *rsa)
if (vrfy.neg)
if (!BN_add(&vrfy, &vrfy, rsa->n)) goto err;
if (!BN_is_zero(&vrfy))
+ {
/* 'I' and 'vrfy' aren't congruent mod n. Don't leak
* miscalculated CRT output, just do a raw (slower)
* mod_exp and return that instead. */
- if (!rsa->meth->bn_mod_exp(r0,I,rsa->d,rsa->n,ctx,NULL)) goto err;
+
+ BIGNUM local_d;
+ BIGNUM *d = NULL;
+
+ if (!(rsa->flags & RSA_FLAG_NO_EXP_CONSTTIME))
+ {
+ d = &local_d;
+ BN_with_flags(d, rsa->d, BN_FLG_EXP_CONSTTIME);
+ }
+ else
+ d = rsa->d;
+ if (!rsa->meth->bn_mod_exp(r0,I,d,rsa->n,ctx,NULL)) goto err;
+ }
}
ret=1;
err:
diff --git a/lib/libcrypto/rsa/rsa_err.c b/lib/libcrypto/rsa/rsa_err.c
index a7766c3b762..2ec4b30ff79 100644
--- a/lib/libcrypto/rsa/rsa_err.c
+++ b/lib/libcrypto/rsa/rsa_err.c
@@ -1,6 +1,6 @@
/* crypto/rsa/rsa_err.c */
/* ====================================================================
- * Copyright (c) 1999 The OpenSSL Project. All rights reserved.
+ * Copyright (c) 1999-2005 The OpenSSL Project. All rights reserved.
*
* Redistribution and use in source and binary forms, with or without
* modification, are permitted provided that the following conditions
@@ -64,70 +64,85 @@
/* BEGIN ERROR CODES */
#ifndef OPENSSL_NO_ERR
+
+#define ERR_FUNC(func) ERR_PACK(ERR_LIB_RSA,func,0)
+#define ERR_REASON(reason) ERR_PACK(ERR_LIB_RSA,0,reason)
+
static ERR_STRING_DATA RSA_str_functs[]=
{
-{ERR_PACK(0,RSA_F_MEMORY_LOCK,0), "MEMORY_LOCK"},
-{ERR_PACK(0,RSA_F_RSA_CHECK_KEY,0), "RSA_check_key"},
-{ERR_PACK(0,RSA_F_RSA_EAY_PRIVATE_DECRYPT,0), "RSA_EAY_PRIVATE_DECRYPT"},
-{ERR_PACK(0,RSA_F_RSA_EAY_PRIVATE_ENCRYPT,0), "RSA_EAY_PRIVATE_ENCRYPT"},
-{ERR_PACK(0,RSA_F_RSA_EAY_PUBLIC_DECRYPT,0), "RSA_EAY_PUBLIC_DECRYPT"},
-{ERR_PACK(0,RSA_F_RSA_EAY_PUBLIC_ENCRYPT,0), "RSA_EAY_PUBLIC_ENCRYPT"},
-{ERR_PACK(0,RSA_F_RSA_GENERATE_KEY,0), "RSA_generate_key"},
-{ERR_PACK(0,RSA_F_RSA_NEW_METHOD,0), "RSA_new_method"},
-{ERR_PACK(0,RSA_F_RSA_NULL,0), "RSA_NULL"},
-{ERR_PACK(0,RSA_F_RSA_PADDING_ADD_NONE,0), "RSA_padding_add_none"},
-{ERR_PACK(0,RSA_F_RSA_PADDING_ADD_PKCS1_OAEP,0), "RSA_padding_add_PKCS1_OAEP"},
-{ERR_PACK(0,RSA_F_RSA_PADDING_ADD_PKCS1_TYPE_1,0), "RSA_padding_add_PKCS1_type_1"},
-{ERR_PACK(0,RSA_F_RSA_PADDING_ADD_PKCS1_TYPE_2,0), "RSA_padding_add_PKCS1_type_2"},
-{ERR_PACK(0,RSA_F_RSA_PADDING_ADD_SSLV23,0), "RSA_padding_add_SSLv23"},
-{ERR_PACK(0,RSA_F_RSA_PADDING_CHECK_NONE,0), "RSA_padding_check_none"},
-{ERR_PACK(0,RSA_F_RSA_PADDING_CHECK_PKCS1_OAEP,0), "RSA_padding_check_PKCS1_OAEP"},
-{ERR_PACK(0,RSA_F_RSA_PADDING_CHECK_PKCS1_TYPE_1,0), "RSA_padding_check_PKCS1_type_1"},
-{ERR_PACK(0,RSA_F_RSA_PADDING_CHECK_PKCS1_TYPE_2,0), "RSA_padding_check_PKCS1_type_2"},
-{ERR_PACK(0,RSA_F_RSA_PADDING_CHECK_SSLV23,0), "RSA_padding_check_SSLv23"},
-{ERR_PACK(0,RSA_F_RSA_PRINT,0), "RSA_print"},
-{ERR_PACK(0,RSA_F_RSA_PRINT_FP,0), "RSA_print_fp"},
-{ERR_PACK(0,RSA_F_RSA_SIGN,0), "RSA_sign"},
-{ERR_PACK(0,RSA_F_RSA_SIGN_ASN1_OCTET_STRING,0), "RSA_sign_ASN1_OCTET_STRING"},
-{ERR_PACK(0,RSA_F_RSA_VERIFY,0), "RSA_verify"},
-{ERR_PACK(0,RSA_F_RSA_VERIFY_ASN1_OCTET_STRING,0), "RSA_verify_ASN1_OCTET_STRING"},
+{ERR_FUNC(RSA_F_MEMORY_LOCK), "MEMORY_LOCK"},
+{ERR_FUNC(RSA_F_RSA_CHECK_KEY), "RSA_check_key"},
+{ERR_FUNC(RSA_F_RSA_EAY_PRIVATE_DECRYPT), "RSA_EAY_PRIVATE_DECRYPT"},
+{ERR_FUNC(RSA_F_RSA_EAY_PRIVATE_ENCRYPT), "RSA_EAY_PRIVATE_ENCRYPT"},
+{ERR_FUNC(RSA_F_RSA_EAY_PUBLIC_DECRYPT), "RSA_EAY_PUBLIC_DECRYPT"},
+{ERR_FUNC(RSA_F_RSA_EAY_PUBLIC_ENCRYPT), "RSA_EAY_PUBLIC_ENCRYPT"},
+{ERR_FUNC(RSA_F_RSA_GENERATE_KEY), "RSA_generate_key"},
+{ERR_FUNC(RSA_F_RSA_NEW_METHOD), "RSA_new_method"},
+{ERR_FUNC(RSA_F_RSA_NULL), "RSA_NULL"},
+{ERR_FUNC(RSA_F_RSA_PADDING_ADD_NONE), "RSA_padding_add_none"},
+{ERR_FUNC(RSA_F_RSA_PADDING_ADD_PKCS1_OAEP), "RSA_padding_add_PKCS1_OAEP"},
+{ERR_FUNC(RSA_F_RSA_PADDING_ADD_PKCS1_PSS), "RSA_padding_add_PKCS1_PSS"},
+{ERR_FUNC(RSA_F_RSA_PADDING_ADD_PKCS1_TYPE_1), "RSA_padding_add_PKCS1_type_1"},
+{ERR_FUNC(RSA_F_RSA_PADDING_ADD_PKCS1_TYPE_2), "RSA_padding_add_PKCS1_type_2"},
+{ERR_FUNC(RSA_F_RSA_PADDING_ADD_SSLV23), "RSA_padding_add_SSLv23"},
+{ERR_FUNC(RSA_F_RSA_PADDING_ADD_X931), "RSA_padding_add_X931"},
+{ERR_FUNC(RSA_F_RSA_PADDING_CHECK_NONE), "RSA_padding_check_none"},
+{ERR_FUNC(RSA_F_RSA_PADDING_CHECK_PKCS1_OAEP), "RSA_padding_check_PKCS1_OAEP"},
+{ERR_FUNC(RSA_F_RSA_PADDING_CHECK_PKCS1_TYPE_1), "RSA_padding_check_PKCS1_type_1"},
+{ERR_FUNC(RSA_F_RSA_PADDING_CHECK_PKCS1_TYPE_2), "RSA_padding_check_PKCS1_type_2"},
+{ERR_FUNC(RSA_F_RSA_PADDING_CHECK_SSLV23), "RSA_padding_check_SSLv23"},
+{ERR_FUNC(RSA_F_RSA_PADDING_CHECK_X931), "RSA_padding_check_X931"},
+{ERR_FUNC(RSA_F_RSA_PRINT), "RSA_print"},
+{ERR_FUNC(RSA_F_RSA_PRINT_FP), "RSA_print_fp"},
+{ERR_FUNC(RSA_F_RSA_SIGN), "RSA_sign"},
+{ERR_FUNC(RSA_F_RSA_SIGN_ASN1_OCTET_STRING), "RSA_sign_ASN1_OCTET_STRING"},
+{ERR_FUNC(RSA_F_RSA_VERIFY), "RSA_verify"},
+{ERR_FUNC(RSA_F_RSA_VERIFY_ASN1_OCTET_STRING), "RSA_verify_ASN1_OCTET_STRING"},
+{ERR_FUNC(RSA_F_RSA_VERIFY_PKCS1_PSS), "RSA_verify_PKCS1_PSS"},
{0,NULL}
};
static ERR_STRING_DATA RSA_str_reasons[]=
{
-{RSA_R_ALGORITHM_MISMATCH ,"algorithm mismatch"},
-{RSA_R_BAD_E_VALUE ,"bad e value"},
-{RSA_R_BAD_FIXED_HEADER_DECRYPT ,"bad fixed header decrypt"},
-{RSA_R_BAD_PAD_BYTE_COUNT ,"bad pad byte count"},
-{RSA_R_BAD_SIGNATURE ,"bad signature"},
-{RSA_R_BLOCK_TYPE_IS_NOT_01 ,"block type is not 01"},
-{RSA_R_BLOCK_TYPE_IS_NOT_02 ,"block type is not 02"},
-{RSA_R_DATA_GREATER_THAN_MOD_LEN ,"data greater than mod len"},
-{RSA_R_DATA_TOO_LARGE ,"data too large"},
-{RSA_R_DATA_TOO_LARGE_FOR_KEY_SIZE ,"data too large for key size"},
-{RSA_R_DATA_TOO_LARGE_FOR_MODULUS ,"data too large for modulus"},
-{RSA_R_DATA_TOO_SMALL ,"data too small"},
-{RSA_R_DATA_TOO_SMALL_FOR_KEY_SIZE ,"data too small for key size"},
-{RSA_R_DIGEST_TOO_BIG_FOR_RSA_KEY ,"digest too big for rsa key"},
-{RSA_R_DMP1_NOT_CONGRUENT_TO_D ,"dmp1 not congruent to d"},
-{RSA_R_DMQ1_NOT_CONGRUENT_TO_D ,"dmq1 not congruent to d"},
-{RSA_R_D_E_NOT_CONGRUENT_TO_1 ,"d e not congruent to 1"},
-{RSA_R_INVALID_MESSAGE_LENGTH ,"invalid message length"},
-{RSA_R_IQMP_NOT_INVERSE_OF_Q ,"iqmp not inverse of q"},
-{RSA_R_KEY_SIZE_TOO_SMALL ,"key size too small"},
-{RSA_R_NULL_BEFORE_BLOCK_MISSING ,"null before block missing"},
-{RSA_R_N_DOES_NOT_EQUAL_P_Q ,"n does not equal p q"},
-{RSA_R_OAEP_DECODING_ERROR ,"oaep decoding error"},
-{RSA_R_PADDING_CHECK_FAILED ,"padding check failed"},
-{RSA_R_P_NOT_PRIME ,"p not prime"},
-{RSA_R_Q_NOT_PRIME ,"q not prime"},
-{RSA_R_RSA_OPERATIONS_NOT_SUPPORTED ,"rsa operations not supported"},
-{RSA_R_SSLV3_ROLLBACK_ATTACK ,"sslv3 rollback attack"},
-{RSA_R_THE_ASN1_OBJECT_IDENTIFIER_IS_NOT_KNOWN_FOR_THIS_MD,"the asn1 object identifier is not known for this md"},
-{RSA_R_UNKNOWN_ALGORITHM_TYPE ,"unknown algorithm type"},
-{RSA_R_UNKNOWN_PADDING_TYPE ,"unknown padding type"},
-{RSA_R_WRONG_SIGNATURE_LENGTH ,"wrong signature length"},
+{ERR_REASON(RSA_R_ALGORITHM_MISMATCH) ,"algorithm mismatch"},
+{ERR_REASON(RSA_R_BAD_E_VALUE) ,"bad e value"},
+{ERR_REASON(RSA_R_BAD_FIXED_HEADER_DECRYPT),"bad fixed header decrypt"},
+{ERR_REASON(RSA_R_BAD_PAD_BYTE_COUNT) ,"bad pad byte count"},
+{ERR_REASON(RSA_R_BAD_SIGNATURE) ,"bad signature"},
+{ERR_REASON(RSA_R_BLOCK_TYPE_IS_NOT_01) ,"block type is not 01"},
+{ERR_REASON(RSA_R_BLOCK_TYPE_IS_NOT_02) ,"block type is not 02"},
+{ERR_REASON(RSA_R_DATA_GREATER_THAN_MOD_LEN),"data greater than mod len"},
+{ERR_REASON(RSA_R_DATA_TOO_LARGE) ,"data too large"},
+{ERR_REASON(RSA_R_DATA_TOO_LARGE_FOR_KEY_SIZE),"data too large for key size"},
+{ERR_REASON(RSA_R_DATA_TOO_LARGE_FOR_MODULUS),"data too large for modulus"},
+{ERR_REASON(RSA_R_DATA_TOO_SMALL) ,"data too small"},
+{ERR_REASON(RSA_R_DATA_TOO_SMALL_FOR_KEY_SIZE),"data too small for key size"},
+{ERR_REASON(RSA_R_DIGEST_TOO_BIG_FOR_RSA_KEY),"digest too big for rsa key"},
+{ERR_REASON(RSA_R_DMP1_NOT_CONGRUENT_TO_D),"dmp1 not congruent to d"},
+{ERR_REASON(RSA_R_DMQ1_NOT_CONGRUENT_TO_D),"dmq1 not congruent to d"},
+{ERR_REASON(RSA_R_D_E_NOT_CONGRUENT_TO_1),"d e not congruent to 1"},
+{ERR_REASON(RSA_R_FIRST_OCTET_INVALID) ,"first octet invalid"},
+{ERR_REASON(RSA_R_INVALID_HEADER) ,"invalid header"},
+{ERR_REASON(RSA_R_INVALID_MESSAGE_LENGTH),"invalid message length"},
+{ERR_REASON(RSA_R_INVALID_PADDING) ,"invalid padding"},
+{ERR_REASON(RSA_R_INVALID_TRAILER) ,"invalid trailer"},
+{ERR_REASON(RSA_R_IQMP_NOT_INVERSE_OF_Q) ,"iqmp not inverse of q"},
+{ERR_REASON(RSA_R_KEY_SIZE_TOO_SMALL) ,"key size too small"},
+{ERR_REASON(RSA_R_LAST_OCTET_INVALID) ,"last octet invalid"},
+{ERR_REASON(RSA_R_NULL_BEFORE_BLOCK_MISSING),"null before block missing"},
+{ERR_REASON(RSA_R_N_DOES_NOT_EQUAL_P_Q) ,"n does not equal p q"},
+{ERR_REASON(RSA_R_OAEP_DECODING_ERROR) ,"oaep decoding error"},
+{ERR_REASON(RSA_R_SLEN_RECOVERY_FAILED) ,"salt length recovery failed"},
+{ERR_REASON(RSA_R_PADDING_CHECK_FAILED) ,"padding check failed"},
+{ERR_REASON(RSA_R_P_NOT_PRIME) ,"p not prime"},
+{ERR_REASON(RSA_R_Q_NOT_PRIME) ,"q not prime"},
+{ERR_REASON(RSA_R_RSA_OPERATIONS_NOT_SUPPORTED),"rsa operations not supported"},
+{ERR_REASON(RSA_R_SSLV3_ROLLBACK_ATTACK) ,"sslv3 rollback attack"},
+{ERR_REASON(RSA_R_THE_ASN1_OBJECT_IDENTIFIER_IS_NOT_KNOWN_FOR_THIS_MD),"the asn1 object identifier is not known for this md"},
+{ERR_REASON(RSA_R_UNKNOWN_ALGORITHM_TYPE),"unknown algorithm type"},
+{ERR_REASON(RSA_R_UNKNOWN_PADDING_TYPE) ,"unknown padding type"},
+{ERR_REASON(RSA_R_WRONG_SIGNATURE_LENGTH),"wrong signature length"},
+{ERR_REASON(RSA_R_SLEN_CHECK_FAILED) ,"salt length check failed"},
{0,NULL}
};
@@ -141,8 +156,8 @@ void ERR_load_RSA_strings(void)
{
init=0;
#ifndef OPENSSL_NO_ERR
- ERR_load_strings(ERR_LIB_RSA,RSA_str_functs);
- ERR_load_strings(ERR_LIB_RSA,RSA_str_reasons);
+ ERR_load_strings(0,RSA_str_functs);
+ ERR_load_strings(0,RSA_str_reasons);
#endif
}
diff --git a/lib/libcrypto/rsa/rsa_gen.c b/lib/libcrypto/rsa/rsa_gen.c
index adb5e34da56..dd1422cc98b 100644
--- a/lib/libcrypto/rsa/rsa_gen.c
+++ b/lib/libcrypto/rsa/rsa_gen.c
@@ -184,7 +184,8 @@ err:
RSAerr(RSA_F_RSA_GENERATE_KEY,ERR_LIB_BN);
ok=0;
}
- BN_CTX_end(ctx);
+ if (ctx != NULL)
+ BN_CTX_end(ctx);
BN_CTX_free(ctx);
BN_CTX_free(ctx2);
diff --git a/lib/libcrypto/rsa/rsa_oaep.c b/lib/libcrypto/rsa/rsa_oaep.c
index e3f7c608ec8..d43ecaca630 100644
--- a/lib/libcrypto/rsa/rsa_oaep.c
+++ b/lib/libcrypto/rsa/rsa_oaep.c
@@ -28,9 +28,6 @@
#include <openssl/rand.h>
#include <openssl/sha.h>
-int MGF1(unsigned char *mask, long len,
- const unsigned char *seed, long seedlen);
-
int RSA_padding_add_PKCS1_OAEP(unsigned char *to, int tlen,
const unsigned char *from, int flen,
const unsigned char *param, int plen)
@@ -76,11 +73,13 @@ int RSA_padding_add_PKCS1_OAEP(unsigned char *to, int tlen,
20);
#endif
- MGF1(dbmask, emlen - SHA_DIGEST_LENGTH, seed, SHA_DIGEST_LENGTH);
+ PKCS1_MGF1(dbmask, emlen - SHA_DIGEST_LENGTH, seed, SHA_DIGEST_LENGTH,
+ EVP_sha1());
for (i = 0; i < emlen - SHA_DIGEST_LENGTH; i++)
db[i] ^= dbmask[i];
- MGF1(seedmask, SHA_DIGEST_LENGTH, db, emlen - SHA_DIGEST_LENGTH);
+ PKCS1_MGF1(seedmask, SHA_DIGEST_LENGTH, db, emlen - SHA_DIGEST_LENGTH,
+ EVP_sha1());
for (i = 0; i < SHA_DIGEST_LENGTH; i++)
seed[i] ^= seedmask[i];
@@ -126,11 +125,11 @@ int RSA_padding_check_PKCS1_OAEP(unsigned char *to, int tlen,
return -1;
}
- MGF1(seed, SHA_DIGEST_LENGTH, maskeddb, dblen);
+ PKCS1_MGF1(seed, SHA_DIGEST_LENGTH, maskeddb, dblen, EVP_sha1());
for (i = lzero; i < SHA_DIGEST_LENGTH; i++)
seed[i] ^= from[i - lzero];
- MGF1(db, dblen, seed, SHA_DIGEST_LENGTH);
+ PKCS1_MGF1(db, dblen, seed, SHA_DIGEST_LENGTH, EVP_sha1());
for (i = 0; i < dblen; i++)
db[i] ^= maskeddb[i];
@@ -170,28 +169,30 @@ decoding_err:
return -1;
}
-int MGF1(unsigned char *mask, long len,
- const unsigned char *seed, long seedlen)
+int PKCS1_MGF1(unsigned char *mask, long len,
+ const unsigned char *seed, long seedlen, const EVP_MD *dgst)
{
long i, outlen = 0;
unsigned char cnt[4];
EVP_MD_CTX c;
- unsigned char md[SHA_DIGEST_LENGTH];
+ unsigned char md[EVP_MAX_MD_SIZE];
+ int mdlen;
EVP_MD_CTX_init(&c);
+ mdlen = EVP_MD_size(dgst);
for (i = 0; outlen < len; i++)
{
cnt[0] = (unsigned char)((i >> 24) & 255);
cnt[1] = (unsigned char)((i >> 16) & 255);
cnt[2] = (unsigned char)((i >> 8)) & 255;
cnt[3] = (unsigned char)(i & 255);
- EVP_DigestInit_ex(&c,EVP_sha1(), NULL);
+ EVP_DigestInit_ex(&c,dgst, NULL);
EVP_DigestUpdate(&c, seed, seedlen);
EVP_DigestUpdate(&c, cnt, 4);
- if (outlen + SHA_DIGEST_LENGTH <= len)
+ if (outlen + mdlen <= len)
{
EVP_DigestFinal_ex(&c, mask + outlen, NULL);
- outlen += SHA_DIGEST_LENGTH;
+ outlen += mdlen;
}
else
{
@@ -203,4 +204,9 @@ int MGF1(unsigned char *mask, long len,
EVP_MD_CTX_cleanup(&c);
return 0;
}
+
+int MGF1(unsigned char *mask, long len, const unsigned char *seed, long seedlen)
+ {
+ return PKCS1_MGF1(mask, len, seed, seedlen, EVP_sha1());
+ }
#endif
diff --git a/lib/libcrypto/rsa/rsa_test.c b/lib/libcrypto/rsa/rsa_test.c
index 924e9ad1f6c..218bb2a39bb 100644
--- a/lib/libcrypto/rsa/rsa_test.c
+++ b/lib/libcrypto/rsa/rsa_test.c
@@ -227,10 +227,10 @@ int main(int argc, char *argv[])
plen = sizeof(ptext_ex) - 1;
- for (v = 0; v < 3; v++)
+ for (v = 0; v < 6; v++)
{
key = RSA_new();
- switch (v) {
+ switch (v%3) {
case 0:
clen = key1(key, ctext_ex);
break;
@@ -241,6 +241,7 @@ int main(int argc, char *argv[])
clen = key3(key, ctext_ex);
break;
}
+ if (v/3 > 1) key->flags |= RSA_FLAG_NO_EXP_CONSTTIME;
num = RSA_public_encrypt(plen, ptext_ex, ctext, key,
RSA_PKCS1_PADDING);
diff --git a/lib/libcrypto/sha/sha1_one.c b/lib/libcrypto/sha/sha1_one.c
index 20e660c71df..f4694b701b2 100644
--- a/lib/libcrypto/sha/sha1_one.c
+++ b/lib/libcrypto/sha/sha1_one.c
@@ -61,14 +61,15 @@
#include <openssl/sha.h>
#include <openssl/crypto.h>
-#ifndef OPENSSL_NO_SHA1
+#if !defined(OPENSSL_NO_SHA1) && !defined(OPENSSL_FIPS)
unsigned char *SHA1(const unsigned char *d, unsigned long n, unsigned char *md)
{
SHA_CTX c;
static unsigned char m[SHA_DIGEST_LENGTH];
if (md == NULL) md=m;
- SHA1_Init(&c);
+ if (!SHA1_Init(&c))
+ return NULL;
SHA1_Update(&c,d,n);
SHA1_Final(md,&c);
OPENSSL_cleanse(&c,sizeof(c));
diff --git a/lib/libcrypto/sha/sha_one.c b/lib/libcrypto/sha/sha_one.c
index e61c63f3e99..d4f4d344df2 100644
--- a/lib/libcrypto/sha/sha_one.c
+++ b/lib/libcrypto/sha/sha_one.c
@@ -68,7 +68,8 @@ unsigned char *SHA(const unsigned char *d, unsigned long n, unsigned char *md)
static unsigned char m[SHA_DIGEST_LENGTH];
if (md == NULL) md=m;
- SHA_Init(&c);
+ if (!SHA_Init(&c))
+ return NULL;
SHA_Update(&c,d,n);
SHA_Final(md,&c);
OPENSSL_cleanse(&c,sizeof(c));
diff --git a/lib/libcrypto/stack/safestack.h b/lib/libcrypto/stack/safestack.h
index bd1121c279e..6010b7f122f 100644
--- a/lib/libcrypto/stack/safestack.h
+++ b/lib/libcrypto/stack/safestack.h
@@ -55,6 +55,9 @@
#ifndef HEADER_SAFESTACK_H
#define HEADER_SAFESTACK_H
+typedef void (*openssl_fptr)(void);
+#define openssl_fcast(f) ((openssl_fptr)f)
+
#include <openssl/stack.h>
#ifdef DEBUG_SAFESTACK
@@ -73,74 +76,74 @@ STACK_OF(type) \
/* SKM_sk_... stack macros are internal to safestack.h:
* never use them directly, use sk_<type>_... instead */
#define SKM_sk_new(type, cmp) \
- ((STACK_OF(type) * (*)(int (*)(const type * const *, const type * const *)))sk_new)(cmp)
+ ((STACK_OF(type) * (*)(int (*)(const type * const *, const type * const *)))openssl_fcast(sk_new))(cmp)
#define SKM_sk_new_null(type) \
- ((STACK_OF(type) * (*)(void))sk_new_null)()
+ ((STACK_OF(type) * (*)(void))openssl_fcast(sk_new_null))()
#define SKM_sk_free(type, st) \
- ((void (*)(STACK_OF(type) *))sk_free)(st)
+ ((void (*)(STACK_OF(type) *))openssl_fcast(sk_free))(st)
#define SKM_sk_num(type, st) \
- ((int (*)(const STACK_OF(type) *))sk_num)(st)
+ ((int (*)(const STACK_OF(type) *))openssl_fcast(sk_num))(st)
#define SKM_sk_value(type, st,i) \
- ((type * (*)(const STACK_OF(type) *, int))sk_value)(st, i)
+ ((type * (*)(const STACK_OF(type) *, int))openssl_fcast(sk_value))(st, i)
#define SKM_sk_set(type, st,i,val) \
- ((type * (*)(STACK_OF(type) *, int, type *))sk_set)(st, i, val)
+ ((type * (*)(STACK_OF(type) *, int, type *))openssl_fcast(sk_set))(st, i, val)
#define SKM_sk_zero(type, st) \
- ((void (*)(STACK_OF(type) *))sk_zero)(st)
+ ((void (*)(STACK_OF(type) *))openssl_fcast(sk_zero))(st)
#define SKM_sk_push(type, st,val) \
- ((int (*)(STACK_OF(type) *, type *))sk_push)(st, val)
+ ((int (*)(STACK_OF(type) *, type *))openssl_fcast(sk_push))(st, val)
#define SKM_sk_unshift(type, st,val) \
- ((int (*)(STACK_OF(type) *, type *))sk_unshift)(st, val)
+ ((int (*)(STACK_OF(type) *, type *))openssl_fcast(sk_unshift))(st, val)
#define SKM_sk_find(type, st,val) \
- ((int (*)(STACK_OF(type) *, type *))sk_find)(st, val)
+ ((int (*)(STACK_OF(type) *, type *))openssl_fcast(sk_find))(st, val)
#define SKM_sk_delete(type, st,i) \
- ((type * (*)(STACK_OF(type) *, int))sk_delete)(st, i)
+ ((type * (*)(STACK_OF(type) *, int))openssl_fcast(sk_delete))(st, i)
#define SKM_sk_delete_ptr(type, st,ptr) \
- ((type * (*)(STACK_OF(type) *, type *))sk_delete_ptr)(st, ptr)
+ ((type * (*)(STACK_OF(type) *, type *))openssl_fcast(sk_delete_ptr))(st, ptr)
#define SKM_sk_insert(type, st,val,i) \
- ((int (*)(STACK_OF(type) *, type *, int))sk_insert)(st, val, i)
+ ((int (*)(STACK_OF(type) *, type *, int))openssl_fcast(sk_insert))(st, val, i)
#define SKM_sk_set_cmp_func(type, st,cmp) \
((int (*(*)(STACK_OF(type) *, int (*)(const type * const *, const type * const *))) \
- (const type * const *, const type * const *))sk_set_cmp_func)\
+ (const type * const *, const type * const *))openssl_fcast(sk_set_cmp_func))\
(st, cmp)
#define SKM_sk_dup(type, st) \
- ((STACK_OF(type) *(*)(STACK_OF(type) *))sk_dup)(st)
+ ((STACK_OF(type) *(*)(STACK_OF(type) *))openssl_fcast(sk_dup))(st)
#define SKM_sk_pop_free(type, st,free_func) \
- ((void (*)(STACK_OF(type) *, void (*)(type *)))sk_pop_free)\
+ ((void (*)(STACK_OF(type) *, void (*)(type *)))openssl_fcast(sk_pop_free))\
(st, free_func)
#define SKM_sk_shift(type, st) \
- ((type * (*)(STACK_OF(type) *))sk_shift)(st)
+ ((type * (*)(STACK_OF(type) *))openssl_fcast(sk_shift))(st)
#define SKM_sk_pop(type, st) \
- ((type * (*)(STACK_OF(type) *))sk_pop)(st)
+ ((type * (*)(STACK_OF(type) *))openssl_fcast(sk_pop))(st)
#define SKM_sk_sort(type, st) \
- ((void (*)(STACK_OF(type) *))sk_sort)(st)
+ ((void (*)(STACK_OF(type) *))openssl_fcast(sk_sort))(st)
#define SKM_sk_is_sorted(type, st) \
- ((int (*)(const STACK_OF(type) *))sk_is_sorted)(st)
+ ((int (*)(const STACK_OF(type) *))openssl_fcast(sk_is_sorted))(st)
#define SKM_ASN1_SET_OF_d2i(type, st, pp, length, d2i_func, free_func, ex_tag, ex_class) \
((STACK_OF(type) * (*) (STACK_OF(type) **,unsigned char **, long , \
type *(*)(type **, unsigned char **,long), \
- void (*)(type *), int ,int )) d2i_ASN1_SET) \
+ void (*)(type *), int ,int )) openssl_fcast(d2i_ASN1_SET)) \
(st,pp,length, d2i_func, free_func, ex_tag,ex_class)
#define SKM_ASN1_SET_OF_i2d(type, st, pp, i2d_func, ex_tag, ex_class, is_set) \
((int (*)(STACK_OF(type) *,unsigned char **, \
- int (*)(type *,unsigned char **), int , int , int)) i2d_ASN1_SET) \
+ int (*)(type *,unsigned char **), int , int , int)) openssl_fcast(i2d_ASN1_SET)) \
(st,pp,i2d_func,ex_tag,ex_class,is_set)
#define SKM_ASN1_seq_pack(type, st, i2d_func, buf, len) \
((unsigned char *(*)(STACK_OF(type) *, \
- int (*)(type *,unsigned char **), unsigned char **,int *)) ASN1_seq_pack) \
+ int (*)(type *,unsigned char **), unsigned char **,int *)) openssl_fcast(ASN1_seq_pack)) \
(st, i2d_func, buf, len)
#define SKM_ASN1_seq_unpack(type, buf, len, d2i_func, free_func) \
((STACK_OF(type) * (*)(unsigned char *,int, \
type *(*)(type **,unsigned char **, long), \
- void (*)(type *)))ASN1_seq_unpack) \
+ void (*)(type *)))openssl_fcast(ASN1_seq_unpack)) \
(buf,len,d2i_func, free_func)
#define SKM_PKCS12_decrypt_d2i(type, algor, d2i_func, free_func, pass, passlen, oct, seq) \
((STACK_OF(type) * (*)(X509_ALGOR *, \
type *(*)(type **, unsigned char **, long), void (*)(type *), \
const char *, int, \
- ASN1_STRING *, int))PKCS12_decrypt_d2i) \
+ ASN1_STRING *, int))openssl_fcast(PKCS12_decrypt_d2i)) \
(algor,d2i_func,free_func,pass,passlen,oct,seq)
#else
diff --git a/lib/libcrypto/ui/ui_err.c b/lib/libcrypto/ui/ui_err.c
index 39a62ae7371..d983cdd66fa 100644
--- a/lib/libcrypto/ui/ui_err.c
+++ b/lib/libcrypto/ui/ui_err.c
@@ -1,6 +1,6 @@
/* crypto/ui/ui_err.c */
/* ====================================================================
- * Copyright (c) 1999 The OpenSSL Project. All rights reserved.
+ * Copyright (c) 1999-2005 The OpenSSL Project. All rights reserved.
*
* Redistribution and use in source and binary forms, with or without
* modification, are permitted provided that the following conditions
@@ -64,32 +64,36 @@
/* BEGIN ERROR CODES */
#ifndef OPENSSL_NO_ERR
+
+#define ERR_FUNC(func) ERR_PACK(ERR_LIB_UI,func,0)
+#define ERR_REASON(reason) ERR_PACK(ERR_LIB_UI,0,reason)
+
static ERR_STRING_DATA UI_str_functs[]=
{
-{ERR_PACK(0,UI_F_GENERAL_ALLOCATE_BOOLEAN,0), "GENERAL_ALLOCATE_BOOLEAN"},
-{ERR_PACK(0,UI_F_GENERAL_ALLOCATE_PROMPT,0), "GENERAL_ALLOCATE_PROMPT"},
-{ERR_PACK(0,UI_F_GENERAL_ALLOCATE_STRING,0), "GENERAL_ALLOCATE_STRING"},
-{ERR_PACK(0,UI_F_UI_CTRL,0), "UI_ctrl"},
-{ERR_PACK(0,UI_F_UI_DUP_ERROR_STRING,0), "UI_dup_error_string"},
-{ERR_PACK(0,UI_F_UI_DUP_INFO_STRING,0), "UI_dup_info_string"},
-{ERR_PACK(0,UI_F_UI_DUP_INPUT_BOOLEAN,0), "UI_dup_input_boolean"},
-{ERR_PACK(0,UI_F_UI_DUP_INPUT_STRING,0), "UI_dup_input_string"},
-{ERR_PACK(0,UI_F_UI_DUP_VERIFY_STRING,0), "UI_dup_verify_string"},
-{ERR_PACK(0,UI_F_UI_GET0_RESULT,0), "UI_get0_result"},
-{ERR_PACK(0,UI_F_UI_NEW_METHOD,0), "UI_new_method"},
-{ERR_PACK(0,UI_F_UI_SET_RESULT,0), "UI_set_result"},
+{ERR_FUNC(UI_F_GENERAL_ALLOCATE_BOOLEAN), "GENERAL_ALLOCATE_BOOLEAN"},
+{ERR_FUNC(UI_F_GENERAL_ALLOCATE_PROMPT), "GENERAL_ALLOCATE_PROMPT"},
+{ERR_FUNC(UI_F_GENERAL_ALLOCATE_STRING), "GENERAL_ALLOCATE_STRING"},
+{ERR_FUNC(UI_F_UI_CTRL), "UI_ctrl"},
+{ERR_FUNC(UI_F_UI_DUP_ERROR_STRING), "UI_dup_error_string"},
+{ERR_FUNC(UI_F_UI_DUP_INFO_STRING), "UI_dup_info_string"},
+{ERR_FUNC(UI_F_UI_DUP_INPUT_BOOLEAN), "UI_dup_input_boolean"},
+{ERR_FUNC(UI_F_UI_DUP_INPUT_STRING), "UI_dup_input_string"},
+{ERR_FUNC(UI_F_UI_DUP_VERIFY_STRING), "UI_dup_verify_string"},
+{ERR_FUNC(UI_F_UI_GET0_RESULT), "UI_get0_result"},
+{ERR_FUNC(UI_F_UI_NEW_METHOD), "UI_new_method"},
+{ERR_FUNC(UI_F_UI_SET_RESULT), "UI_set_result"},
{0,NULL}
};
static ERR_STRING_DATA UI_str_reasons[]=
{
-{UI_R_COMMON_OK_AND_CANCEL_CHARACTERS ,"common ok and cancel characters"},
-{UI_R_INDEX_TOO_LARGE ,"index too large"},
-{UI_R_INDEX_TOO_SMALL ,"index too small"},
-{UI_R_NO_RESULT_BUFFER ,"no result buffer"},
-{UI_R_RESULT_TOO_LARGE ,"result too large"},
-{UI_R_RESULT_TOO_SMALL ,"result too small"},
-{UI_R_UNKNOWN_CONTROL_COMMAND ,"unknown control command"},
+{ERR_REASON(UI_R_COMMON_OK_AND_CANCEL_CHARACTERS),"common ok and cancel characters"},
+{ERR_REASON(UI_R_INDEX_TOO_LARGE) ,"index too large"},
+{ERR_REASON(UI_R_INDEX_TOO_SMALL) ,"index too small"},
+{ERR_REASON(UI_R_NO_RESULT_BUFFER) ,"no result buffer"},
+{ERR_REASON(UI_R_RESULT_TOO_LARGE) ,"result too large"},
+{ERR_REASON(UI_R_RESULT_TOO_SMALL) ,"result too small"},
+{ERR_REASON(UI_R_UNKNOWN_CONTROL_COMMAND),"unknown control command"},
{0,NULL}
};
@@ -103,8 +107,8 @@ void ERR_load_UI_strings(void)
{
init=0;
#ifndef OPENSSL_NO_ERR
- ERR_load_strings(ERR_LIB_UI,UI_str_functs);
- ERR_load_strings(ERR_LIB_UI,UI_str_reasons);
+ ERR_load_strings(0,UI_str_functs);
+ ERR_load_strings(0,UI_str_reasons);
#endif
}
diff --git a/lib/libcrypto/util/libeay.num b/lib/libcrypto/util/libeay.num
index 56fb7446e04..4222bef6d6c 100644
--- a/lib/libcrypto/util/libeay.num
+++ b/lib/libcrypto/util/libeay.num
@@ -2811,7 +2811,7 @@ EVP_aes_192_cfb8 3252 EXIST::FUNCTION:AES
FIPS_mode_set 3253 EXIST:OPENSSL_FIPS:FUNCTION:
FIPS_selftest_dsa 3254 EXIST:OPENSSL_FIPS:FUNCTION:
EVP_aes_256_cfb8 3255 EXIST::FUNCTION:AES
-FIPS_allow_md5 3256 EXIST:OPENSSL_FIPS:FUNCTION:
+FIPS_allow_md5 3256 NOEXIST::FUNCTION:
DES_ede3_cfb_encrypt 3257 EXIST::FUNCTION:DES
EVP_des_ede3_cfb8 3258 EXIST::FUNCTION:DES
FIPS_rand_seeded 3259 EXIST:OPENSSL_FIPS:FUNCTION:
@@ -2837,7 +2837,7 @@ FIPS_dsa_check 3278 EXIST:OPENSSL_FIPS:FUNCTION:
AES_cfb1_encrypt 3279 EXIST::FUNCTION:AES
EVP_des_ede3_cfb1 3280 EXIST::FUNCTION:DES
FIPS_rand_check 3281 EXIST:OPENSSL_FIPS:FUNCTION:
-FIPS_md5_allowed 3282 EXIST:OPENSSL_FIPS:FUNCTION:
+FIPS_md5_allowed 3282 NOEXIST::FUNCTION:
FIPS_mode 3283 EXIST:OPENSSL_FIPS:FUNCTION:
FIPS_selftest_failed 3284 EXIST:OPENSSL_FIPS:FUNCTION:
sk_is_sorted 3285 EXIST::FUNCTION:
@@ -2867,3 +2867,41 @@ PROXY_CERT_INFO_EXTENSION_it 3307 EXIST:!EXPORT_VAR_AS_FUNCTION:VARIA
PROXY_CERT_INFO_EXTENSION_it 3307 EXIST:EXPORT_VAR_AS_FUNCTION:FUNCTION:
PROXY_POLICY_free 3308 EXIST::FUNCTION:
PROXY_POLICY_new 3309 EXIST::FUNCTION:
+BN_MONT_CTX_set_locked 3310 EXIST::FUNCTION:
+FIPS_selftest_rng 3311 EXIST:OPENSSL_FIPS:FUNCTION:
+EVP_sha384 3312 EXIST:OPENSSL_FIPS:FUNCTION:SHA,SHA512
+EVP_sha512 3313 EXIST:OPENSSL_FIPS:FUNCTION:SHA,SHA512
+EVP_sha224 3314 EXIST:OPENSSL_FIPS:FUNCTION:SHA,SHA256
+EVP_sha256 3315 EXIST:OPENSSL_FIPS:FUNCTION:SHA,SHA256
+FIPS_selftest_hmac 3316 EXIST:OPENSSL_FIPS:FUNCTION:
+FIPS_corrupt_rng 3317 EXIST:OPENSSL_FIPS:FUNCTION:
+BN_mod_exp_mont_consttime 3318 EXIST::FUNCTION:
+RSA_X931_hash_id 3319 EXIST::FUNCTION:RSA
+RSA_padding_check_X931 3320 EXIST::FUNCTION:RSA
+RSA_verify_PKCS1_PSS 3321 EXIST::FUNCTION:RSA
+RSA_padding_add_X931 3322 EXIST::FUNCTION:RSA
+RSA_padding_add_PKCS1_PSS 3323 EXIST::FUNCTION:RSA
+PKCS1_MGF1 3324 EXIST::FUNCTION:RSA
+BN_X931_generate_Xpq 3325 EXIST:OPENSSL_FIPS:FUNCTION:
+RSA_X931_generate_key 3326 EXIST:OPENSSL_FIPS:FUNCTION:RSA
+BN_X931_derive_prime 3327 EXIST:OPENSSL_FIPS:FUNCTION:
+BN_X931_generate_prime 3328 EXIST:OPENSSL_FIPS:FUNCTION:
+RSA_X931_derive 3329 EXIST:OPENSSL_FIPS:FUNCTION:RSA
+SHA512_Update 3356 EXIST:OPENSSL_FIPS:FUNCTION:SHA,SHA512
+SHA256_Init 3479 EXIST:OPENSSL_FIPS:FUNCTION:SHA,SHA256
+SHA224 3510 EXIST:OPENSSL_FIPS:FUNCTION:SHA,SHA256
+SHA384_Update 3551 EXIST:OPENSSL_FIPS:FUNCTION:SHA,SHA512
+SHA224_Final 3560 EXIST:OPENSSL_FIPS:FUNCTION:SHA,SHA256
+SHA224_Update 3562 EXIST:OPENSSL_FIPS:FUNCTION:SHA,SHA256
+SHA512_Final 3581 EXIST:OPENSSL_FIPS:FUNCTION:SHA,SHA512
+SHA224_Init 3631 EXIST:OPENSSL_FIPS:FUNCTION:SHA,SHA256
+SHA512_Init 3633 EXIST:OPENSSL_FIPS:FUNCTION:SHA,SHA512
+SHA256 3654 EXIST:OPENSSL_FIPS:FUNCTION:SHA,SHA256
+SHA256_Transform 3664 EXIST:OPENSSL_FIPS:FUNCTION:SHA,SHA256
+SHA512 3669 EXIST:OPENSSL_FIPS:FUNCTION:SHA,SHA512
+SHA512_Transform 3675 EXIST:OPENSSL_FIPS:FUNCTION:SHA,SHA512
+SHA256_Final 3712 EXIST:OPENSSL_FIPS:FUNCTION:SHA,SHA256
+SHA384_Init 3737 EXIST:OPENSSL_FIPS:FUNCTION:SHA,SHA512
+SHA384_Final 3740 EXIST:OPENSSL_FIPS:FUNCTION:SHA,SHA512
+SHA384 3745 EXIST:OPENSSL_FIPS:FUNCTION:SHA,SHA512
+SHA256_Update 3765 EXIST:OPENSSL_FIPS:FUNCTION:SHA,SHA256
diff --git a/lib/libcrypto/util/mk1mf.pl b/lib/libcrypto/util/mk1mf.pl
index 957264c6b54..05a60861645 100644
--- a/lib/libcrypto/util/mk1mf.pl
+++ b/lib/libcrypto/util/mk1mf.pl
@@ -10,6 +10,20 @@ $OPTIONS="";
$ssl_version="";
$banner="\t\@echo Building OpenSSL";
+local $zlib_opt = 0; # 0 = no zlib, 1 = static, 2 = dynamic
+local $zlib_lib = "";
+
+my $fips_canister_path = "";
+my $fips_premain_dso_exe_path = "";
+my $fips_premain_c_path = "";
+my $fips_sha1_exe_path = "";
+
+my $fipslibdir = "";
+my $baseaddr = "";
+
+my $ex_l_libs = "";
+
+
open(IN,"<Makefile") || die "unable to open Makefile!\n";
while(<IN>) {
$ssl_version=$1 if (/^VERSION=(.*)$/);
@@ -24,6 +38,7 @@ $infile="MINFO";
%ops=(
"VC-WIN32", "Microsoft Visual C++ [4-6] - Windows NT or 9X",
+ "VC-WIN32-GMAKE", "Microsoft Visual C++ [4-6] - Windows NT or 9X, GNU make",
"VC-CE", "Microsoft eMbedded Visual C++ 3.0 - Windows CE ONLY",
"VC-NT", "Microsoft Visual C++ [4-6] - Windows NT ONLY",
"VC-W31-16", "Microsoft Visual C++ 1.52 - Windows 3.1 - 286",
@@ -43,6 +58,7 @@ $infile="MINFO";
);
$platform="";
+my $xcflags="";
foreach (@ARGV)
{
if (!&read_options && !defined($ops{$_}))
@@ -104,8 +120,12 @@ $inc_def="outinc";
$tmp_def="tmp";
$mkdir="-mkdir";
+$mkcanister="ld -r -o";
+
+$ex_build_targets = "";
($ssl,$crypto)=("ssl","crypto");
+$cryptocompat = "";
$ranlib="echo ranlib";
$cc=(defined($VARS{'CC'}))?$VARS{'CC'}:'cc';
@@ -140,6 +160,10 @@ elsif (($platform eq "VC-WIN32") || ($platform eq "VC-NT"))
$NT = 1 if $platform eq "VC-NT";
require 'VC-32.pl';
}
+elsif ($platform eq "VC-WIN32-GMAKE")
+ {
+ require 'VC-32-GMAKE.pl';
+ }
elsif ($platform eq "VC-CE")
{
require 'VC-CE.pl';
@@ -210,6 +234,8 @@ $inc_dir=(defined($VARS{'INC'}))?$VARS{'INC'}:$inc_def;
$bin_dir=$bin_dir.$o unless ((substr($bin_dir,-1,1) eq $o) || ($bin_dir eq ''));
+$cflags= "$xcflags$cflags" if $xcflags ne "";
+
$cflags.=" -DOPENSSL_NO_IDEA" if $no_idea;
$cflags.=" -DOPENSSL_NO_AES" if $no_aes;
$cflags.=" -DOPENSSL_NO_RC2" if $no_rc2;
@@ -239,6 +265,9 @@ $cflags.=" -DOPENSSL_NO_HW" if $no_hw;
$cflags.=" -DOPENSSL_FIPS" if $fips;
#$cflags.=" -DRSAref" if $rsaref ne "";
+$cflags.= " -DZLIB" if $zlib_opt;
+$cflags.= " -DZLIB_SHARED" if $zlib_opt == 2;
+
## if ($unix)
## { $cflags="$c_flags" if ($c_flags ne ""); }
##else
@@ -246,6 +275,7 @@ $cflags.=" -DOPENSSL_FIPS" if $fips;
$ex_libs="$l_flags$ex_libs" if ($l_flags ne "");
+
%shlib_ex_cflags=("SSL" => " -DOPENSSL_BUILD_SHLIBSSL",
"CRYPTO" => " -DOPENSSL_BUILD_SHLIBCRYPTO");
@@ -262,6 +292,135 @@ $link="$bin_dir$link" if ($link !~ /^\$/);
$INSTALLTOP =~ s|/|$o|g;
+#############################################
+# We parse in input file and 'store' info for later printing.
+open(IN,"<$infile") || die "unable to open $infile:$!\n";
+$_=<IN>;
+for (;;)
+ {
+ chop;
+
+ ($key,$val)=/^([^=]+)=(.*)/;
+ if ($key eq "RELATIVE_DIRECTORY")
+ {
+ if ($lib ne "")
+ {
+ if ($fips && $dir =~ /^fips/)
+ {
+ $uc = "FIPS";
+ }
+ else
+ {
+ $uc=$lib;
+ $uc =~ s/^lib(.*)\.a/$1/;
+ $uc =~ tr/a-z/A-Z/;
+ }
+ if (($uc ne "FIPS") || $fips_canister_build)
+ {
+ $lib_nam{$uc}=$uc;
+ $lib_obj{$uc}.=$libobj." ";
+ }
+ }
+ last if ($val eq "FINISHED");
+ $lib="";
+ $libobj="";
+ $dir=$val;
+ }
+
+ if ($key eq "KRB5_INCLUDES")
+ { $cflags .= " $val";}
+
+ if ($key eq "ZLIB_INCLUDE")
+ { $cflags .= " $val" if $val ne "";}
+
+ if ($key eq "LIBZLIB")
+ { $zlib_lib = "$val" if $val ne "";}
+
+ if ($key eq "LIBKRB5")
+ { $ex_libs .= " $val" if $val ne "";}
+
+ if ($key eq "TEST")
+ { $test.=&var_add($dir,$val); }
+
+ if (($key eq "PROGS") || ($key eq "E_OBJ"))
+ { $e_exe.=&var_add($dir,$val); }
+
+ if ($key eq "LIB")
+ {
+ $lib=$val;
+ $lib =~ s/^.*\/([^\/]+)$/$1/;
+ }
+
+ if ($key eq "EXHEADER")
+ { $exheader.=&var_add($dir,$val); }
+
+ if ($key eq "HEADER")
+ { $header.=&var_add($dir,$val); }
+
+ if ($key eq "LIBOBJ")
+ { $libobj=&var_add($dir,$val); }
+
+ if ($key eq "FIPSLIBDIR")
+ { $fipslibdir=$val;}
+
+ if ($key eq "BASEADDR")
+ { $baseaddr=$val;}
+
+ if (!($_=<IN>))
+ { $_="RELATIVE_DIRECTORY=FINISHED\n"; }
+ }
+close(IN);
+
+if ($fips_canister_path eq "")
+ {
+ $fips_canister_path = "\$(FIPSLIB_D)${o}fipscanister.o";
+ }
+
+if ($fips_premain_c_path eq "")
+ {
+ $fips_premain_c_path = "\$(FIPSLIB_D)${o}fips_premain.c";
+ }
+
+if ($fips)
+ {
+ if ($fips_sha1_exe_path eq "")
+ {
+ $fips_sha1_exe_path =
+ "\$(BIN_D)${o}fips_standalone_sha1$exep";
+ }
+ }
+ else
+ {
+ $fips_sha1_exe_path = "";
+ }
+
+if ($fips_premain_dso_exe_path eq "")
+ {
+ $fips_premain_dso_exe_path = "\$(BIN_D)${o}fips_premain_dso$exep";
+ }
+
+# $ex_build_targets .= "\$(BIN_D)${o}\$(E_PREMAIN_DSO)$exep" if ($fips);
+
+if ($fips)
+ {
+ if (!$shlib)
+ {
+ $ex_build_targets .= " \$(LIB_D)$o$crypto_compat \$(PREMAIN_DSO_EXE)";
+ $ex_l_libs .= " \$(O_FIPSCANISTER)";
+ }
+ if ($fipslibdir eq "")
+ {
+ open (IN, "util/fipslib_path.txt") || fipslib_error();
+ $fipslibdir = <IN>;
+ chomp $fipslibdir;
+ close IN;
+ }
+ fips_check_files($fipslibdir,
+ "fipscanister.o", "fipscanister.o.sha1",
+ "fips_premain.c", "fips_premain.c.sha1");
+ }
+
+
$defs= <<"EOF";
# This makefile has been automatically generated from the OpenSSL distribution.
# This single makefile will build the complete OpenSSL distribution and
@@ -286,6 +445,7 @@ if ($platform eq "VC-CE")
!INCLUDE <\$(WCECOMPAT)/wcedefs.mak>
EOF
+ $ex_libs .= " $zlib_lib" if $zlib_opt == 1;
}
$defs.= <<"EOF";
@@ -308,6 +468,8 @@ EX_LIBS=$ex_libs
SRC_D=$src_dir
LINK=$link
+PERL=perl
+FIPSLINK=\$(PERL) util${o}fipslink.pl
LFLAGS=$lflags
BN_ASM_OBJ=$bn_asm_obj
@@ -339,6 +501,9 @@ TMP_D=$tmp_dir
INC_D=$inc_dir
INCO_D=$inc_dir${o}openssl
+# Directory containing FIPS module
+
+
CP=$cp
RM=$rm
RANLIB=$ranlib
@@ -346,6 +511,18 @@ MKDIR=$mkdir
MKLIB=$bin_dir$mklib
MLFLAGS=$mlflags
ASM=$bin_dir$asm
+MKCANISTER=$mkcanister
+
+# FIPS validated module and support file locations
+
+E_PREMAIN_DSO=fips_premain_dso
+
+FIPSLIB_D=$fipslibdir
+BASEADDR=$baseaddr
+FIPS_PREMAIN_SRC=$fips_premain_c_path
+O_FIPSCANISTER=$fips_canister_path
+FIPS_SHA1_EXE=$fips_sha1_exe_path
+PREMAIN_DSO_EXE=$fips_premain_dso_exe_path
######################################################
# You should not need to touch anything below this point
@@ -377,7 +554,7 @@ SO_CRYPTO= $plib\$(CRYPTO)$so_shlibp
L_SSL= \$(LIB_D)$o$plib\$(SSL)$libp
L_CRYPTO= \$(LIB_D)$o$plib\$(CRYPTO)$libp
-L_LIBS= \$(L_SSL) \$(L_CRYPTO)
+L_LIBS= \$(L_SSL) \$(L_CRYPTO) $ex_l_libs
######################################################
# Don't touch anything below this point
@@ -387,13 +564,13 @@ INC=-I\$(INC_D) -I\$(INCL_D)
APP_CFLAGS=\$(INC) \$(CFLAG) \$(APP_CFLAG)
LIB_CFLAGS=\$(INC) \$(CFLAG) \$(LIB_CFLAG)
SHLIB_CFLAGS=\$(INC) \$(CFLAG) \$(LIB_CFLAG) \$(SHLIB_CFLAG)
-LIBS_DEP=\$(O_CRYPTO) \$(O_SSL)
+LIBS_DEP=\$(O_CRYPTO) \$(O_SSL) $ex_libs_dep
#############################################
EOF
$rules=<<"EOF";
-all: banner \$(TMP_D) \$(BIN_D) \$(TEST_D) \$(LIB_D) \$(INCO_D) headers lib exe
+all: banner \$(TMP_D) \$(BIN_D) \$(TEST_D) \$(LIB_D) \$(INCO_D) headers \$(FIPS_SHA1_EXE) lib exe $ex_build_targets
banner:
$banner
@@ -479,57 +656,6 @@ printf OUT " #define DATE \"%s\"\n", scalar gmtime();
printf OUT "#endif\n";
close(OUT);
-#############################################
-# We parse in input file and 'store' info for later printing.
-open(IN,"<$infile") || die "unable to open $infile:$!\n";
-$_=<IN>;
-for (;;)
- {
- chop;
-
- ($key,$val)=/^([^=]+)=(.*)/;
- if ($key eq "RELATIVE_DIRECTORY")
- {
- if ($lib ne "")
- {
- $uc=$lib;
- $uc =~ s/^lib(.*)\.a/$1/;
- $uc =~ tr/a-z/A-Z/;
- $lib_nam{$uc}=$uc;
- $lib_obj{$uc}.=$libobj." ";
- }
- last if ($val eq "FINISHED");
- $lib="";
- $libobj="";
- $dir=$val;
- }
-
- if ($key eq "TEST")
- { $test.=&var_add($dir,$val); }
-
- if (($key eq "PROGS") || ($key eq "E_OBJ"))
- { $e_exe.=&var_add($dir,$val); }
-
- if ($key eq "LIB")
- {
- $lib=$val;
- $lib =~ s/^.*\/([^\/]+)$/$1/;
- }
-
- if ($key eq "EXHEADER")
- { $exheader.=&var_add($dir,$val); }
-
- if ($key eq "HEADER")
- { $header.=&var_add($dir,$val); }
-
- if ($key eq "LIBOBJ")
- { $libobj=&var_add($dir,$val); }
-
- if (!($_=<IN>))
- { $_="RELATIVE_DIRECTORY=FINISHED\n"; }
- }
-close(IN);
-
# Strip of trailing ' '
foreach (keys %lib_obj) { $lib_obj{$_}=&clean_up_ws($lib_obj{$_}); }
$test=&clean_up_ws($test);
@@ -554,6 +680,29 @@ $rules.=&do_compile_rule("\$(OBJ_D)",$test,"\$(APP_CFLAGS)");
$defs.=&do_defs("E_OBJ",$e_exe,"\$(OBJ_D)",$obj);
$rules.=&do_compile_rule("\$(OBJ_D)",$e_exe,'-DMONOLITH $(APP_CFLAGS)');
+# Special case rules for fips_start and fips_end fips_premain_dso
+
+if ($fips)
+ {
+ if ($fips_canister_build)
+ {
+ $rules.=&cc_compile_target("\$(OBJ_D)${o}fips_start$obj",
+ "fips-1.0${o}fips_canister.c",
+ "-DFIPS_START \$(SHLIB_CFLAGS)");
+ $rules.=&cc_compile_target("\$(OBJ_D)${o}fips_end$obj",
+ "fips-1.0${o}fips_canister.c", "\$(SHLIB_CFLAGS)");
+ }
+ $rules.=&cc_compile_target("\$(OBJ_D)${o}fips_standalone_sha1$obj",
+ "fips-1.0${o}sha${o}fips_standalone_sha1.c",
+ "\$(SHLIB_CFLAGS)");
+ $rules.=&cc_compile_target("\$(OBJ_D)${o}fips_sha1dgst$obj",
+ "fips-1.0${o}sha${o}fips_sha1dgst.c",
+ "\$(SHLIB_CFLAGS)") unless $fips_canister_build;
+ $rules.=&cc_compile_target("\$(OBJ_D)${o}\$(E_PREMAIN_DSO)$obj",
+ "fips-1.0${o}fips_premain.c",
+ "-DFINGERPRINT_PREMAIN_DSO_LOAD \$(SHLIB_CFLAGS)");
+ }
+
foreach (values %lib_nam)
{
$lib_obj=$lib_obj{$_};
@@ -630,16 +779,42 @@ foreach (split(/\s+/,$test))
}
$rules.= &do_lib_rule("\$(SSLOBJ)","\$(O_SSL)",$ssl,$shlib,"\$(SO_SSL)");
-$rules.= &do_lib_rule("\$(CRYPTOOBJ)","\$(O_CRYPTO)",$crypto,$shlib,"\$(SO_CRYPTO)");
+
if ($fips)
{
- $rules.=&do_link_rule("\$(BIN_D)$o\$(E_EXE)$exep","\$(E_OBJ)","\$(LIBS_DEP)","\$(L_LIBS) \$(EX_LIBS)","\$(BIN_D)$o.sha1","\$(BIN_D)$o\$(E_EXE)$exep");
+ if ($shlib)
+ {
+ $rules.= &do_lib_rule("\$(CRYPTOOBJ) \$(O_FIPSCANISTER)",
+ "\$(O_CRYPTO)",
+ "$crypto",
+ $shlib, "\$(SO_CRYPTO)", "\$(BASEADDR)");
+ }
+ else
+ {
+ $rules.= &do_lib_rule("\$(CRYPTOOBJ)",
+ "\$(O_CRYPTO)",$crypto,$shlib,"\$(SO_CRYPTO)", "");
+ $rules.= &do_lib_rule("\$(CRYPTOOBJ) \$(O_FIPSCANISTER)",
+ "\$(LIB_D)$o$crypto_compat",$crypto,$shlib,"\$(SO_CRYPTO)", "");
+ }
}
-else
+ else
{
- $rules.=&do_link_rule("\$(BIN_D)$o\$(E_EXE)$exep","\$(E_OBJ)","\$(LIBS_DEP)","\$(L_LIBS) \$(EX_LIBS)");
+ $rules.= &do_lib_rule("\$(CRYPTOOBJ)","\$(O_CRYPTO)",$crypto,$shlib,
+ "\$(SO_CRYPTO)");
}
+
+
+if ($fips)
+ {
+ $rules.= &do_rlink_rule("\$(O_FIPSCANISTER)", "\$(OBJ_D)${o}fips_start$obj \$(FIPSOBJ) \$(OBJ_D)${o}fips_end$obj", "\$(FIPSLIB_D)${o}fips_standalone_sha1$exep", "") if $fips_canister_build;
+ $rules.=&do_link_rule("\$(PREMAIN_DSO_EXE)","\$(OBJ_D)${o}\$(E_PREMAIN_DSO)$obj \$(CRYPTOOBJ) \$(O_FIPSCANISTER)","","\$(EX_LIBS)", 1);
+
+ $rules.=&do_link_rule("\$(FIPS_SHA1_EXE)","\$(OBJ_D)${o}fips_standalone_sha1$obj \$(OBJ_D)${o}fips_sha1dgst$obj","","", 1);
+ }
+
+ $rules.=&do_link_rule("\$(BIN_D)$o\$(E_EXE)$exep","\$(E_OBJ)","\$(LIBS_DEP)","\$(L_LIBS) \$(EX_LIBS)",0);
+
print $defs;
if ($platform eq "linux-elf") {
@@ -935,6 +1110,24 @@ sub read_options
elsif (/^shlib$/) { $shlib=1; }
elsif (/^dll$/) { $shlib=1; }
elsif (/^shared$/) { } # We just need to ignore it for now...
+ elsif (/^zlib$/) { $zlib_opt = 1 if $zlib_opt == 0 }
+ elsif (/^zlib-dynamic$/){ $zlib_opt = 2; }
+ elsif (/^--with-krb5-flavor=(.*)$/)
+ {
+ my $krb5_flavor = $1;
+ if ($krb5_flavor =~ /^force-[Hh]eimdal$/)
+ {
+ $xcflags="-DKRB5_HEIMDAL $xcflags";
+ }
+ elsif ($krb5_flavor =~ /^MIT/i)
+ {
+ $xcflags="-DKRB5_MIT $xcflags";
+ if ($krb5_flavor =~ /^MIT[._-]*1[._-]*[01]/i)
+ {
+ $xcflags="-DKRB5_MIT_OLD11 $xcflags"
+ }
+ }
+ }
elsif (/^([^=]*)=(.*)$/){ $VARS{$1}=$2; }
elsif (/^-[lL].*$/) { $l_flags.="$_ "; }
elsif ((!/^-help/) && (!/^-h/) && (!/^-\?/) && /^-.*$/)
@@ -942,3 +1135,31 @@ sub read_options
else { return(0); }
return(1);
}
+
+sub fipslib_error
+ {
+ print STDERR "***FIPS module directory sanity check failed***\n";
+ print STDERR "FIPS module build failed, or was deleted\n";
+ print STDERR "Please rebuild FIPS module.\n";
+ exit 1;
+ }
+
+sub fips_check_files
+ {
+ my $dir = shift @_;
+ my $ret = 1;
+ if (!-d $dir)
+ {
+ print STDERR "FIPS module directory $dir does not exist\n";
+ fipslib_error();
+ }
+ foreach (@_)
+ {
+ if (!-f "$dir${o}$_")
+ {
+ print STDERR "FIPS module file $_ does not exist!\n";
+ $ret = 0;
+ }
+ }
+ fipslib_error() if ($ret == 0);
+ }
diff --git a/lib/libcrypto/util/mkdef.pl b/lib/libcrypto/util/mkdef.pl
index 9918c3d549c..6c1e53bb146 100644
--- a/lib/libcrypto/util/mkdef.pl
+++ b/lib/libcrypto/util/mkdef.pl
@@ -83,7 +83,7 @@ my @known_platforms = ( "__FreeBSD__", "PERL5", "NeXT",
my @known_ossl_platforms = ( "VMS", "WIN16", "WIN32", "WINNT", "OS2" );
my @known_algorithms = ( "RC2", "RC4", "RC5", "IDEA", "DES", "BF",
"CAST", "MD2", "MD4", "MD5", "SHA", "SHA0", "SHA1",
- "RIPEMD",
+ "SHA256", "SHA512", "RIPEMD",
"MDC2", "RSA", "DSA", "DH", "EC", "HMAC", "AES",
# Envelope "algorithms"
"EVP", "X509", "ASN1_TYPEDEFS",
@@ -267,7 +267,7 @@ $crypto.=" crypto/ocsp/ocsp.h";
$crypto.=" crypto/ui/ui.h crypto/ui/ui_compat.h";
$crypto.=" crypto/krb5/krb5_asn.h";
$crypto.=" crypto/tmdiff.h";
-$crypto.=" fips/fips.h fips/rand/fips_rand.h";
+$crypto.=" fips-1.0/fips.h fips-1.0/rand/fips_rand.h fips-1.0/sha/fips_sha.h";
my $symhacks="crypto/symhacks.h";
@@ -864,6 +864,9 @@ sub do_defs
$a .= ",RSA" if($s =~ /PEM_Seal(Final|Init|Update)/);
$a .= ",RSA" if($s =~ /RSAPrivateKey/);
$a .= ",RSA" if($s =~ /SSLv23?_((client|server)_)?method/);
+ # SHA2 algorithms only defined in FIPS mode for
+ # OpenSSL 0.9.7
+ $p .= "OPENSSL_FIPS" if($s =~ /SHA[235]/);
$platform{$s} =
&reduce_platforms((defined($platform{$s})?$platform{$s}.',':"").$p);
@@ -1011,7 +1014,7 @@ sub is_valid
{
my ($keywords_txt,$platforms) = @_;
my (@keywords) = split /,/,$keywords_txt;
- my ($falsesum, $truesum) = (0, !grep(/^[^!]/,@keywords));
+ my ($falsesum, $truesum) = (0, 1);
# Param: one keyword
sub recognise
@@ -1079,7 +1082,7 @@ sub is_valid
if ($k =~ /^!(.*)$/) {
$falsesum += &recognise($1,$platforms);
} else {
- $truesum += &recognise($k,$platforms);
+ $truesum *= &recognise($k,$platforms);
}
}
print STDERR "DEBUG: [",$#keywords,",",$#keywords < 0,"] is_valid($keywords_txt) => (\!$falsesum) && $truesum = ",(!$falsesum) && $truesum,"\n" if $debug;
diff --git a/lib/libcrypto/util/mkerr.pl b/lib/libcrypto/util/mkerr.pl
index 60e534807eb..9678514604b 100644
--- a/lib/libcrypto/util/mkerr.pl
+++ b/lib/libcrypto/util/mkerr.pl
@@ -9,6 +9,9 @@ my $reindex = 0;
my $dowrite = 0;
my $staticloader = "";
+my $pack_errcode;
+my $load_errcode;
+
while (@ARGV) {
my $arg = $ARGV[0];
if($arg eq "-conf") {
@@ -41,8 +44,8 @@ while (@ARGV) {
}
if($recurse) {
- @source = (<crypto/*.c>, <crypto/*/*.c>, <ssl/*.c>, <fips/*.c>,
- <fips/*/*.c>);
+ @source = (<crypto/*.c>, <crypto/*/*.c>, <ssl/*.c>, <fips-1.0/*.c>,
+ <fips-1.0/*/*.c>);
} else {
@source = @ARGV;
}
@@ -399,6 +402,20 @@ EOF
$hincf = "\"$hfile\"";
}
+ # If static we know the error code at compile time so use it
+ # in error definitions.
+
+ if ($static)
+ {
+ $pack_errcode = "ERR_LIB_${lib}";
+ $load_errcode = "0";
+ }
+ else
+ {
+ $pack_errcode = "0";
+ $load_errcode = "ERR_LIB_${lib}";
+ }
+
open (OUT,">$cfile") || die "Can't open $cfile for writing";
@@ -469,6 +486,10 @@ EOF
/* BEGIN ERROR CODES */
#ifndef OPENSSL_NO_ERR
+
+#define ERR_FUNC(func) ERR_PACK($pack_errcode,func,0)
+#define ERR_REASON(reason) ERR_PACK($pack_errcode,0,reason)
+
static ERR_STRING_DATA ${lib}_str_functs[]=
{
EOF
@@ -480,7 +501,8 @@ EOF
if(exists $ftrans{$fn}) {
$fn = $ftrans{$fn};
}
- print OUT "{ERR_PACK(0,$i,0),\t\"$fn\"},\n";
+# print OUT "{ERR_PACK($pack_errcode,$i,0),\t\"$fn\"},\n";
+ print OUT "{ERR_FUNC($i),\t\"$fn\"},\n";
}
print OUT <<"EOF";
{0,NULL}
@@ -492,6 +514,7 @@ EOF
# Add each reason code.
foreach $i (@reasons) {
my $rn;
+ my $rstr = "ERR_REASON($i)";
my $nspc = 0;
if (exists $err_reason_strings{$i}) {
$rn = $err_reason_strings{$i};
@@ -500,9 +523,9 @@ EOF
$rn = $1;
$rn =~ tr/_[A-Z]/ [a-z]/;
}
- $nspc = 40 - length($i) unless length($i) > 40;
+ $nspc = 40 - length($rstr) unless length($rstr) > 40;
$nspc = " " x $nspc;
- print OUT "{${i}${nspc},\"$rn\"},\n";
+ print OUT "{${rstr}${nspc},\"$rn\"},\n";
}
if($static) {
print OUT <<"EOF";
@@ -519,8 +542,8 @@ ${staticloader}void ERR_load_${lib}_strings(void)
{
init=0;
#ifndef OPENSSL_NO_ERR
- ERR_load_strings(ERR_LIB_${lib},${lib}_str_functs);
- ERR_load_strings(ERR_LIB_${lib},${lib}_str_reasons);
+ ERR_load_strings($load_errcode,${lib}_str_functs);
+ ERR_load_strings($load_errcode,${lib}_str_reasons);
#endif
}
diff --git a/lib/libcrypto/util/mkfiles.pl b/lib/libcrypto/util/mkfiles.pl
index 928a274303d..bc78510f569 100644
--- a/lib/libcrypto/util/mkfiles.pl
+++ b/lib/libcrypto/util/mkfiles.pl
@@ -51,14 +51,15 @@ my @dirs = (
"crypto/ocsp",
"crypto/ui",
"crypto/krb5",
-"fips",
-"fips/aes",
-"fips/des",
-"fips/dsa",
-"fips/dh",
-"fips/rand",
-"fips/rsa",
-"fips/sha1",
+"fips-1.0",
+"fips-1.0/aes",
+"fips-1.0/des",
+"fips-1.0/dsa",
+"fips-1.0/dh",
+"fips-1.0/hmac",
+"fips-1.0/rand",
+"fips-1.0/rsa",
+"fips-1.0/sha",
"ssl",
"apps",
"test",
diff --git a/lib/libcrypto/util/mklink.pl b/lib/libcrypto/util/mklink.pl
index c8653cecc37..182732d9594 100644
--- a/lib/libcrypto/util/mklink.pl
+++ b/lib/libcrypto/util/mklink.pl
@@ -14,13 +14,16 @@
# not contain symbolic links and that the parent of / is never referenced.
# Apart from this, this script should be able to handle even the most
# pathological cases.
+#
+
+use Cwd;
my $from = shift;
my @files = @ARGV;
my @from_path = split(/[\\\/]/, $from);
-my $pwd = `pwd`;
-chop($pwd);
+my $pwd = getcwd();
+chomp($pwd);
my @pwd_path = split(/[\\\/]/, $pwd);
my @to_path = ();
diff --git a/lib/libcrypto/util/pl/BC-32.pl b/lib/libcrypto/util/pl/BC-32.pl
index 897ae9d8249..28869c868df 100644
--- a/lib/libcrypto/util/pl/BC-32.pl
+++ b/lib/libcrypto/util/pl/BC-32.pl
@@ -18,7 +18,7 @@ $out_def="out32";
$tmp_def="tmp32";
$inc_def="inc32";
#enable max error messages, disable most common warnings
-$cflags="-DWIN32_LEAN_AND_MEAN -q -w-aus -w-par -w-inl -c -tWC -tWM -DOPENSSL_SYSNAME_WIN32 -DL_ENDIAN -DDSO_WIN32 -D_stricmp=stricmp ";
+$cflags="-DWIN32_LEAN_AND_MEAN -q -w-ccc -w-rch -w-pia -w-aus -w-par -w-inl -c -tWC -tWM -DOPENSSL_SYSNAME_WIN32 -DL_ENDIAN -DDSO_WIN32 -D_stricmp=stricmp -D_strnicmp=strnicmp ";
if ($debug)
{
$cflags.="-Od -y -v -vi- -D_DEBUG";
@@ -51,7 +51,7 @@ $lfile='';
$shlib_ex_obj="";
$app_ex_obj="c0x32.obj";
-$asm='nasmw -f obj';
+$asm='nasmw -f obj -d__omf__';
$asm.=" /Zi" if $debug;
$afile='-o';
@@ -106,9 +106,13 @@ sub do_lib_rule
$ret.="$target: $objs\n";
if (!$shlib)
{
- # $ret.="\t\$(RM) \$(O_$Name)\n";
- $ret.="\techo LIB $<\n";
- $ret.="\t&\$(MKLIB) $lfile$target -+\$**\n";
+ $ret.=<<___;
+ -\$(RM) $lfile$target
+ \$(MKLIB) $lfile$target \@&&!
++\$(**: = &^
++)
+!
+___
}
else
{
diff --git a/lib/libcrypto/util/pl/OS2-EMX.pl b/lib/libcrypto/util/pl/OS2-EMX.pl
index 75d72ebbcbd..8dbeaa7a087 100644
--- a/lib/libcrypto/util/pl/OS2-EMX.pl
+++ b/lib/libcrypto/util/pl/OS2-EMX.pl
@@ -68,6 +68,7 @@ if (!$no_asm && !$fips)
$sha1_asm_src="crypto/sha/asm/s1-os2.asm";
$rmd160_asm_obj="crypto/ripemd/asm/rm-os2$obj";
$rmd160_asm_src="crypto/ripemd/asm/rm-os2.asm";
+ $cflags.=" -DBN_ASM -DMD5_ASM -DSHA1_ASM -DOPENSSL_BN_ASM_PART_WORDS";
}
if ($shlib)
diff --git a/lib/libcrypto/util/pl/VC-32.pl b/lib/libcrypto/util/pl/VC-32.pl
index cf689b9feb4..4e97dfa9aff 100644
--- a/lib/libcrypto/util/pl/VC-32.pl
+++ b/lib/libcrypto/util/pl/VC-32.pl
@@ -3,15 +3,28 @@
#
$ssl= "ssleay32";
-$crypto="libeay32";
+
+if ($fips && !$shlib)
+ {
+ $crypto="libeayfips32";
+ $crypto_compat = "libeaycompat32.lib";
+ }
+else
+ {
+ $crypto="libeay32";
+ }
$o='\\';
$cp='copy nul+'; # Timestamps get stuffed otherwise
$rm='del';
+$zlib_lib="zlib1.lib";
+
# C compiler stuff
$cc='cl';
-$cflags=' /MD /W3 /WX /G5 /Ox /O2 /Ob2 /Gs0 /GF /Gy /nologo -DOPENSSL_SYSNAME_WIN32 -DWIN32_LEAN_AND_MEAN -DL_ENDIAN -DDSO_WIN32';
+$cflags=' /MD /W3 /WX /Ox /O2 /Ob2 /Gs0 /GF /Gy /nologo -DOPENSSL_SYSNAME_WIN32 -DWIN32_LEAN_AND_MEAN -DL_ENDIAN -DDSO_WIN32';
+$cflags.=' -D_CRT_SECURE_NO_DEPRECATE'; # shut up VC8
+$cflags.=' -D_CRT_NONSTDC_NO_DEPRECATE'; # shut up VC8
$lflags="/nologo /subsystem:console /machine:I386 /opt:ref";
$mlflags='';
@@ -100,25 +113,56 @@ $cflags.=" /Fd$out_def";
sub do_lib_rule
{
- local($objs,$target,$name,$shlib)=@_;
+ local($objs,$target,$name,$shlib,$ign,$base_addr) = @_;
local($ret,$Name);
$taget =~ s/\//$o/g if $o ne '/';
($Name=$name) =~ tr/a-z/A-Z/;
+ my $base_arg;
+ if ($base_addr ne "")
+ {
+ $base_arg= " /base:$base_addr";
+ }
+ else
+ {
+ $base_arg = "";
+ }
+
# $target="\$(LIB_D)$o$target";
- $ret.="$target: $objs\n";
if (!$shlib)
{
# $ret.="\t\$(RM) \$(O_$Name)\n";
+ $ret.="$target: $objs\n";
$ex =' advapi32.lib';
+ $ex.=" \$(FIPSLIB_D)${o}_chkstk.o" if $fips && $target =~ /O_CRYPTO/;
$ret.="\t\$(MKLIB) $lfile$target @<<\n $objs $ex\n<<\n";
}
else
{
local($ex)=($target =~ /O_SSL/)?' $(L_CRYPTO)':'';
- $ex.=' wsock32.lib gdi32.lib advapi32.lib';
- $ret.="\t\$(LINK) \$(MLFLAGS) $efile$target /def:ms/${Name}.def @<<\n \$(SHLIB_EX_OBJ) $objs $ex\n<<\n";
+ $ex.=' wsock32.lib gdi32.lib advapi32.lib user32.lib';
+ $ex.=" $zlib_lib" if $zlib_opt == 1 && $target =~ /O_CRYPTO/;
+ if ($fips && $target =~ /O_CRYPTO/)
+ {
+ $ex.=" \$(FIPSLIB_D)${o}_chkstk.o";
+ $ret.="$target: $objs \$(PREMAIN_DSO_EXE)\n";
+ $ret.="\tSET FIPS_LINK=\$(LINK)\n";
+ $ret.="\tSET FIPS_CC=\$(CC)\n";
+ $ret.="\tSET FIPS_CC_ARGS=/Fo\$(OBJ_D)${o}fips_premain.obj \$(SHLIB_CFLAGS) -c\n";
+ $ret.="\tSET PREMAIN_DSO_EXE=\$(PREMAIN_DSO_EXE)\n";
+ $ret.="\tSET FIPS_SHA1_EXE=\$(FIPS_SHA1_EXE)\n";
+ $ret.="\tSET FIPS_TARGET=$target\n";
+ $ret.="\tSET FIPSLIB_D=\$(FIPSLIB_D)\n";
+ $ret.="\t\$(FIPSLINK) \$(MLFLAGS) $base_arg $efile$target ";
+ $ret.="/def:ms/${Name}.def @<<\n \$(SHLIB_EX_OBJ) $objs ";
+ $ret.="\$(OBJ_D)${o}fips_premain.obj $ex\n<<\n";
+ }
+ else
+ {
+ $ret.="$target: $objs\n";
+ $ret.="\t\$(LINK) \$(MLFLAGS) $base_arg $efile$target /def:ms/${Name}.def @<<\n \$(SHLIB_EX_OBJ) $objs $ex\n<<\n";
+ }
}
$ret.="\n";
return($ret);
@@ -126,20 +170,51 @@ sub do_lib_rule
sub do_link_rule
{
- local($target,$files,$dep_libs,$libs,$sha1file,$openssl)=@_;
+ local($target,$files,$dep_libs,$libs,$standalone)=@_;
local($ret,$_);
-
$file =~ s/\//$o/g if $o ne '/';
$n=&bname($targer);
$ret.="$target: $files $dep_libs\n";
- $ret.=" \$(LINK) \$(LFLAGS) $efile$target @<<\n";
- $ret.=" \$(APP_EX_OBJ) $files $libs\n<<\n";
- if (defined $sha1file)
+ if ($standalone)
+ {
+ $ret.=" \$(LINK) \$(LFLAGS) $efile$target @<<\n\t";
+ $ret.="\$(FIPSLIB_D)${o}_chkstk.o " if ($files =~ /O_FIPSCANISTER/);
+ $ret.="$files $libs\n<<\n";
+ }
+ elsif ($fips && !$shlib)
{
- $ret.=" $openssl sha1 -hmac etaonrishdlcupfm -binary $target > $sha1file";
+ $ret.="\tSET FIPS_LINK=\$(LINK)\n";
+ $ret.="\tSET FIPS_CC=\$(CC)\n";
+ $ret.="\tSET FIPS_CC_ARGS=/Fo\$(OBJ_D)${o}fips_premain.obj \$(SHLIB_CFLAGS) -c\n";
+ $ret.="\tSET PREMAIN_DSO_EXE=\n";
+ $ret.="\tSET FIPS_TARGET=$target\n";
+ $ret.="\tSET FIPS_SHA1_EXE=\$(FIPS_SHA1_EXE)\n";
+ $ret.="\tSET FIPSLIB_D=\$(FIPSLIB_D)\n";
+ $ret.=" \$(FIPSLINK) \$(LFLAGS) $efile$target @<<\n";
+ $ret.=" \$(APP_EX_OBJ) $files \$(OBJ_D)${o}fips_premain.obj $libs\n<<\n";
}
+ else
+ {
+ $ret.=" \$(LINK) \$(LFLAGS) $efile$target @<<\n";
+ $ret.=" \$(APP_EX_OBJ) $files $libs\n<<\n";
+ }
+ $ret.="\n";
+ return($ret);
+ }
+
+sub do_rlink_rule
+ {
+ local($target,$files,$dep_libs,$libs)=@_;
+ local($ret,$_);
+
+ $file =~ s/\//$o/g if $o ne '/';
+ $n=&bname($targer);
+ $ret.="$target: $files $dep_libs\n";
+ $ret.=" \$(MKCANISTER) $target <<\n";
+ $ret.="INPUT($files)\n<<\n";
$ret.="\n";
return($ret);
}
+
1;
diff --git a/lib/libcrypto/util/pod2man.pl b/lib/libcrypto/util/pod2man.pl
index 657e4e264e0..546d1ec1860 100644
--- a/lib/libcrypto/util/pod2man.pl
+++ b/lib/libcrypto/util/pod2man.pl
@@ -425,6 +425,7 @@ if ($name ne 'something') {
}
next if /^=cut\b/; # DB_File and Net::Ping have =cut before NAME
next if /^=pod\b/; # It is OK to have =pod before NAME
+ next if /^=for\s+comment\b/; # It is OK to have =for comment before NAME
die "$0: Invalid man page - 1st pod line is not NAME in $ARGV[0]\n" unless $lax;
}
die "$0: Invalid man page - no documentation in $ARGV[0]\n" unless $lax;
diff --git a/lib/libcrypto/util/selftest.pl b/lib/libcrypto/util/selftest.pl
index e9d5aa8938e..4778c5ab01d 100644
--- a/lib/libcrypto/util/selftest.pl
+++ b/lib/libcrypto/util/selftest.pl
@@ -49,7 +49,7 @@ if (open(IN,"<Makefile")) {
}
$cversion=`$cc -v 2>&1`;
-$cversion=`$cc -V 2>&1` if $cversion =~ "usage";
+$cversion=`$cc -V 2>&1` if $cversion =~ "[Uu]sage";
$cversion=`$cc -V |head -1` if $cversion =~ "Error";
$cversion=`$cc --version` if $cversion eq "";
$cversion =~ s/Reading specs.*\n//;
@@ -130,15 +130,21 @@ if (system("make 2>&1 | tee make.log") > 255) {
goto err;
}
-$_=$options;
-s/no-asm//;
-s/no-shared//;
-s/no-krb5//;
-if (/no-/)
-{
- print OUT "Test skipped.\n";
- goto err;
-}
+# Not sure why this is here. The tests themselves can detect if their
+# particular feature isn't included, and should therefore skip themselves.
+# To skip *all* tests just because one algorithm isn't included is like
+# shooting mosquito with an elephant gun...
+# -- Richard Levitte, inspired by problem report 1089
+#
+#$_=$options;
+#s/no-asm//;
+#s/no-shared//;
+#s/no-krb5//;
+#if (/no-/)
+#{
+# print OUT "Test skipped.\n";
+# goto err;
+#}
print "Running make test...\n";
if (system("make test 2>&1 | tee maketest.log") > 255)
diff --git a/lib/libcrypto/x509/by_dir.c b/lib/libcrypto/x509/by_dir.c
index 6207340472e..ea689aed1a2 100644
--- a/lib/libcrypto/x509/by_dir.c
+++ b/lib/libcrypto/x509/by_dir.c
@@ -114,7 +114,7 @@ static int dir_ctrl(X509_LOOKUP *ctx, int cmd, const char *argp, long argl,
{
int ret=0;
BY_DIR *ld;
- char *dir;
+ char *dir = NULL;
ld=(BY_DIR *)ctx->method_data;
@@ -123,17 +123,16 @@ static int dir_ctrl(X509_LOOKUP *ctx, int cmd, const char *argp, long argl,
case X509_L_ADD_DIR:
if (argl == X509_FILETYPE_DEFAULT)
{
- ret=add_cert_dir(ld,X509_get_default_cert_dir(),
- X509_FILETYPE_PEM);
+ dir=(char *)Getenv(X509_get_default_cert_dir_env());
+ if (dir)
+ ret=add_cert_dir(ld,dir,X509_FILETYPE_PEM);
+ else
+ ret=add_cert_dir(ld,X509_get_default_cert_dir(),
+ X509_FILETYPE_PEM);
if (!ret)
{
X509err(X509_F_DIR_CTRL,X509_R_LOADING_CERT_DIR);
}
- else
- {
- dir=(char *)Getenv(X509_get_default_cert_dir_env());
- ret=add_cert_dir(ld,dir,X509_FILETYPE_PEM);
- }
}
else
ret=add_cert_dir(ld,argp,(int)argl);
diff --git a/lib/libcrypto/x509/x509_err.c b/lib/libcrypto/x509/x509_err.c
index 5bbf4acf765..d44d0460277 100644
--- a/lib/libcrypto/x509/x509_err.c
+++ b/lib/libcrypto/x509/x509_err.c
@@ -1,6 +1,6 @@
/* crypto/x509/x509_err.c */
/* ====================================================================
- * Copyright (c) 1999 The OpenSSL Project. All rights reserved.
+ * Copyright (c) 1999-2005 The OpenSSL Project. All rights reserved.
*
* Redistribution and use in source and binary forms, with or without
* modification, are permitted provided that the following conditions
@@ -64,77 +64,81 @@
/* BEGIN ERROR CODES */
#ifndef OPENSSL_NO_ERR
+
+#define ERR_FUNC(func) ERR_PACK(ERR_LIB_X509,func,0)
+#define ERR_REASON(reason) ERR_PACK(ERR_LIB_X509,0,reason)
+
static ERR_STRING_DATA X509_str_functs[]=
{
-{ERR_PACK(0,X509_F_ADD_CERT_DIR,0), "ADD_CERT_DIR"},
-{ERR_PACK(0,X509_F_BY_FILE_CTRL,0), "BY_FILE_CTRL"},
-{ERR_PACK(0,X509_F_DIR_CTRL,0), "DIR_CTRL"},
-{ERR_PACK(0,X509_F_GET_CERT_BY_SUBJECT,0), "GET_CERT_BY_SUBJECT"},
-{ERR_PACK(0,X509_F_NETSCAPE_SPKI_B64_DECODE,0), "NETSCAPE_SPKI_b64_decode"},
-{ERR_PACK(0,X509_F_NETSCAPE_SPKI_B64_ENCODE,0), "NETSCAPE_SPKI_b64_encode"},
-{ERR_PACK(0,X509_F_X509V3_ADD_EXT,0), "X509v3_add_ext"},
-{ERR_PACK(0,X509_F_X509_ADD_ATTR,0), "X509_ADD_ATTR"},
-{ERR_PACK(0,X509_F_X509_ATTRIBUTE_CREATE_BY_NID,0), "X509_ATTRIBUTE_create_by_NID"},
-{ERR_PACK(0,X509_F_X509_ATTRIBUTE_CREATE_BY_OBJ,0), "X509_ATTRIBUTE_create_by_OBJ"},
-{ERR_PACK(0,X509_F_X509_ATTRIBUTE_CREATE_BY_TXT,0), "X509_ATTRIBUTE_create_by_txt"},
-{ERR_PACK(0,X509_F_X509_ATTRIBUTE_GET0_DATA,0), "X509_ATTRIBUTE_get0_data"},
-{ERR_PACK(0,X509_F_X509_ATTRIBUTE_SET1_DATA,0), "X509_ATTRIBUTE_set1_data"},
-{ERR_PACK(0,X509_F_X509_CHECK_PRIVATE_KEY,0), "X509_check_private_key"},
-{ERR_PACK(0,X509_F_X509_EXTENSION_CREATE_BY_NID,0), "X509_EXTENSION_create_by_NID"},
-{ERR_PACK(0,X509_F_X509_EXTENSION_CREATE_BY_OBJ,0), "X509_EXTENSION_create_by_OBJ"},
-{ERR_PACK(0,X509_F_X509_GET_PUBKEY_PARAMETERS,0), "X509_get_pubkey_parameters"},
-{ERR_PACK(0,X509_F_X509_LOAD_CERT_CRL_FILE,0), "X509_load_cert_crl_file"},
-{ERR_PACK(0,X509_F_X509_LOAD_CERT_FILE,0), "X509_load_cert_file"},
-{ERR_PACK(0,X509_F_X509_LOAD_CRL_FILE,0), "X509_load_crl_file"},
-{ERR_PACK(0,X509_F_X509_NAME_ADD_ENTRY,0), "X509_NAME_add_entry"},
-{ERR_PACK(0,X509_F_X509_NAME_ENTRY_CREATE_BY_NID,0), "X509_NAME_ENTRY_create_by_NID"},
-{ERR_PACK(0,X509_F_X509_NAME_ENTRY_CREATE_BY_TXT,0), "X509_NAME_ENTRY_create_by_txt"},
-{ERR_PACK(0,X509_F_X509_NAME_ENTRY_SET_OBJECT,0), "X509_NAME_ENTRY_set_object"},
-{ERR_PACK(0,X509_F_X509_NAME_ONELINE,0), "X509_NAME_oneline"},
-{ERR_PACK(0,X509_F_X509_NAME_PRINT,0), "X509_NAME_print"},
-{ERR_PACK(0,X509_F_X509_PRINT_FP,0), "X509_print_fp"},
-{ERR_PACK(0,X509_F_X509_PUBKEY_GET,0), "X509_PUBKEY_get"},
-{ERR_PACK(0,X509_F_X509_PUBKEY_SET,0), "X509_PUBKEY_set"},
-{ERR_PACK(0,X509_F_X509_REQ_PRINT,0), "X509_REQ_print"},
-{ERR_PACK(0,X509_F_X509_REQ_PRINT_FP,0), "X509_REQ_print_fp"},
-{ERR_PACK(0,X509_F_X509_REQ_TO_X509,0), "X509_REQ_to_X509"},
-{ERR_PACK(0,X509_F_X509_STORE_ADD_CERT,0), "X509_STORE_add_cert"},
-{ERR_PACK(0,X509_F_X509_STORE_ADD_CRL,0), "X509_STORE_add_crl"},
-{ERR_PACK(0,X509_F_X509_STORE_CTX_INIT,0), "X509_STORE_CTX_init"},
-{ERR_PACK(0,X509_F_X509_STORE_CTX_NEW,0), "X509_STORE_CTX_new"},
-{ERR_PACK(0,X509_F_X509_STORE_CTX_PURPOSE_INHERIT,0), "X509_STORE_CTX_purpose_inherit"},
-{ERR_PACK(0,X509_F_X509_TO_X509_REQ,0), "X509_to_X509_REQ"},
-{ERR_PACK(0,X509_F_X509_TRUST_ADD,0), "X509_TRUST_add"},
-{ERR_PACK(0,X509_F_X509_TRUST_SET,0), "X509_TRUST_set"},
-{ERR_PACK(0,X509_F_X509_VERIFY_CERT,0), "X509_verify_cert"},
+{ERR_FUNC(X509_F_ADD_CERT_DIR), "ADD_CERT_DIR"},
+{ERR_FUNC(X509_F_BY_FILE_CTRL), "BY_FILE_CTRL"},
+{ERR_FUNC(X509_F_DIR_CTRL), "DIR_CTRL"},
+{ERR_FUNC(X509_F_GET_CERT_BY_SUBJECT), "GET_CERT_BY_SUBJECT"},
+{ERR_FUNC(X509_F_NETSCAPE_SPKI_B64_DECODE), "NETSCAPE_SPKI_b64_decode"},
+{ERR_FUNC(X509_F_NETSCAPE_SPKI_B64_ENCODE), "NETSCAPE_SPKI_b64_encode"},
+{ERR_FUNC(X509_F_X509V3_ADD_EXT), "X509v3_add_ext"},
+{ERR_FUNC(X509_F_X509_ADD_ATTR), "X509_ADD_ATTR"},
+{ERR_FUNC(X509_F_X509_ATTRIBUTE_CREATE_BY_NID), "X509_ATTRIBUTE_create_by_NID"},
+{ERR_FUNC(X509_F_X509_ATTRIBUTE_CREATE_BY_OBJ), "X509_ATTRIBUTE_create_by_OBJ"},
+{ERR_FUNC(X509_F_X509_ATTRIBUTE_CREATE_BY_TXT), "X509_ATTRIBUTE_create_by_txt"},
+{ERR_FUNC(X509_F_X509_ATTRIBUTE_GET0_DATA), "X509_ATTRIBUTE_get0_data"},
+{ERR_FUNC(X509_F_X509_ATTRIBUTE_SET1_DATA), "X509_ATTRIBUTE_set1_data"},
+{ERR_FUNC(X509_F_X509_CHECK_PRIVATE_KEY), "X509_check_private_key"},
+{ERR_FUNC(X509_F_X509_EXTENSION_CREATE_BY_NID), "X509_EXTENSION_create_by_NID"},
+{ERR_FUNC(X509_F_X509_EXTENSION_CREATE_BY_OBJ), "X509_EXTENSION_create_by_OBJ"},
+{ERR_FUNC(X509_F_X509_GET_PUBKEY_PARAMETERS), "X509_get_pubkey_parameters"},
+{ERR_FUNC(X509_F_X509_LOAD_CERT_CRL_FILE), "X509_load_cert_crl_file"},
+{ERR_FUNC(X509_F_X509_LOAD_CERT_FILE), "X509_load_cert_file"},
+{ERR_FUNC(X509_F_X509_LOAD_CRL_FILE), "X509_load_crl_file"},
+{ERR_FUNC(X509_F_X509_NAME_ADD_ENTRY), "X509_NAME_add_entry"},
+{ERR_FUNC(X509_F_X509_NAME_ENTRY_CREATE_BY_NID), "X509_NAME_ENTRY_create_by_NID"},
+{ERR_FUNC(X509_F_X509_NAME_ENTRY_CREATE_BY_TXT), "X509_NAME_ENTRY_create_by_txt"},
+{ERR_FUNC(X509_F_X509_NAME_ENTRY_SET_OBJECT), "X509_NAME_ENTRY_set_object"},
+{ERR_FUNC(X509_F_X509_NAME_ONELINE), "X509_NAME_oneline"},
+{ERR_FUNC(X509_F_X509_NAME_PRINT), "X509_NAME_print"},
+{ERR_FUNC(X509_F_X509_PRINT_FP), "X509_print_fp"},
+{ERR_FUNC(X509_F_X509_PUBKEY_GET), "X509_PUBKEY_get"},
+{ERR_FUNC(X509_F_X509_PUBKEY_SET), "X509_PUBKEY_set"},
+{ERR_FUNC(X509_F_X509_REQ_PRINT), "X509_REQ_print"},
+{ERR_FUNC(X509_F_X509_REQ_PRINT_FP), "X509_REQ_print_fp"},
+{ERR_FUNC(X509_F_X509_REQ_TO_X509), "X509_REQ_to_X509"},
+{ERR_FUNC(X509_F_X509_STORE_ADD_CERT), "X509_STORE_add_cert"},
+{ERR_FUNC(X509_F_X509_STORE_ADD_CRL), "X509_STORE_add_crl"},
+{ERR_FUNC(X509_F_X509_STORE_CTX_INIT), "X509_STORE_CTX_init"},
+{ERR_FUNC(X509_F_X509_STORE_CTX_NEW), "X509_STORE_CTX_new"},
+{ERR_FUNC(X509_F_X509_STORE_CTX_PURPOSE_INHERIT), "X509_STORE_CTX_purpose_inherit"},
+{ERR_FUNC(X509_F_X509_TO_X509_REQ), "X509_to_X509_REQ"},
+{ERR_FUNC(X509_F_X509_TRUST_ADD), "X509_TRUST_add"},
+{ERR_FUNC(X509_F_X509_TRUST_SET), "X509_TRUST_set"},
+{ERR_FUNC(X509_F_X509_VERIFY_CERT), "X509_verify_cert"},
{0,NULL}
};
static ERR_STRING_DATA X509_str_reasons[]=
{
-{X509_R_BAD_X509_FILETYPE ,"bad x509 filetype"},
-{X509_R_BASE64_DECODE_ERROR ,"base64 decode error"},
-{X509_R_CANT_CHECK_DH_KEY ,"cant check dh key"},
-{X509_R_CERT_ALREADY_IN_HASH_TABLE ,"cert already in hash table"},
-{X509_R_ERR_ASN1_LIB ,"err asn1 lib"},
-{X509_R_INVALID_DIRECTORY ,"invalid directory"},
-{X509_R_INVALID_FIELD_NAME ,"invalid field name"},
-{X509_R_INVALID_TRUST ,"invalid trust"},
-{X509_R_KEY_TYPE_MISMATCH ,"key type mismatch"},
-{X509_R_KEY_VALUES_MISMATCH ,"key values mismatch"},
-{X509_R_LOADING_CERT_DIR ,"loading cert dir"},
-{X509_R_LOADING_DEFAULTS ,"loading defaults"},
-{X509_R_NO_CERT_SET_FOR_US_TO_VERIFY ,"no cert set for us to verify"},
-{X509_R_SHOULD_RETRY ,"should retry"},
-{X509_R_UNABLE_TO_FIND_PARAMETERS_IN_CHAIN,"unable to find parameters in chain"},
-{X509_R_UNABLE_TO_GET_CERTS_PUBLIC_KEY ,"unable to get certs public key"},
-{X509_R_UNKNOWN_KEY_TYPE ,"unknown key type"},
-{X509_R_UNKNOWN_NID ,"unknown nid"},
-{X509_R_UNKNOWN_PURPOSE_ID ,"unknown purpose id"},
-{X509_R_UNKNOWN_TRUST_ID ,"unknown trust id"},
-{X509_R_UNSUPPORTED_ALGORITHM ,"unsupported algorithm"},
-{X509_R_WRONG_LOOKUP_TYPE ,"wrong lookup type"},
-{X509_R_WRONG_TYPE ,"wrong type"},
+{ERR_REASON(X509_R_BAD_X509_FILETYPE) ,"bad x509 filetype"},
+{ERR_REASON(X509_R_BASE64_DECODE_ERROR) ,"base64 decode error"},
+{ERR_REASON(X509_R_CANT_CHECK_DH_KEY) ,"cant check dh key"},
+{ERR_REASON(X509_R_CERT_ALREADY_IN_HASH_TABLE),"cert already in hash table"},
+{ERR_REASON(X509_R_ERR_ASN1_LIB) ,"err asn1 lib"},
+{ERR_REASON(X509_R_INVALID_DIRECTORY) ,"invalid directory"},
+{ERR_REASON(X509_R_INVALID_FIELD_NAME) ,"invalid field name"},
+{ERR_REASON(X509_R_INVALID_TRUST) ,"invalid trust"},
+{ERR_REASON(X509_R_KEY_TYPE_MISMATCH) ,"key type mismatch"},
+{ERR_REASON(X509_R_KEY_VALUES_MISMATCH) ,"key values mismatch"},
+{ERR_REASON(X509_R_LOADING_CERT_DIR) ,"loading cert dir"},
+{ERR_REASON(X509_R_LOADING_DEFAULTS) ,"loading defaults"},
+{ERR_REASON(X509_R_NO_CERT_SET_FOR_US_TO_VERIFY),"no cert set for us to verify"},
+{ERR_REASON(X509_R_SHOULD_RETRY) ,"should retry"},
+{ERR_REASON(X509_R_UNABLE_TO_FIND_PARAMETERS_IN_CHAIN),"unable to find parameters in chain"},
+{ERR_REASON(X509_R_UNABLE_TO_GET_CERTS_PUBLIC_KEY),"unable to get certs public key"},
+{ERR_REASON(X509_R_UNKNOWN_KEY_TYPE) ,"unknown key type"},
+{ERR_REASON(X509_R_UNKNOWN_NID) ,"unknown nid"},
+{ERR_REASON(X509_R_UNKNOWN_PURPOSE_ID) ,"unknown purpose id"},
+{ERR_REASON(X509_R_UNKNOWN_TRUST_ID) ,"unknown trust id"},
+{ERR_REASON(X509_R_UNSUPPORTED_ALGORITHM),"unsupported algorithm"},
+{ERR_REASON(X509_R_WRONG_LOOKUP_TYPE) ,"wrong lookup type"},
+{ERR_REASON(X509_R_WRONG_TYPE) ,"wrong type"},
{0,NULL}
};
@@ -148,8 +152,8 @@ void ERR_load_X509_strings(void)
{
init=0;
#ifndef OPENSSL_NO_ERR
- ERR_load_strings(ERR_LIB_X509,X509_str_functs);
- ERR_load_strings(ERR_LIB_X509,X509_str_reasons);
+ ERR_load_strings(0,X509_str_functs);
+ ERR_load_strings(0,X509_str_reasons);
#endif
}
diff --git a/lib/libcrypto/x509/x509_vfy.c b/lib/libcrypto/x509/x509_vfy.c
index e43c861ee77..383e082aba9 100644
--- a/lib/libcrypto/x509/x509_vfy.c
+++ b/lib/libcrypto/x509/x509_vfy.c
@@ -944,7 +944,7 @@ int X509_cmp_time(ASN1_TIME *ctm, time_t *cmp_time)
offset=0;
else
{
- if ((*str != '+') && (str[5] != '-'))
+ if ((*str != '+') && (*str != '-'))
return 0;
offset=((str[1]-'0')*10+(str[2]-'0'))*60;
offset+=(str[3]-'0')*10+(str[4]-'0');
diff --git a/lib/libcrypto/x509v3/v3_cpols.c b/lib/libcrypto/x509v3/v3_cpols.c
index 0d554f3a2c9..867525f336a 100644
--- a/lib/libcrypto/x509v3/v3_cpols.c
+++ b/lib/libcrypto/x509v3/v3_cpols.c
@@ -137,7 +137,15 @@ static STACK_OF(POLICYINFO) *r2i_certpol(X509V3_EXT_METHOD *method,
CONF_VALUE *cnf;
int i, ia5org;
pols = sk_POLICYINFO_new_null();
+ if (pols == NULL) {
+ X509V3err(X509V3_F_R2I_CERTPOL, ERR_R_MALLOC_FAILURE);
+ return NULL;
+ }
vals = X509V3_parse_list(value);
+ if (vals == NULL) {
+ X509V3err(X509V3_F_R2I_CERTPOL, ERR_R_X509V3_LIB);
+ goto err;
+ }
ia5org = 0;
for(i = 0; i < sk_CONF_VALUE_num(vals); i++) {
cnf = sk_CONF_VALUE_value(vals, i);
@@ -176,6 +184,7 @@ static STACK_OF(POLICYINFO) *r2i_certpol(X509V3_EXT_METHOD *method,
sk_CONF_VALUE_pop_free(vals, X509V3_conf_free);
return pols;
err:
+ sk_CONF_VALUE_pop_free(vals, X509V3_conf_free);
sk_POLICYINFO_pop_free(pols, POLICYINFO_free);
return NULL;
}
diff --git a/lib/libcrypto/x509v3/v3err.c b/lib/libcrypto/x509v3/v3err.c
index 2df0c3ef01d..e1edaf52482 100644
--- a/lib/libcrypto/x509v3/v3err.c
+++ b/lib/libcrypto/x509v3/v3err.c
@@ -64,114 +64,118 @@
/* BEGIN ERROR CODES */
#ifndef OPENSSL_NO_ERR
+
+#define ERR_FUNC(func) ERR_PACK(ERR_LIB_X509V3,func,0)
+#define ERR_REASON(reason) ERR_PACK(ERR_LIB_X509V3,0,reason)
+
static ERR_STRING_DATA X509V3_str_functs[]=
{
-{ERR_PACK(0,X509V3_F_COPY_EMAIL,0), "COPY_EMAIL"},
-{ERR_PACK(0,X509V3_F_COPY_ISSUER,0), "COPY_ISSUER"},
-{ERR_PACK(0,X509V3_F_DO_EXT_CONF,0), "DO_EXT_CONF"},
-{ERR_PACK(0,X509V3_F_DO_EXT_I2D,0), "DO_EXT_I2D"},
-{ERR_PACK(0,X509V3_F_HEX_TO_STRING,0), "hex_to_string"},
-{ERR_PACK(0,X509V3_F_I2S_ASN1_ENUMERATED,0), "i2s_ASN1_ENUMERATED"},
-{ERR_PACK(0,X509V3_F_I2S_ASN1_IA5STRING,0), "I2S_ASN1_IA5STRING"},
-{ERR_PACK(0,X509V3_F_I2S_ASN1_INTEGER,0), "i2s_ASN1_INTEGER"},
-{ERR_PACK(0,X509V3_F_I2V_AUTHORITY_INFO_ACCESS,0), "I2V_AUTHORITY_INFO_ACCESS"},
-{ERR_PACK(0,X509V3_F_NOTICE_SECTION,0), "NOTICE_SECTION"},
-{ERR_PACK(0,X509V3_F_NREF_NOS,0), "NREF_NOS"},
-{ERR_PACK(0,X509V3_F_POLICY_SECTION,0), "POLICY_SECTION"},
-{ERR_PACK(0,X509V3_F_R2I_CERTPOL,0), "R2I_CERTPOL"},
-{ERR_PACK(0,X509V3_F_R2I_PCI,0), "R2I_PCI"},
-{ERR_PACK(0,X509V3_F_S2I_ASN1_IA5STRING,0), "S2I_ASN1_IA5STRING"},
-{ERR_PACK(0,X509V3_F_S2I_ASN1_INTEGER,0), "s2i_ASN1_INTEGER"},
-{ERR_PACK(0,X509V3_F_S2I_ASN1_OCTET_STRING,0), "s2i_ASN1_OCTET_STRING"},
-{ERR_PACK(0,X509V3_F_S2I_ASN1_SKEY_ID,0), "S2I_ASN1_SKEY_ID"},
-{ERR_PACK(0,X509V3_F_S2I_S2I_SKEY_ID,0), "S2I_S2I_SKEY_ID"},
-{ERR_PACK(0,X509V3_F_STRING_TO_HEX,0), "string_to_hex"},
-{ERR_PACK(0,X509V3_F_SXNET_ADD_ASC,0), "SXNET_ADD_ASC"},
-{ERR_PACK(0,X509V3_F_SXNET_ADD_ID_INTEGER,0), "SXNET_add_id_INTEGER"},
-{ERR_PACK(0,X509V3_F_SXNET_ADD_ID_ULONG,0), "SXNET_add_id_ulong"},
-{ERR_PACK(0,X509V3_F_SXNET_GET_ID_ASC,0), "SXNET_get_id_asc"},
-{ERR_PACK(0,X509V3_F_SXNET_GET_ID_ULONG,0), "SXNET_get_id_ulong"},
-{ERR_PACK(0,X509V3_F_V2I_ACCESS_DESCRIPTION,0), "V2I_ACCESS_DESCRIPTION"},
-{ERR_PACK(0,X509V3_F_V2I_ASN1_BIT_STRING,0), "V2I_ASN1_BIT_STRING"},
-{ERR_PACK(0,X509V3_F_V2I_AUTHORITY_KEYID,0), "V2I_AUTHORITY_KEYID"},
-{ERR_PACK(0,X509V3_F_V2I_BASIC_CONSTRAINTS,0), "V2I_BASIC_CONSTRAINTS"},
-{ERR_PACK(0,X509V3_F_V2I_CRLD,0), "V2I_CRLD"},
-{ERR_PACK(0,X509V3_F_V2I_EXT_KU,0), "V2I_EXT_KU"},
-{ERR_PACK(0,X509V3_F_V2I_GENERAL_NAME,0), "v2i_GENERAL_NAME"},
-{ERR_PACK(0,X509V3_F_V2I_GENERAL_NAMES,0), "v2i_GENERAL_NAMES"},
-{ERR_PACK(0,X509V3_F_V3_GENERIC_EXTENSION,0), "V3_GENERIC_EXTENSION"},
-{ERR_PACK(0,X509V3_F_X509V3_ADD_I2D,0), "X509V3_ADD_I2D"},
-{ERR_PACK(0,X509V3_F_X509V3_ADD_VALUE,0), "X509V3_add_value"},
-{ERR_PACK(0,X509V3_F_X509V3_EXT_ADD,0), "X509V3_EXT_add"},
-{ERR_PACK(0,X509V3_F_X509V3_EXT_ADD_ALIAS,0), "X509V3_EXT_add_alias"},
-{ERR_PACK(0,X509V3_F_X509V3_EXT_CONF,0), "X509V3_EXT_conf"},
-{ERR_PACK(0,X509V3_F_X509V3_EXT_I2D,0), "X509V3_EXT_i2d"},
-{ERR_PACK(0,X509V3_F_X509V3_GET_VALUE_BOOL,0), "X509V3_get_value_bool"},
-{ERR_PACK(0,X509V3_F_X509V3_PARSE_LIST,0), "X509V3_parse_list"},
-{ERR_PACK(0,X509V3_F_X509_PURPOSE_ADD,0), "X509_PURPOSE_add"},
-{ERR_PACK(0,X509V3_F_X509_PURPOSE_SET,0), "X509_PURPOSE_set"},
+{ERR_FUNC(X509V3_F_COPY_EMAIL), "COPY_EMAIL"},
+{ERR_FUNC(X509V3_F_COPY_ISSUER), "COPY_ISSUER"},
+{ERR_FUNC(X509V3_F_DO_EXT_CONF), "DO_EXT_CONF"},
+{ERR_FUNC(X509V3_F_DO_EXT_I2D), "DO_EXT_I2D"},
+{ERR_FUNC(X509V3_F_HEX_TO_STRING), "hex_to_string"},
+{ERR_FUNC(X509V3_F_I2S_ASN1_ENUMERATED), "i2s_ASN1_ENUMERATED"},
+{ERR_FUNC(X509V3_F_I2S_ASN1_IA5STRING), "I2S_ASN1_IA5STRING"},
+{ERR_FUNC(X509V3_F_I2S_ASN1_INTEGER), "i2s_ASN1_INTEGER"},
+{ERR_FUNC(X509V3_F_I2V_AUTHORITY_INFO_ACCESS), "I2V_AUTHORITY_INFO_ACCESS"},
+{ERR_FUNC(X509V3_F_NOTICE_SECTION), "NOTICE_SECTION"},
+{ERR_FUNC(X509V3_F_NREF_NOS), "NREF_NOS"},
+{ERR_FUNC(X509V3_F_POLICY_SECTION), "POLICY_SECTION"},
+{ERR_FUNC(X509V3_F_R2I_CERTPOL), "R2I_CERTPOL"},
+{ERR_FUNC(X509V3_F_R2I_PCI), "R2I_PCI"},
+{ERR_FUNC(X509V3_F_S2I_ASN1_IA5STRING), "S2I_ASN1_IA5STRING"},
+{ERR_FUNC(X509V3_F_S2I_ASN1_INTEGER), "s2i_ASN1_INTEGER"},
+{ERR_FUNC(X509V3_F_S2I_ASN1_OCTET_STRING), "s2i_ASN1_OCTET_STRING"},
+{ERR_FUNC(X509V3_F_S2I_ASN1_SKEY_ID), "S2I_ASN1_SKEY_ID"},
+{ERR_FUNC(X509V3_F_S2I_S2I_SKEY_ID), "S2I_S2I_SKEY_ID"},
+{ERR_FUNC(X509V3_F_STRING_TO_HEX), "string_to_hex"},
+{ERR_FUNC(X509V3_F_SXNET_ADD_ASC), "SXNET_ADD_ASC"},
+{ERR_FUNC(X509V3_F_SXNET_ADD_ID_INTEGER), "SXNET_add_id_INTEGER"},
+{ERR_FUNC(X509V3_F_SXNET_ADD_ID_ULONG), "SXNET_add_id_ulong"},
+{ERR_FUNC(X509V3_F_SXNET_GET_ID_ASC), "SXNET_get_id_asc"},
+{ERR_FUNC(X509V3_F_SXNET_GET_ID_ULONG), "SXNET_get_id_ulong"},
+{ERR_FUNC(X509V3_F_V2I_ACCESS_DESCRIPTION), "V2I_ACCESS_DESCRIPTION"},
+{ERR_FUNC(X509V3_F_V2I_ASN1_BIT_STRING), "V2I_ASN1_BIT_STRING"},
+{ERR_FUNC(X509V3_F_V2I_AUTHORITY_KEYID), "V2I_AUTHORITY_KEYID"},
+{ERR_FUNC(X509V3_F_V2I_BASIC_CONSTRAINTS), "V2I_BASIC_CONSTRAINTS"},
+{ERR_FUNC(X509V3_F_V2I_CRLD), "V2I_CRLD"},
+{ERR_FUNC(X509V3_F_V2I_EXT_KU), "V2I_EXT_KU"},
+{ERR_FUNC(X509V3_F_V2I_GENERAL_NAME), "v2i_GENERAL_NAME"},
+{ERR_FUNC(X509V3_F_V2I_GENERAL_NAMES), "v2i_GENERAL_NAMES"},
+{ERR_FUNC(X509V3_F_V3_GENERIC_EXTENSION), "V3_GENERIC_EXTENSION"},
+{ERR_FUNC(X509V3_F_X509V3_ADD_I2D), "X509V3_ADD_I2D"},
+{ERR_FUNC(X509V3_F_X509V3_ADD_VALUE), "X509V3_add_value"},
+{ERR_FUNC(X509V3_F_X509V3_EXT_ADD), "X509V3_EXT_add"},
+{ERR_FUNC(X509V3_F_X509V3_EXT_ADD_ALIAS), "X509V3_EXT_add_alias"},
+{ERR_FUNC(X509V3_F_X509V3_EXT_CONF), "X509V3_EXT_conf"},
+{ERR_FUNC(X509V3_F_X509V3_EXT_I2D), "X509V3_EXT_i2d"},
+{ERR_FUNC(X509V3_F_X509V3_GET_VALUE_BOOL), "X509V3_get_value_bool"},
+{ERR_FUNC(X509V3_F_X509V3_PARSE_LIST), "X509V3_parse_list"},
+{ERR_FUNC(X509V3_F_X509_PURPOSE_ADD), "X509_PURPOSE_add"},
+{ERR_FUNC(X509V3_F_X509_PURPOSE_SET), "X509_PURPOSE_set"},
{0,NULL}
};
static ERR_STRING_DATA X509V3_str_reasons[]=
{
-{X509V3_R_BAD_IP_ADDRESS ,"bad ip address"},
-{X509V3_R_BAD_OBJECT ,"bad object"},
-{X509V3_R_BN_DEC2BN_ERROR ,"bn dec2bn error"},
-{X509V3_R_BN_TO_ASN1_INTEGER_ERROR ,"bn to asn1 integer error"},
-{X509V3_R_DUPLICATE_ZONE_ID ,"duplicate zone id"},
-{X509V3_R_ERROR_CONVERTING_ZONE ,"error converting zone"},
-{X509V3_R_ERROR_CREATING_EXTENSION ,"error creating extension"},
-{X509V3_R_ERROR_IN_EXTENSION ,"error in extension"},
-{X509V3_R_EXPECTED_A_SECTION_NAME ,"expected a section name"},
-{X509V3_R_EXTENSION_EXISTS ,"extension exists"},
-{X509V3_R_EXTENSION_NAME_ERROR ,"extension name error"},
-{X509V3_R_EXTENSION_NOT_FOUND ,"extension not found"},
-{X509V3_R_EXTENSION_SETTING_NOT_SUPPORTED,"extension setting not supported"},
-{X509V3_R_EXTENSION_VALUE_ERROR ,"extension value error"},
-{X509V3_R_ILLEGAL_HEX_DIGIT ,"illegal hex digit"},
-{X509V3_R_INCORRECT_POLICY_SYNTAX_TAG ,"incorrect policy syntax tag"},
-{X509V3_R_INVALID_BOOLEAN_STRING ,"invalid boolean string"},
-{X509V3_R_INVALID_EXTENSION_STRING ,"invalid extension string"},
-{X509V3_R_INVALID_NAME ,"invalid name"},
-{X509V3_R_INVALID_NULL_ARGUMENT ,"invalid null argument"},
-{X509V3_R_INVALID_NULL_NAME ,"invalid null name"},
-{X509V3_R_INVALID_NULL_VALUE ,"invalid null value"},
-{X509V3_R_INVALID_NUMBER ,"invalid number"},
-{X509V3_R_INVALID_NUMBERS ,"invalid numbers"},
-{X509V3_R_INVALID_OBJECT_IDENTIFIER ,"invalid object identifier"},
-{X509V3_R_INVALID_OPTION ,"invalid option"},
-{X509V3_R_INVALID_POLICY_IDENTIFIER ,"invalid policy identifier"},
-{X509V3_R_INVALID_PROXY_POLICY_IDENTIFIER,"invalid proxy policy identifier"},
-{X509V3_R_INVALID_PROXY_POLICY_SETTING ,"invalid proxy policy setting"},
-{X509V3_R_INVALID_PURPOSE ,"invalid purpose"},
-{X509V3_R_INVALID_SECTION ,"invalid section"},
-{X509V3_R_INVALID_SYNTAX ,"invalid syntax"},
-{X509V3_R_ISSUER_DECODE_ERROR ,"issuer decode error"},
-{X509V3_R_MISSING_VALUE ,"missing value"},
-{X509V3_R_NEED_ORGANIZATION_AND_NUMBERS ,"need organization and numbers"},
-{X509V3_R_NO_CONFIG_DATABASE ,"no config database"},
-{X509V3_R_NO_ISSUER_CERTIFICATE ,"no issuer certificate"},
-{X509V3_R_NO_ISSUER_DETAILS ,"no issuer details"},
-{X509V3_R_NO_POLICY_IDENTIFIER ,"no policy identifier"},
-{X509V3_R_NO_PROXY_CERT_POLICY_LANGUAGE_DEFINED,"no proxy cert policy language defined"},
-{X509V3_R_NO_PUBLIC_KEY ,"no public key"},
-{X509V3_R_NO_SUBJECT_DETAILS ,"no subject details"},
-{X509V3_R_ODD_NUMBER_OF_DIGITS ,"odd number of digits"},
-{X509V3_R_POLICY_LANGUAGE_ALREADTY_DEFINED,"policy language alreadty defined"},
-{X509V3_R_POLICY_PATH_LENGTH ,"policy path length"},
-{X509V3_R_POLICY_PATH_LENGTH_ALREADTY_DEFINED,"policy path length alreadty defined"},
-{X509V3_R_POLICY_SYNTAX_NOT ,"policy syntax not"},
-{X509V3_R_POLICY_SYNTAX_NOT_CURRENTLY_SUPPORTED,"policy syntax not currently supported"},
-{X509V3_R_POLICY_WHEN_PROXY_LANGUAGE_REQUIRES_NO_POLICY,"policy when proxy language requires no policy"},
-{X509V3_R_UNABLE_TO_GET_ISSUER_DETAILS ,"unable to get issuer details"},
-{X509V3_R_UNABLE_TO_GET_ISSUER_KEYID ,"unable to get issuer keyid"},
-{X509V3_R_UNKNOWN_BIT_STRING_ARGUMENT ,"unknown bit string argument"},
-{X509V3_R_UNKNOWN_EXTENSION ,"unknown extension"},
-{X509V3_R_UNKNOWN_EXTENSION_NAME ,"unknown extension name"},
-{X509V3_R_UNKNOWN_OPTION ,"unknown option"},
-{X509V3_R_UNSUPPORTED_OPTION ,"unsupported option"},
-{X509V3_R_USER_TOO_LONG ,"user too long"},
+{ERR_REASON(X509V3_R_BAD_IP_ADDRESS) ,"bad ip address"},
+{ERR_REASON(X509V3_R_BAD_OBJECT) ,"bad object"},
+{ERR_REASON(X509V3_R_BN_DEC2BN_ERROR) ,"bn dec2bn error"},
+{ERR_REASON(X509V3_R_BN_TO_ASN1_INTEGER_ERROR),"bn to asn1 integer error"},
+{ERR_REASON(X509V3_R_DUPLICATE_ZONE_ID) ,"duplicate zone id"},
+{ERR_REASON(X509V3_R_ERROR_CONVERTING_ZONE),"error converting zone"},
+{ERR_REASON(X509V3_R_ERROR_CREATING_EXTENSION),"error creating extension"},
+{ERR_REASON(X509V3_R_ERROR_IN_EXTENSION) ,"error in extension"},
+{ERR_REASON(X509V3_R_EXPECTED_A_SECTION_NAME),"expected a section name"},
+{ERR_REASON(X509V3_R_EXTENSION_EXISTS) ,"extension exists"},
+{ERR_REASON(X509V3_R_EXTENSION_NAME_ERROR),"extension name error"},
+{ERR_REASON(X509V3_R_EXTENSION_NOT_FOUND),"extension not found"},
+{ERR_REASON(X509V3_R_EXTENSION_SETTING_NOT_SUPPORTED),"extension setting not supported"},
+{ERR_REASON(X509V3_R_EXTENSION_VALUE_ERROR),"extension value error"},
+{ERR_REASON(X509V3_R_ILLEGAL_HEX_DIGIT) ,"illegal hex digit"},
+{ERR_REASON(X509V3_R_INCORRECT_POLICY_SYNTAX_TAG),"incorrect policy syntax tag"},
+{ERR_REASON(X509V3_R_INVALID_BOOLEAN_STRING),"invalid boolean string"},
+{ERR_REASON(X509V3_R_INVALID_EXTENSION_STRING),"invalid extension string"},
+{ERR_REASON(X509V3_R_INVALID_NAME) ,"invalid name"},
+{ERR_REASON(X509V3_R_INVALID_NULL_ARGUMENT),"invalid null argument"},
+{ERR_REASON(X509V3_R_INVALID_NULL_NAME) ,"invalid null name"},
+{ERR_REASON(X509V3_R_INVALID_NULL_VALUE) ,"invalid null value"},
+{ERR_REASON(X509V3_R_INVALID_NUMBER) ,"invalid number"},
+{ERR_REASON(X509V3_R_INVALID_NUMBERS) ,"invalid numbers"},
+{ERR_REASON(X509V3_R_INVALID_OBJECT_IDENTIFIER),"invalid object identifier"},
+{ERR_REASON(X509V3_R_INVALID_OPTION) ,"invalid option"},
+{ERR_REASON(X509V3_R_INVALID_POLICY_IDENTIFIER),"invalid policy identifier"},
+{ERR_REASON(X509V3_R_INVALID_PROXY_POLICY_IDENTIFIER),"invalid proxy policy identifier"},
+{ERR_REASON(X509V3_R_INVALID_PROXY_POLICY_SETTING),"invalid proxy policy setting"},
+{ERR_REASON(X509V3_R_INVALID_PURPOSE) ,"invalid purpose"},
+{ERR_REASON(X509V3_R_INVALID_SECTION) ,"invalid section"},
+{ERR_REASON(X509V3_R_INVALID_SYNTAX) ,"invalid syntax"},
+{ERR_REASON(X509V3_R_ISSUER_DECODE_ERROR),"issuer decode error"},
+{ERR_REASON(X509V3_R_MISSING_VALUE) ,"missing value"},
+{ERR_REASON(X509V3_R_NEED_ORGANIZATION_AND_NUMBERS),"need organization and numbers"},
+{ERR_REASON(X509V3_R_NO_CONFIG_DATABASE) ,"no config database"},
+{ERR_REASON(X509V3_R_NO_ISSUER_CERTIFICATE),"no issuer certificate"},
+{ERR_REASON(X509V3_R_NO_ISSUER_DETAILS) ,"no issuer details"},
+{ERR_REASON(X509V3_R_NO_POLICY_IDENTIFIER),"no policy identifier"},
+{ERR_REASON(X509V3_R_NO_PROXY_CERT_POLICY_LANGUAGE_DEFINED),"no proxy cert policy language defined"},
+{ERR_REASON(X509V3_R_NO_PUBLIC_KEY) ,"no public key"},
+{ERR_REASON(X509V3_R_NO_SUBJECT_DETAILS) ,"no subject details"},
+{ERR_REASON(X509V3_R_ODD_NUMBER_OF_DIGITS),"odd number of digits"},
+{ERR_REASON(X509V3_R_POLICY_LANGUAGE_ALREADTY_DEFINED),"policy language alreadty defined"},
+{ERR_REASON(X509V3_R_POLICY_PATH_LENGTH) ,"policy path length"},
+{ERR_REASON(X509V3_R_POLICY_PATH_LENGTH_ALREADTY_DEFINED),"policy path length alreadty defined"},
+{ERR_REASON(X509V3_R_POLICY_SYNTAX_NOT) ,"policy syntax not"},
+{ERR_REASON(X509V3_R_POLICY_SYNTAX_NOT_CURRENTLY_SUPPORTED),"policy syntax not currently supported"},
+{ERR_REASON(X509V3_R_POLICY_WHEN_PROXY_LANGUAGE_REQUIRES_NO_POLICY),"policy when proxy language requires no policy"},
+{ERR_REASON(X509V3_R_UNABLE_TO_GET_ISSUER_DETAILS),"unable to get issuer details"},
+{ERR_REASON(X509V3_R_UNABLE_TO_GET_ISSUER_KEYID),"unable to get issuer keyid"},
+{ERR_REASON(X509V3_R_UNKNOWN_BIT_STRING_ARGUMENT),"unknown bit string argument"},
+{ERR_REASON(X509V3_R_UNKNOWN_EXTENSION) ,"unknown extension"},
+{ERR_REASON(X509V3_R_UNKNOWN_EXTENSION_NAME),"unknown extension name"},
+{ERR_REASON(X509V3_R_UNKNOWN_OPTION) ,"unknown option"},
+{ERR_REASON(X509V3_R_UNSUPPORTED_OPTION) ,"unsupported option"},
+{ERR_REASON(X509V3_R_USER_TOO_LONG) ,"user too long"},
{0,NULL}
};
@@ -185,8 +189,8 @@ void ERR_load_X509V3_strings(void)
{
init=0;
#ifndef OPENSSL_NO_ERR
- ERR_load_strings(ERR_LIB_X509V3,X509V3_str_functs);
- ERR_load_strings(ERR_LIB_X509V3,X509V3_str_reasons);
+ ERR_load_strings(0,X509V3_str_functs);
+ ERR_load_strings(0,X509V3_str_reasons);
#endif
}