diff options
| author | Markus Friedl <markus@cvs.openbsd.org> | 2003-05-12 02:18:41 +0000 |
|---|---|---|
| committer | Markus Friedl <markus@cvs.openbsd.org> | 2003-05-12 02:18:41 +0000 |
| commit | b47e6f30e82ff649c06cdfcf587a4ad9d127a4f5 (patch) | |
| tree | f98b2f00f52dd4fd004708bd26d63f3c24a78355 /lib/libcrypto | |
| parent | f97744c656f2a5c7d4e42bcaba08dbe146a49425 (diff) | |
merge 0.9.7b with local changes; crank majors for libssl/libcrypto
Diffstat (limited to 'lib/libcrypto')
300 files changed, 2951 insertions, 2319 deletions
diff --git a/lib/libcrypto/Makefile.ssl b/lib/libcrypto/Makefile.ssl index db8baf385e1..3071e3cb864 100644 --- a/lib/libcrypto/Makefile.ssl +++ b/lib/libcrypto/Makefile.ssl @@ -36,8 +36,8 @@ GENERAL=Makefile README crypto-lib.com install.com LIB= $(TOP)/libcrypto.a SHARED_LIB= libcrypto$(SHLIB_EXT) -LIBSRC= cryptlib.c mem.c mem_dbg.c cversion.c ex_data.c tmdiff.c cpt_err.c ebcdic.c uid.c o_time.c -LIBOBJ= cryptlib.o mem.o mem_dbg.o cversion.o ex_data.o tmdiff.o cpt_err.o ebcdic.o uid.o o_time.o +LIBSRC= cryptlib.c mem.c mem_clr.c mem_dbg.c cversion.c ex_data.c tmdiff.c cpt_err.c ebcdic.c uid.c o_time.c +LIBOBJ= cryptlib.o mem.o mem_clr.o mem_dbg.o cversion.o ex_data.o tmdiff.o cpt_err.o ebcdic.o uid.o o_time.o SRC= $(LIBSRC) @@ -136,12 +136,12 @@ lint: depend: if [ ! -f buildinf.h ]; then touch buildinf.h; fi # fake buildinf.h if it does not exist - $(MAKEDEPEND) $(CFLAG) $(INCLUDE) $(DEPFLAG) $(PROGS) $(LIBSRC) + $(MAKEDEPEND) -- $(CFLAG) $(INCLUDE) $(DEPFLAG) -- $(PROGS) $(LIBSRC) if [ ! -s buildinf.h ]; then rm buildinf.h; fi @for i in $(SDIRS) ;\ do \ (cd $$i && echo "making depend in crypto/$$i..." && \ - $(MAKE) MAKEFILE='${MAKEFILE}' INCLUDES='${INCLUDES}' CFLAG='${CFLAG}' DEPFLAG='${DEPFLAG}' PERL='${PERL}' depend ); \ + $(MAKE) MAKEFILE='${MAKEFILE}' INCLUDES='${INCLUDES}' CFLAG='${CFLAG}' DEPFLAG='${DEPFLAG}' MAKEDEPPROG='${MAKEDEPPROG}' KRB5_INCLUDES='${KRB5_INCLUDES}' PERL='${PERL}' depend ); \ done; clean: @@ -193,6 +193,10 @@ mem.o: ../include/openssl/err.h ../include/openssl/lhash.h mem.o: ../include/openssl/opensslconf.h ../include/openssl/opensslv.h mem.o: ../include/openssl/safestack.h ../include/openssl/stack.h mem.o: ../include/openssl/symhacks.h cryptlib.h mem.c +mem_clr.o: ../include/openssl/crypto.h ../include/openssl/e_os2.h +mem_clr.o: ../include/openssl/opensslconf.h ../include/openssl/opensslv.h +mem_clr.o: ../include/openssl/safestack.h ../include/openssl/stack.h +mem_clr.o: ../include/openssl/symhacks.h mem_clr.c mem_dbg.o: ../e_os.h ../include/openssl/bio.h ../include/openssl/buffer.h mem_dbg.o: ../include/openssl/crypto.h ../include/openssl/e_os2.h mem_dbg.o: ../include/openssl/err.h ../include/openssl/lhash.h diff --git a/lib/libcrypto/aes/Makefile.ssl b/lib/libcrypto/aes/Makefile.ssl index 9358802a2e5..f353aeb697d 100644 --- a/lib/libcrypto/aes/Makefile.ssl +++ b/lib/libcrypto/aes/Makefile.ssl @@ -75,7 +75,7 @@ lint: lint -DLINT $(INCLUDES) $(SRC)>fluff depend: - $(MAKEDEPEND) $(CFLAG) $(INCLUDES) $(DEPFLAG) $(PROGS) $(LIBSRC) + $(MAKEDEPEND) -- $(CFLAG) $(INCLUDES) $(DEPFLAG) -- $(PROGS) $(LIBSRC) dclean: $(PERL) -pe 'if (/^# DO NOT DELETE THIS LINE/) {print; exit(0);}' $(MAKEFILE) >Makefile.new diff --git a/lib/libcrypto/aes/aes.h b/lib/libcrypto/aes/aes.h index e8da921ec50..8294a41a3ad 100644 --- a/lib/libcrypto/aes/aes.h +++ b/lib/libcrypto/aes/aes.h @@ -56,8 +56,9 @@ #error AES is disabled. #endif -static const int AES_DECRYPT = 0; -static const int AES_ENCRYPT = 1; +#define AES_ENCRYPT 1 +#define AES_DECRYPT 0 + /* Because array size can't be a const in C, the following two are macros. Both sizes are in bytes. */ #define AES_MAXNR 14 @@ -99,7 +100,9 @@ void AES_ofb128_encrypt(const unsigned char *in, unsigned char *out, unsigned char *ivec, int *num); void AES_ctr128_encrypt(const unsigned char *in, unsigned char *out, const unsigned long length, const AES_KEY *key, - unsigned char *counter, unsigned int *num); + unsigned char counter[AES_BLOCK_SIZE], + unsigned char ecount_buf[AES_BLOCK_SIZE], + unsigned int *num); #ifdef __cplusplus diff --git a/lib/libcrypto/aes/aes_cbc.c b/lib/libcrypto/aes/aes_cbc.c index 3dfd7aba2a1..de438306b15 100644 --- a/lib/libcrypto/aes/aes_cbc.c +++ b/lib/libcrypto/aes/aes_cbc.c @@ -49,7 +49,13 @@ * */ +#ifndef AES_DEBUG +# ifndef NDEBUG +# define NDEBUG +# endif +#endif #include <assert.h> + #include <openssl/aes.h> #include "aes_locl.h" @@ -57,33 +63,49 @@ void AES_cbc_encrypt(const unsigned char *in, unsigned char *out, const unsigned long length, const AES_KEY *key, unsigned char *ivec, const int enc) { - int n; + unsigned long n; unsigned long len = length; - unsigned char tmp[16]; + unsigned char tmp[AES_BLOCK_SIZE]; assert(in && out && key && ivec); - assert(length % AES_BLOCK_SIZE == 0); assert((AES_ENCRYPT == enc)||(AES_DECRYPT == enc)); - if (AES_ENCRYPT == enc) - while (len > 0) { - for(n=0; n < 16; ++n) + if (AES_ENCRYPT == enc) { + while (len >= AES_BLOCK_SIZE) { + for(n=0; n < sizeof tmp; ++n) tmp[n] = in[n] ^ ivec[n]; AES_encrypt(tmp, out, key); - memcpy(ivec, out, 16); - len -= 16; - in += 16; - out += 16; + memcpy(ivec, out, AES_BLOCK_SIZE); + len -= AES_BLOCK_SIZE; + in += AES_BLOCK_SIZE; + out += AES_BLOCK_SIZE; } - else - while (len > 0) { - memcpy(tmp, in, 16); + if (len) { + for(n=0; n < len; ++n) + tmp[n] = in[n] ^ ivec[n]; + for(n=len; n < AES_BLOCK_SIZE; ++n) + tmp[n] = ivec[n]; + AES_encrypt(tmp, tmp, key); + memcpy(out, tmp, len); + memcpy(ivec, tmp, sizeof tmp); + } + } else { + while (len >= AES_BLOCK_SIZE) { + memcpy(tmp, in, sizeof tmp); AES_decrypt(in, out, key); - for(n=0; n < 16; ++n) + for(n=0; n < AES_BLOCK_SIZE; ++n) out[n] ^= ivec[n]; - memcpy(ivec, tmp, 16); - len -= 16; - in += 16; - out += 16; + memcpy(ivec, tmp, AES_BLOCK_SIZE); + len -= AES_BLOCK_SIZE; + in += AES_BLOCK_SIZE; + out += AES_BLOCK_SIZE; } + if (len) { + memcpy(tmp, in, sizeof tmp); + AES_decrypt(tmp, tmp, key); + for(n=0; n < len; ++n) + out[n] ^= ivec[n]; + memcpy(ivec, tmp, sizeof tmp); + } + } } diff --git a/lib/libcrypto/aes/aes_cfb.c b/lib/libcrypto/aes/aes_cfb.c index 41c2a5ec3df..9b569dda903 100644 --- a/lib/libcrypto/aes/aes_cfb.c +++ b/lib/libcrypto/aes/aes_cfb.c @@ -105,7 +105,13 @@ * [including the GNU Public Licence.] */ +#ifndef AES_DEBUG +# ifndef NDEBUG +# define NDEBUG +# endif +#endif #include <assert.h> + #include <openssl/aes.h> #include "aes_locl.h" diff --git a/lib/libcrypto/aes/aes_core.c b/lib/libcrypto/aes/aes_core.c index 937988dd8c6..2f41a825f8d 100644 --- a/lib/libcrypto/aes/aes_core.c +++ b/lib/libcrypto/aes/aes_core.c @@ -28,7 +28,13 @@ /* Note: rewritten a little bit to provide error control and an OpenSSL- compatible API */ +#ifndef AES_DEBUG +# ifndef NDEBUG +# define NDEBUG +# endif +#endif #include <assert.h> + #include <stdlib.h> #include <openssl/aes.h> #include "aes_locl.h" @@ -744,7 +750,7 @@ int AES_set_encrypt_key(const unsigned char *userKey, const int bits, rk[2] = GETU32(userKey + 8); rk[3] = GETU32(userKey + 12); if (bits == 128) { - for (;;) { + while (1) { temp = rk[3]; rk[4] = rk[0] ^ (Te4[(temp >> 16) & 0xff] & 0xff000000) ^ @@ -764,7 +770,7 @@ int AES_set_encrypt_key(const unsigned char *userKey, const int bits, rk[4] = GETU32(userKey + 16); rk[5] = GETU32(userKey + 20); if (bits == 192) { - for (;;) { + while (1) { temp = rk[ 5]; rk[ 6] = rk[ 0] ^ (Te4[(temp >> 16) & 0xff] & 0xff000000) ^ @@ -786,7 +792,7 @@ int AES_set_encrypt_key(const unsigned char *userKey, const int bits, rk[6] = GETU32(userKey + 24); rk[7] = GETU32(userKey + 28); if (bits == 256) { - for (;;) { + while (1) { temp = rk[ 7]; rk[ 8] = rk[ 0] ^ (Te4[(temp >> 16) & 0xff] & 0xff000000) ^ diff --git a/lib/libcrypto/aes/aes_ctr.c b/lib/libcrypto/aes/aes_ctr.c index aea3db20927..59088499a0a 100644 --- a/lib/libcrypto/aes/aes_ctr.c +++ b/lib/libcrypto/aes/aes_ctr.c @@ -49,7 +49,13 @@ * */ +#ifndef AES_DEBUG +# ifndef NDEBUG +# define NDEBUG +# endif +#endif #include <assert.h> + #include <openssl/aes.h> #include "aes_locl.h" @@ -90,26 +96,31 @@ static void AES_ctr128_inc(unsigned char *counter) { /* The input encrypted as though 128bit counter mode is being * used. The extra state information to record how much of the - * 128bit block we have used is contained in *num; + * 128bit block we have used is contained in *num, and the + * encrypted counter is kept in ecount_buf. Both *num and + * ecount_buf must be initialised with zeros before the first + * call to AES_ctr128_encrypt(). */ void AES_ctr128_encrypt(const unsigned char *in, unsigned char *out, const unsigned long length, const AES_KEY *key, - unsigned char *counter, unsigned int *num) { + unsigned char counter[AES_BLOCK_SIZE], + unsigned char ecount_buf[AES_BLOCK_SIZE], + unsigned int *num) { unsigned int n; unsigned long l=length; - unsigned char tmp[AES_BLOCK_SIZE]; assert(in && out && key && counter && num); + assert(*num < AES_BLOCK_SIZE); n = *num; while (l--) { if (n == 0) { - AES_encrypt(counter, tmp, key); + AES_encrypt(counter, ecount_buf, key); AES_ctr128_inc(counter); } - *(out++) = *(in++) ^ tmp[n]; + *(out++) = *(in++) ^ ecount_buf[n]; n = (n+1) % AES_BLOCK_SIZE; } diff --git a/lib/libcrypto/aes/aes_ecb.c b/lib/libcrypto/aes/aes_ecb.c index 1cb2e07d3dd..28aa561c2d8 100644 --- a/lib/libcrypto/aes/aes_ecb.c +++ b/lib/libcrypto/aes/aes_ecb.c @@ -49,7 +49,13 @@ * */ +#ifndef AES_DEBUG +# ifndef NDEBUG +# define NDEBUG +# endif +#endif #include <assert.h> + #include <openssl/aes.h> #include "aes_locl.h" diff --git a/lib/libcrypto/aes/aes_locl.h b/lib/libcrypto/aes/aes_locl.h index 18fc2d07476..f290946058e 100644 --- a/lib/libcrypto/aes/aes_locl.h +++ b/lib/libcrypto/aes/aes_locl.h @@ -62,7 +62,7 @@ #include <stdlib.h> #include <string.h> -#ifdef _MSC_VER +#if defined(_MSC_VER) && !defined(OPENSSL_SYS_WINCE) # define SWAP(x) (_lrotl(x, 8) & 0x00ff00ff | _lrotr(x, 8) & 0xff00ff00) # define GETU32(p) SWAP(*((u32 *)(p))) # define PUTU32(ct, st) { *((u32 *)(ct)) = SWAP((st)); } diff --git a/lib/libcrypto/aes/aes_ofb.c b/lib/libcrypto/aes/aes_ofb.c index e33bdaea285..f358bb39e27 100644 --- a/lib/libcrypto/aes/aes_ofb.c +++ b/lib/libcrypto/aes/aes_ofb.c @@ -105,7 +105,13 @@ * [including the GNU Public Licence.] */ +#ifndef AES_DEBUG +# ifndef NDEBUG +# define NDEBUG +# endif +#endif #include <assert.h> + #include <openssl/aes.h> #include "aes_locl.h" diff --git a/lib/libcrypto/asn1/Makefile.ssl b/lib/libcrypto/asn1/Makefile.ssl index b5a186c904e..cb45194d48e 100644 --- a/lib/libcrypto/asn1/Makefile.ssl +++ b/lib/libcrypto/asn1/Makefile.ssl @@ -98,7 +98,7 @@ lint: lint -DLINT $(INCLUDES) $(SRC)>fluff depend: - $(MAKEDEPEND) $(CFLAG) $(INCLUDES) $(DEPFLAG) $(PROGS) $(LIBSRC) + $(MAKEDEPEND) -- $(CFLAG) $(INCLUDES) $(DEPFLAG) -- $(PROGS) $(LIBSRC) dclean: $(PERL) -pe 'if (/^# DO NOT DELETE THIS LINE/) {print; exit(0);}' $(MAKEFILE) >Makefile.new @@ -286,13 +286,14 @@ a_sign.o: ../../include/openssl/stack.h ../../include/openssl/symhacks.h a_sign.o: ../../include/openssl/ui.h ../../include/openssl/ui_compat.h a_sign.o: ../../include/openssl/x509.h ../../include/openssl/x509_vfy.h a_sign.o: ../cryptlib.h a_sign.c -a_strex.o: ../../include/openssl/aes.h ../../include/openssl/asn1.h -a_strex.o: ../../include/openssl/bio.h ../../include/openssl/blowfish.h -a_strex.o: ../../include/openssl/bn.h ../../include/openssl/buffer.h -a_strex.o: ../../include/openssl/cast.h ../../include/openssl/crypto.h -a_strex.o: ../../include/openssl/des.h ../../include/openssl/des_old.h -a_strex.o: ../../include/openssl/dh.h ../../include/openssl/dsa.h -a_strex.o: ../../include/openssl/e_os2.h ../../include/openssl/evp.h +a_strex.o: ../../e_os.h ../../include/openssl/aes.h +a_strex.o: ../../include/openssl/asn1.h ../../include/openssl/bio.h +a_strex.o: ../../include/openssl/blowfish.h ../../include/openssl/bn.h +a_strex.o: ../../include/openssl/buffer.h ../../include/openssl/cast.h +a_strex.o: ../../include/openssl/crypto.h ../../include/openssl/des.h +a_strex.o: ../../include/openssl/des_old.h ../../include/openssl/dh.h +a_strex.o: ../../include/openssl/dsa.h ../../include/openssl/e_os2.h +a_strex.o: ../../include/openssl/err.h ../../include/openssl/evp.h a_strex.o: ../../include/openssl/idea.h ../../include/openssl/lhash.h a_strex.o: ../../include/openssl/md2.h ../../include/openssl/md4.h a_strex.o: ../../include/openssl/md5.h ../../include/openssl/mdc2.h @@ -305,7 +306,7 @@ a_strex.o: ../../include/openssl/rsa.h ../../include/openssl/safestack.h a_strex.o: ../../include/openssl/sha.h ../../include/openssl/stack.h a_strex.o: ../../include/openssl/symhacks.h ../../include/openssl/ui.h a_strex.o: ../../include/openssl/ui_compat.h ../../include/openssl/x509.h -a_strex.o: ../../include/openssl/x509_vfy.h a_strex.c charmap.h +a_strex.o: ../../include/openssl/x509_vfy.h ../cryptlib.h a_strex.c charmap.h a_strnid.o: ../../e_os.h ../../include/openssl/asn1.h a_strnid.o: ../../include/openssl/bio.h ../../include/openssl/bn.h a_strnid.o: ../../include/openssl/buffer.h ../../include/openssl/crypto.h diff --git a/lib/libcrypto/asn1/a_bitstr.c b/lib/libcrypto/asn1/a_bitstr.c index e0265f69d2a..f4ea96cd54e 100644 --- a/lib/libcrypto/asn1/a_bitstr.c +++ b/lib/libcrypto/asn1/a_bitstr.c @@ -191,7 +191,9 @@ int ASN1_BIT_STRING_set_bit(ASN1_BIT_STRING *a, int n, int value) if (a->data == NULL) c=(unsigned char *)OPENSSL_malloc(w+1); else - c=(unsigned char *)OPENSSL_realloc(a->data,w+1); + c=(unsigned char *)OPENSSL_realloc_clean(a->data, + a->length, + w+1); if (c == NULL) return(0); if (w+1-a->length > 0) memset(c+a->length, 0, w+1-a->length); a->data=c; diff --git a/lib/libcrypto/asn1/a_bytes.c b/lib/libcrypto/asn1/a_bytes.c index bb88660f58c..afd27b80e1b 100644 --- a/lib/libcrypto/asn1/a_bytes.c +++ b/lib/libcrypto/asn1/a_bytes.c @@ -285,7 +285,7 @@ static int asn1_collate_primitive(ASN1_STRING *a, ASN1_CTX *c) goto err; } - if (!BUF_MEM_grow(&b,num+os->length)) + if (!BUF_MEM_grow_clean(&b,num+os->length)) { c->error=ERR_R_BUF_LIB; goto err; diff --git a/lib/libcrypto/asn1/a_d2i_fp.c b/lib/libcrypto/asn1/a_d2i_fp.c index a80fbe9ff7f..b67b75e7c27 100644 --- a/lib/libcrypto/asn1/a_d2i_fp.c +++ b/lib/libcrypto/asn1/a_d2i_fp.c @@ -149,7 +149,12 @@ static int asn1_d2i_read_bio(BIO *in, BUF_MEM **pb) ASN1_CTX c; int want=HEADER_SIZE; int eos=0; +#if defined(__GNUC__) && defined(__ia64) + /* pathetic compiler bug in all known versions as of Nov. 2002 */ + long off=0; +#else int off=0; +#endif int len=0; b=BUF_MEM_new(); @@ -166,7 +171,7 @@ static int asn1_d2i_read_bio(BIO *in, BUF_MEM **pb) { want-=(len-off); - if (!BUF_MEM_grow(b,len+want)) + if (!BUF_MEM_grow_clean(b,len+want)) { ASN1err(ASN1_F_ASN1_D2I_BIO,ERR_R_MALLOC_FAILURE); goto err; @@ -221,18 +226,23 @@ static int asn1_d2i_read_bio(BIO *in, BUF_MEM **pb) if (want > (len-off)) { want-=(len-off); - if (!BUF_MEM_grow(b,len+want)) + if (!BUF_MEM_grow_clean(b,len+want)) { ASN1err(ASN1_F_ASN1_D2I_BIO,ERR_R_MALLOC_FAILURE); goto err; } - i=BIO_read(in,&(b->data[len]),want); - if (i <= 0) + while (want > 0) { - ASN1err(ASN1_F_ASN1_D2I_BIO,ASN1_R_NOT_ENOUGH_DATA); - goto err; + i=BIO_read(in,&(b->data[len]),want); + if (i <= 0) + { + ASN1err(ASN1_F_ASN1_D2I_BIO, + ASN1_R_NOT_ENOUGH_DATA); + goto err; + } + len+=i; + want -= i; } - len+=i; } off+=(int)c.slen; if (eos <= 0) diff --git a/lib/libcrypto/asn1/a_object.c b/lib/libcrypto/asn1/a_object.c index 71ce7c3896c..0a8e6c287cc 100644 --- a/lib/libcrypto/asn1/a_object.c +++ b/lib/libcrypto/asn1/a_object.c @@ -183,8 +183,8 @@ int i2a_ASN1_OBJECT(BIO *bp, ASN1_OBJECT *a) if ((a == NULL) || (a->data == NULL)) return(BIO_write(bp,"NULL",4)); - i=i2t_ASN1_OBJECT(buf,80,a); - if (i > 80) i=80; + i=i2t_ASN1_OBJECT(buf,sizeof buf,a); + if (i > sizeof buf) i=sizeof buf; BIO_write(bp,buf,i); return(i); } diff --git a/lib/libcrypto/asn1/a_sign.c b/lib/libcrypto/asn1/a_sign.c index de53b441448..52ce7e39740 100644 --- a/lib/libcrypto/asn1/a_sign.c +++ b/lib/libcrypto/asn1/a_sign.c @@ -204,9 +204,9 @@ int ASN1_sign(int (*i2d)(), X509_ALGOR *algor1, X509_ALGOR *algor2, err: EVP_MD_CTX_cleanup(&ctx); if (buf_in != NULL) - { memset((char *)buf_in,0,(unsigned int)inl); OPENSSL_free(buf_in); } + { OPENSSL_cleanse((char *)buf_in,(unsigned int)inl); OPENSSL_free(buf_in); } if (buf_out != NULL) - { memset((char *)buf_out,0,outll); OPENSSL_free(buf_out); } + { OPENSSL_cleanse((char *)buf_out,outll); OPENSSL_free(buf_out); } return(outl); } @@ -287,8 +287,8 @@ int ASN1_item_sign(const ASN1_ITEM *it, X509_ALGOR *algor1, X509_ALGOR *algor2, err: EVP_MD_CTX_cleanup(&ctx); if (buf_in != NULL) - { memset((char *)buf_in,0,(unsigned int)inl); OPENSSL_free(buf_in); } + { OPENSSL_cleanse((char *)buf_in,(unsigned int)inl); OPENSSL_free(buf_in); } if (buf_out != NULL) - { memset((char *)buf_out,0,outll); OPENSSL_free(buf_out); } + { OPENSSL_cleanse((char *)buf_out,outll); OPENSSL_free(buf_out); } return(outl); } diff --git a/lib/libcrypto/asn1/a_strex.c b/lib/libcrypto/asn1/a_strex.c index 7ddb7662f1e..1def6c65494 100644 --- a/lib/libcrypto/asn1/a_strex.c +++ b/lib/libcrypto/asn1/a_strex.c @@ -63,6 +63,7 @@ #include <openssl/asn1.h> #include "charmap.h" +#include "cryptlib.h" /* ASN1_STRING_print_ex() and X509_NAME_print_ex(). * Enhanced string and name printing routines handling @@ -114,14 +115,17 @@ typedef int char_io(void *arg, const void *buf, int len); static int do_esc_char(unsigned long c, unsigned char flags, char *do_quotes, char_io *io_ch, void *arg) { unsigned char chflgs, chtmp; - char tmphex[11]; + char tmphex[HEX_SIZE(long)+3]; + + if(c > 0xffffffffL) + return -1; if(c > 0xffff) { - BIO_snprintf(tmphex, 11, "\\W%08lX", c); + BIO_snprintf(tmphex, sizeof tmphex, "\\W%08lX", c); if(!io_ch(arg, tmphex, 10)) return -1; return 10; } if(c > 0xff) { - BIO_snprintf(tmphex, 11, "\\U%04lX", c); + BIO_snprintf(tmphex, sizeof tmphex, "\\U%04lX", c); if(!io_ch(arg, tmphex, 6)) return -1; return 6; } @@ -195,7 +199,7 @@ static int do_buf(unsigned char *buf, int buflen, if(type & BUF_TYPE_CONVUTF8) { unsigned char utfbuf[6]; int utflen; - utflen = UTF8_putc(utfbuf, 6, c); + utflen = UTF8_putc(utfbuf, sizeof utfbuf, c); for(i = 0; i < utflen; i++) { /* We don't need to worry about setting orflags correctly * because if utflen==1 its value will be correct anyway @@ -461,7 +465,7 @@ static int do_name_ex(char_io *io_ch, void *arg, X509_NAME *n, if(fn_opt != XN_FLAG_FN_NONE) { int objlen, fld_len; if((fn_opt == XN_FLAG_FN_OID) || (fn_nid==NID_undef) ) { - OBJ_obj2txt(objtmp, 80, fn, 1); + OBJ_obj2txt(objtmp, sizeof objtmp, fn, 1); fld_len = 0; /* XXX: what should this be? */ objbuf = objtmp; } else { diff --git a/lib/libcrypto/asn1/a_strnid.c b/lib/libcrypto/asn1/a_strnid.c index 04789d1c63f..aa49e9d7d07 100644 --- a/lib/libcrypto/asn1/a_strnid.c +++ b/lib/libcrypto/asn1/a_strnid.c @@ -173,6 +173,7 @@ static ASN1_STRING_TABLE tbl_standard[] = { {NID_friendlyName, -1, -1, B_ASN1_BMPSTRING, STABLE_NO_MASK}, {NID_name, 1, ub_name, DIRSTRING_TYPE, 0}, {NID_dnQualifier, -1, -1, B_ASN1_PRINTABLESTRING, STABLE_NO_MASK}, +{NID_domainComponent, 1, -1, B_ASN1_IA5STRING, STABLE_NO_MASK}, {NID_ms_csp_name, -1, -1, B_ASN1_BMPSTRING, STABLE_NO_MASK} }; @@ -249,4 +250,38 @@ static void st_free(ASN1_STRING_TABLE *tbl) if(tbl->flags & STABLE_FLAGS_MALLOC) OPENSSL_free(tbl); } + IMPLEMENT_STACK_OF(ASN1_STRING_TABLE) + +#ifdef STRING_TABLE_TEST + +main() +{ + ASN1_STRING_TABLE *tmp; + int i, last_nid = -1; + + for (tmp = tbl_standard, i = 0; + i < sizeof(tbl_standard)/sizeof(ASN1_STRING_TABLE); i++, tmp++) + { + if (tmp->nid < last_nid) + { + last_nid = 0; + break; + } + last_nid = tmp->nid; + } + + if (last_nid != 0) + { + printf("Table order OK\n"); + exit(0); + } + + for (tmp = tbl_standard, i = 0; + i < sizeof(tbl_standard)/sizeof(ASN1_STRING_TABLE); i++, tmp++) + printf("Index %d, NID %d, Name=%s\n", i, tmp->nid, + OBJ_nid2ln(tmp->nid)); + +} + +#endif diff --git a/lib/libcrypto/asn1/a_time.c b/lib/libcrypto/asn1/a_time.c index 8216783aa8f..b8c031fc8f1 100644 --- a/lib/libcrypto/asn1/a_time.c +++ b/lib/libcrypto/asn1/a_time.c @@ -105,7 +105,10 @@ ASN1_TIME *ASN1_TIME_set(ASN1_TIME *s, time_t t) ts=OPENSSL_gmtime(&t,&data); if (ts == NULL) + { + ASN1err(ASN1_F_ASN1_TIME_SET, ASN1_R_ERROR_GETTING_TIME); return NULL; + } if((ts->tm_year >= 50) && (ts->tm_year < 150)) return ASN1_UTCTIME_set(s, t); return ASN1_GENERALIZEDTIME_set(s,t); diff --git a/lib/libcrypto/asn1/a_type.c b/lib/libcrypto/asn1/a_type.c index 96e111cf237..fe3fcd40b0b 100644 --- a/lib/libcrypto/asn1/a_type.c +++ b/lib/libcrypto/asn1/a_type.c @@ -62,7 +62,7 @@ int ASN1_TYPE_get(ASN1_TYPE *a) { - if (a->value.ptr != NULL) + if ((a->value.ptr != NULL) || (a->type == V_ASN1_NULL)) return(a->type); else return(0); diff --git a/lib/libcrypto/asn1/a_verify.c b/lib/libcrypto/asn1/a_verify.c index bf41de5146d..da2a0a6d695 100644 --- a/lib/libcrypto/asn1/a_verify.c +++ b/lib/libcrypto/asn1/a_verify.c @@ -103,7 +103,7 @@ int ASN1_verify(int (*i2d)(), X509_ALGOR *a, ASN1_BIT_STRING *signature, EVP_VerifyInit_ex(&ctx,type, NULL); EVP_VerifyUpdate(&ctx,(unsigned char *)buf_in,inl); - memset(buf_in,0,(unsigned int)inl); + OPENSSL_cleanse(buf_in,(unsigned int)inl); OPENSSL_free(buf_in); if (EVP_VerifyFinal(&ctx,(unsigned char *)signature->data, @@ -153,7 +153,7 @@ int ASN1_item_verify(const ASN1_ITEM *it, X509_ALGOR *a, ASN1_BIT_STRING *signat EVP_VerifyInit_ex(&ctx,type, NULL); EVP_VerifyUpdate(&ctx,(unsigned char *)buf_in,inl); - memset(buf_in,0,(unsigned int)inl); + OPENSSL_cleanse(buf_in,(unsigned int)inl); OPENSSL_free(buf_in); if (EVP_VerifyFinal(&ctx,(unsigned char *)signature->data, diff --git a/lib/libcrypto/asn1/asn1.h b/lib/libcrypto/asn1/asn1.h index dbb30f4f222..3414509f1b7 100644 --- a/lib/libcrypto/asn1/asn1.h +++ b/lib/libcrypto/asn1/asn1.h @@ -70,7 +70,6 @@ #include <openssl/symhacks.h> -#include <openssl/e_os2.h> #include <openssl/ossl_typ.h> #ifdef OPENSSL_BUILD_SHLIBCRYPTO @@ -133,7 +132,7 @@ extern "C" { #define B_ASN1_NUMERICSTRING 0x0001 #define B_ASN1_PRINTABLESTRING 0x0002 #define B_ASN1_T61STRING 0x0004 -#define B_ASN1_TELETEXSTRING 0x0008 +#define B_ASN1_TELETEXSTRING 0x0004 #define B_ASN1_VIDEOTEXSTRING 0x0008 #define B_ASN1_IA5STRING 0x0010 #define B_ASN1_GRAPHICSTRING 0x0020 @@ -981,6 +980,7 @@ void ERR_load_ASN1_strings(void); #define ASN1_F_ASN1_TEMPLATE_D2I 131 #define ASN1_F_ASN1_TEMPLATE_EX_D2I 132 #define ASN1_F_ASN1_TEMPLATE_NEW 133 +#define ASN1_F_ASN1_TIME_SET 175 #define ASN1_F_ASN1_TYPE_GET_INT_OCTETSTRING 134 #define ASN1_F_ASN1_TYPE_GET_OCTETSTRING 135 #define ASN1_F_ASN1_UNPACK_STRING 136 @@ -1038,6 +1038,7 @@ void ERR_load_ASN1_strings(void); #define ASN1_R_DECODE_ERROR 110 #define ASN1_R_DECODING_ERROR 111 #define ASN1_R_ENCODE_ERROR 112 +#define ASN1_R_ERROR_GETTING_TIME 173 #define ASN1_R_ERROR_LOADING_SECTION 172 #define ASN1_R_ERROR_PARSING_SET_ELEMENT 113 #define ASN1_R_ERROR_SETTING_CIPHER_PARAMS 114 diff --git a/lib/libcrypto/asn1/asn1_err.c b/lib/libcrypto/asn1/asn1_err.c index c4c3d2a91df..094ec06fda0 100644 --- a/lib/libcrypto/asn1/asn1_err.c +++ b/lib/libcrypto/asn1/asn1_err.c @@ -1,6 +1,6 @@ /* crypto/asn1/asn1_err.c */ /* ==================================================================== - * Copyright (c) 1999 The OpenSSL Project. All rights reserved. + * Copyright (c) 1999-2002 The OpenSSL Project. All rights reserved. * * Redistribution and use in source and binary forms, with or without * modification, are permitted provided that the following conditions @@ -100,6 +100,7 @@ static ERR_STRING_DATA ASN1_str_functs[]= {ERR_PACK(0,ASN1_F_ASN1_TEMPLATE_D2I,0), "ASN1_TEMPLATE_D2I"}, {ERR_PACK(0,ASN1_F_ASN1_TEMPLATE_EX_D2I,0), "ASN1_TEMPLATE_EX_D2I"}, {ERR_PACK(0,ASN1_F_ASN1_TEMPLATE_NEW,0), "ASN1_TEMPLATE_NEW"}, +{ERR_PACK(0,ASN1_F_ASN1_TIME_SET,0), "ASN1_TIME_set"}, {ERR_PACK(0,ASN1_F_ASN1_TYPE_GET_INT_OCTETSTRING,0), "ASN1_TYPE_get_int_octetstring"}, {ERR_PACK(0,ASN1_F_ASN1_TYPE_GET_OCTETSTRING,0), "ASN1_TYPE_get_octetstring"}, {ERR_PACK(0,ASN1_F_ASN1_UNPACK_STRING,0), "ASN1_unpack_string"}, @@ -160,6 +161,7 @@ static ERR_STRING_DATA ASN1_str_reasons[]= {ASN1_R_DECODE_ERROR ,"decode error"}, {ASN1_R_DECODING_ERROR ,"decoding error"}, {ASN1_R_ENCODE_ERROR ,"encode error"}, +{ASN1_R_ERROR_GETTING_TIME ,"error getting time"}, {ASN1_R_ERROR_LOADING_SECTION ,"error loading section"}, {ASN1_R_ERROR_PARSING_SET_ELEMENT ,"error parsing set element"}, {ASN1_R_ERROR_SETTING_CIPHER_PARAMS ,"error setting cipher params"}, diff --git a/lib/libcrypto/asn1/asn1_par.c b/lib/libcrypto/asn1/asn1_par.c index 4223c9ae458..17996571417 100644 --- a/lib/libcrypto/asn1/asn1_par.c +++ b/lib/libcrypto/asn1/asn1_par.c @@ -79,12 +79,7 @@ static int asn1_print_info(BIO *bp, int tag, int xclass, int constructed, else p="prim: "; if (BIO_write(bp,p,6) < 6) goto err; - if (indent) - { - if (indent > 128) indent=128; - memset(str,' ',indent); - if (BIO_write(bp,str,indent) < indent) goto err; - } + BIO_indent(bp,indent,128); p=str; if ((xclass & V_ASN1_PRIVATE) == V_ASN1_PRIVATE) diff --git a/lib/libcrypto/asn1/f_int.c b/lib/libcrypto/asn1/f_int.c index 48cc3bfb90d..9494e597abc 100644 --- a/lib/libcrypto/asn1/f_int.c +++ b/lib/libcrypto/asn1/f_int.c @@ -169,8 +169,7 @@ int a2i_ASN1_INTEGER(BIO *bp, ASN1_INTEGER *bs, char *buf, int size) sp=(unsigned char *)OPENSSL_malloc( (unsigned int)num+i*2); else - sp=(unsigned char *)OPENSSL_realloc(s, - (unsigned int)num+i*2); + sp=OPENSSL_realloc_clean(s,slen,num+i*2); if (sp == NULL) { ASN1err(ASN1_F_A2I_ASN1_INTEGER,ERR_R_MALLOC_FAILURE); diff --git a/lib/libcrypto/asn1/n_pkey.c b/lib/libcrypto/asn1/n_pkey.c index 9146ee02c96..766b51c5383 100644 --- a/lib/libcrypto/asn1/n_pkey.c +++ b/lib/libcrypto/asn1/n_pkey.c @@ -187,7 +187,7 @@ int i2d_RSA_NET(const RSA *a, unsigned char **pp, int (*cb)(), int sgckey) i2d_NETSCAPE_PKEY(pkey,&zz); /* Wipe the private key encoding */ - memset(pkey->private_key->data, 0, rsalen); + OPENSSL_cleanse(pkey->private_key->data, rsalen); if (cb == NULL) cb=EVP_read_pw_string; @@ -206,7 +206,7 @@ int i2d_RSA_NET(const RSA *a, unsigned char **pp, int (*cb)(), int sgckey) } EVP_BytesToKey(EVP_rc4(),EVP_md5(),NULL,buf,i,1,key,NULL); - memset(buf,0,256); + OPENSSL_cleanse(buf,256); /* Encrypt private key in place */ zz = enckey->enckey->digest->data; @@ -294,7 +294,7 @@ static RSA *d2i_RSA_NET_2(RSA **a, ASN1_OCTET_STRING *os, } EVP_BytesToKey(EVP_rc4(),EVP_md5(),NULL,buf,i,1,key,NULL); - memset(buf,0,256); + OPENSSL_cleanse(buf,256); EVP_CIPHER_CTX_init(&ctx); EVP_DecryptInit_ex(&ctx,EVP_rc4(),NULL, key,NULL); diff --git a/lib/libcrypto/asn1/p8_pkey.c b/lib/libcrypto/asn1/p8_pkey.c index b634d5bc85c..24b409132f5 100644 --- a/lib/libcrypto/asn1/p8_pkey.c +++ b/lib/libcrypto/asn1/p8_pkey.c @@ -68,8 +68,8 @@ static int pkey_cb(int operation, ASN1_VALUE **pval, const ASN1_ITEM *it) if(operation == ASN1_OP_FREE_PRE) { PKCS8_PRIV_KEY_INFO *key = (PKCS8_PRIV_KEY_INFO *)*pval; if (key->pkey->value.octet_string) - memset(key->pkey->value.octet_string->data, - 0, key->pkey->value.octet_string->length); + OPENSSL_cleanse(key->pkey->value.octet_string->data, + key->pkey->value.octet_string->length); } return 1; } diff --git a/lib/libcrypto/asn1/t_crl.c b/lib/libcrypto/asn1/t_crl.c index 60db3057560..757c148df81 100644 --- a/lib/libcrypto/asn1/t_crl.c +++ b/lib/libcrypto/asn1/t_crl.c @@ -84,11 +84,11 @@ int X509_CRL_print_fp(FILE *fp, X509_CRL *x) int X509_CRL_print(BIO *out, X509_CRL *x) { - char buf[256]; STACK_OF(X509_REVOKED) *rev; X509_REVOKED *r; long l; int i, n; + char *p; BIO_printf(out, "Certificate Revocation List (CRL):\n"); l = X509_CRL_get_version(x); @@ -96,8 +96,9 @@ int X509_CRL_print(BIO *out, X509_CRL *x) i = OBJ_obj2nid(x->sig_alg->algorithm); BIO_printf(out, "%8sSignature Algorithm: %s\n", "", (i == NID_undef) ? "NONE" : OBJ_nid2ln(i)); - X509_NAME_oneline(X509_CRL_get_issuer(x),buf,256); - BIO_printf(out,"%8sIssuer: %s\n","",buf); + p=X509_NAME_oneline(X509_CRL_get_issuer(x),NULL,0); + BIO_printf(out,"%8sIssuer: %s\n","",p); + OPENSSL_free(p); BIO_printf(out,"%8sLast Update: ",""); ASN1_TIME_print(out,X509_CRL_get_lastUpdate(x)); BIO_printf(out,"\n%8sNext Update: ",""); diff --git a/lib/libcrypto/asn1/t_pkey.c b/lib/libcrypto/asn1/t_pkey.c index b3f83640121..e1c5e5ae138 100644 --- a/lib/libcrypto/asn1/t_pkey.c +++ b/lib/libcrypto/asn1/t_pkey.c @@ -130,14 +130,10 @@ int RSA_print(BIO *bp, const RSA *x, int off) goto err; } - if (off) - { - if (off > 128) off=128; - memset(str,' ',off); - } if (x->d != NULL) { - if (off && (BIO_write(bp,str,off) <= 0)) goto err; + if(!BIO_indent(bp,off,128)) + goto err; if (BIO_printf(bp,"Private-Key: (%d bit)\n",BN_num_bits(x->n)) <= 0) goto err; } @@ -183,7 +179,6 @@ int DSA_print_fp(FILE *fp, const DSA *x, int off) int DSA_print(BIO *bp, const DSA *x, int off) { - char str[128]; unsigned char *m=NULL; int ret=0; size_t buf_len=0,i; @@ -210,14 +205,10 @@ int DSA_print(BIO *bp, const DSA *x, int off) goto err; } - if (off) - { - if (off > 128) off=128; - memset(str,' ',off); - } if (x->priv_key != NULL) { - if (off && (BIO_write(bp,str,off) <= 0)) goto err; + if(!BIO_indent(bp,off,128)) + goto err; if (BIO_printf(bp,"Private-Key: (%d bit)\n",BN_num_bits(x->p)) <= 0) goto err; } @@ -240,17 +231,12 @@ static int print(BIO *bp, const char *number, BIGNUM *num, unsigned char *buf, int off) { int n,i; - char str[128]; const char *neg; if (num == NULL) return(1); neg=(num->neg)?"-":""; - if (off) - { - if (off > 128) off=128; - memset(str,' ',off); - if (BIO_write(bp,str,off) <= 0) return(0); - } + if(!BIO_indent(bp,off,128)) + return 0; if (BN_num_bytes(num) <= BN_BYTES) { @@ -274,9 +260,9 @@ static int print(BIO *bp, const char *number, BIGNUM *num, unsigned char *buf, { if ((i%15) == 0) { - str[0]='\n'; - memset(&(str[1]),' ',off+4); - if (BIO_write(bp,str,off+1+4) <= 0) return(0); + if(BIO_puts(bp,"\n") <= 0 + || !BIO_indent(bp,off+4,128)) + return 0; } if (BIO_printf(bp,"%02x%s",buf[i],((i+1) == n)?"":":") <= 0) return(0); diff --git a/lib/libcrypto/asn1/t_req.c b/lib/libcrypto/asn1/t_req.c index eca97e00cb3..740cee80c0f 100644 --- a/lib/libcrypto/asn1/t_req.c +++ b/lib/libcrypto/asn1/t_req.c @@ -91,7 +91,6 @@ int X509_REQ_print_ex(BIO *bp, X509_REQ *x, unsigned long nmflags, unsigned long EVP_PKEY *pkey; STACK_OF(X509_ATTRIBUTE) *sk; STACK_OF(X509_EXTENSION) *exts; - char str[128]; char mlch = ' '; int nmindent = 0; @@ -116,9 +115,9 @@ int X509_REQ_print_ex(BIO *bp, X509_REQ *x, unsigned long nmflags, unsigned long l=0; for (i=0; i<ri->version->length; i++) { l<<=8; l+=ri->version->data[i]; } - snprintf(str,sizeof str,"%8sVersion: %s%lu (%s0x%lx)\n","",neg, - l,neg,l); - if (BIO_puts(bp,str) <= 0) goto err; + if(BIO_printf(bp,"%8sVersion: %s%lu (%s0x%lx)\n","",neg,l,neg, + l) <= 0) + goto err; } if(!(cflag & X509_FLAG_NO_SUBJECT)) { @@ -169,14 +168,14 @@ int X509_REQ_print_ex(BIO *bp, X509_REQ *x, unsigned long nmflags, unsigned long if(!(cflag & X509_FLAG_NO_ATTRIBUTES)) { /* may not be */ - snprintf(str,sizeof str,"%8sAttributes:\n",""); - if (BIO_puts(bp,str) <= 0) goto err; + if(BIO_printf(bp,"%8sAttributes:\n","") <= 0) + goto err; sk=x->req_info->attributes; if (sk_X509_ATTRIBUTE_num(sk) == 0) { - snprintf(str,sizeof str,"%12sa0:00\n",""); - if (BIO_puts(bp,str) <= 0) goto err; + if(BIO_printf(bp,"%12sa0:00\n","") <= 0) + goto err; } else { @@ -191,8 +190,8 @@ int X509_REQ_print_ex(BIO *bp, X509_REQ *x, unsigned long nmflags, unsigned long a=sk_X509_ATTRIBUTE_value(sk,i); if(X509_REQ_extension_nid(OBJ_obj2nid(a->object))) continue; - snprintf(str,sizeof str,"%12s",""); - if (BIO_puts(bp,str) <= 0) goto err; + if(BIO_printf(bp,"%12s","") <= 0) + goto err; if ((j=i2a_ASN1_OBJECT(bp,a->object)) > 0) { if (a->single) diff --git a/lib/libcrypto/asn1/t_x509.c b/lib/libcrypto/asn1/t_x509.c index 5de4833ed05..d1034c47f83 100644 --- a/lib/libcrypto/asn1/t_x509.c +++ b/lib/libcrypto/asn1/t_x509.c @@ -433,15 +433,17 @@ err: int X509_NAME_print(BIO *bp, X509_NAME *name, int obase) { - char *s,*c; + char *s,*c,*b; int ret=0,l,ll,i,first=1; - char buf[256]; ll=80-2-obase; - s=X509_NAME_oneline(name,buf,256); + b=s=X509_NAME_oneline(name,NULL,0); if (!*s) + { + OPENSSL_free(b); return 1; + } s++; /* skip the first slash */ l=ll; @@ -497,6 +499,7 @@ int X509_NAME_print(BIO *bp, X509_NAME *name, int obase) err: X509err(X509_F_X509_NAME_PRINT,ERR_R_BUF_LIB); } + OPENSSL_free(b); return(ret); } diff --git a/lib/libcrypto/asn1/t_x509a.c b/lib/libcrypto/asn1/t_x509a.c index 7d4a6e60843..ffbbfb51f43 100644 --- a/lib/libcrypto/asn1/t_x509a.c +++ b/lib/libcrypto/asn1/t_x509a.c @@ -77,7 +77,7 @@ int X509_CERT_AUX_print(BIO *out, X509_CERT_AUX *aux, int indent) for(i = 0; i < sk_ASN1_OBJECT_num(aux->trust); i++) { if(!first) BIO_puts(out, ", "); else first = 0; - OBJ_obj2txt(oidstr, 80, + OBJ_obj2txt(oidstr, sizeof oidstr, sk_ASN1_OBJECT_value(aux->trust, i), 0); BIO_puts(out, oidstr); } @@ -90,7 +90,7 @@ int X509_CERT_AUX_print(BIO *out, X509_CERT_AUX *aux, int indent) for(i = 0; i < sk_ASN1_OBJECT_num(aux->reject); i++) { if(!first) BIO_puts(out, ", "); else first = 0; - OBJ_obj2txt(oidstr, 80, + OBJ_obj2txt(oidstr, sizeof oidstr, sk_ASN1_OBJECT_value(aux->reject, i), 0); BIO_puts(out, oidstr); } diff --git a/lib/libcrypto/asn1/tasn_dec.c b/lib/libcrypto/asn1/tasn_dec.c index f87c08793aa..76fc023230a 100644 --- a/lib/libcrypto/asn1/tasn_dec.c +++ b/lib/libcrypto/asn1/tasn_dec.c @@ -664,7 +664,7 @@ static int asn1_d2i_ex_primitive(ASN1_VALUE **pval, unsigned char **in, long inl if(!asn1_collect(&buf, &p, plen, inf, -1, V_ASN1_UNIVERSAL)) goto err; len = buf.length; /* Append a final null to string */ - if(!BUF_MEM_grow(&buf, len + 1)) { + if(!BUF_MEM_grow_clean(&buf, len + 1)) { ASN1err(ASN1_F_ASN1_D2I_EX_PRIMITIVE, ERR_R_MALLOC_FAILURE); return 0; } @@ -857,7 +857,7 @@ static int collect_data(BUF_MEM *buf, unsigned char **p, long plen) int len; if(buf) { len = buf->length; - if(!BUF_MEM_grow(buf, len + plen)) { + if(!BUF_MEM_grow_clean(buf, len + plen)) { ASN1err(ASN1_F_COLLECT_DATA, ERR_R_MALLOC_FAILURE); return 0; } diff --git a/lib/libcrypto/asn1/tasn_fre.c b/lib/libcrypto/asn1/tasn_fre.c index c7610776f25..2dd844159eb 100644 --- a/lib/libcrypto/asn1/tasn_fre.c +++ b/lib/libcrypto/asn1/tasn_fre.c @@ -206,7 +206,10 @@ void ASN1_primitive_free(ASN1_VALUE **pval, const ASN1_ITEM *it) break; case V_ASN1_BOOLEAN: - *(ASN1_BOOLEAN *)pval = it->size; + if (it) + *(ASN1_BOOLEAN *)pval = it->size; + else + *(ASN1_BOOLEAN *)pval = -1; return; case V_ASN1_NULL: diff --git a/lib/libcrypto/asn1/tasn_new.c b/lib/libcrypto/asn1/tasn_new.c index e33861f864a..a0e3db574f2 100644 --- a/lib/libcrypto/asn1/tasn_new.c +++ b/lib/libcrypto/asn1/tasn_new.c @@ -305,7 +305,10 @@ int ASN1_primitive_new(ASN1_VALUE **pval, const ASN1_ITEM *it) return 1; case V_ASN1_BOOLEAN: - *(ASN1_BOOLEAN *)pval = it->size; + if (it) + *(ASN1_BOOLEAN *)pval = it->size; + else + *(ASN1_BOOLEAN *)pval = -1; return 1; case V_ASN1_NULL: diff --git a/lib/libcrypto/asn1/tasn_prn.c b/lib/libcrypto/asn1/tasn_prn.c index fab67ae5ac8..719639b511f 100644 --- a/lib/libcrypto/asn1/tasn_prn.c +++ b/lib/libcrypto/asn1/tasn_prn.c @@ -186,7 +186,7 @@ if(*bool == -1) printf("BOOL MISSING\n"); char objbuf[80], *ln; ln = OBJ_nid2ln(OBJ_obj2nid(fld)); if(!ln) ln = ""; - OBJ_obj2txt(objbuf, 80, fld, 1); + OBJ_obj2txt(objbuf, sizeof objbuf, fld, 1); BIO_printf(out, "%*s%s:%s (%s)", indent, "", "OBJECT", ln, objbuf); } else { BIO_printf(out, "%*s%s:", indent, "", name); diff --git a/lib/libcrypto/bf/Makefile.ssl b/lib/libcrypto/bf/Makefile.ssl index 079f7e860c8..7dfdf9d871e 100644 --- a/lib/libcrypto/bf/Makefile.ssl +++ b/lib/libcrypto/bf/Makefile.ssl @@ -49,14 +49,8 @@ lib: $(LIBOBJ) @touch lib # elf -asm/bx86-elf.o: asm/bx86unix.cpp - $(CPP) -DELF -x c asm/bx86unix.cpp | as -o asm/bx86-elf.o - -# solaris -asm/bx86-sol.o: asm/bx86unix.cpp - $(CC) -E -DSOL asm/bx86unix.cpp | sed 's/^#.*//' > asm/bx86-sol.s - as -o asm/bx86-sol.o asm/bx86-sol.s - rm -f asm/bx86-sol.s +asm/bx86-elf.s: asm/bf-586.pl ../perlasm/x86asm.pl ../perlasm/cbc.pl + (cd asm; $(PERL) bf-586.pl elf $(CFLAGS) $(PROCESSOR) > bx86-elf.s) # a.out asm/bx86-out.o: asm/bx86unix.cpp @@ -96,14 +90,14 @@ lint: lint -DLINT $(INCLUDES) $(SRC)>fluff depend: - $(MAKEDEPEND) $(CFLAG) $(INCLUDES) $(DEPFLAG) $(PROGS) $(LIBSRC) + $(MAKEDEPEND) -- $(CFLAG) $(INCLUDES) $(DEPFLAG) -- $(PROGS) $(LIBSRC) dclean: $(PERL) -pe 'if (/^# DO NOT DELETE THIS LINE/) {print; exit(0);}' $(MAKEFILE) >Makefile.new mv -f Makefile.new $(MAKEFILE) clean: - rm -f asm/bx86unix.cpp *.o asm/*.o *.obj lib tags core .pure .nfs* *.old *.bak fluff + rm -f asm/bx86unix.cpp asm/*-elf.* *.o asm/*.o *.obj lib tags core .pure .nfs* *.old *.bak fluff # DO NOT DELETE THIS LINE -- make depend depends on it. diff --git a/lib/libcrypto/bf/bftest.c b/lib/libcrypto/bf/bftest.c index 09895f25424..24d526b14bd 100644 --- a/lib/libcrypto/bf/bftest.c +++ b/lib/libcrypto/bf/bftest.c @@ -63,6 +63,8 @@ #include <string.h> #include <stdlib.h> +#include "../e_os.h" + #ifdef OPENSSL_NO_BF int main(int argc, char *argv[]) { @@ -275,7 +277,7 @@ int main(int argc, char *argv[]) else ret=test(); - exit(ret); + EXIT(ret); return(0); } @@ -454,9 +456,9 @@ static int test(void) len=strlen(cbc_data)+1; BF_set_key(&key,16,cbc_key); - memset(cbc_in,0,40); - memset(cbc_out,0,40); - memcpy(iv,cbc_iv,8); + memset(cbc_in,0,sizeof cbc_in); + memset(cbc_out,0,sizeof cbc_out); + memcpy(iv,cbc_iv,sizeof iv); BF_cbc_encrypt((unsigned char *)cbc_data,cbc_out,len, &key,iv,BF_ENCRYPT); if (memcmp(cbc_out,cbc_ok,32) != 0) diff --git a/lib/libcrypto/bio/Makefile.ssl b/lib/libcrypto/bio/Makefile.ssl index dfcee034486..d0b9e297b08 100644 --- a/lib/libcrypto/bio/Makefile.ssl +++ b/lib/libcrypto/bio/Makefile.ssl @@ -78,7 +78,7 @@ lint: lint -DLINT $(INCLUDES) $(SRC)>fluff depend: - $(MAKEDEPEND) $(CFLAG) $(INCLUDES) $(DEPFLAG) $(PROGS) $(LIBSRC) + $(MAKEDEPEND) -- $(CFLAG) $(INCLUDES) $(DEPFLAG) -- $(PROGS) $(LIBSRC) dclean: $(PERL) -pe 'if (/^# DO NOT DELETE THIS LINE/) {print; exit(0);}' $(MAKEFILE) >Makefile.new diff --git a/lib/libcrypto/bio/b_print.c b/lib/libcrypto/bio/b_print.c index 80c9cb69db2..a9e552f2452 100644 --- a/lib/libcrypto/bio/b_print.c +++ b/lib/libcrypto/bio/b_print.c @@ -378,7 +378,7 @@ _dopr( case 'p': value = (long)va_arg(args, void *); fmtint(sbuffer, buffer, &currlen, maxlen, - value, 16, min, max, flags); + value, 16, min, max, flags|DP_F_NUM); break; case 'n': /* XXX */ if (cflags == DP_C_SHORT) { @@ -482,8 +482,9 @@ fmtint( int flags) { int signvalue = 0; + char *prefix = ""; unsigned LLONG uvalue; - char convert[20]; + char convert[DECIMAL_SIZE(value)+3]; int place = 0; int spadlen = 0; int zpadlen = 0; @@ -501,6 +502,10 @@ fmtint( else if (flags & DP_F_SPACE) signvalue = ' '; } + if (flags & DP_F_NUM) { + if (base == 8) prefix = "0"; + if (base == 16) prefix = "0x"; + } if (flags & DP_F_UP) caps = 1; do { @@ -508,13 +513,13 @@ fmtint( (caps ? "0123456789ABCDEF" : "0123456789abcdef") [uvalue % (unsigned) base]; uvalue = (uvalue / (unsigned) base); - } while (uvalue && (place < 20)); - if (place == 20) + } while (uvalue && (place < sizeof convert)); + if (place == sizeof convert) place--; convert[place] = 0; zpadlen = max - place; - spadlen = min - OSSL_MAX(max, place) - (signvalue ? 1 : 0); + spadlen = min - OSSL_MAX(max, place) - (signvalue ? 1 : 0) - strlen(prefix); if (zpadlen < 0) zpadlen = 0; if (spadlen < 0) @@ -536,6 +541,12 @@ fmtint( if (signvalue) doapr_outch(sbuffer, buffer, currlen, maxlen, signvalue); + /* prefix */ + while (*prefix) { + doapr_outch(sbuffer, buffer, currlen, maxlen, *prefix); + prefix++; + } + /* zeros */ if (zpadlen > 0) { while (zpadlen > 0) { @@ -641,8 +652,8 @@ fmtfp( (caps ? "0123456789ABCDEF" : "0123456789abcdef")[intpart % 10]; intpart = (intpart / 10); - } while (intpart && (iplace < 20)); - if (iplace == 20) + } while (intpart && (iplace < sizeof iplace)); + if (iplace == sizeof iplace) iplace--; iconvert[iplace] = 0; @@ -653,7 +664,7 @@ fmtfp( : "0123456789abcdef")[fracpart % 10]; fracpart = (fracpart / 10); } while (fplace < max); - if (fplace == 20) + if (fplace == sizeof fplace) fplace--; fconvert[fplace] = 0; @@ -692,7 +703,7 @@ fmtfp( * Decimal point. This should probably use locale to find the correct * char to print out. */ - if (max > 0) { + if (max > 0 || (flags & DP_F_NUM)) { doapr_outch(sbuffer, buffer, currlen, maxlen, '.'); while (fplace > 0) diff --git a/lib/libcrypto/bio/b_sock.c b/lib/libcrypto/bio/b_sock.c index 7632c2d85e8..5282f8a8f76 100644 --- a/lib/libcrypto/bio/b_sock.c +++ b/lib/libcrypto/bio/b_sock.c @@ -83,6 +83,7 @@ static int wsa_init_done=0; #endif +#if 0 static unsigned long BIO_ghbn_hits=0L; static unsigned long BIO_ghbn_miss=0L; @@ -93,6 +94,7 @@ static struct ghbn_cache_st struct hostent *ent; unsigned long order; } ghbn_cache[GHBN_NUM]; +#endif static int get_ip(const char *str,unsigned char *ip); #if 0 @@ -230,6 +232,7 @@ int BIO_sock_error(int sock) return(j); } +#if 0 long BIO_ghbn_ctrl(int cmd, int iarg, char *parg) { int i; @@ -267,6 +270,7 @@ long BIO_ghbn_ctrl(int cmd, int iarg, char *parg) } return(1); } +#endif #if 0 static struct hostent *ghbn_dup(struct hostent *a) @@ -463,6 +467,12 @@ int BIO_sock_init(void) } } #endif /* OPENSSL_SYS_WINDOWS */ +#ifdef WATT32 + extern int _watt_do_exit; + _watt_do_exit = 0; /* don't make sock_init() call exit() */ + if (sock_init()) + return (-1); +#endif return(1); } @@ -472,7 +482,9 @@ void BIO_sock_cleanup(void) if (wsa_init_done) { wsa_init_done=0; +#ifndef OPENSSL_SYS_WINCE WSACancelBlockingCall(); +#endif WSACleanup(); } #endif @@ -480,7 +492,7 @@ void BIO_sock_cleanup(void) #if !defined(OPENSSL_SYS_VMS) || __VMS_VER >= 70000000 -int BIO_socket_ioctl(int fd, long type, unsigned long *arg) +int BIO_socket_ioctl(int fd, long type, void *arg) { int i; @@ -730,7 +742,7 @@ int BIO_set_tcp_ndelay(int s, int on) int BIO_socket_nbio(int s, int mode) { int ret= -1; - unsigned long l; + int l; l=mode; #ifdef FIONBIO diff --git a/lib/libcrypto/bio/bf_buff.c b/lib/libcrypto/bio/bf_buff.c index 6ccda06596c..1cecd705795 100644 --- a/lib/libcrypto/bio/bf_buff.c +++ b/lib/libcrypto/bio/bf_buff.c @@ -482,7 +482,7 @@ static int buffer_gets(BIO *b, char *buf, int size) size-=i; ctx->ibuf_len-=i; ctx->ibuf_off+=i; - if ((flag) || (i == size)) + if (flag || size == 0) { *buf='\0'; return(num); diff --git a/lib/libcrypto/bio/bio.h b/lib/libcrypto/bio/bio.h index c5caf253c95..fbbc16d00c5 100644 --- a/lib/libcrypto/bio/bio.h +++ b/lib/libcrypto/bio/bio.h @@ -244,7 +244,7 @@ typedef struct bio_method_st long (_far *ctrl)(); int (_far *create)(); int (_far *destroy)(); - long (_fat *callback_ctrl)(); + long (_far *callback_ctrl)(); } BIO_METHOD; #endif @@ -522,6 +522,7 @@ int BIO_read(BIO *b, void *data, int len); int BIO_gets(BIO *bp,char *buf, int size); int BIO_write(BIO *b, const void *data, int len); int BIO_puts(BIO *bp,const char *buf); +int BIO_indent(BIO *b,int indent,int max); long BIO_ctrl(BIO *bp,int cmd,long larg,void *parg); long BIO_callback_ctrl(BIO *b, int cmd, void (*fp)(struct bio_st *, int, const char *, int, long, long)); char * BIO_ptr_ctrl(BIO *bp,int cmd,long larg); @@ -584,7 +585,7 @@ struct hostent *BIO_gethostbyname(const char *name); * and an appropriate error code is set). */ int BIO_sock_error(int sock); -int BIO_socket_ioctl(int fd, long type, unsigned long *arg); +int BIO_socket_ioctl(int fd, long type, void *arg); int BIO_socket_nbio(int fd,int mode); int BIO_get_port(const char *str, unsigned short *port_ptr); int BIO_get_host_ip(const char *str, unsigned char *ip); @@ -608,7 +609,7 @@ int BIO_new_bio_pair(BIO **bio1, size_t writebuf1, void BIO_copy_next_retry(BIO *b); -long BIO_ghbn_ctrl(int cmd,int iarg,char *parg); +/*long BIO_ghbn_ctrl(int cmd,int iarg,char *parg);*/ int BIO_printf(BIO *bio, const char *format, ...); int BIO_vprintf(BIO *bio, const char *format, va_list args); diff --git a/lib/libcrypto/bio/bio_lib.c b/lib/libcrypto/bio/bio_lib.c index 50df2238fac..692c8fb5c65 100644 --- a/lib/libcrypto/bio/bio_lib.c +++ b/lib/libcrypto/bio/bio_lib.c @@ -272,6 +272,18 @@ int BIO_gets(BIO *b, char *in, int inl) return(i); } +int BIO_indent(BIO *b,int indent,int max) + { + if(indent < 0) + indent=0; + if(indent > max) + indent=max; + while(indent--) + if(BIO_puts(b," ") != 1) + return 0; + return 1; + } + long BIO_int_ctrl(BIO *b, int cmd, long larg, int iarg) { int i; @@ -383,6 +395,8 @@ BIO *BIO_pop(BIO *b) if (b == NULL) return(NULL); ret=b->next_bio; + BIO_ctrl(b,BIO_CTRL_POP,0,NULL); + if (b->prev_bio != NULL) b->prev_bio->next_bio=b->next_bio; if (b->next_bio != NULL) @@ -390,7 +404,6 @@ BIO *BIO_pop(BIO *b) b->next_bio=NULL; b->prev_bio=NULL; - BIO_ctrl(b,BIO_CTRL_POP,0,NULL); return(ret); } diff --git a/lib/libcrypto/bio/bss_bio.c b/lib/libcrypto/bio/bss_bio.c index 1c485a4479a..aa58dab046b 100644 --- a/lib/libcrypto/bio/bss_bio.c +++ b/lib/libcrypto/bio/bss_bio.c @@ -28,13 +28,12 @@ #include <openssl/bio.h> #include <openssl/err.h> -#include <openssl/err.h> #include <openssl/crypto.h> #include "e_os.h" /* VxWorks defines SSIZE_MAX with an empty value causing compile errors */ -#if defined(OPENSSL_SYS_VSWORKS) +#if defined(OPENSSL_SYS_VXWORKS) # undef SSIZE_MAX #endif #ifndef SSIZE_MAX diff --git a/lib/libcrypto/bio/bss_conn.c b/lib/libcrypto/bio/bss_conn.c index 81f27dba4cd..8c694140ed4 100644 --- a/lib/libcrypto/bio/bss_conn.c +++ b/lib/libcrypto/bio/bss_conn.c @@ -519,7 +519,7 @@ static long conn_ctrl(BIO *b, int cmd, long num, void *ptr) else if (num == 2) { char buf[16]; - char *p = ptr; + unsigned char *p = ptr; snprintf(buf,sizeof buf,"%d.%d.%d.%d", p[0],p[1],p[2],p[3]); @@ -530,7 +530,7 @@ static long conn_ctrl(BIO *b, int cmd, long num, void *ptr) } else if (num == 3) { - char buf[16]; + char buf[DECIMAL_SIZE(int)+1]; snprintf(buf,sizeof buf,"%d",*(int *)ptr); if (data->param_port != NULL) diff --git a/lib/libcrypto/bio/bss_file.c b/lib/libcrypto/bio/bss_file.c index 18e7bb86e60..e4e9df144cb 100644 --- a/lib/libcrypto/bio/bss_file.c +++ b/lib/libcrypto/bio/bss_file.c @@ -247,7 +247,7 @@ static long MS_CALLBACK file_ctrl(BIO *b, int cmd, long num, void *ptr) ret=0; break; } -#if defined(OPENSSL_SYS_MSDOS) || defined(OPENSSL_SYS_WINDOWS) +#if defined(OPENSSL_SYS_MSDOS) || defined(OPENSSL_SYS_WINDOWS) || defined(OPENSSL_SYS_OS2) if (!(num & BIO_FP_TEXT)) strcat(p,"b"); else diff --git a/lib/libcrypto/bio/bss_log.c b/lib/libcrypto/bio/bss_log.c index a39d95297c5..1eb678cac09 100644 --- a/lib/libcrypto/bio/bss_log.c +++ b/lib/libcrypto/bio/bss_log.c @@ -68,7 +68,8 @@ #include "cryptlib.h" -#if defined(OPENSSL_SYS_WIN32) +#if defined(OPENSSL_SYS_WINCE) +#elif defined(OPENSSL_SYS_WIN32) # include <process.h> #elif defined(OPENSSL_SYS_VMS) # include <opcdef.h> @@ -77,7 +78,7 @@ # include <starlet.h> #elif defined(__ultrix) # include <sys/syslog.h> -#elif !defined(MSDOS) && !defined(OPENSSL_SYS_VXWORKS) && !defined(NO_SYSLOG) /* Unix */ +#elif (!defined(MSDOS) || defined(WATT32)) && !defined(OPENSSL_SYS_VXWORKS) && !defined(NO_SYSLOG) # include <syslog.h> #endif @@ -274,7 +275,7 @@ static void xsyslog(BIO *bp, int priority, const char *string) LPCSTR lpszStrings[2]; WORD evtype= EVENTLOG_ERROR_TYPE; int pid = _getpid(); - char pidbuf[20]; + char pidbuf[DECIMAL_SIZE(pid)+4]; switch (priority) { @@ -373,11 +374,15 @@ static void xcloselog(BIO* bp) { } -#else /* Unix */ +#else /* Unix/Watt32 */ static void xopenlog(BIO* bp, char* name, int level) { +#ifdef WATT32 /* djgpp/DOS */ + openlog(name, LOG_PID|LOG_CONS|LOG_NDELAY, level); +#else openlog(name, LOG_PID|LOG_CONS, level); +#endif } static void xsyslog(BIO *bp, int priority, const char *string) diff --git a/lib/libcrypto/bio/bss_mem.c b/lib/libcrypto/bio/bss_mem.c index 28ff7582bff..a4edb711aec 100644 --- a/lib/libcrypto/bio/bss_mem.c +++ b/lib/libcrypto/bio/bss_mem.c @@ -190,7 +190,7 @@ static int mem_write(BIO *b, const char *in, int inl) BIO_clear_retry_flags(b); blen=bm->length; - if (BUF_MEM_grow(bm,blen+inl) != (blen+inl)) + if (BUF_MEM_grow_clean(bm,blen+inl) != (blen+inl)) goto end; memcpy(&(bm->data[blen]),in,inl); ret=inl; @@ -284,7 +284,11 @@ static int mem_gets(BIO *bp, char *buf, int size) BIO_clear_retry_flags(bp); j=bm->length; - if (j <= 0) return(0); + if (j <= 0) + { + *buf='\0'; + return 0; + } p=bm->data; for (i=0; i<j; i++) { diff --git a/lib/libcrypto/bio/bss_sock.c b/lib/libcrypto/bio/bss_sock.c index fdabd16d7ea..2c1c405ec7e 100644 --- a/lib/libcrypto/bio/bss_sock.c +++ b/lib/libcrypto/bio/bss_sock.c @@ -64,6 +64,12 @@ #include "cryptlib.h" #include <openssl/bio.h> +#ifdef WATT32 +#define sock_write SockWrite /* Watt-32 uses same names */ +#define sock_read SockRead +#define sock_puts SockPuts +#endif + static int sock_write(BIO *h, const char *buf, int num); static int sock_read(BIO *h, char *buf, int size); static int sock_puts(BIO *h, const char *str); diff --git a/lib/libcrypto/bn/Makefile.ssl b/lib/libcrypto/bn/Makefile.ssl index 6a479726c42..fa17d3c7d88 100644 --- a/lib/libcrypto/bn/Makefile.ssl +++ b/lib/libcrypto/bn/Makefile.ssl @@ -23,14 +23,6 @@ BN_ASM= bn_asm.o CFLAGS= $(INCLUDES) $(CFLAG) -# We let the C compiler driver to take care of .s files. This is done in -# order to be excused from maintaining a separate set of architecture -# dependent assembler flags. E.g. if you throw -mcpu=ultrasparc at SPARC -# gcc, then the driver will automatically translate it to -xarch=v8plus -# and pass it down to assembler. -AS=$(CC) -c -ASFLAGS=$(CFLAGS) - GENERAL=Makefile TEST=bntest.c exptest.c APPS= @@ -73,22 +65,11 @@ lib: $(LIBOBJ) @touch lib # elf -asm/bn86-elf.o: asm/bn86unix.cpp - $(CPP) -DELF -x c asm/bn86unix.cpp | as -o asm/bn86-elf.o - -asm/co86-elf.o: asm/co86unix.cpp - $(CPP) -DELF -x c asm/co86unix.cpp | as -o asm/co86-elf.o +asm/bn86-elf.s: asm/bn-586.pl ../perlasm/x86asm.pl + (cd asm; $(PERL) bn-586.pl elf $(CFLAGS) > bn86-elf.s) -# solaris -asm/bn86-sol.o: asm/bn86unix.cpp - $(CC) -E -DSOL asm/bn86unix.cpp | sed 's/^#.*//' > asm/bn86-sol.s - as -o asm/bn86-sol.o asm/bn86-sol.s - rm -f asm/bn86-sol.s - -asm/co86-sol.o: asm/co86unix.cpp - $(CC) -E -DSOL asm/co86unix.cpp | sed 's/^#.*//' > asm/co86-sol.s - as -o asm/co86-sol.o asm/co86-sol.s - rm -f asm/co86-sol.s +asm/co86-elf.s: asm/co-586.pl ../perlasm/x86asm.pl + (cd asm; $(PERL) co-586.pl elf $(CFLAGS) > co86-elf.s) # a.out asm/bn86-out.o: asm/bn86unix.cpp @@ -136,6 +117,8 @@ asm/ia64-cpp.o: asm/ia64.S $(CC) $(ASFLAGS) -c -o asm/ia64-cpp.o /tmp/ia64.$$$$.s; \ rm -f /tmp/ia64.$$$$.s +asm/x86_64-gcc.o: asm/x86_64-gcc.c + files: $(PERL) $(TOP)/util/files.pl Makefile.ssl >> $(TOP)/MINFO @@ -169,14 +152,14 @@ lint: lint -DLINT $(INCLUDES) $(SRC)>fluff depend: - $(MAKEDEPEND) $(CFLAG) $(INCLUDES) $(DEPFLAG) $(PROGS) $(LIBSRC) + $(MAKEDEPEND) -- $(CFLAG) $(INCLUDES) $(DEPFLAG) -- $(PROGS) $(LIBSRC) dclean: $(PERL) -pe 'if (/^# DO NOT DELETE THIS LINE/) {print; exit(0);}' $(MAKEFILE) >Makefile.new mv -f Makefile.new $(MAKEFILE) clean: - rm -f asm/co86unix.cpp asm/bn86unix.cpp *.o */*.o *.obj lib tags core .pure .nfs* *.old *.bak fluff bn_asm.s + rm -f asm/co86unix.cpp asm/bn86unix.cpp asm/*-elf.* *.o */*.o *.obj lib tags core .pure .nfs* *.old *.bak fluff bn_asm.s # DO NOT DELETE THIS LINE -- make depend depends on it. diff --git a/lib/libcrypto/bn/asm/ia64.S b/lib/libcrypto/bn/asm/ia64.S index ae56066310b..7dfda855660 100644 --- a/lib/libcrypto/bn/asm/ia64.S +++ b/lib/libcrypto/bn/asm/ia64.S @@ -1,6 +1,6 @@ .explicit .text -.ident "ia64.S, Version 1.1" +.ident "ia64.S, Version 2.0" .ident "IA-64 ISA artwork by Andy Polyakov <appro@fy.chalmers.se>" // @@ -13,6 +13,35 @@ // disclaimed. // ==================================================================== // +// Version 2.x is Itanium2 re-tune. Few words about how Itanum2 is +// different from Itanium to this module viewpoint. Most notably, is it +// "wider" than Itanium? Can you experience loop scalability as +// discussed in commentary sections? Not really:-( Itanium2 has 6 +// integer ALU ports, i.e. it's 2 ports wider, but it's not enough to +// spin twice as fast, as I need 8 IALU ports. Amount of floating point +// ports is the same, i.e. 2, while I need 4. In other words, to this +// module Itanium2 remains effectively as "wide" as Itanium. Yet it's +// essentially different in respect to this module, and a re-tune was +// required. Well, because some intruction latencies has changed. Most +// noticeably those intensively used: +// +// Itanium Itanium2 +// ldf8 9 6 L2 hit +// ld8 2 1 L1 hit +// getf 2 5 +// xma[->getf] 7[+1] 4[+0] +// add[->st8] 1[+1] 1[+0] +// +// What does it mean? You might ratiocinate that the original code +// should run just faster... Because sum of latencies is smaller... +// Wrong! Note that getf latency increased. This means that if a loop is +// scheduled for lower latency (and they are), then it will suffer from +// stall condition and the code will therefore turn anti-scalable, e.g. +// original bn_mul_words spun at 5*n or 2.5 times slower than expected +// on Itanium2! What to do? Reschedule loops for Itanium2? But then +// Itanium would exhibit anti-scalability. So I've chosen to reschedule +// for worst latency for every instruction aiming for best *all-round* +// performance. // Q. How much faster does it get? // A. Here is the output from 'openssl speed rsa dsa' for vanilla @@ -149,12 +178,27 @@ bn_add_words: brp.loop.imp .L_bn_add_words_ctop,.L_bn_add_words_cend-16 } .body -{ .mib; mov r14=r32 // rp +{ .mib; +#if defined(_HPUX_SOURCE) && defined(_ILP32) + addp4 r14=0,r32 // rp +#else + mov r14=r32 // rp +#endif mov r9=pr };; -{ .mii; mov r15=r33 // ap +{ .mii; +#if defined(_HPUX_SOURCE) && defined(_ILP32) + addp4 r15=0,r33 // ap +#else + mov r15=r33 // ap +#endif mov ar.lc=r10 mov ar.ec=6 } -{ .mib; mov r16=r34 // bp +{ .mib; +#if defined(_HPUX_SOURCE) && defined(_ILP32) + addp4 r16=0,r34 // bp +#else + mov r16=r34 // bp +#endif mov pr.rot=1<<16 };; .L_bn_add_words_ctop: @@ -174,7 +218,7 @@ bn_add_words: { .mii; (p59) add r8=1,r8 // return value - mov pr=r9,-1 + mov pr=r9,0x1ffff mov ar.lc=r3 } { .mbb; nop.b 0x0 br.ret.sptk.many b0 };; @@ -202,12 +246,27 @@ bn_sub_words: brp.loop.imp .L_bn_sub_words_ctop,.L_bn_sub_words_cend-16 } .body -{ .mib; mov r14=r32 // rp +{ .mib; +#if defined(_HPUX_SOURCE) && defined(_ILP32) + addp4 r14=0,r32 // rp +#else + mov r14=r32 // rp +#endif mov r9=pr };; -{ .mii; mov r15=r33 // ap +{ .mii; +#if defined(_HPUX_SOURCE) && defined(_ILP32) + addp4 r15=0,r33 // ap +#else + mov r15=r33 // ap +#endif mov ar.lc=r10 mov ar.ec=6 } -{ .mib; mov r16=r34 // bp +{ .mib; +#if defined(_HPUX_SOURCE) && defined(_ILP32) + addp4 r16=0,r34 // bp +#else + mov r16=r34 // bp +#endif mov pr.rot=1<<16 };; .L_bn_sub_words_ctop: @@ -227,7 +286,7 @@ bn_sub_words: { .mii; (p59) add r8=1,r8 // return value - mov pr=r9,-1 + mov pr=r9,0x1ffff mov ar.lc=r3 } { .mbb; nop.b 0x0 br.ret.sptk.many b0 };; @@ -253,7 +312,7 @@ bn_mul_words: #ifdef XMA_TEMPTATION { .mfi; alloc r2=ar.pfs,4,0,0,0 };; #else -{ .mfi; alloc r2=ar.pfs,4,4,0,8 };; +{ .mfi; alloc r2=ar.pfs,4,12,0,16 };; #endif { .mib; mov r8=r0 // return value cmp4.le p6,p0=r34,r0 @@ -266,24 +325,30 @@ bn_mul_words: .body { .mib; setf.sig f8=r35 // w - mov pr.rot=0x400001<<16 - // ------^----- serves as (p48) at first (p26) + mov pr.rot=0x800001<<16 + // ------^----- serves as (p50) at first (p27) brp.loop.imp .L_bn_mul_words_ctop,.L_bn_mul_words_cend-16 } #ifndef XMA_TEMPTATION -{ .mii; mov r14=r32 // rp - mov r15=r33 // ap +{ .mii; +#if defined(_HPUX_SOURCE) && defined(_ILP32) + addp4 r14=0,r32 // rp + addp4 r15=0,r33 // ap +#else + mov r14=r32 // rp + mov r15=r33 // ap +#endif mov ar.lc=r10 } -{ .mii; mov r39=0 // serves as r33 at first (p26) - mov ar.ec=12 };; +{ .mii; mov r40=0 // serves as r35 at first (p27) + mov ar.ec=13 };; -// This loop spins in 2*(n+11) ticks. It's scheduled for data in L2 -// cache (i.e. 9 ticks away) as floating point load/store instructions +// This loop spins in 2*(n+12) ticks. It's scheduled for data in Itanium +// L2 cache (i.e. 9 ticks away) as floating point load/store instructions // bypass L1 cache and L2 latency is actually best-case scenario for -// ldf8. The loop is not scalable and shall run in 2*(n+11) even on -// "wider" IA-64 implementations. It's a trade-off here. n+22 loop +// ldf8. The loop is not scalable and shall run in 2*(n+12) even on +// "wider" IA-64 implementations. It's a trade-off here. n+24 loop // would give us ~5% in *overall* performance improvement on "wider" // IA-64, but would hurt Itanium for about same because of longer // epilogue. As it's a matter of few percents in either case I've @@ -291,25 +356,25 @@ bn_mul_words: // this very instruction sequence in bn_mul_add_words loop which in // turn is scalable). .L_bn_mul_words_ctop: -{ .mfi; (p25) getf.sig r36=f49 // low - (p21) xmpy.lu f45=f37,f8 - (p27) cmp.ltu p52,p48=r39,r38 } +{ .mfi; (p25) getf.sig r36=f52 // low + (p21) xmpy.lu f48=f37,f8 + (p28) cmp.ltu p54,p50=r41,r39 } { .mfi; (p16) ldf8 f32=[r15],8 - (p21) xmpy.hu f38=f37,f8 + (p21) xmpy.hu f40=f37,f8 (p0) nop.i 0x0 };; -{ .mii; (p26) getf.sig r32=f43 // high - .pred.rel "mutex",p48,p52 - (p48) add r38=r37,r33 // (p26) - (p52) add r38=r37,r33,1 } // (p26) -{ .mfb; (p27) st8 [r14]=r39,8 +{ .mii; (p25) getf.sig r32=f44 // high + .pred.rel "mutex",p50,p54 + (p50) add r40=r38,r35 // (p27) + (p54) add r40=r38,r35,1 } // (p27) +{ .mfb; (p28) st8 [r14]=r41,8 (p0) nop.f 0x0 br.ctop.sptk .L_bn_mul_words_ctop };; .L_bn_mul_words_cend: { .mii; nop.m 0x0 -.pred.rel "mutex",p49,p53 -(p49) add r8=r34,r0 -(p53) add r8=r34,r0,1 } +.pred.rel "mutex",p51,p55 +(p51) add r8=r36,r0 +(p55) add r8=r36,r0,1 } { .mfb; nop.m 0x0 nop.f 0x0 nop.b 0x0 } @@ -344,7 +409,7 @@ bn_mul_words: #endif // XMA_TEMPTATION { .mii; nop.m 0x0 - mov pr=r9,-1 + mov pr=r9,0x1ffff mov ar.lc=r3 } { .mfb; rum 1<<5 // clear um.mfh nop.f 0x0 @@ -376,59 +441,69 @@ bn_mul_add_words: .body { .mib; setf.sig f8=r35 // w - mov pr.rot=0x400001<<16 - // ------^----- serves as (p48) at first (p26) + mov pr.rot=0x800001<<16 + // ------^----- serves as (p50) at first (p27) brp.loop.imp .L_bn_mul_add_words_ctop,.L_bn_mul_add_words_cend-16 } -{ .mii; mov r14=r32 // rp - mov r15=r33 // ap +{ .mii; +#if defined(_HPUX_SOURCE) && defined(_ILP32) + addp4 r14=0,r32 // rp + addp4 r15=0,r33 // ap +#else + mov r14=r32 // rp + mov r15=r33 // ap +#endif mov ar.lc=r10 } -{ .mii; mov r39=0 // serves as r33 at first (p26) - mov r18=r32 // rp copy - mov ar.ec=14 };; +{ .mii; mov r40=0 // serves as r35 at first (p27) +#if defined(_HPUX_SOURCE) && defined(_ILP32) + addp4 r18=0,r32 // rp copy +#else + mov r18=r32 // rp copy +#endif + mov ar.ec=15 };; -// This loop spins in 3*(n+13) ticks on Itanium and should spin in -// 2*(n+13) on "wider" IA-64 implementations (to be verified with new +// This loop spins in 3*(n+14) ticks on Itanium and should spin in +// 2*(n+14) on "wider" IA-64 implementations (to be verified with new // µ-architecture manuals as they become available). As usual it's // possible to compress the epilogue, down to 10 in this case, at the // cost of scalability. Compressed (and therefore non-scalable) loop -// running at 3*(n+10) would buy you ~10% on Itanium but take ~35% +// running at 3*(n+11) would buy you ~10% on Itanium but take ~35% // from "wider" IA-64 so let it be scalable! Special attention was // paid for having the loop body split at 64-byte boundary. ld8 is // scheduled for L1 cache as the data is more than likely there. // Indeed, bn_mul_words has put it there a moment ago:-) .L_bn_mul_add_words_ctop: -{ .mfi; (p25) getf.sig r36=f49 // low - (p21) xmpy.lu f45=f37,f8 - (p27) cmp.ltu p52,p48=r39,r38 } +{ .mfi; (p25) getf.sig r36=f52 // low + (p21) xmpy.lu f48=f37,f8 + (p28) cmp.ltu p54,p50=r41,r39 } { .mfi; (p16) ldf8 f32=[r15],8 - (p21) xmpy.hu f38=f37,f8 - (p27) add r43=r43,r39 };; -{ .mii; (p26) getf.sig r32=f43 // high - .pred.rel "mutex",p48,p52 - (p48) add r38=r37,r33 // (p26) - (p52) add r38=r37,r33,1 } // (p26) -{ .mfb; (p27) cmp.ltu.unc p56,p0=r43,r39 + (p21) xmpy.hu f40=f37,f8 + (p28) add r45=r45,r41 };; +{ .mii; (p25) getf.sig r32=f44 // high + .pred.rel "mutex",p50,p54 + (p50) add r40=r38,r35 // (p27) + (p54) add r40=r38,r35,1 } // (p27) +{ .mfb; (p28) cmp.ltu.unc p60,p0=r45,r41 (p0) nop.f 0x0 (p0) nop.b 0x0 } -{ .mii; (p26) ld8 r42=[r18],8 - (p58) cmp.eq.or p57,p0=-1,r44 - (p58) add r44=1,r44 } -{ .mfb; (p29) st8 [r14]=r45,8 +{ .mii; (p27) ld8 r44=[r18],8 + (p62) cmp.eq.or p61,p0=-1,r46 + (p62) add r46=1,r46 } +{ .mfb; (p30) st8 [r14]=r47,8 (p0) nop.f 0x0 br.ctop.sptk .L_bn_mul_add_words_ctop};; .L_bn_mul_add_words_cend: { .mii; nop.m 0x0 -.pred.rel "mutex",p51,p55 -(p51) add r8=r36,r0 -(p55) add r8=r36,r0,1 } +.pred.rel "mutex",p53,p57 +(p53) add r8=r38,r0 +(p57) add r8=r38,r0,1 } { .mfb; nop.m 0x0 nop.f 0x0 nop.b 0x0 };; { .mii; -(p59) add r8=1,r8 - mov pr=r9,-1 +(p63) add r8=1,r8 + mov pr=r9,0x1ffff mov ar.lc=r3 } { .mfb; rum 1<<5 // clear um.mfh nop.f 0x0 @@ -461,6 +536,10 @@ bn_sqr_words: mov r9=pr };; .body +#if defined(_HPUX_SOURCE) && defined(_ILP32) +{ .mii; addp4 r32=0,r32 + addp4 r33=0,r33 };; +#endif { .mib; mov pr.rot=1<<16 brp.loop.imp .L_bn_sqr_words_ctop,.L_bn_sqr_words_cend-16 @@ -492,7 +571,7 @@ bn_sqr_words: .L_bn_sqr_words_cend: { .mii; nop.m 0x0 - mov pr=r9,-1 + mov pr=r9,0x1ffff mov ar.lc=r3 } { .mfb; rum 1<<5 // clear um.mfh nop.f 0x0 @@ -526,7 +605,14 @@ bn_sqr_comba8: .prologue .fframe 0 .save ar.pfs,r2 +#if defined(_HPUX_SOURCE) && defined(_ILP32) { .mii; alloc r2=ar.pfs,2,1,0,0 + addp4 r33=0,r33 + addp4 r32=0,r32 };; +{ .mii; +#else +{ .mii; alloc r2=ar.pfs,2,1,0,0 +#endif mov r34=r33 add r14=8,r33 };; .body @@ -587,7 +673,14 @@ bn_mul_comba8: .prologue .fframe 0 .save ar.pfs,r2 +#if defined(_HPUX_SOURCE) && defined(_ILP32) { .mii; alloc r2=ar.pfs,3,0,0,0 + addp4 r33=0,r33 + addp4 r34=0,r34 };; +{ .mii; addp4 r32=0,r32 +#else +{ .mii; alloc r2=ar.pfs,3,0,0,0 +#endif add r14=8,r33 add r17=8,r34 } .body @@ -1138,7 +1231,14 @@ bn_sqr_comba4: .prologue .fframe 0 .save ar.pfs,r2 +#if defined(_HPUX_SOURCE) && defined(_ILP32) +{ .mii; alloc r2=ar.pfs,2,1,0,0 + addp4 r32=0,r32 + addp4 r33=0,r33 };; +{ .mii; +#else { .mii; alloc r2=ar.pfs,2,1,0,0 +#endif mov r34=r33 add r14=8,r33 };; .body @@ -1164,7 +1264,14 @@ bn_mul_comba4: .prologue .fframe 0 .save ar.pfs,r2 +#if defined(_HPUX_SOURCE) && defined(_ILP32) +{ .mii; alloc r2=ar.pfs,3,0,0,0 + addp4 r33=0,r33 + addp4 r34=0,r34 };; +{ .mii; addp4 r32=0,r32 +#else { .mii; alloc r2=ar.pfs,3,0,0,0 +#endif add r14=8,r33 add r17=8,r34 } .body @@ -1464,7 +1571,7 @@ bn_div_words: or r8=r8,r33 mov ar.pfs=r2 };; { .mii; shr.u r9=H,I // remainder if anybody wants it - mov pr=r10,-1 } + mov pr=r10,0x1ffff } { .mfb; br.ret.sptk.many b0 };; // Unsigned 64 by 32 (well, by 64 for the moment) bit integer division diff --git a/lib/libcrypto/bn/asm/pa-risc2.s b/lib/libcrypto/bn/asm/pa-risc2.s index af9730d0621..f3b16290eb0 100644 --- a/lib/libcrypto/bn/asm/pa-risc2.s +++ b/lib/libcrypto/bn/asm/pa-risc2.s @@ -747,8 +747,8 @@ bn_div_words .PROC .EXPORT bn_div_words,ENTRY,PRIV_LEV=3,ARGW0=GR,ARGW1=GR,ARGW2=GR,ARGW3=GR,RTNVAL=GR,LONG_RETURN .IMPORT BN_num_bits_word,CODE - .IMPORT __iob,DATA - .IMPORT fprintf,CODE + ;--- not PIC .IMPORT __iob,DATA + ;--- not PIC .IMPORT fprintf,CODE .IMPORT abort,CODE .IMPORT $$div2U,MILLICODE .CALLINFO CALLER,FRAME=144,ENTRY_GR=%r9,SAVE_RP,ARGS_SAVED,ORDERING_AWARE @@ -844,12 +844,12 @@ $0006001A MOVIB,TR 2,%r8,$0006001C ;offset 0xa18 EXTRD,U %r3,63,32,%r7 ;offset 0xa1c $D2 - ADDIL LR'__iob-$global$,%r27,%r1 ;offset 0xa20 - LDIL LR'C$7,%r21 ;offset 0xa24 - LDO RR'__iob-$global$+32(%r1),%r26 ;offset 0xa28 - .CALL ARGW0=GR,ARGW1=GR,ARGW2=GR,RTNVAL=GR ;in=24,25,26;out=28; - B,L fprintf,%r2 ;offset 0xa2c - LDO RR'C$7(%r21),%r25 ;offset 0xa30 + ;--- not PIC ADDIL LR'__iob-$global$,%r27,%r1 ;offset 0xa20 + ;--- not PIC LDIL LR'C$7,%r21 ;offset 0xa24 + ;--- not PIC LDO RR'__iob-$global$+32(%r1),%r26 ;offset 0xa28 + ;--- not PIC .CALL ARGW0=GR,ARGW1=GR,ARGW2=GR,RTNVAL=GR ;in=24,25,26;out=28; + ;--- not PIC B,L fprintf,%r2 ;offset 0xa2c + ;--- not PIC LDO RR'C$7(%r21),%r25 ;offset 0xa30 .CALL ; B,L abort,%r2 ;offset 0xa34 NOP ;offset 0xa38 @@ -1605,14 +1605,14 @@ bn_mul_comba4 .PROCEND - .SPACE $TEXT$ - .SUBSPA $CODE$ - .SPACE $PRIVATE$,SORT=16 - .IMPORT $global$,DATA - .SPACE $TEXT$ - .SUBSPA $CODE$ - .SUBSPA $LIT$,ACCESS=0x2c -C$7 - .ALIGN 8 - .STRINGZ "Division would overflow (%d)\n" +;--- not PIC .SPACE $TEXT$ +;--- not PIC .SUBSPA $CODE$ +;--- not PIC .SPACE $PRIVATE$,SORT=16 +;--- not PIC .IMPORT $global$,DATA +;--- not PIC .SPACE $TEXT$ +;--- not PIC .SUBSPA $CODE$ +;--- not PIC .SUBSPA $LIT$,ACCESS=0x2c +;--- not PIC C$7 +;--- not PIC .ALIGN 8 +;--- not PIC .STRINGZ "Division would overflow (%d)\n" .END diff --git a/lib/libcrypto/bn/asm/vms.mar b/lib/libcrypto/bn/asm/vms.mar index 465f2774b62..aefab15cdb2 100644 --- a/lib/libcrypto/bn/asm/vms.mar +++ b/lib/libcrypto/bn/asm/vms.mar @@ -1,4 +1,4 @@ - .title vax_bn_mul_add_word unsigned multiply & add, 32*32+32+32=>64 + .title vax_bn_mul_add_words unsigned multiply & add, 32*32+32+32=>64 ; ; w.j.m. 15-jan-1999 ; @@ -59,7 +59,7 @@ w=16 ;(AP) w by value (input) movl r6,r0 ; return c ret - .title vax_bn_mul_word unsigned multiply & add, 32*32+32=>64 + .title vax_bn_mul_words unsigned multiply & add, 32*32+32=>64 ; ; w.j.m. 15-jan-1999 ; @@ -172,147 +172,175 @@ n=12 ;(AP) n by value (input) ; } ; ; Using EDIV would be very easy, if it didn't do signed calculations. -; Therefore, som extra things have to happen around it. The way to -; handle that is to shift all operands right one step (basically dividing -; them by 2) and handle the different cases depending on what the lowest -; bit of each operand was. +; Any time any of the input numbers are signed, there are problems, +; usually with integer overflow, at which point it returns useless +; data (the quotient gets the value of l, and the remainder becomes 0). ; -; To start with, let's define the following: +; If it was just for the dividend, it would be very easy, just divide +; it by 2 (unsigned), do the division, multiply the resulting quotient +; and remainder by 2, add the bit that was dropped when dividing by 2 +; to the remainder, and do some adjustment so the remainder doesn't +; end up larger than the divisor. For some cases when the divisor is +; negative (from EDIV's point of view, i.e. when the highest bit is set), +; dividing the dividend by 2 isn't enough, and since some operations +; might generate integer overflows even when the dividend is divided by +; 4 (when the high part of the shifted down dividend ends up being exactly +; half of the divisor, the result is the quotient 0x80000000, which is +; negative...) it needs to be divided by 8. Furthermore, the divisor needs +; to be divided by 2 (unsigned) as well, to avoid more problems with the sign. +; In this case, a little extra fiddling with the remainder is required. ; -; a' = l & 1 -; a2 = <h,l> >> 1 # UNSIGNED shift! -; b' = d & 1 -; b2 = d >> 1 # UNSIGNED shift! +; So, the simplest way to handle this is always to divide the dividend +; by 8, and to divide the divisor by 2 if it's highest bit is set. +; After EDIV has been used, the quotient gets multiplied by 8 if the +; original divisor was positive, otherwise 4. The remainder, oddly +; enough, is *always* multiplied by 8. +; NOTE: in the case mentioned above, where the high part of the shifted +; down dividend ends up being exactly half the shifted down divisor, we +; end up with a 33 bit quotient. That's no problem however, it usually +; means we have ended up with a too large remainder as well, and the +; problem is fixed by the last part of the algorithm (next paragraph). ; -; Now, use EDIV to calculate a quotient and a remainder: +; The routine ends with comparing the resulting remainder with the +; original divisor and if the remainder is larger, subtract the +; original divisor from it, and increase the quotient by 1. This is +; done until the remainder is smaller than the divisor. ; -; q'' = a2/b2 -; r'' = a2 - q''*b2 +; The complete algorithm looks like this: ; -; If b' is 0, the quotient is already correct, we just need to adjust the -; remainder: +; d' = d +; l' = l & 7 +; [h,l] = [h,l] >> 3 +; [q,r] = floor([h,l] / d) # This is the EDIV operation +; if (q < 0) q = -q # I doubt this is necessary any more ; -; if (b' == 0) -; { -; r = 2*r'' + a' -; q = q'' -; } -; -; If b' is 1, we need to do other adjustements. The first thought is the -; following (note that r' will not always have the right value, but an -; adjustement follows further down): -; -; if (b' == 1) -; { -; q' = q'' -; r' = a - q'*b -; -; However, one can note the folowing relationship: -; -; r'' = a2 - q''*b2 -; => 2*r'' = 2*a2 - 2*q''*b2 -; = { a = 2*a2 + a', b = 2*b2 + b' = 2*b2 + 1, -; q' = q'' } -; = a - a' - q'*(b - 1) -; = a - q'*b - a' + q' -; = r' - a' + q' -; => r' = 2*r'' - q' + a' +; r' = r >> 29 +; if (d' >= 0) +; q' = q >> 29 +; q = q << 3 +; else +; q' = q >> 30 +; q = q << 2 +; r = (r << 3) + l' ; -; This enables us to use r'' instead of discarding and calculating another -; modulo: -; -; if (b' == 1) +; if (d' < 0) ; { -; q' = q'' -; r' = (r'' << 1) - q' + a' -; -; Now, all we have to do is adjust r', because it might be < 0: -; -; while (r' < 0) +; [r',r] = [r',r] - q +; while ([r',r] < 0) ; { -; r' = r' + b -; q' = q' - 1 +; [r',r] = [r',r] + d +; [q',q] = [q',q] - 1 ; } ; } ; -; return q' +; while ([r',r] >= d') +; { +; [r',r] = [r',r] - d' +; [q',q] = [q',q] + 1 +; } +; +; return q h=4 ;(AP) h by value (input) l=8 ;(AP) l by value (input) d=12 ;(AP) d by value (input) -;aprim=r5 -;a2=r6 -;a20=r6 -;a21=r7 -;bprim=r8 -;b2=r9 -;qprim=r10 ; initially used as q'' -;rprim=r11 ; initially used as r'' - +;r2 = l, q +;r3 = h, r +;r4 = d +;r5 = l' +;r6 = r' +;r7 = d' +;r8 = q' .psect code,nowrt -.entry bn_div_words,^m<r2,r3,r4,r5,r6,r7,r8,r9,r10,r11> +.entry bn_div_words,^m<r2,r3,r4,r5,r6,r7,r8> movl l(ap),r2 movl h(ap),r3 movl d(ap),r4 - movl #0,r5 - movl #0,r8 - movl #0,r0 -; movl #0,r1 + bicl3 #^XFFFFFFF8,r2,r5 ; l' = l & 7 + bicl3 #^X00000007,r2,r2 - rotl #-1,r2,r6 ; a20 = l >> 1 (almost) - rotl #-1,r3,r7 ; a21 = h >> 1 (almost) - rotl #-1,r4,r9 ; b2 = d >> 1 (almost) + bicl3 #^XFFFFFFF8,r3,r6 + bicl3 #^X00000007,r3,r3 + + addl r6,r2 - tstl r6 - bgeq 1$ - xorl2 #^X80000000,r6 ; fixup a20 so highest bit is 0 - incl r5 ; a' = 1 -1$: - tstl r7 - bgeq 2$ - xorl2 #^X80000000,r6 ; fixup a20 so highest bit is 1, - ; since that's what was lowest in a21 - xorl2 #^X80000000,r7 ; fixup a21 so highest bit is 1 -2$: - tstl r9 + rotl #-3,r2,r2 ; l = l >> 3 + rotl #-3,r3,r3 ; h = h >> 3 + + movl r4,r7 ; d' = d + + movl #0,r6 ; r' = 0 + movl #0,r8 ; q' = 0 + + tstl r4 beql 666$ ; Uh-oh, the divisor is 0... - bgtr 3$ - xorl2 #^X80000000,r9 ; fixup b2 so highest bit is 0 - incl r8 ; b' = 1 -3$: - tstl r9 - bneq 4$ ; if b2 is 0, we know that b' is 1 - tstl r3 - bneq 666$ ; if higher half isn't 0, we overflow - movl r2,r10 ; otherwise, we have our result - brb 42$ ; This is a success, really. -4$: - ediv r9,r6,r10,r11 - - tstl r8 - bneq 5$ ; If b' != 0, go to the other part -; addl3 r11,r11,r1 -; addl2 r5,r1 - brb 42$ -5$: - ashl #1,r11,r11 - subl2 r10,r11 - addl2 r5,r11 - bgeq 7$ -6$: - decl r10 - addl2 r4,r11 - blss 6$ -7$: -; movl r11,r1 + bgtr 1$ + rotl #-1,r4,r4 ; If d is negative, shift it right. + bicl2 #^X80000000,r4 ; Since d is then a large number, the + ; lowest bit is insignificant + ; (contradict that, and I'll fix the problem!) +1$: + ediv r4,r2,r2,r3 ; Do the actual division + + tstl r2 + bgeq 3$ + mnegl r2,r2 ; if q < 0, negate it +3$: + tstl r7 + blss 4$ + rotl #3,r2,r2 ; q = q << 3 + bicl3 #^XFFFFFFF8,r2,r8 ; q' gets the high bits from q + bicl3 #^X00000007,r2,r2 + bsb 41$ +4$: ; else + rotl #2,r2,r2 ; q = q << 2 + bicl3 #^XFFFFFFFC,r2,r8 ; q' gets the high bits from q + bicl3 #^X00000003,r2,r2 +41$: + rotl #3,r3,r3 ; r = r << 3 + bicl3 #^XFFFFFFF8,r3,r6 ; r' gets the high bits from r + bicl3 #^X00000007,r3,r3 + addl r5,r3 ; r = r + l' + + tstl r7 + bgeq 5$ + bitl #1,r7 + beql 5$ ; if d' < 0 && d' & 1 + subl r2,r3 ; [r',r] = [r',r] - [q',q] + sbwc r8,r6 +45$: + bgeq 5$ ; while r < 0 + decl r2 ; [q',q] = [q',q] - 1 + sbwc #0,r8 + addl r7,r3 ; [r',r] = [r',r] + d' + adwc #0,r6 + brb 45$ + +; The return points are placed in the middle to keep a short distance from +; all the branch points 42$: - movl r10,r0 +; movl r3,r1 + movl r2,r0 + ret 666$: + movl #^XFFFFFFFF,r0 ret + +5$: + tstl r6 + bneq 6$ + cmpl r3,r7 + blssu 42$ ; while [r',r] >= d' +6$: + subl r7,r3 ; [r',r] = [r',r] - d' + sbwc #0,r6 + incl r2 ; [q',q] = [q',q] + 1 + adwc #0,r8 + brb 5$ .title vax_bn_add_words unsigned add of two arrays ; diff --git a/lib/libcrypto/bn/bn.h b/lib/libcrypto/bn/bn.h index b40682f8318..3da6d8ced90 100644 --- a/lib/libcrypto/bn/bn.h +++ b/lib/libcrypto/bn/bn.h @@ -248,6 +248,8 @@ typedef struct bn_blinding_st BIGNUM *A; BIGNUM *Ai; BIGNUM *mod; /* just a reference */ + unsigned long thread_id; /* added in OpenSSL 0.9.6j and 0.9.7b; + * used only by crypto/rsa/rsa_eay.c, rsa_lib.c */ } BN_BLINDING; /* Used for montgomery multiplication */ diff --git a/lib/libcrypto/bn/bn_div.c b/lib/libcrypto/bn/bn_div.c index f9a095e3b3b..580d1201bc2 100644 --- a/lib/libcrypto/bn/bn_div.c +++ b/lib/libcrypto/bn/bn_div.c @@ -150,6 +150,20 @@ int BN_div(BIGNUM *dv, BIGNUM *rem, const BIGNUM *m, const BIGNUM *d, q; \ }) # define REMAINDER_IS_ALREADY_CALCULATED +# elif defined(__x86_64) && defined(SIXTY_FOUR_BIT_LONG) + /* + * Same story here, but it's 128-bit by 64-bit division. Wow! + * <appro@fy.chalmers.se> + */ +# define bn_div_words(n0,n1,d0) \ + ({ asm volatile ( \ + "divq %4" \ + : "=a"(q), "=d"(rem) \ + : "a"(n1), "d"(n0), "g"(d0) \ + : "cc"); \ + q; \ + }) +# define REMAINDER_IS_ALREADY_CALCULATED # endif /* __<cpu> */ # endif /* __GNUC__ */ #endif /* OPENSSL_NO_ASM */ @@ -268,6 +282,11 @@ int BN_div(BIGNUM *dv, BIGNUM *rm, const BIGNUM *num, const BIGNUM *divisor, q=(BN_ULONG)(((((BN_ULLONG)n0)<<BN_BITS2)|n1)/d0); #else q=bn_div_words(n0,n1,d0); +#ifdef BN_DEBUG_LEVITTE + fprintf(stderr,"DEBUG: bn_div_words(0x%08X,0x%08X,0x%08\ +X) -> 0x%08X\n", + n0, n1, d0, q); +#endif #endif #ifndef REMAINDER_IS_ALREADY_CALCULATED @@ -292,11 +311,18 @@ int BN_div(BIGNUM *dv, BIGNUM *rm, const BIGNUM *num, const BIGNUM *divisor, BN_ULONG t2l,t2h,ql,qh; q=bn_div_words(n0,n1,d0); +#ifdef BN_DEBUG_LEVITTE + fprintf(stderr,"DEBUG: bn_div_words(0x%08X,0x%08X,0x%08\ +X) -> 0x%08X\n", + n0, n1, d0, q); +#endif #ifndef REMAINDER_IS_ALREADY_CALCULATED rem=(n1-q*d0)&BN_MASK2; #endif -#ifdef BN_UMULT_HIGH +#if defined(BN_UMULT_LOHI) + BN_UMULT_LOHI(t2l,t2h,d1,q); +#elif defined(BN_UMULT_HIGH) t2l = d1 * q; t2h = BN_UMULT_HIGH(d1,q); #else diff --git a/lib/libcrypto/bn/bn_lcl.h b/lib/libcrypto/bn/bn_lcl.h index 8a4dba375ab..5614bc6164c 100644 --- a/lib/libcrypto/bn/bn_lcl.h +++ b/lib/libcrypto/bn/bn_lcl.h @@ -230,6 +230,21 @@ struct bignum_ctx : "r"(a), "r"(b)); \ ret; }) # endif /* compiler */ +# elif defined(__x86_64) && defined(SIXTY_FOUR_BIT_LONG) +# if defined(__GNUC__) +# define BN_UMULT_HIGH(a,b) ({ \ + register BN_ULONG ret,discard; \ + asm ("mulq %3" \ + : "=a"(discard),"=d"(ret) \ + : "a"(a), "g"(b) \ + : "cc"); \ + ret; }) +# define BN_UMULT_LOHI(low,high,a,b) \ + asm ("mulq %3" \ + : "=a"(low),"=d"(high) \ + : "a"(a),"g"(b) \ + : "cc"); +# endif # endif /* cpu */ #endif /* OPENSSL_NO_ASM */ @@ -337,7 +352,7 @@ struct bignum_ctx #define LBITS(a) ((a)&BN_MASK2l) #define HBITS(a) (((a)>>BN_BITS4)&BN_MASK2l) -#define L2HBITS(a) ((BN_ULONG)((a)&BN_MASK2l)<<BN_BITS4) +#define L2HBITS(a) (((a)<<BN_BITS4)&BN_MASK2) #define LLBITS(a) ((a)&BN_MASKl) #define LHBITS(a) (((a)>>BN_BITS2)&BN_MASKl) @@ -353,7 +368,7 @@ struct bignum_ctx lt=(bl)*(lt); \ m1=(bl)*(ht); \ ht =(bh)*(ht); \ - m=(m+m1)&BN_MASK2; if (m < m1) ht+=L2HBITS(1L); \ + m=(m+m1)&BN_MASK2; if (m < m1) ht+=L2HBITS((BN_ULONG)1); \ ht+=HBITS(m); \ m1=L2HBITS(m); \ lt=(lt+m1)&BN_MASK2; if (lt < m1) ht++; \ @@ -418,20 +433,19 @@ void bn_sqr_comba4(BN_ULONG *r,const BN_ULONG *a); int bn_cmp_words(const BN_ULONG *a,const BN_ULONG *b,int n); int bn_cmp_part_words(const BN_ULONG *a, const BN_ULONG *b, int cl, int dl); +#if 0 +/* bn_mul.c rollback <appro> */ void bn_mul_recursive(BN_ULONG *r,BN_ULONG *a,BN_ULONG *b,int n2, int dna,int dnb,BN_ULONG *t); void bn_mul_part_recursive(BN_ULONG *r,BN_ULONG *a,BN_ULONG *b, int n,int tna,int tnb,BN_ULONG *t); +#endif void bn_sqr_recursive(BN_ULONG *r,const BN_ULONG *a, int n2, BN_ULONG *t); void bn_mul_low_normal(BN_ULONG *r,BN_ULONG *a,BN_ULONG *b, int n); void bn_mul_low_recursive(BN_ULONG *r,BN_ULONG *a,BN_ULONG *b,int n2, BN_ULONG *t); void bn_mul_high(BN_ULONG *r,BN_ULONG *a,BN_ULONG *b,BN_ULONG *l,int n2, BN_ULONG *t); -BN_ULONG bn_add_part_words(BN_ULONG *r, const BN_ULONG *a, const BN_ULONG *b, - int cl, int dl); -BN_ULONG bn_sub_part_words(BN_ULONG *r, const BN_ULONG *a, const BN_ULONG *b, - int cl, int dl); #ifdef __cplusplus } diff --git a/lib/libcrypto/bn/bn_lib.c b/lib/libcrypto/bn/bn_lib.c index ce2ae784195..463463cfcb0 100644 --- a/lib/libcrypto/bn/bn_lib.c +++ b/lib/libcrypto/bn/bn_lib.c @@ -263,12 +263,12 @@ void BN_clear_free(BIGNUM *a) if (a == NULL) return; if (a->d != NULL) { - memset(a->d,0,a->dmax*sizeof(a->d[0])); + OPENSSL_cleanse(a->d,a->dmax*sizeof(a->d[0])); if (!(BN_get_flags(a,BN_FLG_STATIC_DATA))) OPENSSL_free(a->d); } i=BN_get_flags(a,BN_FLG_MALLOCED); - memset(a,0,sizeof(BIGNUM)); + OPENSSL_cleanse(a,sizeof(BIGNUM)); if (i) OPENSSL_free(a); } diff --git a/lib/libcrypto/bn/bn_mul.c b/lib/libcrypto/bn/bn_mul.c index b03458d0021..cb93ac33569 100644 --- a/lib/libcrypto/bn/bn_mul.c +++ b/lib/libcrypto/bn/bn_mul.c @@ -56,325 +56,10 @@ * [including the GNU Public Licence.] */ -#ifndef BN_DEBUG -# undef NDEBUG /* avoid conflicting definitions */ -# define NDEBUG -#endif - #include <stdio.h> -#include <assert.h> #include "cryptlib.h" #include "bn_lcl.h" -#if defined(OPENSSL_NO_ASM) || !(defined(__i386) || defined(__i386__)) || defined(__DJGPP__) /* Assembler implementation exists only for x86 */ -/* Here follows specialised variants of bn_add_words() and - bn_sub_words(). They have the property performing operations on - arrays of different sizes. The sizes of those arrays is expressed through - cl, which is the common length ( basicall, min(len(a),len(b)) ), and dl, - which is the delta between the two lengths, calculated as len(a)-len(b). - All lengths are the number of BN_ULONGs... For the operations that require - a result array as parameter, it must have the length cl+abs(dl). - These functions should probably end up in bn_asm.c as soon as there are - assembler counterparts for the systems that use assembler files. */ - -BN_ULONG bn_sub_part_words(BN_ULONG *r, - const BN_ULONG *a, const BN_ULONG *b, - int cl, int dl) - { - BN_ULONG c, t; - - assert(cl >= 0); - c = bn_sub_words(r, a, b, cl); - - if (dl == 0) - return c; - - r += cl; - a += cl; - b += cl; - - if (dl < 0) - { -#ifdef BN_COUNT - fprintf(stderr, " bn_sub_part_words %d + %d (dl < 0, c = %d)\n", cl, dl, c); -#endif - for (;;) - { - t = b[0]; - r[0] = (0-t-c)&BN_MASK2; - if (t != 0) c=1; - if (++dl >= 0) break; - - t = b[1]; - r[1] = (0-t-c)&BN_MASK2; - if (t != 0) c=1; - if (++dl >= 0) break; - - t = b[2]; - r[2] = (0-t-c)&BN_MASK2; - if (t != 0) c=1; - if (++dl >= 0) break; - - t = b[3]; - r[3] = (0-t-c)&BN_MASK2; - if (t != 0) c=1; - if (++dl >= 0) break; - - b += 4; - r += 4; - } - } - else - { - int save_dl = dl; -#ifdef BN_COUNT - fprintf(stderr, " bn_sub_part_words %d + %d (dl > 0, c = %d)\n", cl, dl, c); -#endif - while(c) - { - t = a[0]; - r[0] = (t-c)&BN_MASK2; - if (t != 0) c=0; - if (--dl <= 0) break; - - t = a[1]; - r[1] = (t-c)&BN_MASK2; - if (t != 0) c=0; - if (--dl <= 0) break; - - t = a[2]; - r[2] = (t-c)&BN_MASK2; - if (t != 0) c=0; - if (--dl <= 0) break; - - t = a[3]; - r[3] = (t-c)&BN_MASK2; - if (t != 0) c=0; - if (--dl <= 0) break; - - save_dl = dl; - a += 4; - r += 4; - } - if (dl > 0) - { -#ifdef BN_COUNT - fprintf(stderr, " bn_sub_part_words %d + %d (dl > 0, c == 0)\n", cl, dl); -#endif - if (save_dl > dl) - { - switch (save_dl - dl) - { - case 1: - r[1] = a[1]; - if (--dl <= 0) break; - case 2: - r[2] = a[2]; - if (--dl <= 0) break; - case 3: - r[3] = a[3]; - if (--dl <= 0) break; - } - a += 4; - r += 4; - } - } - if (dl > 0) - { -#ifdef BN_COUNT - fprintf(stderr, " bn_sub_part_words %d + %d (dl > 0, copy)\n", cl, dl); -#endif - for(;;) - { - r[0] = a[0]; - if (--dl <= 0) break; - r[1] = a[1]; - if (--dl <= 0) break; - r[2] = a[2]; - if (--dl <= 0) break; - r[3] = a[3]; - if (--dl <= 0) break; - - a += 4; - r += 4; - } - } - } - return c; - } -#endif - -BN_ULONG bn_add_part_words(BN_ULONG *r, - const BN_ULONG *a, const BN_ULONG *b, - int cl, int dl) - { - BN_ULONG c, l, t; - - assert(cl >= 0); - c = bn_add_words(r, a, b, cl); - - if (dl == 0) - return c; - - r += cl; - a += cl; - b += cl; - - if (dl < 0) - { - int save_dl = dl; -#ifdef BN_COUNT - fprintf(stderr, " bn_add_part_words %d + %d (dl < 0, c = %d)\n", cl, dl, c); -#endif - while (c) - { - l=(c+b[0])&BN_MASK2; - c=(l < c); - r[0]=l; - if (++dl >= 0) break; - - l=(c+b[1])&BN_MASK2; - c=(l < c); - r[1]=l; - if (++dl >= 0) break; - - l=(c+b[2])&BN_MASK2; - c=(l < c); - r[2]=l; - if (++dl >= 0) break; - - l=(c+b[3])&BN_MASK2; - c=(l < c); - r[3]=l; - if (++dl >= 0) break; - - save_dl = dl; - b+=4; - r+=4; - } - if (dl < 0) - { -#ifdef BN_COUNT - fprintf(stderr, " bn_add_part_words %d + %d (dl < 0, c == 0)\n", cl, dl); -#endif - if (save_dl < dl) - { - switch (dl - save_dl) - { - case 1: - r[1] = b[1]; - if (++dl >= 0) break; - case 2: - r[2] = b[2]; - if (++dl >= 0) break; - case 3: - r[3] = b[3]; - if (++dl >= 0) break; - } - b += 4; - r += 4; - } - } - if (dl < 0) - { -#ifdef BN_COUNT - fprintf(stderr, " bn_add_part_words %d + %d (dl < 0, copy)\n", cl, dl); -#endif - for(;;) - { - r[0] = b[0]; - if (++dl >= 0) break; - r[1] = b[1]; - if (++dl >= 0) break; - r[2] = b[2]; - if (++dl >= 0) break; - r[3] = b[3]; - if (++dl >= 0) break; - - b += 4; - r += 4; - } - } - } - else - { - int save_dl = dl; -#ifdef BN_COUNT - fprintf(stderr, " bn_add_part_words %d + %d (dl > 0)\n", cl, dl); -#endif - while (c) - { - t=(a[0]+c)&BN_MASK2; - c=(t < c); - r[0]=t; - if (--dl <= 0) break; - - t=(a[1]+c)&BN_MASK2; - c=(t < c); - r[1]=t; - if (--dl <= 0) break; - - t=(a[2]+c)&BN_MASK2; - c=(t < c); - r[2]=t; - if (--dl <= 0) break; - - t=(a[3]+c)&BN_MASK2; - c=(t < c); - r[3]=t; - if (--dl <= 0) break; - - save_dl = dl; - a+=4; - r+=4; - } -#ifdef BN_COUNT - fprintf(stderr, " bn_add_part_words %d + %d (dl > 0, c == 0)\n", cl, dl); -#endif - if (dl > 0) - { - if (save_dl > dl) - { - switch (save_dl - dl) - { - case 1: - r[1] = a[1]; - if (--dl <= 0) break; - case 2: - r[2] = a[2]; - if (--dl <= 0) break; - case 3: - r[3] = a[3]; - if (--dl <= 0) break; - } - a += 4; - r += 4; - } - } - if (dl > 0) - { -#ifdef BN_COUNT - fprintf(stderr, " bn_add_part_words %d + %d (dl > 0, copy)\n", cl, dl); -#endif - for(;;) - { - r[0] = a[0]; - if (--dl <= 0) break; - r[1] = a[1]; - if (--dl <= 0) break; - r[2] = a[2]; - if (--dl <= 0) break; - r[3] = a[3]; - if (--dl <= 0) break; - - a += 4; - r += 4; - } - } - } - return c; - } - #ifdef BN_RECURSION /* Karatsuba recursive multiplication algorithm * (cf. Knuth, The Art of Computer Programming, Vol. 2) */ @@ -390,15 +75,14 @@ BN_ULONG bn_add_part_words(BN_ULONG *r, * a[1]*b[1] */ void bn_mul_recursive(BN_ULONG *r, BN_ULONG *a, BN_ULONG *b, int n2, - int dna, int dnb, BN_ULONG *t) + BN_ULONG *t) { int n=n2/2,c1,c2; - int tna=n+dna, tnb=n+dnb; unsigned int neg,zero; BN_ULONG ln,lo,*p; # ifdef BN_COUNT - fprintf(stderr," bn_mul_recursive %d * %d\n",n2,n2); + printf(" bn_mul_recursive %d * %d\n",n2,n2); # endif # ifdef BN_MUL_COMBA # if 0 @@ -408,40 +92,34 @@ void bn_mul_recursive(BN_ULONG *r, BN_ULONG *a, BN_ULONG *b, int n2, return; } # endif - /* Only call bn_mul_comba 8 if n2 == 8 and the - * two arrays are complete [steve] - */ - if (n2 == 8 && dna == 0 && dnb == 0) + if (n2 == 8) { bn_mul_comba8(r,a,b); return; } # endif /* BN_MUL_COMBA */ - /* Else do normal multiply */ if (n2 < BN_MUL_RECURSIVE_SIZE_NORMAL) { - bn_mul_normal(r,a,n2+dna,b,n2+dnb); - if ((dna + dnb) < 0) - memset(&r[2*n2 + dna + dnb], 0, - sizeof(BN_ULONG) * -(dna + dnb)); + /* This should not happen */ + bn_mul_normal(r,a,n2,b,n2); return; } /* r=(a[0]-a[1])*(b[1]-b[0]) */ - c1=bn_cmp_part_words(a,&(a[n]),tna,n-tna); - c2=bn_cmp_part_words(&(b[n]),b,tnb,tnb-n); + c1=bn_cmp_words(a,&(a[n]),n); + c2=bn_cmp_words(&(b[n]),b,n); zero=neg=0; switch (c1*3+c2) { case -4: - bn_sub_part_words(t, &(a[n]),a, tna,tna-n); /* - */ - bn_sub_part_words(&(t[n]),b, &(b[n]),tnb,n-tnb); /* - */ + bn_sub_words(t, &(a[n]),a, n); /* - */ + bn_sub_words(&(t[n]),b, &(b[n]),n); /* - */ break; case -3: zero=1; break; case -2: - bn_sub_part_words(t, &(a[n]),a, tna,tna-n); /* - */ - bn_sub_part_words(&(t[n]),&(b[n]),b, tnb,tnb-n); /* + */ + bn_sub_words(t, &(a[n]),a, n); /* - */ + bn_sub_words(&(t[n]),&(b[n]),b, n); /* + */ neg=1; break; case -1: @@ -450,22 +128,21 @@ void bn_mul_recursive(BN_ULONG *r, BN_ULONG *a, BN_ULONG *b, int n2, zero=1; break; case 2: - bn_sub_part_words(t, a, &(a[n]),tna,n-tna); /* + */ - bn_sub_part_words(&(t[n]),b, &(b[n]),tnb,n-tnb); /* - */ + bn_sub_words(t, a, &(a[n]),n); /* + */ + bn_sub_words(&(t[n]),b, &(b[n]),n); /* - */ neg=1; break; case 3: zero=1; break; case 4: - bn_sub_part_words(t, a, &(a[n]),tna,n-tna); - bn_sub_part_words(&(t[n]),&(b[n]),b, tnb,tnb-n); + bn_sub_words(t, a, &(a[n]),n); + bn_sub_words(&(t[n]),&(b[n]),b, n); break; } # ifdef BN_MUL_COMBA - if (n == 4 && dna == 0 && dnb == 0) /* XXX: bn_mul_comba4 could take - extra args to do this well */ + if (n == 4) { if (!zero) bn_mul_comba4(&(t[n2]),t,&(t[n])); @@ -475,9 +152,7 @@ void bn_mul_recursive(BN_ULONG *r, BN_ULONG *a, BN_ULONG *b, int n2, bn_mul_comba4(r,a,b); bn_mul_comba4(&(r[n2]),&(a[n]),&(b[n])); } - else if (n == 8 && dna == 0 && dnb == 0) /* XXX: bn_mul_comba8 could - take extra args to do this - well */ + else if (n == 8) { if (!zero) bn_mul_comba8(&(t[n2]),t,&(t[n])); @@ -492,11 +167,11 @@ void bn_mul_recursive(BN_ULONG *r, BN_ULONG *a, BN_ULONG *b, int n2, { p= &(t[n2*2]); if (!zero) - bn_mul_recursive(&(t[n2]),t,&(t[n]),n,0,0,p); + bn_mul_recursive(&(t[n2]),t,&(t[n]),n,p); else memset(&(t[n2]),0,n2*sizeof(BN_ULONG)); - bn_mul_recursive(r,a,b,n,0,0,p); - bn_mul_recursive(&(r[n2]),&(a[n]),&(b[n]),n,dna,dnb,p); + bn_mul_recursive(r,a,b,n,p); + bn_mul_recursive(&(r[n2]),&(a[n]),&(b[n]),n,p); } /* t[32] holds (a[0]-a[1])*(b[1]-b[0]), c1 is the sign @@ -545,39 +220,39 @@ void bn_mul_recursive(BN_ULONG *r, BN_ULONG *a, BN_ULONG *b, int n2, /* n+tn is the word length * t needs to be n*4 is size, as does r */ -void bn_mul_part_recursive(BN_ULONG *r, BN_ULONG *a, BN_ULONG *b, int n, - int tna, int tnb, BN_ULONG *t) +void bn_mul_part_recursive(BN_ULONG *r, BN_ULONG *a, BN_ULONG *b, int tn, + int n, BN_ULONG *t) { int i,j,n2=n*2; unsigned int c1,c2,neg,zero; BN_ULONG ln,lo,*p; # ifdef BN_COUNT - fprintf(stderr," bn_mul_part_recursive (%d+%d) * (%d+%d)\n", - tna, n, tnb, n); + printf(" bn_mul_part_recursive %d * %d\n",tn+n,tn+n); # endif if (n < 8) { - bn_mul_normal(r,a,n+tna,b,n+tnb); + i=tn+n; + bn_mul_normal(r,a,i,b,i); return; } /* r=(a[0]-a[1])*(b[1]-b[0]) */ - c1=bn_cmp_part_words(a,&(a[n]),tna,n-tna); - c2=bn_cmp_part_words(&(b[n]),b,tnb,tnb-n); + c1=bn_cmp_words(a,&(a[n]),n); + c2=bn_cmp_words(&(b[n]),b,n); zero=neg=0; switch (c1*3+c2) { case -4: - bn_sub_part_words(t, &(a[n]),a, tna,tna-n); /* - */ - bn_sub_part_words(&(t[n]),b, &(b[n]),tnb,n-tnb); /* - */ + bn_sub_words(t, &(a[n]),a, n); /* - */ + bn_sub_words(&(t[n]),b, &(b[n]),n); /* - */ break; case -3: zero=1; /* break; */ case -2: - bn_sub_part_words(t, &(a[n]),a, tna,tna-n); /* - */ - bn_sub_part_words(&(t[n]),&(b[n]),b, tnb,tnb-n); /* + */ + bn_sub_words(t, &(a[n]),a, n); /* - */ + bn_sub_words(&(t[n]),&(b[n]),b, n); /* + */ neg=1; break; case -1: @@ -586,16 +261,16 @@ void bn_mul_part_recursive(BN_ULONG *r, BN_ULONG *a, BN_ULONG *b, int n, zero=1; /* break; */ case 2: - bn_sub_part_words(t, a, &(a[n]),tna,n-tna); /* + */ - bn_sub_part_words(&(t[n]),b, &(b[n]),tnb,n-tnb); /* - */ + bn_sub_words(t, a, &(a[n]),n); /* + */ + bn_sub_words(&(t[n]),b, &(b[n]),n); /* - */ neg=1; break; case 3: zero=1; /* break; */ case 4: - bn_sub_part_words(t, a, &(a[n]),tna,n-tna); - bn_sub_part_words(&(t[n]),&(b[n]),b, tnb,tnb-n); + bn_sub_words(t, a, &(a[n]),n); + bn_sub_words(&(t[n]),&(b[n]),b, n); break; } /* The zero case isn't yet implemented here. The speedup @@ -614,59 +289,54 @@ void bn_mul_part_recursive(BN_ULONG *r, BN_ULONG *a, BN_ULONG *b, int n, { bn_mul_comba8(&(t[n2]),t,&(t[n])); bn_mul_comba8(r,a,b); - bn_mul_normal(&(r[n2]),&(a[n]),tna,&(b[n]),tnb); - memset(&(r[n2+tna+tnb]),0,sizeof(BN_ULONG)*(n2-tna-tnb)); + bn_mul_normal(&(r[n2]),&(a[n]),tn,&(b[n]),tn); + memset(&(r[n2+tn*2]),0,sizeof(BN_ULONG)*(n2-tn*2)); } else { p= &(t[n2*2]); - bn_mul_recursive(&(t[n2]),t,&(t[n]),n,0,0,p); - bn_mul_recursive(r,a,b,n,0,0,p); + bn_mul_recursive(&(t[n2]),t,&(t[n]),n,p); + bn_mul_recursive(r,a,b,n,p); i=n/2; /* If there is only a bottom half to the number, * just do it */ - if (tna > tnb) - j = tna - i; - else - j = tnb - i; + j=tn-i; if (j == 0) { - bn_mul_recursive(&(r[n2]),&(a[n]),&(b[n]), - i,tna-i,tnb-i,p); + bn_mul_recursive(&(r[n2]),&(a[n]),&(b[n]),i,p); memset(&(r[n2+i*2]),0,sizeof(BN_ULONG)*(n2-i*2)); } else if (j > 0) /* eg, n == 16, i == 8 and tn == 11 */ { bn_mul_part_recursive(&(r[n2]),&(a[n]),&(b[n]), - i,tna-i,tnb-i,p); - memset(&(r[n2+tna+tnb]),0, - sizeof(BN_ULONG)*(n2-tna-tnb)); + j,i,p); + memset(&(r[n2+tn*2]),0, + sizeof(BN_ULONG)*(n2-tn*2)); } else /* (j < 0) eg, n == 16, i == 8 and tn == 5 */ { memset(&(r[n2]),0,sizeof(BN_ULONG)*n2); - if (tna < BN_MUL_RECURSIVE_SIZE_NORMAL - && tnb < BN_MUL_RECURSIVE_SIZE_NORMAL) + if (tn < BN_MUL_RECURSIVE_SIZE_NORMAL) { - bn_mul_normal(&(r[n2]),&(a[n]),tna,&(b[n]),tnb); + bn_mul_normal(&(r[n2]),&(a[n]),tn,&(b[n]),tn); } else { for (;;) { i/=2; - if (i < tna && i < tnb) + if (i < tn) { bn_mul_part_recursive(&(r[n2]), &(a[n]),&(b[n]), - i,tna-i,tnb-i,p); + tn-i,i,p); break; } - else if (i <= tna && i <= tnb) + else if (i == tn) { bn_mul_recursive(&(r[n2]), &(a[n]),&(b[n]), - i,tna-i,tnb-i,p); + i,p); break; } } @@ -727,10 +397,10 @@ void bn_mul_low_recursive(BN_ULONG *r, BN_ULONG *a, BN_ULONG *b, int n2, int n=n2/2; # ifdef BN_COUNT - fprintf(stderr," bn_mul_low_recursive %d * %d\n",n2,n2); + printf(" bn_mul_low_recursive %d * %d\n",n2,n2); # endif - bn_mul_recursive(r,a,b,n,0,0,&(t[0])); + bn_mul_recursive(r,a,b,n,&(t[0])); if (n >= BN_MUL_LOW_RECURSIVE_SIZE_NORMAL) { bn_mul_low_recursive(&(t[0]),&(a[0]),&(b[n]),n,&(t[n2])); @@ -761,7 +431,7 @@ void bn_mul_high(BN_ULONG *r, BN_ULONG *a, BN_ULONG *b, BN_ULONG *l, int n2, BN_ULONG ll,lc,*lp,*mp; # ifdef BN_COUNT - fprintf(stderr," bn_mul_high %d * %d\n",n2,n2); + printf(" bn_mul_high %d * %d\n",n2,n2); # endif n=n2/2; @@ -814,8 +484,8 @@ void bn_mul_high(BN_ULONG *r, BN_ULONG *a, BN_ULONG *b, BN_ULONG *l, int n2, else # endif { - bn_mul_recursive(&(t[0]),&(r[0]),&(r[n]),n,0,0,&(t[n2])); - bn_mul_recursive(r,&(a[n]),&(b[n]),n,0,0,&(t[n2])); + bn_mul_recursive(&(t[0]),&(r[0]),&(r[n]),n,&(t[n2])); + bn_mul_recursive(r,&(a[n]),&(b[n]),n,&(t[n2])); } /* s0 == low(al*bl) @@ -940,19 +610,19 @@ void bn_mul_high(BN_ULONG *r, BN_ULONG *a, BN_ULONG *b, BN_ULONG *l, int n2, int BN_mul(BIGNUM *r, const BIGNUM *a, const BIGNUM *b, BN_CTX *ctx) { - int ret=0; int top,al,bl; BIGNUM *rr; + int ret = 0; #if defined(BN_MUL_COMBA) || defined(BN_RECURSION) int i; #endif #ifdef BN_RECURSION - BIGNUM *t=NULL; - int j=0,k; + BIGNUM *t; + int j,k; #endif #ifdef BN_COUNT - fprintf(stderr,"BN_mul %d * %d\n",a->top,b->top); + printf("BN_mul %d * %d\n",a->top,b->top); #endif bn_check_top(a); @@ -1005,55 +675,21 @@ int BN_mul(BIGNUM *r, const BIGNUM *a, const BIGNUM *b, BN_CTX *ctx) #ifdef BN_RECURSION if ((al >= BN_MULL_SIZE_NORMAL) && (bl >= BN_MULL_SIZE_NORMAL)) { - if (i >= -1 && i <= 1) + if (i == 1 && !BN_get_flags(b,BN_FLG_STATIC_DATA) && bl<b->dmax) { - int sav_j =0; - /* Find out the power of two lower or equal - to the longest of the two numbers */ - if (i >= 0) - { - j = BN_num_bits_word((BN_ULONG)al); - } - if (i == -1) - { - j = BN_num_bits_word((BN_ULONG)bl); - } - sav_j = j; - j = 1<<(j-1); - assert(j <= al || j <= bl); - k = j+j; - t = BN_CTX_get(ctx); - if (al > j || bl > j) - { - bn_wexpand(t,k*4); - bn_wexpand(rr,k*4); - bn_mul_part_recursive(rr->d,a->d,b->d, - j,al-j,bl-j,t->d); - } - else /* al <= j || bl <= j */ - { - bn_wexpand(t,k*2); - bn_wexpand(rr,k*2); - bn_mul_recursive(rr->d,a->d,b->d, - j,al-j,bl-j,t->d); - } - rr->top=top; - goto end; - } -#if 0 - if (i == 1 && !BN_get_flags(b,BN_FLG_STATIC_DATA)) - { - BIGNUM *tmp_bn = (BIGNUM *)b; - if (bn_wexpand(tmp_bn,al) == NULL) goto err; - tmp_bn->d[bl]=0; +#if 0 /* tribute to const-ification, bl<b->dmax above covers for this */ + if (bn_wexpand(b,al) == NULL) goto err; +#endif + b->d[bl]=0; bl++; i--; } - else if (i == -1 && !BN_get_flags(a,BN_FLG_STATIC_DATA)) + else if (i == -1 && !BN_get_flags(a,BN_FLG_STATIC_DATA) && al<a->dmax) { - BIGNUM *tmp_bn = (BIGNUM *)a; - if (bn_wexpand(tmp_bn,bl) == NULL) goto err; - tmp_bn->d[al]=0; +#if 0 /* tribute to const-ification, al<a->dmax above covers for this */ + if (bn_wexpand(a,bl) == NULL) goto err; +#endif + a->d[al]=0; al++; i++; } @@ -1070,17 +706,26 @@ int BN_mul(BIGNUM *r, const BIGNUM *a, const BIGNUM *b, BN_CTX *ctx) if (bn_wexpand(t,k*2) == NULL) goto err; if (bn_wexpand(rr,k*2) == NULL) goto err; bn_mul_recursive(rr->d,a->d,b->d,al,t->d); + rr->top=top; + goto end; } +#if 0 /* tribute to const-ification, rsa/dsa performance is not affected */ else { - if (bn_wexpand(t,k*4) == NULL) goto err; - if (bn_wexpand(rr,k*4) == NULL) goto err; + if (bn_wexpand(a,k) == NULL ) goto err; + if (bn_wexpand(b,k) == NULL ) goto err; + if (bn_wexpand(t,k*4) == NULL ) goto err; + if (bn_wexpand(rr,k*4) == NULL ) goto err; + for (i=a->top; i<k; i++) + a->d[i]=0; + for (i=b->top; i<k; i++) + b->d[i]=0; bn_mul_part_recursive(rr->d,a->d,b->d,al-j,j,t->d); } rr->top=top; goto end; - } #endif + } } #endif /* BN_RECURSION */ if (bn_wexpand(rr,top) == NULL) goto err; @@ -1103,7 +748,7 @@ void bn_mul_normal(BN_ULONG *r, BN_ULONG *a, int na, BN_ULONG *b, int nb) BN_ULONG *rr; #ifdef BN_COUNT - fprintf(stderr," bn_mul_normal %d * %d\n",na,nb); + printf(" bn_mul_normal %d * %d\n",na,nb); #endif if (na < nb) @@ -1116,13 +761,7 @@ void bn_mul_normal(BN_ULONG *r, BN_ULONG *a, int na, BN_ULONG *b, int nb) } rr= &(r[na]); - if (nb <= 0) - { - (void)bn_mul_words(r,a,na,0); - return; - } - else - rr[0]=bn_mul_words(r,a,na,b[0]); + rr[0]=bn_mul_words(r,a,na,b[0]); for (;;) { @@ -1143,7 +782,7 @@ void bn_mul_normal(BN_ULONG *r, BN_ULONG *a, int na, BN_ULONG *b, int nb) void bn_mul_low_normal(BN_ULONG *r, BN_ULONG *a, BN_ULONG *b, int n) { #ifdef BN_COUNT - fprintf(stderr," bn_mul_low_normal %d * %d\n",n,n); + printf(" bn_mul_low_normal %d * %d\n",n,n); #endif bn_mul_words(r,a,n,b[0]); diff --git a/lib/libcrypto/bn/bn_prime.c b/lib/libcrypto/bn/bn_prime.c index 918b9237c6e..e072d9255c4 100644 --- a/lib/libcrypto/bn/bn_prime.c +++ b/lib/libcrypto/bn/bn_prime.c @@ -140,6 +140,7 @@ BIGNUM *BN_generate_prime(BIGNUM *ret, int bits, int safe, BN_CTX *ctx; int checks = BN_prime_checks_for_size(bits); + BN_init(&t); ctx=BN_CTX_new(); if (ctx == NULL) goto err; if (ret == NULL) @@ -148,7 +149,6 @@ BIGNUM *BN_generate_prime(BIGNUM *ret, int bits, int safe, } else rnd=ret; - BN_init(&t); loop: /* make a random number and set the top and bottom bits */ if (add == NULL) diff --git a/lib/libcrypto/bn/bn_rand.c b/lib/libcrypto/bn/bn_rand.c index 9e08ccd22e7..893c9d2af9e 100644 --- a/lib/libcrypto/bn/bn_rand.c +++ b/lib/libcrypto/bn/bn_rand.c @@ -201,7 +201,7 @@ static int bnrand(int pseudorand, BIGNUM *rnd, int bits, int top, int bottom) err: if (buf != NULL) { - memset(buf,0,bytes); + OPENSSL_cleanse(buf,bytes); OPENSSL_free(buf); } return(ret); diff --git a/lib/libcrypto/bn/bn_word.c b/lib/libcrypto/bn/bn_word.c index cd59baa2c49..988e0ca7b37 100644 --- a/lib/libcrypto/bn/bn_word.c +++ b/lib/libcrypto/bn/bn_word.c @@ -123,7 +123,10 @@ int BN_add_word(BIGNUM *a, BN_ULONG w) i=0; for (;;) { - l=(a->d[i]+(BN_ULONG)w)&BN_MASK2; + if (i >= a->top) + l=w; + else + l=(a->d[i]+(BN_ULONG)w)&BN_MASK2; a->d[i]=l; if (w > l) w=1; diff --git a/lib/libcrypto/bn/bntest.c b/lib/libcrypto/bn/bntest.c index 8158a67374d..3c8c540387a 100644 --- a/lib/libcrypto/bn/bntest.c +++ b/lib/libcrypto/bn/bntest.c @@ -68,10 +68,6 @@ #include <openssl/x509.h> #include <openssl/err.h> -#ifdef OPENSSL_SYS_WINDOWS -#include "../bio/bss_file.c" -#endif - const int num0 = 100; /* number of tests */ const int num1 = 50; /* additional tests for some functions */ const int num2 = 5; /* number of tests for slow functions */ @@ -96,11 +92,6 @@ int test_sqrt(BIO *bp,BN_CTX *ctx); int rand_neg(void); static int results=0; -#ifdef OPENSSL_NO_STDIO -#define APPS_WIN16 -#include "bss_file.c" -#endif - static unsigned char lst[]="\xC6\x4F\x43\x04\x2A\xEA\xCA\x6E\x58\x36\x80\x5B\xE8\xC9" "\x9B\x04\x5D\x48\x36\xC2\xFD\x16\xC9\x64\xF0"; @@ -141,10 +132,10 @@ int main(int argc, char *argv[]) ctx=BN_CTX_new(); - if (ctx == NULL) exit(1); + if (ctx == NULL) EXIT(1); out=BIO_new(BIO_s_file()); - if (out == NULL) exit(1); + if (out == NULL) EXIT(1); if (outfile == NULL) { BIO_set_fp(out,stdout,BIO_NOCLOSE); @@ -154,7 +145,7 @@ int main(int argc, char *argv[]) if (!BIO_write_filename(out,outfile)) { perror(outfile); - exit(1); + EXIT(1); } } @@ -238,14 +229,14 @@ int main(int argc, char *argv[]) BIO_free(out); /**/ - exit(0); + EXIT(0); err: BIO_puts(out,"1\n"); /* make sure the Perl script fed by bc notices * the failure, see test_bn in test/Makefile.ssl*/ BIO_flush(out); ERR_load_crypto_strings(); ERR_print_errors_fp(stderr); - exit(1); + EXIT(1); return(1); } @@ -488,7 +479,7 @@ int test_mul(BIO *bp) BN_CTX *ctx; ctx = BN_CTX_new(); - if (ctx == NULL) exit(1); + if (ctx == NULL) EXIT(1); BN_init(&a); BN_init(&b); @@ -726,7 +717,7 @@ int test_mod_mul(BIO *bp, BN_CTX *ctx) while ((l=ERR_get_error())) fprintf(stderr,"ERROR:%s\n", ERR_error_string(l,NULL)); - exit(1); + EXIT(1); } if (bp != NULL) { diff --git a/lib/libcrypto/bn/divtest.c b/lib/libcrypto/bn/divtest.c index 13ba86e3c4e..d3fc688f335 100644 --- a/lib/libcrypto/bn/divtest.c +++ b/lib/libcrypto/bn/divtest.c @@ -1,7 +1,7 @@ #include <openssl/bn.h> #include <openssl/rand.h> -static int rand(n) +static int Rand(n) { unsigned char x[2]; RAND_pseudo_bytes(x,2); @@ -26,8 +26,8 @@ main() BN_CTX *ctx=BN_CTX_new(); for(;;) { - BN_pseudo_rand(a,rand(),0,0); - BN_pseudo_rand(b,rand(),0,0); + BN_pseudo_rand(a,Rand(),0,0); + BN_pseudo_rand(b,Rand(),0,0); if (BN_is_zero(b)) continue; BN_RECP_CTX_set(recp,b,ctx); diff --git a/lib/libcrypto/bn/exptest.c b/lib/libcrypto/bn/exptest.c index 5ca570d1a8a..b09cf887055 100644 --- a/lib/libcrypto/bn/exptest.c +++ b/lib/libcrypto/bn/exptest.c @@ -59,13 +59,13 @@ #include <stdio.h> #include <stdlib.h> #include <string.h> + +#include "../e_os.h" + #include <openssl/bio.h> #include <openssl/bn.h> #include <openssl/rand.h> #include <openssl/err.h> -#ifdef OPENSSL_SYS_WINDOWS -#include "../bio/bss_file.c" -#endif #define NUM_BITS (BN_BITS*2) @@ -86,7 +86,7 @@ int main(int argc, char *argv[]) ERR_load_BN_strings(); ctx=BN_CTX_new(); - if (ctx == NULL) exit(1); + if (ctx == NULL) EXIT(1); r_mont=BN_new(); r_recp=BN_new(); r_simple=BN_new(); @@ -99,7 +99,7 @@ int main(int argc, char *argv[]) out=BIO_new(BIO_s_file()); - if (out == NULL) exit(1); + if (out == NULL) EXIT(1); BIO_set_fp(out,stdout,BIO_NOCLOSE); for (i=0; i<200; i++) @@ -124,7 +124,7 @@ int main(int argc, char *argv[]) { printf("BN_mod_exp_mont() problems\n"); ERR_print_errors(out); - exit(1); + EXIT(1); } ret=BN_mod_exp_recp(r_recp,a,b,m,ctx); @@ -132,7 +132,7 @@ int main(int argc, char *argv[]) { printf("BN_mod_exp_recp() problems\n"); ERR_print_errors(out); - exit(1); + EXIT(1); } ret=BN_mod_exp_simple(r_simple,a,b,m,ctx); @@ -140,7 +140,7 @@ int main(int argc, char *argv[]) { printf("BN_mod_exp_simple() problems\n"); ERR_print_errors(out); - exit(1); + EXIT(1); } if (BN_cmp(r_simple, r_mont) == 0 @@ -163,7 +163,7 @@ int main(int argc, char *argv[]) printf("\nrecp ="); BN_print(out,r_recp); printf("\nmont ="); BN_print(out,r_mont); printf("\n"); - exit(1); + EXIT(1); } } BN_free(r_mont); @@ -177,11 +177,11 @@ int main(int argc, char *argv[]) CRYPTO_mem_leaks(out); BIO_free(out); printf(" done\n"); - exit(0); + EXIT(0); err: ERR_load_crypto_strings(); ERR_print_errors(out); - exit(1); + EXIT(1); return(1); } diff --git a/lib/libcrypto/buffer/Makefile.ssl b/lib/libcrypto/buffer/Makefile.ssl index 240a6b9a890..b131ca30789 100644 --- a/lib/libcrypto/buffer/Makefile.ssl +++ b/lib/libcrypto/buffer/Makefile.ssl @@ -68,7 +68,7 @@ lint: lint -DLINT $(INCLUDES) $(SRC)>fluff depend: - $(MAKEDEPEND) $(CFLAG) $(INCLUDES) $(DEPFLAG) $(PROGS) $(LIBSRC) + $(MAKEDEPEND) -- $(CFLAG) $(INCLUDES) $(DEPFLAG) -- $(PROGS) $(LIBSRC) dclean: $(PERL) -pe 'if (/^# DO NOT DELETE THIS LINE/) {print; exit(0);}' $(MAKEFILE) >Makefile.new diff --git a/lib/libcrypto/buffer/buffer.c b/lib/libcrypto/buffer/buffer.c index 9299baba9e2..d96487e7dbd 100644 --- a/lib/libcrypto/buffer/buffer.c +++ b/lib/libcrypto/buffer/buffer.c @@ -125,6 +125,43 @@ int BUF_MEM_grow(BUF_MEM *str, int len) return(len); } +int BUF_MEM_grow_clean(BUF_MEM *str, int len) + { + char *ret; + unsigned int n; + + if (str->length >= len) + { + memset(&str->data[len],0,str->length-len); + str->length=len; + return(len); + } + if (str->max >= len) + { + memset(&str->data[str->length],0,len-str->length); + str->length=len; + return(len); + } + n=(len+3)/3*4; + if (str->data == NULL) + ret=OPENSSL_malloc(n); + else + ret=OPENSSL_realloc_clean(str->data,str->max,n); + if (ret == NULL) + { + BUFerr(BUF_F_BUF_MEM_GROW,ERR_R_MALLOC_FAILURE); + len=0; + } + else + { + str->data=ret; + str->max=n; + memset(&str->data[str->length],0,len-str->length); + str->length=len; + } + return(len); + } + char *BUF_strdup(const char *str) { char *ret; @@ -143,3 +180,23 @@ char *BUF_strdup(const char *str) return(ret); } +size_t BUF_strlcpy(char *dst, const char *src, size_t size) + { + size_t l = 0; + for(; size > 1 && *src; size--) + { + *dst++ = *src++; + l++; + } + if (size) + *dst = '\0'; + return l + strlen(src); + } + +size_t BUF_strlcat(char *dst, const char *src, size_t size) + { + size_t l = 0; + for(; size > 0 && *dst; size--, dst++) + l++; + return l + BUF_strlcpy(dst, src, size); + } diff --git a/lib/libcrypto/buffer/buffer.h b/lib/libcrypto/buffer/buffer.h index 11e2d0359a1..465dc34f3fe 100644 --- a/lib/libcrypto/buffer/buffer.h +++ b/lib/libcrypto/buffer/buffer.h @@ -63,6 +63,9 @@ extern "C" { #endif +#include <stddef.h> +#include <sys/types.h> + typedef struct buf_mem_st { int length; /* current number of bytes */ @@ -73,8 +76,14 @@ typedef struct buf_mem_st BUF_MEM *BUF_MEM_new(void); void BUF_MEM_free(BUF_MEM *a); int BUF_MEM_grow(BUF_MEM *str, int len); +int BUF_MEM_grow_clean(BUF_MEM *str, int len); char * BUF_strdup(const char *str); +/* safe string functions */ +size_t BUF_strlcpy(char *dst,const char *src,size_t siz); +size_t BUF_strlcat(char *dst,const char *src,size_t siz); + + /* BEGIN ERROR CODES */ /* The following lines are auto generated by the script mkerr.pl. Any changes * made after this point may be overwritten when the script is next run. diff --git a/lib/libcrypto/cast/Makefile.ssl b/lib/libcrypto/cast/Makefile.ssl index 2defbdd68ad..2dc1c855ade 100644 --- a/lib/libcrypto/cast/Makefile.ssl +++ b/lib/libcrypto/cast/Makefile.ssl @@ -52,14 +52,8 @@ lib: $(LIBOBJ) @touch lib # elf -asm/cx86-elf.o: asm/cx86unix.cpp - $(CPP) -DELF -x c asm/cx86unix.cpp | as -o asm/cx86-elf.o - -# solaris -asm/cx86-sol.o: asm/cx86unix.cpp - $(CC) -E -DSOL asm/cx86unix.cpp | sed 's/^#.*//' > asm/cx86-sol.s - as -o asm/cx86-sol.o asm/cx86-sol.s - rm -f asm/cx86-sol.s +asm/cx86-elf.s: asm/cast-586.pl ../perlasm/x86asm.pl ../perlasm/cbc.pl + (cd asm; $(PERL) cast-586.pl elf $(CLAGS) $(PROCESSOR) > cx86-elf.s) # a.out asm/cx86-out.o: asm/cx86unix.cpp @@ -97,14 +91,14 @@ lint: lint -DLINT $(INCLUDES) $(SRC)>fluff depend: - $(MAKEDEPEND) $(CFLAG) $(INCLUDES) $(DEPFLAG) $(PROGS) $(LIBSRC) + $(MAKEDEPEND) -- $(CFLAG) $(INCLUDES) $(DEPFLAG) -- $(PROGS) $(LIBSRC) dclean: $(PERL) -pe 'if (/^# DO NOT DELETE THIS LINE/) {print; exit(0);}' $(MAKEFILE) >Makefile.new mv -f Makefile.new $(MAKEFILE) clean: - rm -f asm/cx86unix.cpp *.o asm/*.o *.obj lib tags core .pure .nfs* *.old *.bak fluff + rm -f asm/cx86unix.cpp asm/*-elf.* *.o asm/*.o *.obj lib tags core .pure .nfs* *.old *.bak fluff # DO NOT DELETE THIS LINE -- make depend depends on it. diff --git a/lib/libcrypto/cast/casttest.c b/lib/libcrypto/cast/casttest.c index 099e790886c..83e5a16c73f 100644 --- a/lib/libcrypto/cast/casttest.c +++ b/lib/libcrypto/cast/casttest.c @@ -60,6 +60,8 @@ #include <string.h> #include <stdlib.h> +#include "../e_os.h" + #ifdef OPENSSL_NO_CAST int main(int argc, char *argv[]) { @@ -224,7 +226,7 @@ int main(int argc, char *argv[]) } #endif - exit(err); + EXIT(err); return(err); } #endif diff --git a/lib/libcrypto/comp/Makefile.ssl b/lib/libcrypto/comp/Makefile.ssl index 7c1ec81229c..f70ba1b2853 100644 --- a/lib/libcrypto/comp/Makefile.ssl +++ b/lib/libcrypto/comp/Makefile.ssl @@ -71,7 +71,7 @@ lint: lint -DLINT $(INCLUDES) $(SRC)>fluff depend: - $(MAKEDEPEND) $(CFLAG) $(INCLUDES) $(DEPFLAG) $(LIBSRC) + $(MAKEDEPEND) -- $(CFLAG) $(INCLUDES) $(DEPFLAG) -- $(LIBSRC) dclean: $(PERL) -pe 'if (/^# DO NOT DELETE THIS LINE/) {print; exit(0);}' $(MAKEFILE) >Makefile.new diff --git a/lib/libcrypto/comp/c_zlib.c b/lib/libcrypto/comp/c_zlib.c index cd2f8a491b9..8c0876151ac 100644 --- a/lib/libcrypto/comp/c_zlib.c +++ b/lib/libcrypto/comp/c_zlib.c @@ -208,11 +208,11 @@ COMP_METHOD *COMP_zlib(void) = (inflateInit__ft) DSO_bind_func(zlib_dso, "inflateInit_"); zlib_loaded++; - meth = &zlib_method; } } -#elif defined(ZLIB) +#endif +#if defined(ZLIB) || defined(ZLIB_SHARED) meth = &zlib_method; #endif diff --git a/lib/libcrypto/conf/Makefile.ssl b/lib/libcrypto/conf/Makefile.ssl index 133c2329e61..c5873bc6e78 100644 --- a/lib/libcrypto/conf/Makefile.ssl +++ b/lib/libcrypto/conf/Makefile.ssl @@ -71,7 +71,7 @@ lint: lint -DLINT $(INCLUDES) $(SRC)>fluff depend: - $(MAKEDEPEND) $(CFLAG) $(INCLUDES) $(DEPFLAG) $(LIBSRC) + $(MAKEDEPEND) -- $(CFLAG) $(INCLUDES) $(DEPFLAG) -- $(LIBSRC) dclean: $(PERL) -pe 'if (/^# DO NOT DELETE THIS LINE/) {print; exit(0);}' $(MAKEFILE) >Makefile.new diff --git a/lib/libcrypto/conf/conf_def.c b/lib/libcrypto/conf/conf_def.c index 48ff6f11203..b52ee01a3c8 100644 --- a/lib/libcrypto/conf/conf_def.c +++ b/lib/libcrypto/conf/conf_def.c @@ -208,7 +208,8 @@ static int def_load(CONF *conf, const char *name, long *line) static int def_load_bio(CONF *conf, BIO *in, long *line) { -#define BUFSIZE 512 +/* The macro BUFSIZE conflicts with a system macro in VxWorks */ +#define CONFBUFSIZE 512 int bufnum=0,i,ii; BUF_MEM *buff=NULL; char *s,*p,*end; @@ -252,20 +253,21 @@ static int def_load_bio(CONF *conf, BIO *in, long *line) section_sk=(STACK_OF(CONF_VALUE) *)sv->value; bufnum=0; + again=0; for (;;) { - again=0; - if (!BUF_MEM_grow(buff,bufnum+BUFSIZE)) + if (!BUF_MEM_grow(buff,bufnum+CONFBUFSIZE)) { CONFerr(CONF_F_CONF_LOAD_BIO,ERR_R_BUF_LIB); goto err; } p= &(buff->data[bufnum]); *p='\0'; - BIO_gets(in, p, BUFSIZE-1); - p[BUFSIZE-1]='\0'; + BIO_gets(in, p, CONFBUFSIZE-1); + p[CONFBUFSIZE-1]='\0'; ii=i=strlen(p); - if (i == 0) break; + if (i == 0 && !again) break; + again=0; while (i > 0) { if ((p[i-1] != '\r') && (p[i-1] != '\n')) @@ -275,7 +277,7 @@ static int def_load_bio(CONF *conf, BIO *in, long *line) } /* we removed some trailing stuff so there is a new * line on the end. */ - if (i == ii) + if (ii && i == ii) again=1; /* long line */ else { @@ -627,7 +629,7 @@ static int str_copy(CONF *conf, char *section, char **pto, char *from) CONFerr(CONF_F_STR_COPY,CONF_R_VARIABLE_HAS_NO_VALUE); goto err; } - BUF_MEM_grow(buf,(strlen(p)+len-(e-from))); + BUF_MEM_grow_clean(buf,(strlen(p)+len-(e-from))); while (*p) buf->data[to++]= *(p++); from=e; diff --git a/lib/libcrypto/conf/conf_mall.c b/lib/libcrypto/conf/conf_mall.c index d702af689ba..4ba40cf44cc 100644 --- a/lib/libcrypto/conf/conf_mall.c +++ b/lib/libcrypto/conf/conf_mall.c @@ -63,7 +63,9 @@ #include <openssl/dso.h> #include <openssl/x509.h> #include <openssl/asn1.h> +#ifndef OPENSSL_NO_ENGINE #include <openssl/engine.h> +#endif /* Load all OpenSSL builtin modules */ @@ -71,6 +73,8 @@ void OPENSSL_load_builtin_modules(void) { /* Add builtin modules here */ ASN1_add_oid_module(); +#ifndef OPENSSL_NO_ENGINE ENGINE_add_conf_module(); +#endif } diff --git a/lib/libcrypto/conf/conf_sap.c b/lib/libcrypto/conf/conf_sap.c index 97fb1743038..e15c2e55463 100644 --- a/lib/libcrypto/conf/conf_sap.c +++ b/lib/libcrypto/conf/conf_sap.c @@ -63,7 +63,9 @@ #include <openssl/dso.h> #include <openssl/x509.h> #include <openssl/asn1.h> +#ifndef OPENSSL_NO_ENGINE #include <openssl/engine.h> +#endif /* This is the automatic configuration loader: it is called automatically by * OpenSSL when any of a number of standard initialisation functions are called, @@ -78,8 +80,10 @@ void OPENSSL_config(const char *config_name) return; OPENSSL_load_builtin_modules(); +#ifndef OPENSSL_NO_ENGINE /* Need to load ENGINEs */ ENGINE_load_builtin_engines(); +#endif /* Add others here? */ diff --git a/lib/libcrypto/cryptlib.c b/lib/libcrypto/cryptlib.c index 612b3b93b44..2924def2bb0 100644 --- a/lib/libcrypto/cryptlib.c +++ b/lib/libcrypto/cryptlib.c @@ -89,6 +89,7 @@ static const char* lock_names[CRYPTO_NUM_LOCKS] = "ssl_session", "ssl_sess_cert", "ssl", + "ssl_method", "rand", "rand2", "debug_malloc", @@ -103,7 +104,8 @@ static const char* lock_names[CRYPTO_NUM_LOCKS] = "dynlock", "engine", "ui", -#if CRYPTO_NUM_LOCKS != 31 + "hwcrhk", /* This is a HACK which will disappear in 0.9.8 */ +#if CRYPTO_NUM_LOCKS != 33 # error "Inconsistency between crypto.h and cryptlib.c" #endif }; @@ -206,10 +208,18 @@ int CRYPTO_get_new_dynlockid(void) i=sk_CRYPTO_dynlock_find(dyn_locks,NULL); /* If there was none, push, thereby creating a new one */ if (i == -1) - i=sk_CRYPTO_dynlock_push(dyn_locks,pointer); + /* Since sk_push() returns the number of items on the + stack, not the location of the pushed item, we need + to transform the returned number into a position, + by decreasing it. */ + i=sk_CRYPTO_dynlock_push(dyn_locks,pointer) - 1; + else + /* If we found a place with a NULL pointer, put our pointer + in it. */ + sk_CRYPTO_dynlock_set(dyn_locks,i,pointer); CRYPTO_w_unlock(CRYPTO_LOCK_DYNLOCK); - if (!i) + if (i == -1) { dynlock_destroy_callback(pointer->data,__FILE__,__LINE__); OPENSSL_free(pointer); @@ -401,15 +411,17 @@ void CRYPTO_lock(int mode, int type, const char *file, int line) #endif if (type < 0) { - struct CRYPTO_dynlock_value *pointer - = CRYPTO_get_dynlock_value(type); - - if (pointer && dynlock_lock_callback) + if (dynlock_lock_callback != NULL) { + struct CRYPTO_dynlock_value *pointer + = CRYPTO_get_dynlock_value(type); + + OPENSSL_assert(pointer != NULL); + dynlock_lock_callback(mode, pointer, file, line); - } - CRYPTO_destroy_dynlockid(type); + CRYPTO_destroy_dynlockid(type); + } } else if (locking_callback != NULL) @@ -460,7 +472,7 @@ const char *CRYPTO_get_lock_name(int type) return("dynamic"); else if (type < CRYPTO_NUM_LOCKS) return(lock_names[type]); - else if (type-CRYPTO_NUM_LOCKS >= sk_num(app_locks)) + else if (type-CRYPTO_NUM_LOCKS > sk_num(app_locks)) return("ERROR"); else return(sk_value(app_locks,type-CRYPTO_NUM_LOCKS)); @@ -492,3 +504,11 @@ BOOL WINAPI DLLEntryPoint(HINSTANCE hinstDLL, DWORD fdwReason, #endif #endif + +void OpenSSLDie(const char *file,int line,const char *assertion) + { + fprintf(stderr, + "%s(%d): OpenSSL internal error, assertion failed: %s\n", + file,line,assertion); + abort(); + } diff --git a/lib/libcrypto/cryptlib.h b/lib/libcrypto/cryptlib.h index 88e4ae509f4..0d6b9d59f0b 100644 --- a/lib/libcrypto/cryptlib.h +++ b/lib/libcrypto/cryptlib.h @@ -89,9 +89,9 @@ extern "C" { #define X509_CERT_DIR_EVP "SSL_CERT_DIR" #define X509_CERT_FILE_EVP "SSL_CERT_FILE" -/* size of string represenations */ -#define DECIMAL_SIZE(type) ((sizeof(type)*8+2)/3+1) -#define HEX_SIZE(type) ((sizeof(type)*2) +/* size of string representations */ +#define DECIMAL_SIZE(type) ((sizeof(type)*8+2)/3+1) +#define HEX_SIZE(type) (sizeof(type)*2) #ifdef __cplusplus } diff --git a/lib/libcrypto/crypto-lib.com b/lib/libcrypto/crypto-lib.com index dfcff11860a..39e78c69e50 100644 --- a/lib/libcrypto/crypto-lib.com +++ b/lib/libcrypto/crypto-lib.com @@ -21,22 +21,10 @@ $! LIBRARY To just compile the [.xxx.EXE.CRYPTO]LIBCRYPTO.OLB Library. $! APPS To just compile the [.xxx.EXE.CRYPTO]*.EXE $! ALL To do both LIBRARY and APPS $! -$! Specify RSAREF as P2 to compile with the RSAREF library instead of -$! the regular one. If you specify NORSAREF it will compile with the -$! regular RSAREF routines. (Note: If you are in the United States -$! you MUST compile with RSAREF unless you have a license from RSA). -$! -$! Note: The RSAREF libraries are NOT INCLUDED and you have to -$! download it from "ftp://ftp.rsa.com/rsaref". You have to -$! get the ".tar-Z" file as the ".zip" file dosen't have the -$! directory structure stored. You have to extract the file -$! into the [.RSAREF] directory under the root directory as that -$! is where the scripts will look for the files. -$! -$! Specify DEBUG or NODEBUG as P3 to compile with or without debugger +$! Specify DEBUG or NODEBUG as P2 to compile with or without debugger $! information. $! -$! Specify which compiler at P4 to try to compile under. +$! Specify which compiler at P3 to try to compile under. $! $! VAXC For VAX C. $! DECC For DEC C. @@ -45,16 +33,16 @@ $! $! If you don't speficy a compiler, it will try to determine which $! "C" compiler to use. $! -$! P5, if defined, sets a TCP/IP library to use, through one of the following +$! P4, if defined, sets a TCP/IP library to use, through one of the following $! keywords: $! $! UCX for UCX $! TCPIP for TCPIP (post UCX) $! SOCKETSHR for SOCKETSHR+NETLIB $! -$! P6, if defined, sets a compiler thread NOT needed on OpenVMS 7.1 (and up) +$! P5, if defined, sets a compiler thread NOT needed on OpenVMS 7.1 (and up) $! -$! P7, if defined, sets a choice of crypto methods to compile. +$! P6, if defined, sets a choice of crypto methods to compile. $! WARNING: this should only be done to recompile some part of an already $! fully compiled library. $! @@ -93,7 +81,6 @@ $ ENCRYPT_TYPES = "Basic,MD2,MD4,MD5,SHA,MDC2,HMAC,RIPEMD,"+ - "BUFFER,BIO,STACK,LHASH,RAND,ERR,OBJECTS,"+ - "EVP,EVP_2,ASN1,ASN1_2,PEM,X509,X509V3,"+ - "CONF,TXT_DB,PKCS7,PKCS12,COMP,OCSP,UI,KRB5" -$ ENCRYPT_PROGRAMS = "DES,PKCS7" $! $! Check To Make Sure We Have Valid Command Line Parameters. $! @@ -149,10 +136,6 @@ $! Define The CRYPTO-LIB We Are To Use. $! $ CRYPTO_LIB := 'EXE_DIR'LIBCRYPTO.OLB $! -$! Define The RSAREF-LIB We Are To Use. -$! -$ RSAREF_LIB := SYS$DISK:[-.'ARCH'.EXE.RSAREF]LIBRSAGLUE.OLB -$! $! Check To See If We Already Have A "[.xxx.EXE.CRYPTO]LIBCRYPTO.OLB" Library... $! $ IF (F$SEARCH(LIB_NAME).EQS."") @@ -175,7 +158,7 @@ $! $ APPS_DES = "DES/DES,CBC3_ENC" $ APPS_PKCS7 = "ENC/ENC;DEC/DEC;SIGN/SIGN;VERIFY/VERIFY,EXAMPLE" $ -$ LIB_ = "cryptlib,mem,mem_dbg,cversion,ex_data,tmdiff,cpt_err,ebcdic,uid,o_time" +$ LIB_ = "cryptlib,mem,mem_clr,mem_dbg,cversion,ex_data,tmdiff,cpt_err,ebcdic,uid,o_time" $ LIB_MD2 = "md2_dgst,md2_one" $ LIB_MD4 = "md4_dgst,md4_one" $ LIB_MD5 = "md5_dgst,md5_one" @@ -216,7 +199,7 @@ $ LIB_ENGINE = "eng_err,eng_lib,eng_list,eng_init,eng_ctrl,"+ - "tb_rsa,tb_dsa,tb_dh,tb_rand,tb_cipher,tb_digest,"+ - "eng_openssl,eng_dyn,eng_cnf,"+ - "hw_atalla,hw_cswift,hw_ncipher,hw_nuron,hw_ubsec,"+ - - "hw_openbsd_dev_crypto,hw_aep,hw_sureware,hw_4758_cca" + "hw_cryptodev,hw_aep,hw_sureware,hw_4758_cca" $ LIB_AES = "aes_core,aes_misc,aes_ecb,aes_cbc,aes_cfb,aes_ofb,aes_ctr" $ LIB_BUFFER = "buffer,buf_err" $ LIB_BIO = "bio_lib,bio_cb,bio_err,"+ - @@ -287,86 +270,6 @@ $ COMPILEWITH_CC4 = ",a_utctm,bss_log,o_time," $ COMPILEWITH_CC5 = ",md2_dgst,md4_dgst,md5_dgst,mdc2dgst," + - "sha_dgst,sha1dgst,rmd_dgst,bf_enc," $! -$! Check To See If We Are Going To Use RSAREF. -$! -$ IF (RSAREF.EQS."TRUE" .AND. ENCRYPT_TYPES - "RSA".NES.ENCRYPT_TYPES - - .AND. (BUILDALL .EQS. "TRUE" .OR. BUILDALL .EQS. "LIBRARY")) -$ THEN -$! -$! Check To See If The File [-.RSAREF]RSAREF.C Is Actually There. -$! -$ IF (F$SEARCH("SYS$DISK:[-.RSAREF]RSAREF.C").EQS."") -$ THEN -$! -$! Tell The User That The File Doesn't Exist. -$! -$ WRITE SYS$OUTPUT "" -$ WRITE SYS$OUTPUT "The File [-.RSAREF]RSAREF.C Doesn't Exist." -$ WRITE SYS$OUTPUT "" -$! -$! Exit The Build. -$! -$ GOTO EXIT -$! -$! End The [-.RSAREF]RSAREF.C Check. -$! -$ ENDIF -$! -$! Tell The User We Are Compiling The [-.RSAREF]RSAREF File. -$! -$ WRITE SYS$OUTPUT "Compiling The [-.RSAREF]RSAREF File." -$! -$! Compile [-.RSAREF]RSAREF.C -$! -$ CC/OBJECT='OBJ_DIR'RSAREF.OBJ SYS$DISK:[-.RSAREF]RSAREF.C -$! -$! Add It To The Library. -$! -$ LIBRARY/REPLACE 'LIB_NAME' 'OBJ_DIR'RSAREF.OBJ -$! -$! Delete The Object File. -$! -$ DELETE 'OBJ_DIR'RSAREF.OBJ;* -$! -$! Check To See If The File [-.RSAREF]RSAR_ERR.C Is Actually There. -$! -$ IF (F$SEARCH("SYS$DISK:[-.RSAREF]RSAR_ERR.C").EQS."") -$ THEN -$! -$! Tell The User That The File Doesn't Exist. -$! -$ WRITE SYS$OUTPUT "" -$ WRITE SYS$OUTPUT "The File [-.RSAREF]RSAR_ERR.C Doesn't Exist." -$ WRITE SYS$OUTPUT "" -$! -$! Exit The Build. -$! -$ GOTO EXIT -$! -$! End The [-.RSAREF]RSAR_ERR.C File Check. -$! -$ ENDIF -$! -$! Tell The User We Are Compiling The [-.RSAREF]RSAR_ERR File. -$! -$ WRITE SYS$OUTPUT "Compiling The [-.RSAREF]RSAR_ERR File." -$! -$! Compile [-.RSAREF]RSAR_ERR.C -$! -$ CC/OBJECT='OBJ_DIR'RSAR_ERR.OBJ SYS$DISK:[-.RSAREF]RSAR_ERR.C -$! -$! Add It To The Library. -$! -$ LIBRARY/REPLACE 'LIB_NAME' 'OBJ_DIR'RSAR_ERR.OBJ -$! -$! Delete The Object File. -$! -$ DELETE 'OBJ_DIR'RSAR_ERR.OBJ;* -$! -$! End The RSAREF Check. -$! -$ ENDIF -$! $! Figure Out What Other Modules We Are To Build. $! $ BUILD_SET: @@ -639,74 +542,34 @@ $! Tell the user what happens $! $ WRITE SYS$OUTPUT " ",APPLICATION,".exe" $! -$! Link The Program, Check To See If We Need To Link With RSAREF Or Not. +$! Link The Program. $! $ ON ERROR THEN GOTO NEXT_APPLICATION -$ IF (RSAREF.EQS."TRUE") -$ THEN $! -$! Check To See If We Are To Link With A Specific TCP/IP Library. +$! Check To See If We Are To Link With A Specific TCP/IP Library. $! -$ IF (TCPIP_LIB.NES."") -$ THEN -$! -$! Link With The RSAREF Library And A Specific TCP/IP Library. -$! -$ LINK/'DEBUGGER'/'TRACEBACK'/EXE='EXE_DIR''APPLICATION'.EXE - - 'OBJ_DIR''APPLICATION_OBJECTS', - - 'CRYPTO_LIB'/LIBRARY,'RSAREF_LIB'/LIBRARY, - - 'TCPIP_LIB','OPT_FILE'/OPTION -$! -$! Else... -$! -$ ELSE -$! -$! Link With The RSAREF Library And NO TCP/IP Library. +$ IF (TCPIP_LIB.NES."") +$ THEN $! -$ LINK/'DEBUGGER'/'TRACEBACK'/EXE='EXE_DIR''APPLICATION'.EXE - - 'OBJ_DIR''APPLICATION_OBJECTS', - - 'CRYPTO_LIB'/LIBRARY,'RSAREF_LIB'/LIBRARY, - - 'OPT_FILE'/OPTION +$! Link With A TCP/IP Library. $! -$! End The TCP/IP Library Check. +$ LINK/'DEBUGGER'/'TRACEBACK'/EXE='EXE_DIR''APPLICATION'.EXE - + 'OBJ_DIR''APPLICATION_OBJECTS', - + 'CRYPTO_LIB'/LIBRARY, - + 'TCPIP_LIB','OPT_FILE'/OPTION $! -$ ENDIF -$! -$! Else... +$! Else... $! $ ELSE $! -$! Don't Link With The RSAREF Routines. -$! -$! -$! Check To See If We Are To Link With A Specific TCP/IP Library. -$! -$ IF (TCPIP_LIB.NES."") -$ THEN -$! -$! Don't Link With The RSAREF Routines And TCP/IP Library. -$! -$ LINK/'DEBUGGER'/'TRACEBACK'/EXE='EXE_DIR''APPLICATION'.EXE - - 'OBJ_DIR''APPLICATION_OBJECTS', - - 'CRYPTO_LIB'/LIBRARY, - - 'TCPIP_LIB','OPT_FILE'/OPTION -$! -$! Else... -$! -$ ELSE -$! -$! Don't Link With The RSAREF Routines And Link With A TCP/IP Library. -$! -$ LINK/'DEBUGGER'/'TRACEBACK'/EXE='EXE_DIR''APPLICATION'.EXE - - 'OBJ_DIR''APPLICATION_OBJECTS',- - 'CRYPTO_LIB'/LIBRARY, - - 'OPT_FILE'/OPTION +$! Don't Link With A TCP/IP Library. $! -$! End The TCP/IP Library Check. +$ LINK/'DEBUGGER'/'TRACEBACK'/EXE='EXE_DIR''APPLICATION'.EXE - + 'OBJ_DIR''APPLICATION_OBJECTS',- + 'CRYPTO_LIB'/LIBRARY, - + 'OPT_FILE'/OPTION $! -$ ENDIF -$! -$! End The RSAREF Link Check. +$! End The TCP/IP Library Check. $! $ ENDIF $ GOTO NEXT_APPLICATION @@ -912,75 +775,10 @@ $ ENDIF $! $! Check To See If P2 Is Blank. $! -$ P2 = "NORSAREF" -$ IF (P2.EQS."NORSAREF") +$ IF (P2.EQS."NODEBUG") $ THEN $! -$! P2 Is NORSAREF, So Compile With The Regular RSA Libraries. -$! -$ RSAREF = "FALSE" -$ ELSE -$! -$! Check To See If We Are To Use The RSAREF Library. -$! -$ IF (P2.EQS."RSAREF") -$ THEN -$! -$! Check To Make Sure We Have The RSAREF Source Code Directory. -$! -$ IF (F$SEARCH("SYS$DISK:[-.RSAREF]SOURCE.DIR").EQS."") -$ THEN -$! -$! We Don't Have The RSAREF Souce Code Directory, So Tell The -$! User This. -$! -$ WRITE SYS$OUTPUT "" -$ WRITE SYS$OUTPUT "It appears that you don't have the RSAREF Souce Code." -$ WRITE SYS$OUTPUT "You need to go to 'ftp://ftp.rsa.com/rsaref'. You have to" -$ WRITE SYS$OUTPUT "get the '.tar-Z' file as the '.zip' file doesn't have the" -$ WRITE SYS$OUTPUT "directory structure stored. You have to extract the file" -$ WRITE SYS$OUTPUT "into the [.RSAREF] directory under the root directory" -$ WRITE SYS$OUTPUT "as that is where the scripts will look for the files." -$ WRITE SYS$OUTPUT "" -$! -$! Time To Exit. -$! -$ EXIT -$! -$! Else, Compile Using The RSAREF Library. -$! -$ ELSE -$ RSAREF = "TRUE" -$ ENDIF -$ ELSE -$! -$! They Entered An Invalid Option.. -$! -$ WRITE SYS$OUTPUT "" -$ WRITE SYS$OUTPUT "The Option ",P2," Is Invalid. The Valid Options Are:" -$ WRITE SYS$OUTPUT "" -$ WRITE SYS$OUTPUT " RSAREF : Compile With The RSAREF Library." -$ WRITE SYS$OUTPUT " NORSAREF : Compile With The Regular RSA Library." -$ WRITE SYS$OUTPUT "" -$! -$! Time To EXIT. -$! -$ EXIT -$! -$! End The Valid Arguement Check. -$! -$ ENDIF -$! -$! End The P2 Check. -$! -$ ENDIF -$! -$! Check To See If P3 Is Blank. -$! -$ IF (P3.EQS."NODEBUG") -$ THEN -$! -$! P3 Is NODEBUG, So Compile Without The Debugger Information. +$! P2 Is NODEBUG, So Compile Without The Debugger Information. $! $ DEBUGGER = "NODEBUG" $ TRACEBACK = "NOTRACEBACK" @@ -993,7 +791,7 @@ $ ELSE $! $! Check To See If We Are To Compile With Debugger Information. $! -$ IF (P3.EQS."DEBUG") +$ IF (P2.EQS."DEBUG") $ THEN $! $! Compile With Debugger Information. @@ -1010,7 +808,7 @@ $! $! They Entered An Invalid Option.. $! $ WRITE SYS$OUTPUT "" -$ WRITE SYS$OUTPUT "The Option ",P3," Is Invalid. The Valid Options Are:" +$ WRITE SYS$OUTPUT "The Option ",P2," Is Invalid. The Valid Options Are:" $ WRITE SYS$OUTPUT "" $ WRITE SYS$OUTPUT " DEBUG : Compile With The Debugger Information." $ WRITE SYS$OUTPUT " NODEBUG : Compile Without The Debugger Information." @@ -1024,7 +822,7 @@ $! End The Valid Arguement Check. $! $ ENDIF $! -$! End The P3 Check. +$! End The P2 Check. $! $ ENDIF $! @@ -1034,9 +832,9 @@ $! Written By: Richard Levitte $! richard@levitte.org $! $! -$! Check To See If We Have A Option For P6. +$! Check To See If We Have A Option For P5. $! -$ IF (P6.EQS."") +$ IF (P5.EQS."") $ THEN $! $! Get The Version Of VMS We Are Using. @@ -1058,13 +856,13 @@ $! End The VMS Version Check. $! $ ENDIF $! -$! End The P6 Check. +$! End The P5 Check. $! $ ENDIF $! -$! Check To See If P4 Is Blank. +$! Check To See If P3 Is Blank. $! -$ IF (P4.EQS."") +$ IF (P3.EQS."") $ THEN $! $! O.K., The User Didn't Specify A Compiler, Let's Try To @@ -1077,7 +875,7 @@ $ THEN $! $! Looks Like GNUC, Set To Use GNUC. $! -$ P4 = "GNUC" +$ P3 = "GNUC" $! $! Else... $! @@ -1090,7 +888,7 @@ $ THEN $! $! Looks Like DECC, Set To Use DECC. $! -$ P4 = "DECC" +$ P3 = "DECC" $! $! Else... $! @@ -1098,7 +896,7 @@ $ ELSE $! $! Looks Like VAXC, Set To Use VAXC. $! -$ P4 = "VAXC" +$ P3 = "VAXC" $! $! End The VAXC Compiler Check. $! @@ -1112,9 +910,9 @@ $! End The Compiler Check. $! $ ENDIF $! -$! Check To See If We Have A Option For P5. +$! Check To See If We Have A Option For P4. $! -$ IF (P5.EQS."") +$ IF (P4.EQS."") $ THEN $! $! Find out what socket library we have available @@ -1124,7 +922,7 @@ $ THEN $! $! We have SOCKETSHR, and it is my opinion that it's the best to use. $! -$ P5 = "SOCKETSHR" +$ P4 = "SOCKETSHR" $! $! Tell the user $! @@ -1144,7 +942,7 @@ $ THEN $! $! Last resort: a UCX or UCX-compatible library $! -$ P5 = "UCX" +$ P4 = "UCX" $! $! Tell the user $! @@ -1158,7 +956,7 @@ $ ENDIF $! $! Set Up Initial CC Definitions, Possibly With User Ones $! -$ CCDEFS = "TCPIP_TYPE_''P5',DSO_VMS" +$ CCDEFS = "TCPIP_TYPE_''P4',DSO_VMS" $ IF F$TYPE(USER_CCDEFS) .NES. "" THEN CCDEFS = CCDEFS + "," + USER_CCDEFS $ CCEXTRAFLAGS = "" $ IF F$TYPE(USER_CCFLAGS) .NES. "" THEN CCEXTRAFLAGS = USER_CCFLAGS @@ -1168,12 +966,12 @@ $ IF F$TYPE(USER_CCDISABLEWARNINGS) .NES. "" THEN - $! $! Check To See If The User Entered A Valid Paramter. $! -$ IF (P4.EQS."VAXC").OR.(P4.EQS."DECC").OR.(P4.EQS."GNUC") +$ IF (P3.EQS."VAXC").OR.(P3.EQS."DECC").OR.(P3.EQS."GNUC") $ THEN $! $! Check To See If The User Wanted DECC. $! -$ IF (P4.EQS."DECC") +$ IF (P3.EQS."DECC") $ THEN $! $! Looks Like DECC, Set To Use DECC. @@ -1204,7 +1002,7 @@ $ ENDIF $! $! Check To See If We Are To Use VAXC. $! -$ IF (P4.EQS."VAXC") +$ IF (P3.EQS."VAXC") $ THEN $! $! Looks Like VAXC, Set To Use VAXC. @@ -1243,7 +1041,7 @@ $ ENDIF $! $! Check To See If We Are To Use GNU C. $! -$ IF (P4.EQS."GNUC") +$ IF (P3.EQS."GNUC") $ THEN $! $! Looks Like GNUC, Set To Use GNUC. @@ -1272,31 +1070,6 @@ $! Set up default defines $! $ CCDEFS = """FLAT_INC=1""," + CCDEFS $! -$! Check To See If We Are To Compile With RSAREF Routines. -$! -$ IF (RSAREF.EQS."TRUE") -$ THEN -$! -$! Compile With RSAREF. -$! -$ CCDEFS = CCDEFS + ",""RSAref=1""" -$! -$! Tell The User This. -$! -$ WRITE SYS$OUTPUT "Compiling With RSAREF Routines." -$! -$! Else, We Don't Care. Compile Without The RSAREF Library. -$! -$ ELSE -$! -$! Tell The User We Are Compile Without The RSAREF Routines. -$! -$ WRITE SYS$OUTPUT "Compiling Without The RSAREF Routines. -$! -$! End The RSAREF Check. -$! -$ ENDIF -$! $! Finish up the definition of CC. $! $ IF COMPILER .EQS. "DECC" @@ -1315,7 +1088,7 @@ $ CC4DISABLEWARNINGS = "" $ ENDIF $ CC3 = CC + "/DEFINE=(" + CCDEFS + ISSEVEN + ")" + CCDISABLEWARNINGS $ CC = CC + "/DEFINE=(" + CCDEFS + ")" + CCDISABLEWARNINGS -$ IF ARCH .EQS. "VAX" .AND. COMPILER .EQS. "DECC" .AND. P3 .NES. "DEBUG" +$ IF ARCH .EQS. "VAX" .AND. COMPILER .EQS. "DECC" .AND. P2 .NES. "DEBUG" $ THEN $ CC5 = CC + "/OPTIMIZE=NODISJOINT" $ ELSE @@ -1334,7 +1107,7 @@ $! $! Tell The User We Don't Know What They Want. $! $ WRITE SYS$OUTPUT "" -$ WRITE SYS$OUTPUT "The Option ",P4," Is Invalid. The Valid Options Are:" +$ WRITE SYS$OUTPUT "The Option ",P3," Is Invalid. The Valid Options Are:" $ WRITE SYS$OUTPUT "" $ WRITE SYS$OUTPUT " VAXC : To Compile With VAX C." $ WRITE SYS$OUTPUT " DECC : To Compile With DEC C." @@ -1360,13 +1133,13 @@ $ WRITE/SYMBOL SYS$OUTPUT "Main MACRO Compiling Command: ",MACRO $! $! Time to check the contents, and to make sure we get the correct library. $! -$ IF P5.EQS."SOCKETSHR" .OR. P5.EQS."MULTINET" .OR. P5.EQS."UCX" - - .OR. P5.EQS."TCPIP" .OR. P5.EQS."NONE" +$ IF P4.EQS."SOCKETSHR" .OR. P4.EQS."MULTINET" .OR. P4.EQS."UCX" - + .OR. P4.EQS."TCPIP" .OR. P4.EQS."NONE" $ THEN $! $! Check to see if SOCKETSHR was chosen $! -$ IF P5.EQS."SOCKETSHR" +$ IF P4.EQS."SOCKETSHR" $ THEN $! $! Set the library to use SOCKETSHR @@ -1379,12 +1152,12 @@ $ ENDIF $! $! Check to see if MULTINET was chosen $! -$ IF P5.EQS."MULTINET" +$ IF P4.EQS."MULTINET" $ THEN $! $! Set the library to use UCX emulation. $! -$ P5 = "UCX" +$ P4 = "UCX" $! $! Done with MULTINET $! @@ -1392,7 +1165,7 @@ $ ENDIF $! $! Check to see if UCX was chosen $! -$ IF P5.EQS."UCX" +$ IF P4.EQS."UCX" $ THEN $! $! Set the library to use UCX. @@ -1412,7 +1185,7 @@ $ ENDIF $! $! Check to see if TCPIP was chosen $! -$ IF P5.EQS."TCPIP" +$ IF P4.EQS."TCPIP" $ THEN $! $! Set the library to use TCPIP (post UCX). @@ -1425,7 +1198,7 @@ $ ENDIF $! $! Check to see if NONE was chosen $! -$ IF P5.EQS."NONE" +$ IF P4.EQS."NONE" $ THEN $! $! Do not use a TCPIP library. @@ -1447,7 +1220,7 @@ $! $! Tell The User We Don't Know What They Want. $! $ WRITE SYS$OUTPUT "" -$ WRITE SYS$OUTPUT "The Option ",P5," Is Invalid. The Valid Options Are:" +$ WRITE SYS$OUTPUT "The Option ",P4," Is Invalid. The Valid Options Are:" $ WRITE SYS$OUTPUT "" $ WRITE SYS$OUTPUT " SOCKETSHR : To link with SOCKETSHR TCP/IP library." $ WRITE SYS$OUTPUT " UCX : To link with UCX TCP/IP library." @@ -1465,10 +1238,9 @@ $! $! Check if the user wanted to compile just a subset of all the encryption $! methods. $! -$ IF P7 .NES. "" +$ IF P6 .NES. "" $ THEN -$ ENCRYPT_TYPES = P7 -$! NYI: ENCRYPT_PROGRAMS = P7 +$ ENCRYPT_TYPES = P6 $ ENDIF $! $! Time To RETURN... diff --git a/lib/libcrypto/crypto.h b/lib/libcrypto/crypto.h index fc6ff860afc..273bc5e3f87 100644 --- a/lib/libcrypto/crypto.h +++ b/lib/libcrypto/crypto.h @@ -96,37 +96,39 @@ extern "C" { * names in cryptlib.c */ -#define CRYPTO_LOCK_ERR 1 -#define CRYPTO_LOCK_EX_DATA 2 -#define CRYPTO_LOCK_X509 3 -#define CRYPTO_LOCK_X509_INFO 4 -#define CRYPTO_LOCK_X509_PKEY 5 +#define CRYPTO_LOCK_ERR 1 +#define CRYPTO_LOCK_EX_DATA 2 +#define CRYPTO_LOCK_X509 3 +#define CRYPTO_LOCK_X509_INFO 4 +#define CRYPTO_LOCK_X509_PKEY 5 #define CRYPTO_LOCK_X509_CRL 6 #define CRYPTO_LOCK_X509_REQ 7 #define CRYPTO_LOCK_DSA 8 #define CRYPTO_LOCK_RSA 9 #define CRYPTO_LOCK_EVP_PKEY 10 -#define CRYPTO_LOCK_X509_STORE 11 -#define CRYPTO_LOCK_SSL_CTX 12 -#define CRYPTO_LOCK_SSL_CERT 13 -#define CRYPTO_LOCK_SSL_SESSION 14 -#define CRYPTO_LOCK_SSL_SESS_CERT 15 -#define CRYPTO_LOCK_SSL 16 -#define CRYPTO_LOCK_RAND 17 -#define CRYPTO_LOCK_RAND2 18 -#define CRYPTO_LOCK_MALLOC 19 -#define CRYPTO_LOCK_BIO 20 -#define CRYPTO_LOCK_GETHOSTBYNAME 21 -#define CRYPTO_LOCK_GETSERVBYNAME 22 -#define CRYPTO_LOCK_READDIR 23 -#define CRYPTO_LOCK_RSA_BLINDING 24 -#define CRYPTO_LOCK_DH 25 -#define CRYPTO_LOCK_MALLOC2 26 -#define CRYPTO_LOCK_DSO 27 -#define CRYPTO_LOCK_DYNLOCK 28 -#define CRYPTO_LOCK_ENGINE 29 -#define CRYPTO_LOCK_UI 30 -#define CRYPTO_NUM_LOCKS 31 +#define CRYPTO_LOCK_X509_STORE 11 +#define CRYPTO_LOCK_SSL_CTX 12 +#define CRYPTO_LOCK_SSL_CERT 13 +#define CRYPTO_LOCK_SSL_SESSION 14 +#define CRYPTO_LOCK_SSL_SESS_CERT 15 +#define CRYPTO_LOCK_SSL 16 +#define CRYPTO_LOCK_SSL_METHOD 17 +#define CRYPTO_LOCK_RAND 18 +#define CRYPTO_LOCK_RAND2 19 +#define CRYPTO_LOCK_MALLOC 20 +#define CRYPTO_LOCK_BIO 21 +#define CRYPTO_LOCK_GETHOSTBYNAME 22 +#define CRYPTO_LOCK_GETSERVBYNAME 23 +#define CRYPTO_LOCK_READDIR 24 +#define CRYPTO_LOCK_RSA_BLINDING 25 +#define CRYPTO_LOCK_DH 26 +#define CRYPTO_LOCK_MALLOC2 27 +#define CRYPTO_LOCK_DSO 28 +#define CRYPTO_LOCK_DYNLOCK 29 +#define CRYPTO_LOCK_ENGINE 30 +#define CRYPTO_LOCK_UI 31 +#define CRYPTO_LOCK_HWCRHK 32 /* This is a HACK which will disappear in 0.9.8 */ +#define CRYPTO_NUM_LOCKS 33 #define CRYPTO_LOCK 1 #define CRYPTO_UNLOCK 2 @@ -148,7 +150,7 @@ extern "C" { #endif #else #define CRYPTO_w_lock(a) -#define CRYPTO_w_unlock(a) +#define CRYPTO_w_unlock(a) #define CRYPTO_r_lock(a) #define CRYPTO_r_unlock(a) #define CRYPTO_add(a,b,c) ((*(a))+=(b)) @@ -278,6 +280,8 @@ int CRYPTO_is_mem_check_on(void); #define OPENSSL_malloc(num) CRYPTO_malloc((int)num,__FILE__,__LINE__) #define OPENSSL_realloc(addr,num) \ CRYPTO_realloc((char *)addr,(int)num,__FILE__,__LINE__) +#define OPENSSL_realloc_clean(addr,old_num,num) \ + CRYPTO_realloc_clean(addr,old_num,num,__FILE__,__LINE__) #define OPENSSL_remalloc(addr,num) \ CRYPTO_remalloc((char **)addr,(int)num,__FILE__,__LINE__) #define OPENSSL_freeFunc CRYPTO_free @@ -380,8 +384,12 @@ void CRYPTO_free_locked(void *); void *CRYPTO_malloc(int num, const char *file, int line); void CRYPTO_free(void *); void *CRYPTO_realloc(void *addr,int num, const char *file, int line); +void *CRYPTO_realloc_clean(void *addr,int old_num,int num,const char *file, + int line); void *CRYPTO_remalloc(void *addr,int num, const char *file, int line); +void OPENSSL_cleanse(void *ptr, size_t len); + void CRYPTO_set_mem_debug_options(long bits); long CRYPTO_get_mem_debug_options(void); @@ -422,6 +430,9 @@ void CRYPTO_mem_leaks(struct bio_st *bio); typedef void *CRYPTO_MEM_LEAK_CB(unsigned long, const char *, int, int, void *); void CRYPTO_mem_leaks_cb(CRYPTO_MEM_LEAK_CB *cb); +/* die if we have to */ +void OpenSSLDie(const char *file,int line,const char *assertion); +#define OPENSSL_assert(e) ((e) ? (void)0 : OpenSSLDie(__FILE__, __LINE__, #e)) /* BEGIN ERROR CODES */ /* The following lines are auto generated by the script mkerr.pl. Any changes diff --git a/lib/libcrypto/des/Makefile.ssl b/lib/libcrypto/des/Makefile.ssl index 826ffcc58c2..45eba0b3c98 100644 --- a/lib/libcrypto/des/Makefile.ssl +++ b/lib/libcrypto/des/Makefile.ssl @@ -66,22 +66,11 @@ des: des.o cbc3_enc.o lib $(CC) $(CFLAGS) -o des des.o cbc3_enc.o $(LIB) # elf -asm/dx86-elf.o: asm/dx86unix.cpp - $(CPP) -DELF -x c asm/dx86unix.cpp | as -o asm/dx86-elf.o +asm/dx86-elf.s: asm/des-586.pl ../perlasm/x86asm.pl ../perlasm/cbc.pl + (cd asm; $(PERL) des-586.pl elf $(CFLAGS) > dx86-elf.s) -asm/yx86-elf.o: asm/yx86unix.cpp - $(CPP) -DELF -x c asm/yx86unix.cpp | as -o asm/yx86-elf.o - -# solaris -asm/dx86-sol.o: asm/dx86unix.cpp - $(CC) -E -DSOL asm/dx86unix.cpp | sed 's/^#.*//' > asm/dx86-sol.s - as -o asm/dx86-sol.o asm/dx86-sol.s - rm -f asm/dx86-sol.s - -asm/yx86-sol.o: asm/yx86unix.cpp - $(CC) -E -DSOL asm/yx86unix.cpp | sed 's/^#.*//' > asm/yx86-sol.s - as -o asm/yx86-sol.o asm/yx86-sol.s - rm -f asm/yx86-sol.s +asm/yx86-elf.s: asm/crypt586.pl ../perlasm/x86asm.pl ../perlasm/cbc.pl + (cd asm; $(PERL) crypt586.pl elf $(CFLAGS) > yx86-elf.s) # a.out asm/dx86-out.o: asm/dx86unix.cpp @@ -130,14 +119,14 @@ lint: lint -DLINT $(INCLUDES) $(SRC)>fluff depend: - $(MAKEDEPEND) $(CFLAG) $(INCLUDES) $(DEPFLAG) $(PROGS) $(LIBSRC) + $(MAKEDEPEND) -- $(CFLAG) $(INCLUDES) $(DEPFLAG) -- $(PROGS) $(LIBSRC) dclean: $(PERL) -pe 'if (/^# DO NOT DELETE THIS LINE/) {print; exit(0);}' $(MAKEFILE) >Makefile.new mv -f Makefile.new $(MAKEFILE) clean: - rm -f asm/dx86unix.cpp asm/yx86unix.cpp *.o asm/*.o *.obj des lib tags core .pure .nfs* *.old *.bak fluff + rm -f asm/dx86unix.cpp asm/yx86unix.cpp asm/*-elf.* *.o asm/*.o *.obj des lib tags core .pure .nfs* *.old *.bak fluff # DO NOT DELETE THIS LINE -- make depend depends on it. diff --git a/lib/libcrypto/des/asm/crypt586.pl b/lib/libcrypto/des/asm/crypt586.pl index 3d41d82f69d..1d04ed6def1 100644 --- a/lib/libcrypto/des/asm/crypt586.pl +++ b/lib/libcrypto/des/asm/crypt586.pl @@ -26,11 +26,18 @@ sub fcrypt_body &comment(""); &comment("Load the 2 words"); - $ks="ebp"; + $trans="ebp"; &xor( $L, $L); &xor( $R, $R); - &mov($ks,&wparam(1)); + + # PIC-ification:-) + &picmeup("edx","DES_SPtrans"); + #if ($cpp) { &picmeup("edx","DES_SPtrans"); } + #else { &lea("edx",&DWP("DES_SPtrans")); } + &push("edx"); # becomes &swtmp(1) + # + &mov($trans,&wparam(1)); # reloaded with DES_SPtrans in D_ENCRYPT &push(&DWC(25)); # add a variable @@ -39,11 +46,11 @@ sub fcrypt_body { &comment(""); &comment("Round $i"); - &D_ENCRYPT($i,$L,$R,$i*2,$ks,"DES_SPtrans","eax","ebx","ecx","edx"); + &D_ENCRYPT($i,$L,$R,$i*2,$trans,"eax","ebx","ecx","edx"); &comment(""); &comment("Round ".sprintf("%d",$i+1)); - &D_ENCRYPT($i+1,$R,$L,($i+1)*2,$ks,"DES_SPtrans","eax","ebx","ecx","edx"); + &D_ENCRYPT($i+1,$R,$L,($i+1)*2,$trans,"eax","ebx","ecx","edx"); } &mov("ebx", &swtmp(0)); &mov("eax", $L); @@ -61,14 +68,14 @@ sub fcrypt_body &mov(&DWP(0,"edx","",0),"eax"); &mov(&DWP(4,"edx","",0),$L); - &pop("ecx"); # remove variable + &add("esp",8); # remove variables &function_end($name); } sub D_ENCRYPT { - local($r,$L,$R,$S,$ks,$desSP,$u,$tmp1,$tmp2,$t)=@_; + local($r,$L,$R,$S,$trans,$u,$tmp1,$tmp2,$t)=@_; &mov( $u, &wparam(2)); # 2 &mov( $t, $R); @@ -85,9 +92,9 @@ sub D_ENCRYPT &shl( $tmp2, 16); # 1 &xor( $u, $tmp1); # 2 &xor( $t, $tmp2); # 2 - &mov( $tmp1, &DWP(&n2a($S*4),$ks,"",0)); # 2 + &mov( $tmp1, &DWP(&n2a($S*4),$trans,"",0)); # 2 &xor( $u, $tmp1); - &mov( $tmp2, &DWP(&n2a(($S+1)*4),$ks,"",0)); # 2 + &mov( $tmp2, &DWP(&n2a(($S+1)*4),$trans,"",0)); # 2 &xor( $u, $R); &xor( $t, $R); &xor( $t, $tmp2); @@ -99,31 +106,28 @@ sub D_ENCRYPT &movb( &LB($tmp1), &LB($u) ); &movb( &LB($tmp2), &HB($u) ); &rotr( $t, 4 ); - &mov( $ks, &DWP(" $desSP",$tmp1,"",0)); + &mov( $trans, &swtmp(1)); + &xor( $L, &DWP(" ",$trans,$tmp1,0)); &movb( &LB($tmp1), &LB($t) ); - &xor( $L, $ks); - &mov( $ks, &DWP("0x200+$desSP",$tmp2,"",0)); - &xor( $L, $ks); + &xor( $L, &DWP("0x200",$trans,$tmp2,0)); &movb( &LB($tmp2), &HB($t) ); &shr( $u, 16); - &mov( $ks, &DWP("0x100+$desSP",$tmp1,"",0)); - &xor( $L, $ks); + &xor( $L, &DWP("0x100",$trans,$tmp1,0)); &movb( &LB($tmp1), &HB($u) ); &shr( $t, 16); - &mov( $ks, &DWP("0x300+$desSP",$tmp2,"",0)); - &xor( $L, $ks); - &mov( $ks, &wparam(1)); + &xor( $L, &DWP("0x300",$trans,$tmp2,0)); &movb( &LB($tmp2), &HB($t) ); &and( $u, "0xff" ); &and( $t, "0xff" ); - &mov( $tmp1, &DWP("0x600+$desSP",$tmp1,"",0)); + &mov( $tmp1, &DWP("0x600",$trans,$tmp1,0)); &xor( $L, $tmp1); - &mov( $tmp1, &DWP("0x700+$desSP",$tmp2,"",0)); + &mov( $tmp1, &DWP("0x700",$trans,$tmp2,0)); &xor( $L, $tmp1); - &mov( $tmp1, &DWP("0x400+$desSP",$u,"",0)); + &mov( $tmp1, &DWP("0x400",$trans,$u,0)); &xor( $L, $tmp1); - &mov( $tmp1, &DWP("0x500+$desSP",$t,"",0)); + &mov( $tmp1, &DWP("0x500",$trans,$t,0)); &xor( $L, $tmp1); + &mov( $trans, &wparam(1)); } sub n2a diff --git a/lib/libcrypto/des/asm/des-586.pl b/lib/libcrypto/des/asm/des-586.pl index 0d08e8a3a9e..b75d3c6b3a4 100644 --- a/lib/libcrypto/des/asm/des-586.pl +++ b/lib/libcrypto/des/asm/des-586.pl @@ -40,7 +40,7 @@ sub DES_encrypt &comment(""); &comment("Load the 2 words"); - $ks="ebp"; + $trans="ebp"; if ($do_ip) { @@ -72,7 +72,12 @@ sub DES_encrypt &rotl($L,3); } - &mov( $ks, &wparam(1) ); + # PIC-ification:-) + &picmeup($trans,"DES_SPtrans"); + #if ($cpp) { &picmeup($trans,"DES_SPtrans"); } + #else { &lea($trans,&DWP("DES_SPtrans")); } + + &mov( "ecx", &wparam(1) ); &cmp("ebx","0"); &je(&label("start_decrypt")); @@ -80,11 +85,11 @@ sub DES_encrypt { &comment(""); &comment("Round $i"); - &D_ENCRYPT($i,$L,$R,$i*2,$ks,"DES_SPtrans","eax","ebx","ecx","edx"); + &D_ENCRYPT($i,$L,$R,$i*2,$trans,"eax","ebx","ecx","edx"); &comment(""); &comment("Round ".sprintf("%d",$i+1)); - &D_ENCRYPT($i+1,$R,$L,($i+1)*2,$ks,"DES_SPtrans","eax","ebx","ecx","edx"); + &D_ENCRYPT($i+1,$R,$L,($i+1)*2,$trans,"eax","ebx","ecx","edx"); } &jmp(&label("end")); @@ -94,10 +99,10 @@ sub DES_encrypt { &comment(""); &comment("Round $i"); - &D_ENCRYPT(15-$i,$L,$R,$i*2,$ks,"DES_SPtrans","eax","ebx","ecx","edx"); + &D_ENCRYPT(15-$i,$L,$R,$i*2,$trans,"eax","ebx","ecx","edx"); &comment(""); &comment("Round ".sprintf("%d",$i-1)); - &D_ENCRYPT(15-$i+1,$R,$L,($i-1)*2,$ks,"DES_SPtrans","eax","ebx","ecx","edx"); + &D_ENCRYPT(15-$i+1,$R,$L,($i-1)*2,$trans,"eax","ebx","ecx","edx"); } &set_label("end"); @@ -134,43 +139,36 @@ sub DES_encrypt sub D_ENCRYPT { - local($r,$L,$R,$S,$ks,$desSP,$u,$tmp1,$tmp2,$t)=@_; + local($r,$L,$R,$S,$trans,$u,$tmp1,$tmp2,$t)=@_; - &mov( $u, &DWP(&n2a($S*4),$ks,"",0)); + &mov( $u, &DWP(&n2a($S*4),$tmp2,"",0)); &xor( $tmp1, $tmp1); - &mov( $t, &DWP(&n2a(($S+1)*4),$ks,"",0)); + &mov( $t, &DWP(&n2a(($S+1)*4),$tmp2,"",0)); &xor( $u, $R); + &xor( $tmp2, $tmp2); &xor( $t, $R); &and( $u, "0xfcfcfcfc" ); &and( $t, "0xcfcfcfcf" ); &movb( &LB($tmp1), &LB($u) ); &movb( &LB($tmp2), &HB($u) ); &rotr( $t, 4 ); - &mov( $ks, &DWP(" $desSP",$tmp1,"",0)); + &xor( $L, &DWP(" ",$trans,$tmp1,0)); &movb( &LB($tmp1), &LB($t) ); - &xor( $L, $ks); - &mov( $ks, &DWP("0x200+$desSP",$tmp2,"",0)); - &xor( $L, $ks); ###### + &xor( $L, &DWP("0x200",$trans,$tmp2,0)); &movb( &LB($tmp2), &HB($t) ); &shr( $u, 16); - &mov( $ks, &DWP("0x100+$desSP",$tmp1,"",0)); - &xor( $L, $ks); ###### + &xor( $L, &DWP("0x100",$trans,$tmp1,0)); &movb( &LB($tmp1), &HB($u) ); &shr( $t, 16); - &mov( $ks, &DWP("0x300+$desSP",$tmp2,"",0)); - &xor( $L, $ks); - &mov( $ks, &wparam(1) ); + &xor( $L, &DWP("0x300",$trans,$tmp2,0)); &movb( &LB($tmp2), &HB($t) ); &and( $u, "0xff" ); &and( $t, "0xff" ); - &mov( $tmp1, &DWP("0x600+$desSP",$tmp1,"",0)); - &xor( $L, $tmp1); - &mov( $tmp1, &DWP("0x700+$desSP",$tmp2,"",0)); - &xor( $L, $tmp1); - &mov( $tmp1, &DWP("0x400+$desSP",$u,"",0)); - &xor( $L, $tmp1); - &mov( $tmp1, &DWP("0x500+$desSP",$t,"",0)); - &xor( $L, $tmp1); + &xor( $L, &DWP("0x600",$trans,$tmp1,0)); + &xor( $L, &DWP("0x700",$trans,$tmp2,0)); + &mov( $tmp2, &wparam(1) ); + &xor( $L, &DWP("0x400",$trans,$u,0)); + &xor( $L, &DWP("0x500",$trans,$t,0)); } sub n2a diff --git a/lib/libcrypto/des/cbc_cksm.c b/lib/libcrypto/des/cbc_cksm.c index 6c5305b99d9..09a7ba56aad 100644 --- a/lib/libcrypto/des/cbc_cksm.c +++ b/lib/libcrypto/des/cbc_cksm.c @@ -93,5 +93,14 @@ DES_LONG DES_cbc_cksum(const unsigned char *in, DES_cblock *output, l2c(tout1,out); } tout0=tin0=tin1=tin[0]=tin[1]=0; + /* + Transform the data in tout1 so that it will + match the return value that the MIT Kerberos + mit_des_cbc_cksum API returns. + */ + tout1 = ((tout1 >> 24L) & 0x000000FF) + | ((tout1 >> 8L) & 0x0000FF00) + | ((tout1 << 8L) & 0x00FF0000) + | ((tout1 << 24L) & 0xFF000000); return(tout1); } diff --git a/lib/libcrypto/des/des.c b/lib/libcrypto/des/des.c index d8c846b23db..343135ff9ec 100644 --- a/lib/libcrypto/des/des.c +++ b/lib/libcrypto/des/des.c @@ -427,7 +427,7 @@ void doencryption(void) k2[i-8]=k; } DES_set_key_unchecked(&k2,&ks2); - memset(k2,0,sizeof(k2)); + OPENSSL_cleanse(k2,sizeof(k2)); } else if (longk || flag3) { @@ -435,7 +435,7 @@ void doencryption(void) { DES_string_to_2keys(key,&kk,&k2); DES_set_key_unchecked(&k2,&ks2); - memset(k2,0,sizeof(k2)); + OPENSSL_cleanse(k2,sizeof(k2)); } else DES_string_to_key(key,&kk); @@ -457,8 +457,8 @@ void doencryption(void) } DES_set_key_unchecked(&kk,&ks); - memset(key,0,sizeof(key)); - memset(kk,0,sizeof(kk)); + OPENSSL_cleanse(key,sizeof(key)); + OPENSSL_cleanse(kk,sizeof(kk)); /* woops - A bug that does not showup under unix :-( */ memset(iv,0,sizeof(iv)); memset(iv2,0,sizeof(iv2)); @@ -666,18 +666,18 @@ void doencryption(void) if (l) fclose(CKSUM_OUT); } problems: - memset(buf,0,sizeof(buf)); - memset(obuf,0,sizeof(obuf)); - memset(&ks,0,sizeof(ks)); - memset(&ks2,0,sizeof(ks2)); - memset(iv,0,sizeof(iv)); - memset(iv2,0,sizeof(iv2)); - memset(kk,0,sizeof(kk)); - memset(k2,0,sizeof(k2)); - memset(uubuf,0,sizeof(uubuf)); - memset(b,0,sizeof(b)); - memset(bb,0,sizeof(bb)); - memset(cksum,0,sizeof(cksum)); + OPENSSL_cleanse(buf,sizeof(buf)); + OPENSSL_cleanse(obuf,sizeof(obuf)); + OPENSSL_cleanse(&ks,sizeof(ks)); + OPENSSL_cleanse(&ks2,sizeof(ks2)); + OPENSSL_cleanse(iv,sizeof(iv)); + OPENSSL_cleanse(iv2,sizeof(iv2)); + OPENSSL_cleanse(kk,sizeof(kk)); + OPENSSL_cleanse(k2,sizeof(k2)); + OPENSSL_cleanse(uubuf,sizeof(uubuf)); + OPENSSL_cleanse(b,sizeof(b)); + OPENSSL_cleanse(bb,sizeof(bb)); + OPENSSL_cleanse(cksum,sizeof(cksum)); if (Exit) EXIT(Exit); } diff --git a/lib/libcrypto/des/des_locl.h b/lib/libcrypto/des/des_locl.h index 70e833be3f6..e44e8e98b25 100644 --- a/lib/libcrypto/des/des_locl.h +++ b/lib/libcrypto/des/des_locl.h @@ -162,7 +162,18 @@ #if defined(OPENSSL_SYS_WIN32) && defined(_MSC_VER) #define ROTATE(a,n) (_lrotr(a,n)) -#else +#elif defined(__GNUC__) && __GNUC__>=2 && !defined(__STRICT_ANSI__) && !defined(OPENSSL_NO_ASM) && !defined(OPENSSL_NO_INLINE_ASM) && !defined(PEDANTIC) +# if defined(__i386) || defined(__i386__) || defined(__x86_64) || defined(__x86_64__) +# define ROTATE(a,n) ({ register unsigned int ret; \ + asm ("rorl %1,%0" \ + : "=r"(ret) \ + : "I"(n),"0"(a) \ + : "cc"); \ + ret; \ + }) +# endif +#endif +#ifndef ROTATE #define ROTATE(a,n) (((a)>>(n))+((a)<<(32-(n)))) #endif diff --git a/lib/libcrypto/des/des_old.h b/lib/libcrypto/des/des_old.h index fe32f21f617..1d8bf651017 100644 --- a/lib/libcrypto/des/des_old.h +++ b/lib/libcrypto/des/des_old.h @@ -173,10 +173,12 @@ typedef struct _ossl_old_des_ks_struct DES_fcrypt((b),(s),(r)) #define des_crypt(b,s)\ DES_crypt((b),(s)) +#if 0 #if !defined(PERL5) && !defined(__FreeBSD__) && !defined(NeXT) && !defined(__OpenBSD__) #define crypt(b,s)\ DES_crypt((b),(s)) #endif +#endif #define des_ofb_encrypt(i,o,n,l,k,iv)\ DES_ofb_encrypt((i),(o),(n),(l),&(k),(iv)) #define des_pcbc_encrypt(i,o,l,k,iv,e)\ diff --git a/lib/libcrypto/des/des_ver.h b/lib/libcrypto/des/des_ver.h index ec9cc736e3c..379bbadda2a 100644 --- a/lib/libcrypto/des/des_ver.h +++ b/lib/libcrypto/des/des_ver.h @@ -63,5 +63,9 @@ # define OPENSSL_EXTERN OPENSSL_EXPORT #endif -OPENSSL_EXTERN const char *DES_version; /* SSLeay version string */ -OPENSSL_EXTERN const char *libdes_version; /* old libdes version string */ +/* The following macros make sure the names are different from libdes names */ +#define DES_version OSSL_DES_version +#define libdes_version OSSL_libdes_version + +OPENSSL_EXTERN const char *OSSL_DES_version; /* SSLeay version string */ +OPENSSL_EXTERN const char *OSSL_libdes_version; /* old libdes version string */ diff --git a/lib/libcrypto/des/destest.c b/lib/libcrypto/des/destest.c index 58e8c35dcb5..687c00c7922 100644 --- a/lib/libcrypto/des/destest.c +++ b/lib/libcrypto/des/destest.c @@ -84,9 +84,7 @@ int main(int argc, char *argv[]) #else #include <openssl/des.h> -#if defined(PERL5) || defined(__FreeBSD__) || defined(NeXT) #define crypt(c,s) (des_crypt((c),(s))) -#endif /* tisk tisk - the test keys don't all have odd parity :-( */ /* test data */ @@ -322,7 +320,11 @@ static unsigned char ofb_cipher[24]= 0x3d,0x6d,0x5b,0xe3,0x25,0x5a,0xf8,0xc3 }; +#if 0 static DES_LONG cbc_cksum_ret=0xB462FEF7L; +#else +static DES_LONG cbc_cksum_ret=0xF7FE62B4L; +#endif static unsigned char cbc_cksum_data[8]={0x1D,0x26,0x93,0x97,0xf7,0xfe,0x62,0xb4}; static char *pt(unsigned char *p); diff --git a/lib/libcrypto/des/read2pwd.c b/lib/libcrypto/des/read2pwd.c index b4720c3a981..3a63c4016cc 100644 --- a/lib/libcrypto/des/read2pwd.c +++ b/lib/libcrypto/des/read2pwd.c @@ -120,8 +120,8 @@ int DES_read_password(DES_cblock *key, const char *prompt, int verify) if ((ok=UI_UTIL_read_pw(buf,buff,BUFSIZ,prompt,verify)) == 0) DES_string_to_key(buf,key); - memset(buf,0,BUFSIZ); - memset(buff,0,BUFSIZ); + OPENSSL_cleanse(buf,BUFSIZ); + OPENSSL_cleanse(buff,BUFSIZ); return(ok); } @@ -133,7 +133,7 @@ int DES_read_2passwords(DES_cblock *key1, DES_cblock *key2, const char *prompt, if ((ok=UI_UTIL_read_pw(buf,buff,BUFSIZ,prompt,verify)) == 0) DES_string_to_2keys(buf,key1,key2); - memset(buf,0,BUFSIZ); - memset(buff,0,BUFSIZ); + OPENSSL_cleanse(buf,BUFSIZ); + OPENSSL_cleanse(buff,BUFSIZ); return(ok); } diff --git a/lib/libcrypto/des/read_pwd.c b/lib/libcrypto/des/read_pwd.c index 9061935f217..ce5fa00a37a 100644 --- a/lib/libcrypto/des/read_pwd.c +++ b/lib/libcrypto/des/read_pwd.c @@ -101,8 +101,10 @@ #ifdef WIN_CONSOLE_BUG #include <windows.h> +#ifndef OPENSSL_SYS_WINCE #include <wincon.h> #endif +#endif /* There are 5 types of terminal interface supported, @@ -133,7 +135,7 @@ #define SGTTY #endif -#if defined(OPENSSL_SYS_VSWORKS) +#if defined(OPENSSL_SYS_VXWORKS) #undef TERMIOS #undef TERMIO #undef SGTTY @@ -167,7 +169,7 @@ #include <sys/ioctl.h> #endif -#if defined(OPENSSL_SYS_MSDOS) && !defined(__CYGWIN32__) +#if defined(OPENSSL_SYS_MSDOS) && !defined(__CYGWIN32__) && !defined(OPENSSL_SYS_WINCE) #include <conio.h> #define fgets(a,b,c) noecho_fgets(a,b,c) #endif @@ -218,11 +220,29 @@ int des_read_pw_string(char *buf, int length, const char *prompt, int ret; ret=des_read_pw(buf,buff,(length>BUFSIZ)?BUFSIZ:length,prompt,verify); - memset(buff,0,BUFSIZ); + OPENSSL_cleanse(buff,BUFSIZ); return(ret); } -#ifndef OPENSSL_SYS_WIN16 +#ifdef OPENSSL_SYS_WINCE + +int des_read_pw(char *buf, char *buff, int size, const char *prompt, int verify) + { + memset(buf,0,size); + memset(buff,0,size); + return(0); + } + +#elif defined(OPENSSL_SYS_WIN16) + +int des_read_pw(char *buf, char *buff, int size, char *prompt, int verify) + { + memset(buf,0,size); + memset(buff,0,size); + return(0); + } + +#else /* !OPENSSL_SYS_WINCE && !OPENSSL_SYS_WIN16 */ static void read_till_nl(FILE *in) { @@ -274,7 +294,7 @@ int des_read_pw(char *buf, char *buff, int size, const char *prompt, #ifdef OPENSSL_SYS_MSDOS if ((tty=fopen("con","r")) == NULL) tty=stdin; -#elif defined(MAC_OS_pre_X) || defined(OPENSSL_SYS_VSWORKS) +#elif defined(MAC_OS_pre_X) || defined(OPENSSL_SYS_VXWORKS) tty=stdin; #else #ifndef OPENSSL_SYS_MPE @@ -393,17 +413,6 @@ error: return(!ok); } -#else /* OPENSSL_SYS_WIN16 */ - -int des_read_pw(char *buf, char *buff, int size, char *prompt, int verify) - { - memset(buf,0,size); - memset(buff,0,size); - return(0); - } - -#endif - static void pushsig(void) { int i; @@ -466,7 +475,7 @@ static void recsig(int i) #endif } -#if defined(OPENSSL_SYS_MSDOS) && !defined(OPENSSL_SYS_WIN16) +#ifdef OPENSSL_SYS_MSDOS static int noecho_fgets(char *buf, int size, FILE *tty) { int i; @@ -509,3 +518,4 @@ static int noecho_fgets(char *buf, int size, FILE *tty) return(strlen(buf)); } #endif +#endif /* !OPENSSL_SYS_WINCE && !WIN16 */ diff --git a/lib/libcrypto/des/str2key.c b/lib/libcrypto/des/str2key.c index 36c3f81d993..0373db469c9 100644 --- a/lib/libcrypto/des/str2key.c +++ b/lib/libcrypto/des/str2key.c @@ -94,7 +94,7 @@ void DES_string_to_key(const char *str, DES_cblock *key) DES_set_key_unchecked(key,&ks); #endif DES_cbc_cksum((const unsigned char*)str,key,length,&ks,key); - memset(&ks,0,sizeof(ks)); + OPENSSL_cleanse(&ks,sizeof(ks)); DES_set_odd_parity(key); } @@ -167,7 +167,7 @@ void DES_string_to_2keys(const char *str, DES_cblock *key1, DES_cblock *key2) DES_set_key_unchecked(key2,&ks); #endif DES_cbc_cksum((const unsigned char*)str,key2,length,&ks,key2); - memset(&ks,0,sizeof(ks)); + OPENSSL_cleanse(&ks,sizeof(ks)); DES_set_odd_parity(key1); DES_set_odd_parity(key2); } diff --git a/lib/libcrypto/dh/Makefile.ssl b/lib/libcrypto/dh/Makefile.ssl index 5e1aaae1604..e05fc01a128 100644 --- a/lib/libcrypto/dh/Makefile.ssl +++ b/lib/libcrypto/dh/Makefile.ssl @@ -68,7 +68,7 @@ lint: lint -DLINT $(INCLUDES) $(SRC)>fluff depend: - $(MAKEDEPEND) $(CFLAG) $(INCLUDES) $(DEPFLAG) $(PROGS) $(LIBSRC) + $(MAKEDEPEND) -- $(CFLAG) $(INCLUDES) $(DEPFLAG) -- $(PROGS) $(LIBSRC) dclean: $(PERL) -pe 'if (/^# DO NOT DELETE THIS LINE/) {print; exit(0);}' $(MAKEFILE) >Makefile.new @@ -112,17 +112,14 @@ dh_gen.o: ../../include/openssl/opensslconf.h ../../include/openssl/opensslv.h dh_gen.o: ../../include/openssl/ossl_typ.h ../../include/openssl/safestack.h dh_gen.o: ../../include/openssl/stack.h ../../include/openssl/symhacks.h dh_gen.o: ../cryptlib.h dh_gen.c -dh_key.o: ../../e_os.h ../../include/openssl/asn1.h ../../include/openssl/bio.h -dh_key.o: ../../include/openssl/bn.h ../../include/openssl/buffer.h -dh_key.o: ../../include/openssl/crypto.h ../../include/openssl/dh.h -dh_key.o: ../../include/openssl/dsa.h ../../include/openssl/e_os2.h -dh_key.o: ../../include/openssl/engine.h ../../include/openssl/err.h -dh_key.o: ../../include/openssl/lhash.h ../../include/openssl/opensslconf.h -dh_key.o: ../../include/openssl/opensslv.h ../../include/openssl/ossl_typ.h -dh_key.o: ../../include/openssl/rand.h ../../include/openssl/rsa.h +dh_key.o: ../../e_os.h ../../include/openssl/bio.h ../../include/openssl/bn.h +dh_key.o: ../../include/openssl/buffer.h ../../include/openssl/crypto.h +dh_key.o: ../../include/openssl/dh.h ../../include/openssl/e_os2.h +dh_key.o: ../../include/openssl/err.h ../../include/openssl/lhash.h +dh_key.o: ../../include/openssl/opensslconf.h ../../include/openssl/opensslv.h +dh_key.o: ../../include/openssl/ossl_typ.h ../../include/openssl/rand.h dh_key.o: ../../include/openssl/safestack.h ../../include/openssl/stack.h -dh_key.o: ../../include/openssl/symhacks.h ../../include/openssl/ui.h -dh_key.o: ../cryptlib.h dh_key.c +dh_key.o: ../../include/openssl/symhacks.h ../cryptlib.h dh_key.c dh_lib.o: ../../e_os.h ../../include/openssl/asn1.h ../../include/openssl/bio.h dh_lib.o: ../../include/openssl/bn.h ../../include/openssl/buffer.h dh_lib.o: ../../include/openssl/crypto.h ../../include/openssl/dh.h diff --git a/lib/libcrypto/dh/dh_key.c b/lib/libcrypto/dh/dh_key.c index 1a0efca2c4c..77f2f50b516 100644 --- a/lib/libcrypto/dh/dh_key.c +++ b/lib/libcrypto/dh/dh_key.c @@ -61,7 +61,6 @@ #include <openssl/bn.h> #include <openssl/rand.h> #include <openssl/dh.h> -#include <openssl/engine.h> static int generate_key(DH *dh); static int compute_key(unsigned char *key, const BIGNUM *pub_key, DH *dh); diff --git a/lib/libcrypto/dh/dh_lib.c b/lib/libcrypto/dh/dh_lib.c index ba5fd410579..09965ee2ea8 100644 --- a/lib/libcrypto/dh/dh_lib.c +++ b/lib/libcrypto/dh/dh_lib.c @@ -60,7 +60,9 @@ #include "cryptlib.h" #include <openssl/bn.h> #include <openssl/dh.h> +#ifndef OPENSSL_NO_ENGINE #include <openssl/engine.h> +#endif const char *DH_version="Diffie-Hellman" OPENSSL_VERSION_PTEXT; @@ -85,11 +87,13 @@ int DH_set_method(DH *dh, const DH_METHOD *meth) const DH_METHOD *mtmp; mtmp = dh->meth; if (mtmp->finish) mtmp->finish(dh); +#ifndef OPENSSL_NO_ENGINE if (dh->engine) { ENGINE_finish(dh->engine); dh->engine = NULL; } +#endif dh->meth = meth; if (meth->init) meth->init(dh); return 1; @@ -112,6 +116,7 @@ DH *DH_new_method(ENGINE *engine) } ret->meth = DH_get_default_method(); +#ifndef OPENSSL_NO_ENGINE if (engine) { if (!ENGINE_init(engine)) @@ -135,6 +140,7 @@ DH *DH_new_method(ENGINE *engine) return NULL; } } +#endif ret->pad=0; ret->version=0; @@ -154,8 +160,10 @@ DH *DH_new_method(ENGINE *engine) CRYPTO_new_ex_data(CRYPTO_EX_INDEX_DH, ret, &ret->ex_data); if ((ret->meth->init != NULL) && !ret->meth->init(ret)) { +#ifndef OPENSSL_NO_ENGINE if (ret->engine) ENGINE_finish(ret->engine); +#endif CRYPTO_free_ex_data(CRYPTO_EX_INDEX_DH, ret, &ret->ex_data); OPENSSL_free(ret); ret=NULL; @@ -182,8 +190,10 @@ void DH_free(DH *r) if (r->meth->finish) r->meth->finish(r); +#ifndef OPENSSL_NO_ENGINE if (r->engine) ENGINE_finish(r->engine); +#endif CRYPTO_free_ex_data(CRYPTO_EX_INDEX_DH, r, &r->ex_data); diff --git a/lib/libcrypto/dh/dhtest.c b/lib/libcrypto/dh/dhtest.c index 34894ced735..d75077f9fa0 100644 --- a/lib/libcrypto/dh/dhtest.c +++ b/lib/libcrypto/dh/dhtest.c @@ -59,9 +59,9 @@ #include <stdio.h> #include <stdlib.h> #include <string.h> -#ifdef OPENSSL_SYS_WINDOWS -#include "../bio/bss_file.c" -#endif + +#include "../e_os.h" + #include <openssl/crypto.h> #include <openssl/bio.h> #include <openssl/bn.h> @@ -84,10 +84,6 @@ int main(int argc, char *argv[]) #endif static void MS_CALLBACK cb(int p, int n, void *arg); -#ifdef OPENSSL_NO_STDIO -#define APPS_WIN16 -#include "bss_file.c" -#endif static const char rnd_seed[] = "string to make the random number generator think it has entropy"; @@ -111,7 +107,7 @@ int main(int argc, char *argv[]) RAND_seed(rnd_seed, sizeof rnd_seed); out=BIO_new(BIO_s_file()); - if (out == NULL) exit(1); + if (out == NULL) EXIT(1); BIO_set_fp(out,stdout,BIO_NOCLOSE); a=DH_generate_parameters(64,DH_GENERATOR_5,cb,out); @@ -195,7 +191,7 @@ err: CRYPTO_cleanup_all_ex_data(); ERR_remove_state(0); CRYPTO_mem_leaks_fp(stderr); - exit(ret); + EXIT(ret); return(ret); } diff --git a/lib/libcrypto/doc/DH_generate_parameters.pod b/lib/libcrypto/doc/DH_generate_parameters.pod index 4a2d6537581..9081e9ea7cf 100644 --- a/lib/libcrypto/doc/DH_generate_parameters.pod +++ b/lib/libcrypto/doc/DH_generate_parameters.pod @@ -59,7 +59,8 @@ a usable generator. =head1 SEE ALSO -L<dh(3)|dh(3)>, L<ERR_get_error(3)|ERR_get_error(3)>, L<rand(3)|rand(3)>, L<DH_free(3)|DH_free(3)> +L<dh(3)|dh(3)>, L<ERR_get_error(3)|ERR_get_error(3)>, L<rand(3)|rand(3)>, +L<DH_free(3)|DH_free(3)> =head1 HISTORY diff --git a/lib/libcrypto/doc/DSA_SIG_new.pod b/lib/libcrypto/doc/DSA_SIG_new.pod index 45df4c0661f..3ac61400381 100644 --- a/lib/libcrypto/doc/DSA_SIG_new.pod +++ b/lib/libcrypto/doc/DSA_SIG_new.pod @@ -30,7 +30,8 @@ DSA_SIG_free() returns no value. =head1 SEE ALSO -L<dsa(3)|dsa(3)>, L<ERR_get_error(3)|ERR_get_error(3)>, L<DSA_do_sign(3)|DSA_do_sign(3)> +L<dsa(3)|dsa(3)>, L<ERR_get_error(3)|ERR_get_error(3)>, +L<DSA_do_sign(3)|DSA_do_sign(3)> =head1 HISTORY diff --git a/lib/libcrypto/doc/DSA_generate_key.pod b/lib/libcrypto/doc/DSA_generate_key.pod index 9906a2d7e07..af83ccfaa16 100644 --- a/lib/libcrypto/doc/DSA_generate_key.pod +++ b/lib/libcrypto/doc/DSA_generate_key.pod @@ -24,7 +24,8 @@ The error codes can be obtained by L<ERR_get_error(3)|ERR_get_error(3)>. =head1 SEE ALSO -L<dsa(3)|dsa(3)>, L<ERR_get_error(3)|ERR_get_error(3)>, L<rand(3)|rand(3)>, L<DSA_generate_parameters(3)|DSA_generate_parameters(3)> +L<dsa(3)|dsa(3)>, L<ERR_get_error(3)|ERR_get_error(3)>, L<rand(3)|rand(3)>, +L<DSA_generate_parameters(3)|DSA_generate_parameters(3)> =head1 HISTORY diff --git a/lib/libcrypto/doc/ERR_get_error.pod b/lib/libcrypto/doc/ERR_get_error.pod index 9fdedbcb917..34443045fc0 100644 --- a/lib/libcrypto/doc/ERR_get_error.pod +++ b/lib/libcrypto/doc/ERR_get_error.pod @@ -5,7 +5,7 @@ ERR_get_error, ERR_peek_error, ERR_peek_last_error, ERR_get_error_line, ERR_peek_error_line, ERR_peek_last_error_line, ERR_get_error_line_data, ERR_peek_error_line_data, -ERR_peek_error_line_data - obtain error code and data +ERR_peek_last_error_line_data - obtain error code and data =head1 SYNOPSIS diff --git a/lib/libcrypto/doc/EVP_EncryptInit.pod b/lib/libcrypto/doc/EVP_EncryptInit.pod index 75cceb1ca26..daf57e5895f 100644 --- a/lib/libcrypto/doc/EVP_EncryptInit.pod +++ b/lib/libcrypto/doc/EVP_EncryptInit.pod @@ -419,7 +419,7 @@ Encrypt a string using blowfish: EVP_CIPHER_CTX ctx; FILE *out; EVP_CIPHER_CTX_init(&ctx); - EVP_EncryptInit_ex(&ctx, NULL, EVP_bf_cbc(), key, iv); + EVP_EncryptInit_ex(&ctx, EVP_bf_cbc(), NULL, key, iv); if(!EVP_EncryptUpdate(&ctx, outbuf, &outlen, intext, strlen(intext))) { diff --git a/lib/libcrypto/doc/EVP_SealInit.pod b/lib/libcrypto/doc/EVP_SealInit.pod index 25ef07f7c7b..b5e477e2942 100644 --- a/lib/libcrypto/doc/EVP_SealInit.pod +++ b/lib/libcrypto/doc/EVP_SealInit.pod @@ -18,22 +18,28 @@ EVP_SealInit, EVP_SealUpdate, EVP_SealFinal - EVP envelope encryption =head1 DESCRIPTION The EVP envelope routines are a high level interface to envelope -encryption. They generate a random key and then "envelope" it by -using public key encryption. Data can then be encrypted using this -key. +encryption. They generate a random key and IV (if required) then +"envelope" it by using public key encryption. Data can then be +encrypted using this key. EVP_SealInit() initializes a cipher context B<ctx> for encryption -with cipher B<type> using a random secret key and IV supplied in -the B<iv> parameter. B<type> is normally supplied by a function such -as EVP_des_cbc(). The secret key is encrypted using one or more public -keys, this allows the same encrypted data to be decrypted using any -of the corresponding private keys. B<ek> is an array of buffers where -the public key encrypted secret key will be written, each buffer must -contain enough room for the corresponding encrypted key: that is +with cipher B<type> using a random secret key and IV. B<type> is normally +supplied by a function such as EVP_des_cbc(). The secret key is encrypted +using one or more public keys, this allows the same encrypted data to be +decrypted using any of the corresponding private keys. B<ek> is an array of +buffers where the public key encrypted secret key will be written, each buffer +must contain enough room for the corresponding encrypted key: that is B<ek[i]> must have room for B<EVP_PKEY_size(pubk[i])> bytes. The actual size of each encrypted secret key is written to the array B<ekl>. B<pubk> is an array of B<npubk> public keys. +The B<iv> parameter is a buffer where the generated IV is written to. It must +contain enough room for the corresponding cipher's IV, as determined by (for +example) EVP_CIPHER_iv_length(type). + +If the cipher does not require an IV then the B<iv> parameter is ignored +and can be B<NULL>. + EVP_SealUpdate() and EVP_SealFinal() have exactly the same properties as the EVP_EncryptUpdate() and EVP_EncryptFinal() routines, as documented on the L<EVP_EncryptInit(3)|EVP_EncryptInit(3)> manual diff --git a/lib/libcrypto/doc/RAND_bytes.pod b/lib/libcrypto/doc/RAND_bytes.pod index b03748b9180..ce6329ce54a 100644 --- a/lib/libcrypto/doc/RAND_bytes.pod +++ b/lib/libcrypto/doc/RAND_bytes.pod @@ -35,7 +35,8 @@ method. =head1 SEE ALSO -L<rand(3)|rand(3)>, L<ERR_get_error(3)|ERR_get_error(3)>, L<RAND_add(3)|RAND_add(3)> +L<rand(3)|rand(3)>, L<ERR_get_error(3)|ERR_get_error(3)>, +L<RAND_add(3)|RAND_add(3)> =head1 HISTORY diff --git a/lib/libcrypto/doc/RSA_generate_key.pod b/lib/libcrypto/doc/RSA_generate_key.pod index 11bc0b34599..52dbb14a537 100644 --- a/lib/libcrypto/doc/RSA_generate_key.pod +++ b/lib/libcrypto/doc/RSA_generate_key.pod @@ -59,7 +59,8 @@ RSA_generate_key() goes into an infinite loop for illegal input values. =head1 SEE ALSO -L<ERR_get_error(3)|ERR_get_error(3)>, L<rand(3)|rand(3)>, L<rsa(3)|rsa(3)>, L<RSA_free(3)|RSA_free(3)> +L<ERR_get_error(3)|ERR_get_error(3)>, L<rand(3)|rand(3)>, L<rsa(3)|rsa(3)>, +L<RSA_free(3)|RSA_free(3)> =head1 HISTORY diff --git a/lib/libcrypto/doc/RSA_print.pod b/lib/libcrypto/doc/RSA_print.pod index ff2d353d1a8..c971e91f4db 100644 --- a/lib/libcrypto/doc/RSA_print.pod +++ b/lib/libcrypto/doc/RSA_print.pod @@ -2,9 +2,9 @@ =head1 NAME -RSA_print, RSA_print_fp, DHparams_print, DHparams_print_fp, DSA_print, -DSA_print_fp, DHparams_print, DHparams_print_fp - print cryptographic -parameters +RSA_print, RSA_print_fp, +DSAparams_print, DSAparams_print_fp, DSA_print, DSA_print_fp, +DHparams_print, DHparams_print_fp - print cryptographic parameters =head1 SYNOPSIS diff --git a/lib/libcrypto/doc/RSA_private_encrypt.pod b/lib/libcrypto/doc/RSA_private_encrypt.pod index 0d1b2bd5416..746a80c79ea 100644 --- a/lib/libcrypto/doc/RSA_private_encrypt.pod +++ b/lib/libcrypto/doc/RSA_private_encrypt.pod @@ -59,8 +59,8 @@ obtained by L<ERR_get_error(3)|ERR_get_error(3)>. =head1 SEE ALSO -L<ERR_get_error(3)|ERR_get_error(3)>, L<rsa(3)|rsa(3)>, L<RSA_sign(3)|RSA_sign(3)>, -L<RSA_verify(3)|RSA_verify(3)> +L<ERR_get_error(3)|ERR_get_error(3)>, L<rsa(3)|rsa(3)>, +L<RSA_sign(3)|RSA_sign(3)>, L<RSA_verify(3)|RSA_verify(3)> =head1 HISTORY diff --git a/lib/libcrypto/doc/RSA_public_encrypt.pod b/lib/libcrypto/doc/RSA_public_encrypt.pod index 8022a23f99b..d53e19d2b74 100644 --- a/lib/libcrypto/doc/RSA_public_encrypt.pod +++ b/lib/libcrypto/doc/RSA_public_encrypt.pod @@ -72,7 +72,8 @@ SSL, PKCS #1 v2.0 =head1 SEE ALSO -L<ERR_get_error(3)|ERR_get_error(3)>, L<rand(3)|rand(3)>, L<rsa(3)|rsa(3)>, L<RSA_size(3)|RSA_size(3)> +L<ERR_get_error(3)|ERR_get_error(3)>, L<rand(3)|rand(3)>, L<rsa(3)|rsa(3)>, +L<RSA_size(3)|RSA_size(3)> =head1 HISTORY diff --git a/lib/libcrypto/doc/RSA_set_method.pod b/lib/libcrypto/doc/RSA_set_method.pod index 0687c2242a5..0a305f6b140 100644 --- a/lib/libcrypto/doc/RSA_set_method.pod +++ b/lib/libcrypto/doc/RSA_set_method.pod @@ -3,13 +3,12 @@ =head1 NAME RSA_set_default_method, RSA_get_default_method, RSA_set_method, -RSA_get_method, RSA_PKCS1_SSLeay, -RSA_null_method, RSA_flags, RSA_new_method - select RSA method +RSA_get_method, RSA_PKCS1_SSLeay, RSA_null_method, RSA_flags, +RSA_new_method - select RSA method =head1 SYNOPSIS #include <openssl/rsa.h> - #include <openssl/engine.h> void RSA_set_default_method(const RSA_METHOD *meth); @@ -25,7 +24,7 @@ RSA_null_method, RSA_flags, RSA_new_method - select RSA method int RSA_flags(const RSA *rsa); - RSA *RSA_new_method(ENGINE *engine); + RSA *RSA_new_method(RSA_METHOD *method); =head1 DESCRIPTION @@ -70,6 +69,12 @@ B<engine> will be used for the RSA operations. If B<engine> is NULL, the default ENGINE for RSA operations is used, and if no default ENGINE is set, the RSA_METHOD controlled by RSA_set_default_method() is used. +RSA_flags() returns the B<flags> that are set for B<rsa>'s current method. + +RSA_new_method() allocates and initializes an B<RSA> structure so that +B<method> will be used for the RSA operations. If B<method> is B<NULL>, +the default method is used. + =head1 THE RSA_METHOD STRUCTURE typedef struct rsa_meth_st diff --git a/lib/libcrypto/doc/RSA_sign_ASN1_OCTET_STRING.pod b/lib/libcrypto/doc/RSA_sign_ASN1_OCTET_STRING.pod index b8c7bbb7e30..e70380bbfc9 100644 --- a/lib/libcrypto/doc/RSA_sign_ASN1_OCTET_STRING.pod +++ b/lib/libcrypto/doc/RSA_sign_ASN1_OCTET_STRING.pod @@ -47,8 +47,8 @@ These functions serve no recognizable purpose. =head1 SEE ALSO -L<ERR_get_error(3)|ERR_get_error(3)>, L<objects(3)|objects(3)>, L<rand(3)|rand(3)>, -L<rsa(3)|rsa(3)>, L<RSA_sign(3)|RSA_sign(3)>, +L<ERR_get_error(3)|ERR_get_error(3)>, L<objects(3)|objects(3)>, +L<rand(3)|rand(3)>, L<rsa(3)|rsa(3)>, L<RSA_sign(3)|RSA_sign(3)>, L<RSA_verify(3)|RSA_verify(3)> =head1 HISTORY diff --git a/lib/libcrypto/doc/d2i_DHparams.pod b/lib/libcrypto/doc/d2i_DHparams.pod index a6d1743d39a..1e98aebeca0 100644 --- a/lib/libcrypto/doc/d2i_DHparams.pod +++ b/lib/libcrypto/doc/d2i_DHparams.pod @@ -2,7 +2,7 @@ =head1 NAME -d2i_DHparams, i2d_DHparams - ... +d2i_DHparams, i2d_DHparams - PKCS#3 DH parameter functions. =head1 SYNOPSIS @@ -13,18 +13,18 @@ d2i_DHparams, i2d_DHparams - ... =head1 DESCRIPTION -... +These functions decode and encode PKCS#3 DH parameters using the +DHparameter structure described in PKCS#3. -=head1 RETURN VALUES - -... +Othewise these behave in a similar way to d2i_X509() and i2d_X509() +described in the L<d2i_X509(3)|d2i_X509(3)> manual page. =head1 SEE ALSO -... +L<d2i_X509(3)|d2i_X509(3)> =head1 HISTORY -... +TBA =cut diff --git a/lib/libcrypto/doc/d2i_RSAPublicKey.pod b/lib/libcrypto/doc/d2i_RSAPublicKey.pod index ff4d0d57dbf..7c71bcbf3db 100644 --- a/lib/libcrypto/doc/d2i_RSAPublicKey.pod +++ b/lib/libcrypto/doc/d2i_RSAPublicKey.pod @@ -2,7 +2,9 @@ =head1 NAME -d2i_RSAPublicKey, i2d_RSAPublicKey, d2i_RSAPrivateKey, i2d_RSAPrivateKey, i2d_Netscape_RSA, d2i_Netscape_RSA - ... +d2i_RSAPublicKey, i2d_RSAPublicKey, d2i_RSAPrivateKey, i2d_RSAPrivateKey, +d2i_RSA_PUBKEY, i2d_RSA_PUBKEY, i2d_Netscape_RSA, +d2i_Netscape_RSA - RSA public and private key encoding functions. =head1 SYNOPSIS @@ -12,6 +14,10 @@ d2i_RSAPublicKey, i2d_RSAPublicKey, d2i_RSAPrivateKey, i2d_RSAPrivateKey, i2d_Ne int i2d_RSAPublicKey(RSA *a, unsigned char **pp); + RSA * d2i_RSA_PUBKEY(RSA **a, unsigned char **pp, long length); + + int i2d_RSA_PUBKEY(RSA *a, unsigned char **pp); + RSA * d2i_RSAPrivateKey(RSA **a, unsigned char **pp, long length); int i2d_RSAPrivateKey(RSA *a, unsigned char **pp); @@ -22,18 +28,39 @@ d2i_RSAPublicKey, i2d_RSAPublicKey, d2i_RSAPrivateKey, i2d_RSAPrivateKey, i2d_Ne =head1 DESCRIPTION -... +d2i_RSAPublicKey() and i2d_RSAPublicKey() decode and encode a PKCS#1 RSAPublicKey +structure. + +d2i_RSA_PUKEY() and i2d_RSA_PUKEY() decode and encode an RSA public key using a +SubjectPublicKeyInfo (certificate public key) structure. + +d2i_RSAPrivateKey(), i2d_RSAPrivateKey() decode and encode a PKCS#1 RSAPrivateKey +structure. + +d2i_Netscape_RSA(), i2d_Netscape_RSA() decode and encode an RSA private key in +NET format. + +The usage of all of these functions is similar to the d2i_X509() and +i2d_X509() described in the L<d2i_X509(3)|d2i_X509(3)> manual page. + +=head1 NOTES + +The B<RSA> structure passed to the private key encoding functions should have +all the PKCS#1 private key components present. -=head1 RETURN VALUES +The data encoded by the private key functions is unencrypted and therefore +offers no private key security. -... +The NET format functions are present to provide compatibility with certain very +old software. This format has some severe security weaknesses and should be +avoided if possible. =head1 SEE ALSO -... +L<d2i_X509(3)|d2i_X509(3)> =head1 HISTORY -... +TBA =cut diff --git a/lib/libcrypto/dsa/Makefile.ssl b/lib/libcrypto/dsa/Makefile.ssl index d308caafcaa..e5f8a8cf514 100644 --- a/lib/libcrypto/dsa/Makefile.ssl +++ b/lib/libcrypto/dsa/Makefile.ssl @@ -70,7 +70,7 @@ lint: lint -DLINT $(INCLUDES) $(SRC)>fluff depend: - $(MAKEDEPEND) $(CFLAG) $(INCLUDES) $(DEPFLAG) $(PROGS) $(LIBSRC) + $(MAKEDEPEND) -- $(CFLAG) $(INCLUDES) $(DEPFLAG) -- $(PROGS) $(LIBSRC) dclean: $(PERL) -pe 'if (/^# DO NOT DELETE THIS LINE/) {print; exit(0);}' $(MAKEFILE) >Makefile.new @@ -143,35 +143,29 @@ dsa_ossl.o: ../../e_os.h ../../include/openssl/asn1.h dsa_ossl.o: ../../include/openssl/bio.h ../../include/openssl/bn.h dsa_ossl.o: ../../include/openssl/buffer.h ../../include/openssl/crypto.h dsa_ossl.o: ../../include/openssl/dh.h ../../include/openssl/dsa.h -dsa_ossl.o: ../../include/openssl/e_os2.h ../../include/openssl/engine.h -dsa_ossl.o: ../../include/openssl/err.h ../../include/openssl/lhash.h -dsa_ossl.o: ../../include/openssl/opensslconf.h +dsa_ossl.o: ../../include/openssl/e_os2.h ../../include/openssl/err.h +dsa_ossl.o: ../../include/openssl/lhash.h ../../include/openssl/opensslconf.h dsa_ossl.o: ../../include/openssl/opensslv.h ../../include/openssl/ossl_typ.h -dsa_ossl.o: ../../include/openssl/rand.h ../../include/openssl/rsa.h -dsa_ossl.o: ../../include/openssl/safestack.h ../../include/openssl/stack.h -dsa_ossl.o: ../../include/openssl/symhacks.h ../../include/openssl/ui.h +dsa_ossl.o: ../../include/openssl/rand.h ../../include/openssl/safestack.h +dsa_ossl.o: ../../include/openssl/stack.h ../../include/openssl/symhacks.h dsa_ossl.o: ../cryptlib.h dsa_ossl.c dsa_sign.o: ../../e_os.h ../../include/openssl/asn1.h dsa_sign.o: ../../include/openssl/bio.h ../../include/openssl/bn.h dsa_sign.o: ../../include/openssl/buffer.h ../../include/openssl/crypto.h dsa_sign.o: ../../include/openssl/dh.h ../../include/openssl/dsa.h -dsa_sign.o: ../../include/openssl/e_os2.h ../../include/openssl/engine.h -dsa_sign.o: ../../include/openssl/err.h ../../include/openssl/lhash.h -dsa_sign.o: ../../include/openssl/opensslconf.h +dsa_sign.o: ../../include/openssl/e_os2.h ../../include/openssl/err.h +dsa_sign.o: ../../include/openssl/lhash.h ../../include/openssl/opensslconf.h dsa_sign.o: ../../include/openssl/opensslv.h ../../include/openssl/ossl_typ.h -dsa_sign.o: ../../include/openssl/rand.h ../../include/openssl/rsa.h -dsa_sign.o: ../../include/openssl/safestack.h ../../include/openssl/stack.h -dsa_sign.o: ../../include/openssl/symhacks.h ../../include/openssl/ui.h +dsa_sign.o: ../../include/openssl/rand.h ../../include/openssl/safestack.h +dsa_sign.o: ../../include/openssl/stack.h ../../include/openssl/symhacks.h dsa_sign.o: ../cryptlib.h dsa_sign.c dsa_vrf.o: ../../e_os.h ../../include/openssl/asn1.h dsa_vrf.o: ../../include/openssl/asn1_mac.h ../../include/openssl/bio.h dsa_vrf.o: ../../include/openssl/bn.h ../../include/openssl/buffer.h dsa_vrf.o: ../../include/openssl/crypto.h ../../include/openssl/dh.h dsa_vrf.o: ../../include/openssl/dsa.h ../../include/openssl/e_os2.h -dsa_vrf.o: ../../include/openssl/engine.h ../../include/openssl/err.h -dsa_vrf.o: ../../include/openssl/lhash.h ../../include/openssl/opensslconf.h -dsa_vrf.o: ../../include/openssl/opensslv.h ../../include/openssl/ossl_typ.h -dsa_vrf.o: ../../include/openssl/rand.h ../../include/openssl/rsa.h +dsa_vrf.o: ../../include/openssl/err.h ../../include/openssl/lhash.h +dsa_vrf.o: ../../include/openssl/opensslconf.h ../../include/openssl/opensslv.h +dsa_vrf.o: ../../include/openssl/ossl_typ.h ../../include/openssl/rand.h dsa_vrf.o: ../../include/openssl/safestack.h ../../include/openssl/stack.h -dsa_vrf.o: ../../include/openssl/symhacks.h ../../include/openssl/ui.h -dsa_vrf.o: ../cryptlib.h dsa_vrf.c +dsa_vrf.o: ../../include/openssl/symhacks.h ../cryptlib.h dsa_vrf.c diff --git a/lib/libcrypto/dsa/dsa_lib.c b/lib/libcrypto/dsa/dsa_lib.c index da2cdfa3d64..4171af24c6c 100644 --- a/lib/libcrypto/dsa/dsa_lib.c +++ b/lib/libcrypto/dsa/dsa_lib.c @@ -63,7 +63,9 @@ #include <openssl/bn.h> #include <openssl/dsa.h> #include <openssl/asn1.h> +#ifndef OPENSSL_NO_ENGINE #include <openssl/engine.h> +#endif const char *DSA_version="DSA" OPENSSL_VERSION_PTEXT; @@ -93,11 +95,13 @@ int DSA_set_method(DSA *dsa, const DSA_METHOD *meth) const DSA_METHOD *mtmp; mtmp = dsa->meth; if (mtmp->finish) mtmp->finish(dsa); +#ifndef OPENSSL_NO_ENGINE if (dsa->engine) { ENGINE_finish(dsa->engine); dsa->engine = NULL; } +#endif dsa->meth = meth; if (meth->init) meth->init(dsa); return 1; @@ -114,6 +118,7 @@ DSA *DSA_new_method(ENGINE *engine) return(NULL); } ret->meth = DSA_get_default_method(); +#ifndef OPENSSL_NO_ENGINE if (engine) { if (!ENGINE_init(engine)) @@ -138,6 +143,7 @@ DSA *DSA_new_method(ENGINE *engine) return NULL; } } +#endif ret->pad=0; ret->version=0; @@ -158,8 +164,10 @@ DSA *DSA_new_method(ENGINE *engine) CRYPTO_new_ex_data(CRYPTO_EX_INDEX_DSA, ret, &ret->ex_data); if ((ret->meth->init != NULL) && !ret->meth->init(ret)) { +#ifndef OPENSSL_NO_ENGINE if (ret->engine) ENGINE_finish(ret->engine); +#endif CRYPTO_free_ex_data(CRYPTO_EX_INDEX_DSA, ret, &ret->ex_data); OPENSSL_free(ret); ret=NULL; @@ -189,8 +197,10 @@ void DSA_free(DSA *r) if(r->meth->finish) r->meth->finish(r); +#ifndef OPENSSL_NO_ENGINE if(r->engine) ENGINE_finish(r->engine); +#endif CRYPTO_free_ex_data(CRYPTO_EX_INDEX_DSA, r, &r->ex_data); @@ -224,7 +234,10 @@ int DSA_size(const DSA *r) { int ret,i; ASN1_INTEGER bs; - unsigned char buf[4]; + unsigned char buf[4]; /* 4 bytes looks really small. + However, i2d_ASN1_INTEGER() will not look + beyond the first byte, as long as the second + parameter is NULL. */ i=BN_num_bits(r->q); bs.length=(i+7)/8; diff --git a/lib/libcrypto/dsa/dsa_ossl.c b/lib/libcrypto/dsa/dsa_ossl.c index 37dd5fc9940..b9e7f3ea5c6 100644 --- a/lib/libcrypto/dsa/dsa_ossl.c +++ b/lib/libcrypto/dsa/dsa_ossl.c @@ -64,7 +64,6 @@ #include <openssl/dsa.h> #include <openssl/rand.h> #include <openssl/asn1.h> -#include <openssl/engine.h> static DSA_SIG *dsa_do_sign(const unsigned char *dgst, int dlen, DSA *dsa); static int dsa_sign_setup(DSA *dsa, BN_CTX *ctx_in, BIGNUM **kinvp, BIGNUM **rp); @@ -106,13 +105,15 @@ static DSA_SIG *dsa_do_sign(const unsigned char *dgst, int dlen, DSA *dsa) int i,reason=ERR_R_BN_LIB; DSA_SIG *ret=NULL; + BN_init(&m); + BN_init(&xr); + if (!dsa->p || !dsa->q || !dsa->g) { reason=DSA_R_MISSING_PARAMETERS; goto err; } - BN_init(&m); - BN_init(&xr); + s=BN_new(); if (s == NULL) goto err; @@ -178,6 +179,9 @@ static int dsa_sign_setup(DSA *dsa, BN_CTX *ctx_in, BIGNUM **kinvp, BIGNUM **rp) DSAerr(DSA_F_DSA_SIGN_SETUP,DSA_R_MISSING_PARAMETERS); return 0; } + + BN_init(&k); + if (ctx_in == NULL) { if ((ctx=BN_CTX_new()) == NULL) goto err; @@ -185,7 +189,6 @@ static int dsa_sign_setup(DSA *dsa, BN_CTX *ctx_in, BIGNUM **kinvp, BIGNUM **rp) else ctx=ctx_in; - BN_init(&k); if ((r=BN_new()) == NULL) goto err; kinv=NULL; @@ -241,11 +244,12 @@ static int dsa_do_verify(const unsigned char *dgst, int dgst_len, DSA_SIG *sig, return -1; } - if ((ctx=BN_CTX_new()) == NULL) goto err; BN_init(&u1); BN_init(&u2); BN_init(&t1); + if ((ctx=BN_CTX_new()) == NULL) goto err; + if (BN_is_zero(sig->r) || sig->r->neg || BN_ucmp(sig->r, dsa->q) >= 0) { ret = 0; diff --git a/lib/libcrypto/dsa/dsa_sign.c b/lib/libcrypto/dsa/dsa_sign.c index e9469ca62fd..89205026f01 100644 --- a/lib/libcrypto/dsa/dsa_sign.c +++ b/lib/libcrypto/dsa/dsa_sign.c @@ -64,7 +64,6 @@ #include <openssl/dsa.h> #include <openssl/rand.h> #include <openssl/asn1.h> -#include <openssl/engine.h> DSA_SIG * DSA_do_sign(const unsigned char *dgst, int dlen, DSA *dsa) { diff --git a/lib/libcrypto/dsa/dsa_vrf.c b/lib/libcrypto/dsa/dsa_vrf.c index 066c6b5b284..c4aeddd0560 100644 --- a/lib/libcrypto/dsa/dsa_vrf.c +++ b/lib/libcrypto/dsa/dsa_vrf.c @@ -65,7 +65,6 @@ #include <openssl/rand.h> #include <openssl/asn1.h> #include <openssl/asn1_mac.h> -#include <openssl/engine.h> int DSA_do_verify(const unsigned char *dgst, int dgst_len, DSA_SIG *sig, DSA *dsa) diff --git a/lib/libcrypto/dsa/dsagen.c b/lib/libcrypto/dsa/dsagen.c index a0b09766408..1b6a1cca0fe 100644 --- a/lib/libcrypto/dsa/dsagen.c +++ b/lib/libcrypto/dsa/dsagen.c @@ -103,7 +103,7 @@ main() bio_err=BIO_new_fp(stderr,BIO_NOCLOSE); memcpy(seed_buf,seed,20); - dsa=DSA_generate_parameters(1024,seed,20,&counter,&h,cb); + dsa=DSA_generate_parameters(1024,seed,20,&counter,&h,cb,bio_err); if (dsa == NULL) DSA_print(bio_err,dsa,0); diff --git a/lib/libcrypto/dsa/dsatest.c b/lib/libcrypto/dsa/dsatest.c index 12da64f9f49..4734ce4af85 100644 --- a/lib/libcrypto/dsa/dsatest.c +++ b/lib/libcrypto/dsa/dsatest.c @@ -61,14 +61,13 @@ #include <string.h> #include <sys/types.h> #include <sys/stat.h> + +#include "../e_os.h" + #include <openssl/crypto.h> #include <openssl/rand.h> #include <openssl/bio.h> #include <openssl/err.h> -#include <openssl/engine.h> -#ifdef OPENSSL_SYS_WINDOWS -#include "../bio/bss_file.c" -#endif #ifdef OPENSSL_NO_DSA int main(int argc, char *argv[]) @@ -212,10 +211,16 @@ end: BIO_free(bio_err); bio_err = NULL; } - exit(!ret); + EXIT(!ret); return(0); } +static int cb_exit(int ec) + { + EXIT(ec); + return(0); /* To keep some compilers quiet */ + } + static void MS_CALLBACK dsa_cb(int p, int n, void *arg) { char c='*'; @@ -231,7 +236,7 @@ static void MS_CALLBACK dsa_cb(int p, int n, void *arg) if (!ok && (p == 0) && (num > 1)) { BIO_printf((BIO *)arg,"error in dsatest\n"); - exit(1); + cb_exit(1); } } #endif diff --git a/lib/libcrypto/dso/Makefile.ssl b/lib/libcrypto/dso/Makefile.ssl index 5a551258241..c0449d184e5 100644 --- a/lib/libcrypto/dso/Makefile.ssl +++ b/lib/libcrypto/dso/Makefile.ssl @@ -70,7 +70,7 @@ lint: lint -DLINT $(INCLUDES) $(SRC)>fluff depend: - $(MAKEDEPEND) $(CFLAG) $(INCLUDES) $(DEPFLAG) $(PROGS) $(LIBSRC) + $(MAKEDEPEND) -- $(CFLAG) $(INCLUDES) $(DEPFLAG) -- $(PROGS) $(LIBSRC) dclean: $(PERL) -pe 'if (/^# DO NOT DELETE THIS LINE/) {print; exit(0);}' $(MAKEFILE) >Makefile.new diff --git a/lib/libcrypto/dso/dso_dl.c b/lib/libcrypto/dso/dso_dl.c index 195717e9935..79d2cb4d8c8 100644 --- a/lib/libcrypto/dso/dso_dl.c +++ b/lib/libcrypto/dso/dso_dl.c @@ -126,7 +126,7 @@ static int dl_load(DSO *dso) DSOerr(DSO_F_DL_LOAD,DSO_R_NO_FILENAME); goto err; } - ptr = shl_load(filename, BIND_IMMEDIATE|DYNAMIC_PATH, NULL); + ptr = shl_load(filename, BIND_IMMEDIATE|DYNAMIC_PATH, 0L); if(ptr == NULL) { DSOerr(DSO_F_DL_LOAD,DSO_R_LOAD_FAILED); diff --git a/lib/libcrypto/dso/dso_win32.c b/lib/libcrypto/dso/dso_win32.c index af8586d7542..6c30deb250b 100644 --- a/lib/libcrypto/dso/dso_win32.c +++ b/lib/libcrypto/dso/dso_win32.c @@ -61,7 +61,7 @@ #include "cryptlib.h" #include <openssl/dso.h> -#ifndef OPENSSL_SYS_WIN32 +#if !defined(OPENSSL_SYS_WIN32) || defined(OPENSSL_SYS_WINCE) DSO_METHOD *DSO_METHOD_win32(void) { return NULL; diff --git a/lib/libcrypto/ec/Makefile.ssl b/lib/libcrypto/ec/Makefile.ssl index ed602b4a7f3..a2805c47a2f 100644 --- a/lib/libcrypto/ec/Makefile.ssl +++ b/lib/libcrypto/ec/Makefile.ssl @@ -71,7 +71,7 @@ lint: lint -DLINT $(INCLUDES) $(SRC)>fluff depend: - $(MAKEDEPEND) $(CFLAG) $(INCLUDES) $(DEPFLAG) $(PROGS) $(LIBSRC) + $(MAKEDEPEND) -- $(CFLAG) $(INCLUDES) $(DEPFLAG) -- $(PROGS) $(LIBSRC) dclean: $(PERL) -pe 'if (/^# DO NOT DELETE THIS LINE/) {print; exit(0);}' $(MAKEFILE) >Makefile.new diff --git a/lib/libcrypto/ec/ec.h b/lib/libcrypto/ec/ec.h index a52d4edf141..6d6a9b71273 100644 --- a/lib/libcrypto/ec/ec.h +++ b/lib/libcrypto/ec/ec.h @@ -195,7 +195,6 @@ void ERR_load_EC_strings(void); #define EC_F_EC_GROUP_GET0_GENERATOR 139 #define EC_F_EC_GROUP_GET_COFACTOR 140 #define EC_F_EC_GROUP_GET_CURVE_GFP 130 -#define EC_F_EC_GROUP_GET_EXTRA_DATA 107 #define EC_F_EC_GROUP_GET_ORDER 141 #define EC_F_EC_GROUP_NEW 108 #define EC_F_EC_GROUP_PRECOMPUTE_MULT 142 @@ -232,7 +231,6 @@ void ERR_load_EC_strings(void); #define EC_R_INVALID_FIELD 103 #define EC_R_INVALID_FORM 104 #define EC_R_NOT_INITIALIZED 111 -#define EC_R_NO_SUCH_EXTRA_DATA 105 #define EC_R_POINT_AT_INFINITY 106 #define EC_R_POINT_IS_NOT_ON_CURVE 107 #define EC_R_SLOT_FULL 108 diff --git a/lib/libcrypto/ec/ec_err.c b/lib/libcrypto/ec/ec_err.c index 394cdc021fd..d37b6aba87f 100644 --- a/lib/libcrypto/ec/ec_err.c +++ b/lib/libcrypto/ec/ec_err.c @@ -84,7 +84,6 @@ static ERR_STRING_DATA EC_str_functs[]= {ERR_PACK(0,EC_F_EC_GROUP_GET0_GENERATOR,0), "EC_GROUP_get0_generator"}, {ERR_PACK(0,EC_F_EC_GROUP_GET_COFACTOR,0), "EC_GROUP_get_cofactor"}, {ERR_PACK(0,EC_F_EC_GROUP_GET_CURVE_GFP,0), "EC_GROUP_get_curve_GFp"}, -{ERR_PACK(0,EC_F_EC_GROUP_GET_EXTRA_DATA,0), "EC_GROUP_get_extra_data"}, {ERR_PACK(0,EC_F_EC_GROUP_GET_ORDER,0), "EC_GROUP_get_order"}, {ERR_PACK(0,EC_F_EC_GROUP_NEW,0), "EC_GROUP_new"}, {ERR_PACK(0,EC_F_EC_GROUP_PRECOMPUTE_MULT,0), "EC_GROUP_precompute_mult"}, @@ -124,7 +123,6 @@ static ERR_STRING_DATA EC_str_reasons[]= {EC_R_INVALID_FIELD ,"invalid field"}, {EC_R_INVALID_FORM ,"invalid form"}, {EC_R_NOT_INITIALIZED ,"not initialized"}, -{EC_R_NO_SUCH_EXTRA_DATA ,"no such extra data"}, {EC_R_POINT_AT_INFINITY ,"point at infinity"}, {EC_R_POINT_IS_NOT_ON_CURVE ,"point is not on curve"}, {EC_R_SLOT_FULL ,"slot full"}, diff --git a/lib/libcrypto/ec/ec_lib.c b/lib/libcrypto/ec/ec_lib.c index 0cf485de601..deb522060f2 100644 --- a/lib/libcrypto/ec/ec_lib.c +++ b/lib/libcrypto/ec/ec_lib.c @@ -128,7 +128,7 @@ void EC_GROUP_clear_free(EC_GROUP *group) EC_GROUP_clear_free_extra_data(group); - memset(group, 0, sizeof *group); + OPENSSL_cleanse(group, sizeof *group); OPENSSL_free(group); } @@ -268,7 +268,9 @@ void *EC_GROUP_get_extra_data(const EC_GROUP *group, void *(*extra_data_dup_func || (group->extra_data_free_func != extra_data_free_func) || (group->extra_data_clear_free_func != extra_data_clear_free_func)) { - ECerr(EC_F_EC_GROUP_GET_EXTRA_DATA, EC_R_NO_SUCH_EXTRA_DATA); +#if 0 /* this was an error in 0.9.7, but that does not make a lot of sense */ + ECerr(..._F_EC_GROUP_GET_EXTRA_DATA, ..._R_NO_SUCH_EXTRA_DATA); +#endif return NULL; } @@ -357,7 +359,7 @@ void EC_POINT_clear_free(EC_POINT *point) point->meth->point_clear_finish(point); else if (point->meth != NULL && point->meth->point_finish != 0) point->meth->point_finish(point); - memset(point, 0, sizeof *point); + OPENSSL_cleanse(point, sizeof *point); OPENSSL_free(point); } diff --git a/lib/libcrypto/ec/ec_mult.c b/lib/libcrypto/ec/ec_mult.c index 603ba31b819..4dbc9311206 100644 --- a/lib/libcrypto/ec/ec_mult.c +++ b/lib/libcrypto/ec/ec_mult.c @@ -209,6 +209,17 @@ int EC_POINTs_mul(const EC_GROUP *group, EC_POINT *r, const BIGNUM *scalar, EC_POINT ***val_sub = NULL; /* pointers to sub-arrays of 'val' */ int ret = 0; + if (group->meth != r->meth) + { + ECerr(EC_F_EC_POINTS_MUL, EC_R_INCOMPATIBLE_OBJECTS); + return 0; + } + + if ((scalar == NULL) && (num == 0)) + { + return EC_POINT_set_to_infinity(group, r); + } + if (scalar != NULL) { generator = EC_GROUP_get0_generator(group); diff --git a/lib/libcrypto/ec/ectest.c b/lib/libcrypto/ec/ectest.c index eab46cc0806..345d3e42892 100644 --- a/lib/libcrypto/ec/ectest.c +++ b/lib/libcrypto/ec/ectest.c @@ -55,6 +55,11 @@ #include <stdio.h> #include <stdlib.h> +#ifdef FLAT_INC +#include "e_os.h" +#else +#include "../e_os.h" +#endif #include <string.h> #include <time.h> @@ -65,14 +70,16 @@ int main(int argc, char * argv[]) { puts("Elliptic curves are disabled."); retur #include <openssl/ec.h> +#ifndef OPENSSL_NO_ENGINE #include <openssl/engine.h> +#endif #include <openssl/err.h> #define ABORT do { \ fflush(stdout); \ fprintf(stderr, "%s:%d: ABORT\n", __FILE__, __LINE__); \ ERR_print_errors_fp(stderr); \ - exit(1); \ + EXIT(1); \ } while (0) #if 0 @@ -623,7 +630,9 @@ int main(int argc, char *argv[]) if (P_384) EC_GROUP_free(P_384); if (P_521) EC_GROUP_free(P_521); +#ifndef OPENSSL_NO_ENGINE ENGINE_cleanup(); +#endif CRYPTO_cleanup_all_ex_data(); ERR_free_strings(); ERR_remove_state(0); diff --git a/lib/libcrypto/engine/Makefile.ssl b/lib/libcrypto/engine/Makefile.ssl index 8bc8985e023..30a4446ff96 100644 --- a/lib/libcrypto/engine/Makefile.ssl +++ b/lib/libcrypto/engine/Makefile.ssl @@ -50,7 +50,7 @@ all: lib lib: $(LIBOBJ) $(AR) $(LIB) $(LIBOBJ) - $(RANLIB) $(LIB) + $(RANLIB) $(LIB) || echo Never mind. @touch lib files: @@ -82,7 +82,7 @@ lint: lint -DLINT $(INCLUDES) $(SRC)>fluff depend: - $(MAKEDEPEND) $(CFLAG) $(INCLUDES) $(DEPFLAG) $(PROGS) $(LIBSRC) + $(MAKEDEPEND) -- $(CFLAG) $(INCLUDES) $(DEPFLAG) -- $(PROGS) $(LIBSRC) dclean: $(PERL) -pe 'if (/^# DO NOT DELETE THIS LINE/) {print; exit(0);}' $(MAKEFILE) >Makefile.new @@ -304,6 +304,27 @@ hw_atalla.o: ../../include/openssl/safestack.h ../../include/openssl/stack.h hw_atalla.o: ../../include/openssl/symhacks.h ../../include/openssl/ui.h hw_atalla.o: ../cryptlib.h hw_atalla.c hw_atalla_err.c hw_atalla_err.h hw_atalla.o: vendor_defns/atalla.h +hw_cryptodev.o: ../../include/openssl/aes.h ../../include/openssl/asn1.h +hw_cryptodev.o: ../../include/openssl/bio.h ../../include/openssl/blowfish.h +hw_cryptodev.o: ../../include/openssl/bn.h ../../include/openssl/cast.h +hw_cryptodev.o: ../../include/openssl/crypto.h ../../include/openssl/des.h +hw_cryptodev.o: ../../include/openssl/des_old.h ../../include/openssl/dh.h +hw_cryptodev.o: ../../include/openssl/dsa.h ../../include/openssl/e_os2.h +hw_cryptodev.o: ../../include/openssl/engine.h ../../include/openssl/err.h +hw_cryptodev.o: ../../include/openssl/evp.h ../../include/openssl/idea.h +hw_cryptodev.o: ../../include/openssl/lhash.h ../../include/openssl/md2.h +hw_cryptodev.o: ../../include/openssl/md4.h ../../include/openssl/md5.h +hw_cryptodev.o: ../../include/openssl/mdc2.h ../../include/openssl/obj_mac.h +hw_cryptodev.o: ../../include/openssl/objects.h +hw_cryptodev.o: ../../include/openssl/opensslconf.h +hw_cryptodev.o: ../../include/openssl/opensslv.h +hw_cryptodev.o: ../../include/openssl/ossl_typ.h ../../include/openssl/rand.h +hw_cryptodev.o: ../../include/openssl/rc2.h ../../include/openssl/rc4.h +hw_cryptodev.o: ../../include/openssl/rc5.h ../../include/openssl/ripemd.h +hw_cryptodev.o: ../../include/openssl/rsa.h ../../include/openssl/safestack.h +hw_cryptodev.o: ../../include/openssl/sha.h ../../include/openssl/stack.h +hw_cryptodev.o: ../../include/openssl/symhacks.h ../../include/openssl/ui.h +hw_cryptodev.o: ../../include/openssl/ui_compat.h hw_cryptodev.c hw_cswift.o: ../../e_os.h ../../include/openssl/asn1.h hw_cswift.o: ../../include/openssl/bio.h ../../include/openssl/bn.h hw_cswift.o: ../../include/openssl/buffer.h ../../include/openssl/crypto.h @@ -354,45 +375,6 @@ hw_nuron.o: ../../include/openssl/rand.h ../../include/openssl/rsa.h hw_nuron.o: ../../include/openssl/safestack.h ../../include/openssl/stack.h hw_nuron.o: ../../include/openssl/symhacks.h ../../include/openssl/ui.h hw_nuron.o: ../cryptlib.h hw_nuron.c hw_nuron_err.c hw_nuron_err.h -hw_cryptodev.o: ../../include/openssl/aes.h -hw_cryptodev.o: ../../include/openssl/asn1.h -hw_cryptodev.o: ../../include/openssl/bio.h -hw_cryptodev.o: ../../include/openssl/blowfish.h -hw_cryptodev.o: ../../include/openssl/bn.h -hw_cryptodev.o: ../../include/openssl/cast.h -hw_cryptodev.o: ../../include/openssl/conf.h -hw_cryptodev.o: ../../include/openssl/crypto.h -hw_cryptodev.o: ../../include/openssl/des.h -hw_cryptodev.o: ../../include/openssl/des_old.h -hw_cryptodev.o: ../../include/openssl/dh.h ../../include/openssl/dsa.h -hw_cryptodev.o: ../../include/openssl/e_os2.h -hw_cryptodev.o: ../../include/openssl/engine.h -hw_cryptodev.o: ../../include/openssl/err.h -hw_cryptodev.o: ../../include/openssl/evp.h -hw_cryptodev.o: ../../include/openssl/idea.h -hw_cryptodev.o: ../../include/openssl/lhash.h -hw_cryptodev.o: ../../include/openssl/md2.h -hw_cryptodev.o: ../../include/openssl/md4.h -hw_cryptodev.o: ../../include/openssl/md5.h -hw_cryptodev.o: ../../include/openssl/mdc2.h -hw_cryptodev.o: ../../include/openssl/obj_mac.h -hw_cryptodev.o: ../../include/openssl/objects.h -hw_cryptodev.o: ../../include/openssl/opensslconf.h -hw_cryptodev.o: ../../include/openssl/opensslv.h -hw_cryptodev.o: ../../include/openssl/ossl_typ.h -hw_cryptodev.o: ../../include/openssl/rand.h -hw_cryptodev.o: ../../include/openssl/rc2.h -hw_cryptodev.o: ../../include/openssl/rc4.h -hw_cryptodev.o: ../../include/openssl/rc5.h -hw_cryptodev.o: ../../include/openssl/ripemd.h -hw_cryptodev.o: ../../include/openssl/rsa.h -hw_cryptodev.o: ../../include/openssl/safestack.h -hw_cryptodev.o: ../../include/openssl/sha.h -hw_cryptodev.o: ../../include/openssl/stack.h -hw_cryptodev.o: ../../include/openssl/symhacks.h -hw_cryptodev.o: ../../include/openssl/ui.h -hw_cryptodev.o: ../../include/openssl/ui_compat.h ../evp/evp_locl.h -hw_cryptodev.o: eng_int.h hw_cryptodev.c hw_sureware.o: ../../e_os.h ../../include/openssl/aes.h hw_sureware.o: ../../include/openssl/asn1.h ../../include/openssl/bio.h hw_sureware.o: ../../include/openssl/blowfish.h ../../include/openssl/bn.h diff --git a/lib/libcrypto/engine/eng_all.c b/lib/libcrypto/engine/eng_all.c index bc504654225..0f6992a40db 100644 --- a/lib/libcrypto/engine/eng_all.c +++ b/lib/libcrypto/engine/eng_all.c @@ -60,10 +60,6 @@ #include <openssl/engine.h> #include "eng_int.h" -#ifdef __OpenBSD__ -static int openbsd_default_loaded = 0; -#endif - void ENGINE_load_builtin_engines(void) { /* There's no longer any need for an "openssl" ENGINE unless, one day, @@ -99,21 +95,19 @@ void ENGINE_load_builtin_engines(void) #ifndef OPENSSL_NO_HW_4758_CCA ENGINE_load_4758cca(); #endif -#ifdef OPENSSL_OPENBSD_DEV_CRYPTO - ENGINE_load_openbsd_dev_crypto(); -#endif -#ifdef __OpenBSD__ +#if defined(__OpenBSD__) || defined(__FreeBSD__) ENGINE_load_cryptodev(); #endif #endif } -#ifdef __OpenBSD__ -void ENGINE_setup_openbsd(void) { - if (!openbsd_default_loaded) { +#if defined(__OpenBSD__) || defined(__FreeBSD__) +void ENGINE_setup_bsd_cryptodev(void) { + static int bsd_cryptodev_default_loaded = 0; + if (!bsd_cryptodev_default_loaded) { ENGINE_load_cryptodev(); ENGINE_register_all_complete(); } - openbsd_default_loaded=1; + bsd_cryptodev_default_loaded=1; } #endif diff --git a/lib/libcrypto/engine/eng_err.c b/lib/libcrypto/engine/eng_err.c index f6c56303959..814d95ee328 100644 --- a/lib/libcrypto/engine/eng_err.c +++ b/lib/libcrypto/engine/eng_err.c @@ -1,6 +1,6 @@ /* crypto/engine/eng_err.c */ /* ==================================================================== - * Copyright (c) 1999 The OpenSSL Project. All rights reserved. + * Copyright (c) 1999-2002 The OpenSSL Project. All rights reserved. * * Redistribution and use in source and binary forms, with or without * modification, are permitted provided that the following conditions @@ -96,6 +96,7 @@ static ERR_STRING_DATA ENGINE_str_functs[]= {ERR_PACK(0,ENGINE_F_ENGINE_SET_NAME,0), "ENGINE_set_name"}, {ERR_PACK(0,ENGINE_F_ENGINE_TABLE_REGISTER,0), "ENGINE_TABLE_REGISTER"}, {ERR_PACK(0,ENGINE_F_ENGINE_UNLOAD_KEY,0), "ENGINE_UNLOAD_KEY"}, +{ERR_PACK(0,ENGINE_F_ENGINE_UP_REF,0), "ENGINE_up_ref"}, {ERR_PACK(0,ENGINE_F_INT_CTRL_HELPER,0), "INT_CTRL_HELPER"}, {ERR_PACK(0,ENGINE_F_INT_ENGINE_CONFIGURE,0), "INT_ENGINE_CONFIGURE"}, {ERR_PACK(0,ENGINE_F_LOG_MESSAGE,0), "LOG_MESSAGE"}, diff --git a/lib/libcrypto/engine/eng_fat.c b/lib/libcrypto/engine/eng_fat.c index f7edb5ad32f..0d7dae00b24 100644 --- a/lib/libcrypto/engine/eng_fat.c +++ b/lib/libcrypto/engine/eng_fat.c @@ -66,18 +66,18 @@ int ENGINE_set_default(ENGINE *e, unsigned int flags) if((flags & ENGINE_METHOD_DIGESTS) && !ENGINE_set_default_digests(e)) return 0; #ifndef OPENSSL_NO_RSA - if((flags & ENGINE_METHOD_RSA) & !ENGINE_set_default_RSA(e)) + if((flags & ENGINE_METHOD_RSA) && !ENGINE_set_default_RSA(e)) return 0; #endif #ifndef OPENSSL_NO_DSA - if((flags & ENGINE_METHOD_DSA) & !ENGINE_set_default_DSA(e)) + if((flags & ENGINE_METHOD_DSA) && !ENGINE_set_default_DSA(e)) return 0; #endif #ifndef OPENSSL_NO_DH - if((flags & ENGINE_METHOD_DH) & !ENGINE_set_default_DH(e)) + if((flags & ENGINE_METHOD_DH) && !ENGINE_set_default_DH(e)) return 0; #endif - if((flags & ENGINE_METHOD_RAND) & !ENGINE_set_default_RAND(e)) + if((flags & ENGINE_METHOD_RAND) && !ENGINE_set_default_RAND(e)) return 0; return 1; } diff --git a/lib/libcrypto/engine/eng_list.c b/lib/libcrypto/engine/eng_list.c index 0c220558e78..1cc3217f4cc 100644 --- a/lib/libcrypto/engine/eng_list.c +++ b/lib/libcrypto/engine/eng_list.c @@ -191,14 +191,14 @@ ENGINE *ENGINE_get_first(void) { ENGINE *ret; - CRYPTO_r_lock(CRYPTO_LOCK_ENGINE); + CRYPTO_w_lock(CRYPTO_LOCK_ENGINE); ret = engine_list_head; if(ret) { ret->struct_ref++; engine_ref_debug(ret, 0, 1) } - CRYPTO_r_unlock(CRYPTO_LOCK_ENGINE); + CRYPTO_w_unlock(CRYPTO_LOCK_ENGINE); return ret; } @@ -206,14 +206,14 @@ ENGINE *ENGINE_get_last(void) { ENGINE *ret; - CRYPTO_r_lock(CRYPTO_LOCK_ENGINE); - ret = engine_list_tail; + CRYPTO_w_lock(CRYPTO_LOCK_ENGINE); + ret = engine_list_tail; if(ret) { ret->struct_ref++; engine_ref_debug(ret, 0, 1) } - CRYPTO_r_unlock(CRYPTO_LOCK_ENGINE); + CRYPTO_w_unlock(CRYPTO_LOCK_ENGINE); return ret; } @@ -227,7 +227,7 @@ ENGINE *ENGINE_get_next(ENGINE *e) ERR_R_PASSED_NULL_PARAMETER); return 0; } - CRYPTO_r_lock(CRYPTO_LOCK_ENGINE); + CRYPTO_w_lock(CRYPTO_LOCK_ENGINE); ret = e->next; if(ret) { @@ -235,7 +235,7 @@ ENGINE *ENGINE_get_next(ENGINE *e) ret->struct_ref++; engine_ref_debug(ret, 0, 1) } - CRYPTO_r_unlock(CRYPTO_LOCK_ENGINE); + CRYPTO_w_unlock(CRYPTO_LOCK_ENGINE); /* Release the structural reference to the previous ENGINE */ ENGINE_free(e); return ret; @@ -250,7 +250,7 @@ ENGINE *ENGINE_get_prev(ENGINE *e) ERR_R_PASSED_NULL_PARAMETER); return 0; } - CRYPTO_r_lock(CRYPTO_LOCK_ENGINE); + CRYPTO_w_lock(CRYPTO_LOCK_ENGINE); ret = e->prev; if(ret) { @@ -258,7 +258,7 @@ ENGINE *ENGINE_get_prev(ENGINE *e) ret->struct_ref++; engine_ref_debug(ret, 0, 1) } - CRYPTO_r_unlock(CRYPTO_LOCK_ENGINE); + CRYPTO_w_unlock(CRYPTO_LOCK_ENGINE); /* Release the structural reference to the previous ENGINE */ ENGINE_free(e); return ret; @@ -346,7 +346,7 @@ ENGINE *ENGINE_by_id(const char *id) ERR_R_PASSED_NULL_PARAMETER); return NULL; } - CRYPTO_r_lock(CRYPTO_LOCK_ENGINE); + CRYPTO_w_lock(CRYPTO_LOCK_ENGINE); iterator = engine_list_head; while(iterator && (strcmp(id, iterator->id) != 0)) iterator = iterator->next; @@ -372,7 +372,7 @@ ENGINE *ENGINE_by_id(const char *id) engine_ref_debug(iterator, 0, 1) } } - CRYPTO_r_unlock(CRYPTO_LOCK_ENGINE); + CRYPTO_w_unlock(CRYPTO_LOCK_ENGINE); if(iterator == NULL) { ENGINEerr(ENGINE_F_ENGINE_BY_ID, @@ -381,3 +381,14 @@ ENGINE *ENGINE_by_id(const char *id) } return iterator; } + +int ENGINE_up_ref(ENGINE *e) + { + if (e == NULL) + { + ENGINEerr(ENGINE_F_ENGINE_UP_REF,ERR_R_PASSED_NULL_PARAMETER); + return 0; + } + CRYPTO_add(&e->struct_ref,1,CRYPTO_LOCK_ENGINE); + return 1; + } diff --git a/lib/libcrypto/engine/eng_openssl.c b/lib/libcrypto/engine/eng_openssl.c index e9d976f46bf..54579eea2e6 100644 --- a/lib/libcrypto/engine/eng_openssl.c +++ b/lib/libcrypto/engine/eng_openssl.c @@ -63,6 +63,7 @@ #include <openssl/engine.h> #include <openssl/dso.h> #include <openssl/pem.h> +#include <openssl/evp.h> /* This testing gunk is implemented (and explained) lower down. It also assumes * the application explicitly calls "ENGINE_load_openssl()" because this is no @@ -78,6 +79,21 @@ /* #define TEST_ENG_OPENSSL_SHA_P_UPDATE */ /* #define TEST_ENG_OPENSSL_SHA_P_FINAL */ +/* Now check what of those algorithms are actually enabled */ +#ifdef OPENSSL_NO_RC4 +#undef TEST_ENG_OPENSSL_RC4 +#undef TEST_ENG_OPENSSL_RC4_OTHERS +#undef TEST_ENG_OPENSSL_RC4_P_INIT +#undef TEST_ENG_OPENSSL_RC4_P_CIPHER +#endif +#if defined(OPENSSL_NO_SHA) || defined(OPENSSL_NO_SHA0) || defined(OPENSSL_NO_SHA1) +#undef TEST_ENG_OPENSSL_SHA +#undef TEST_ENG_OPENSSL_SHA_OTHERS +#undef TEST_ENG_OPENSSL_SHA_P_INIT +#undef TEST_ENG_OPENSSL_SHA_P_UPDATE +#undef TEST_ENG_OPENSSL_SHA_P_FINAL +#endif + #ifdef TEST_ENG_OPENSSL_RC4 static int openssl_ciphers(ENGINE *e, const EVP_CIPHER **cipher, const int **nids, int nid); @@ -180,7 +196,6 @@ IMPLEMENT_DYNAMIC_BIND_FN(bind_fn) * the "init_key" handler is called. * TEST_ENG_OPENSSL_RC4_P_CIPHER - ditto for the "cipher" handler. */ -#include <openssl/evp.h> #include <openssl/rc4.h> #define TEST_RC4_KEY_SIZE 16 static int test_cipher_nids[] = {NID_rc4,NID_rc4_40}; @@ -265,7 +280,6 @@ static int openssl_ciphers(ENGINE *e, const EVP_CIPHER **cipher, #ifdef TEST_ENG_OPENSSL_SHA /* Much the same sort of comment as for TEST_ENG_OPENSSL_RC4 */ -#include <openssl/evp.h> #include <openssl/sha.h> static int test_digest_nids[] = {NID_sha1}; static int test_digest_nids_number = 1; diff --git a/lib/libcrypto/engine/engine.h b/lib/libcrypto/engine/engine.h index fd17ff616d2..8686879e1a3 100644 --- a/lib/libcrypto/engine/engine.h +++ b/lib/libcrypto/engine/engine.h @@ -59,6 +59,12 @@ #ifndef HEADER_ENGINE_H #define HEADER_ENGINE_H +#include <openssl/opensslconf.h> + +#ifdef OPENSSL_NO_ENGINE +#error ENGINE is disabled. +#endif + #include <openssl/ossl_typ.h> #include <openssl/bn.h> #ifndef OPENSSL_NO_RSA @@ -307,11 +313,8 @@ void ENGINE_load_ubsec(void); void ENGINE_load_aep(void); void ENGINE_load_sureware(void); void ENGINE_load_4758cca(void); -void ENGINE_load_openbsd_dev_crypto(void); -void ENGINE_load_builtin_engines(void); -#ifdef __OpenBSD__ void ENGINE_load_cryptodev(void); -#endif +void ENGINE_load_builtin_engines(void); /* Get and set global flags (ENGINE_TABLE_FLAG_***) for the implementation * "registry" handling. */ @@ -409,6 +412,7 @@ int ENGINE_ctrl_cmd_string(ENGINE *e, const char *cmd_name, const char *arg, * compatibility! */ ENGINE *ENGINE_new(void); int ENGINE_free(ENGINE *e); +int ENGINE_up_ref(ENGINE *e); int ENGINE_set_id(ENGINE *e, const char *id); int ENGINE_set_name(ENGINE *e, const char *name); int ENGINE_set_RSA(ENGINE *e, const RSA_METHOD *rsa_meth); @@ -665,6 +669,7 @@ void ERR_load_ENGINE_strings(void); #define ENGINE_F_ENGINE_SET_NAME 130 #define ENGINE_F_ENGINE_TABLE_REGISTER 184 #define ENGINE_F_ENGINE_UNLOAD_KEY 152 +#define ENGINE_F_ENGINE_UP_REF 190 #define ENGINE_F_INT_CTRL_HELPER 172 #define ENGINE_F_INT_ENGINE_CONFIGURE 188 #define ENGINE_F_LOG_MESSAGE 141 diff --git a/lib/libcrypto/engine/enginetest.c b/lib/libcrypto/engine/enginetest.c index 87fa8c57b72..c2d0297392f 100644 --- a/lib/libcrypto/engine/enginetest.c +++ b/lib/libcrypto/engine/enginetest.c @@ -56,9 +56,17 @@ * */ -#include <openssl/e_os2.h> #include <stdio.h> #include <string.h> + +#ifdef OPENSSL_NO_ENGINE +int main(int argc, char *argv[]) +{ + printf("No ENGINE support\n"); + return(0); +} +#else +#include <openssl/e_os2.h> #include <openssl/buffer.h> #include <openssl/crypto.h> #include <openssl/engine.h> @@ -272,3 +280,4 @@ end: CRYPTO_mem_leaks_fp(stderr); return to_return; } +#endif diff --git a/lib/libcrypto/engine/hw_4758_cca.c b/lib/libcrypto/engine/hw_4758_cca.c index 6d41b9ed2ad..4f5ae8a46dc 100644 --- a/lib/libcrypto/engine/hw_4758_cca.c +++ b/lib/libcrypto/engine/hw_4758_cca.c @@ -223,6 +223,7 @@ static int bind_helper(ENGINE *e) return 1; } +#ifndef ENGINE_DYNAMIC_SUPPORT static ENGINE *engine_4758_cca(void) { ENGINE *ret = ENGINE_new(); @@ -244,6 +245,7 @@ void ENGINE_load_4758cca(void) ENGINE_free(e_4758); ERR_clear_error(); } +#endif static int ibm_4758_cca_destroy(ENGINE *e) { @@ -715,7 +717,7 @@ static int cca_rsa_verify(int type, const unsigned char *m, unsigned int m_len, if (type == NID_sha1 || type == NID_md5) { - memset(hashBuffer, 0, keyLength+1); + OPENSSL_cleanse(hashBuffer, keyLength+1); OPENSSL_free(hashBuffer); } @@ -838,7 +840,7 @@ static int cca_rsa_sign(int type, const unsigned char *m, unsigned int m_len, if (type == NID_sha1 || type == NID_md5) { - memset(hashBuffer, 0, keyLength+1); + OPENSSL_cleanse(hashBuffer, keyLength+1); OPENSSL_free(hashBuffer); } diff --git a/lib/libcrypto/engine/hw_atalla.c b/lib/libcrypto/engine/hw_atalla.c index 6151c469024..e9eff9fad11 100644 --- a/lib/libcrypto/engine/hw_atalla.c +++ b/lib/libcrypto/engine/hw_atalla.c @@ -242,6 +242,7 @@ static int bind_helper(ENGINE *e) return 1; } +#ifndef ENGINE_DYNAMIC_SUPPORT static ENGINE *engine_atalla(void) { ENGINE *ret = ENGINE_new(); @@ -264,6 +265,7 @@ void ENGINE_load_atalla(void) ENGINE_free(toadd); ERR_clear_error(); } +#endif /* This is a process-global DSO handle used for loading and unloading * the Atalla library. NB: This is only set (or unset) during an diff --git a/lib/libcrypto/engine/hw_cryptodev.c b/lib/libcrypto/engine/hw_cryptodev.c index 034c7ca2137..139119b80c7 100644 --- a/lib/libcrypto/engine/hw_cryptodev.c +++ b/lib/libcrypto/engine/hw_cryptodev.c @@ -29,8 +29,32 @@ * */ -#include <sys/types.h> +#include <openssl/objects.h> +#include <openssl/engine.h> +#include <openssl/evp.h> + +#if (defined(__unix__) || defined(unix)) && !defined(USG) #include <sys/param.h> +# if (OpenBSD >= 200112) || ((__FreeBSD_version >= 470101 && __FreeBSD_version < 500000) || __FreeBSD_version >= 500041) +# define HAVE_CRYPTODEV +# endif +# if (OpenBSD >= 200110) +# define HAVE_SYSLOG_R +# endif +#endif + +#ifndef HAVE_CRYPTODEV + +void +ENGINE_load_cryptodev(void) +{ + /* This is a NOP on platforms without /dev/crypto */ + return; +} + +#else + +#include <sys/types.h> #include <crypto/cryptodev.h> #include <sys/ioctl.h> #include <errno.h> @@ -39,9 +63,6 @@ #include <fcntl.h> #include <stdarg.h> #include <syslog.h> -#include <ssl/objects.h> -#include <ssl/engine.h> -#include <ssl/evp.h> #include <errno.h> #include <string.h> @@ -101,10 +122,6 @@ static int cryptodev_ctrl(ENGINE *e, int cmd, long i, void *p, void ENGINE_load_cryptodev(void); static const ENGINE_CMD_DEFN cryptodev_defns[] = { - {ENGINE_CMD_BASE, - "SO_PATH", - "Specifies the path to the some stupid shared library", - ENGINE_CMD_FLAG_STRING}, { 0, NULL, NULL, 0 } }; @@ -1011,12 +1028,18 @@ static DH_METHOD cryptodev_dh = { static int cryptodev_ctrl(ENGINE *e, int cmd, long i, void *p, void (*f)()) { +#ifdef HAVE_SYSLOG_R struct syslog_data sd = SYSLOG_DATA_INIT; +#endif switch (cmd) { default: +#ifdef HAVE_SYSLOG_R syslog_r(LOG_ERR, &sd, "cryptodev_ctrl: unknown command %d", cmd); +#else + syslog(LOG_ERR, "cryptodev_ctrl: unknown command %d", cmd); +#endif break; } return (1); @@ -1043,7 +1066,7 @@ ENGINE_load_cryptodev(void) close(fd); if (!ENGINE_set_id(engine, "cryptodev") || - !ENGINE_set_name(engine, "OpenBSD cryptodev engine") || + !ENGINE_set_name(engine, "BSD cryptodev engine") || !ENGINE_set_ciphers(engine, cryptodev_engine_ciphers) || !ENGINE_set_digests(engine, cryptodev_engine_digests) || !ENGINE_set_ctrl_function(engine, cryptodev_ctrl) || @@ -1104,3 +1127,5 @@ ENGINE_load_cryptodev(void) ENGINE_free(engine); ERR_clear_error(); } + +#endif /* HAVE_CRYPTODEV */ diff --git a/lib/libcrypto/engine/hw_cswift.c b/lib/libcrypto/engine/hw_cswift.c index f5c897bdbba..f128ee5a68d 100644 --- a/lib/libcrypto/engine/hw_cswift.c +++ b/lib/libcrypto/engine/hw_cswift.c @@ -121,6 +121,10 @@ static int cswift_mod_exp_dh(const DH *dh, BIGNUM *r, const BIGNUM *m, BN_CTX *ctx, BN_MONT_CTX *m_ctx); #endif +/* RAND stuff */ +static int cswift_rand_bytes(unsigned char *buf, int num); +static int cswift_rand_status(void); + /* The definitions for control commands specific to this engine */ #define CSWIFT_CMD_SO_PATH ENGINE_CMD_BASE static const ENGINE_CMD_DEFN cswift_cmd_defns[] = { @@ -183,6 +187,18 @@ static DH_METHOD cswift_dh = }; #endif +static RAND_METHOD cswift_random = + { + /* "CryptoSwift RAND method", */ + NULL, + cswift_rand_bytes, + NULL, + NULL, + cswift_rand_bytes, + cswift_rand_status, + }; + + /* Constants used when creating the ENGINE */ static const char *engine_cswift_id = "cswift"; static const char *engine_cswift_name = "CryptoSwift hardware engine support"; @@ -208,6 +224,7 @@ static int bind_helper(ENGINE *e) #ifndef OPENSSL_NO_DH !ENGINE_set_DH(e, &cswift_dh) || #endif + !ENGINE_set_RAND(e, &cswift_random) || !ENGINE_set_destroy_function(e, cswift_destroy) || !ENGINE_set_init_function(e, cswift_init) || !ENGINE_set_finish_function(e, cswift_finish) || @@ -242,6 +259,7 @@ static int bind_helper(ENGINE *e) return 1; } +#ifndef ENGINE_DYNAMIC_SUPPORT static ENGINE *engine_cswift(void) { ENGINE *ret = ENGINE_new(); @@ -264,6 +282,7 @@ void ENGINE_load_cswift(void) ENGINE_free(toadd); ERR_clear_error(); } +#endif /* This is a process-global DSO handle used for loading and unloading * the CryptoSwift library. NB: This is only set (or unset) during an @@ -905,6 +924,60 @@ static int cswift_mod_exp_dh(const DH *dh, BIGNUM *r, } #endif +/* Random bytes are good */ +static int cswift_rand_bytes(unsigned char *buf, int num) +{ + SW_CONTEXT_HANDLE hac; + SW_STATUS swrc; + SW_LARGENUMBER largenum; + size_t nbytes = 0; + int acquired = 0; + int to_return = 0; /* assume failure */ + + if (!get_context(&hac)) + { + CSWIFTerr(CSWIFT_F_CSWIFT_CTRL, CSWIFT_R_UNIT_FAILURE); + goto err; + } + acquired = 1; + + while (nbytes < (size_t)num) + { + /* tell CryptoSwift how many bytes we want and where we want it. + * Note: - CryptoSwift cannot do more than 4096 bytes at a time. + * - CryptoSwift can only do multiple of 32-bits. */ + largenum.value = (SW_BYTE *) buf + nbytes; + if (4096 > num - nbytes) + largenum.nbytes = num - nbytes; + else + largenum.nbytes = 4096; + + swrc = p_CSwift_SimpleRequest(hac, SW_CMD_RAND, NULL, 0, &largenum, 1); + if (swrc != SW_OK) + { + char tmpbuf[20]; + CSWIFTerr(CSWIFT_F_CSWIFT_CTRL, CSWIFT_R_REQUEST_FAILED); + sprintf(tmpbuf, "%ld", swrc); + ERR_add_error_data(2, "CryptoSwift error number is ", tmpbuf); + goto err; + } + + nbytes += largenum.nbytes; + } + to_return = 1; /* success */ + +err: + if (acquired) + release_context(hac); + return to_return; +} + +static int cswift_rand_status(void) +{ + return 1; +} + + /* This stuff is needed if this ENGINE is being compiled into a self-contained * shared-library. */ #ifdef ENGINE_DYNAMIC_SUPPORT diff --git a/lib/libcrypto/engine/hw_ncipher.c b/lib/libcrypto/engine/hw_ncipher.c index a43d4360f2a..0d1c6b8df0e 100644 --- a/lib/libcrypto/engine/hw_ncipher.c +++ b/lib/libcrypto/engine/hw_ncipher.c @@ -91,11 +91,19 @@ static int hwcrhk_init(ENGINE *e); static int hwcrhk_finish(ENGINE *e); static int hwcrhk_ctrl(ENGINE *e, int cmd, long i, void *p, void (*f)()); -/* Functions to handle mutexes */ +/* Functions to handle mutexes if have dynamic locks */ static int hwcrhk_mutex_init(HWCryptoHook_Mutex*, HWCryptoHook_CallerContext*); static int hwcrhk_mutex_lock(HWCryptoHook_Mutex*); static void hwcrhk_mutex_unlock(HWCryptoHook_Mutex*); static void hwcrhk_mutex_destroy(HWCryptoHook_Mutex*); +#if 1 /* This is a HACK which will disappear in 0.9.8 */ +/* Functions to handle mutexes if only have static locks */ +static int hwcrhk_static_mutex_init(HWCryptoHook_Mutex *m, + HWCryptoHook_CallerContext *c); +static int hwcrhk_static_mutex_lock(HWCryptoHook_Mutex *m); +static void hwcrhk_static_mutex_unlock(HWCryptoHook_Mutex *m); +static void hwcrhk_static_mutex_destroy(HWCryptoHook_Mutex *m); +#endif /* BIGNUM stuff */ static int hwcrhk_mod_exp(BIGNUM *r, const BIGNUM *a, const BIGNUM *p, @@ -373,6 +381,7 @@ static int bind_helper(ENGINE *e) return 1; } +#ifndef ENGINE_DYNAMIC_SUPPORT static ENGINE *engine_ncipher(void) { ENGINE *ret = ENGINE_new(); @@ -395,6 +404,7 @@ void ENGINE_load_chil(void) ENGINE_free(toadd); ERR_clear_error(); } +#endif /* This is a process-global DSO handle used for loading and unloading * the HWCryptoHook library. NB: This is only set (or unset) during an @@ -558,15 +568,31 @@ static int hwcrhk_init(ENGINE *e) /* Check if the application decided to support dynamic locks, and if it does, use them. */ - if (disable_mutex_callbacks == 0 && - CRYPTO_get_dynlock_create_callback() != NULL && - CRYPTO_get_dynlock_lock_callback() != NULL && - CRYPTO_get_dynlock_destroy_callback() != NULL) + if (disable_mutex_callbacks == 0) { - hwcrhk_globals.mutex_init = hwcrhk_mutex_init; - hwcrhk_globals.mutex_acquire = hwcrhk_mutex_lock; - hwcrhk_globals.mutex_release = hwcrhk_mutex_unlock; - hwcrhk_globals.mutex_destroy = hwcrhk_mutex_destroy; + if (CRYPTO_get_dynlock_create_callback() != NULL && + CRYPTO_get_dynlock_lock_callback() != NULL && + CRYPTO_get_dynlock_destroy_callback() != NULL) + { + hwcrhk_globals.mutex_init = hwcrhk_mutex_init; + hwcrhk_globals.mutex_acquire = hwcrhk_mutex_lock; + hwcrhk_globals.mutex_release = hwcrhk_mutex_unlock; + hwcrhk_globals.mutex_destroy = hwcrhk_mutex_destroy; + } + else if (CRYPTO_get_locking_callback() != NULL) + { + HWCRHKerr(HWCRHK_F_HWCRHK_INIT,HWCRHK_R_DYNAMIC_LOCKING_MISSING); + ERR_add_error_data(1,"You HAVE to add dynamic locking callbacks via CRYPTO_set_dynlock_{create,lock,destroy}_callback()"); +#if 1 /* This is a HACK which will disappear in 0.9.8 */ + hwcrhk_globals.maxmutexes = 1; /* Only have one lock */ + hwcrhk_globals.mutex_init = hwcrhk_static_mutex_init; + hwcrhk_globals.mutex_acquire = hwcrhk_static_mutex_lock; + hwcrhk_globals.mutex_release = hwcrhk_static_mutex_unlock; + hwcrhk_globals.mutex_destroy = hwcrhk_static_mutex_destroy; +#else + goto err; +#endif + } } /* Try and get a context - if not, we may have a DSO but no @@ -1020,7 +1046,7 @@ static int hwcrhk_rsa_mod_exp(BIGNUM *r, const BIGNUM *I, RSA *rsa) /* Perform the operation */ ret = p_hwcrhk_ModExpCRT(hwcrhk_context, m_a, m_p, m_q, - m_dmp1, m_dmq1, m_iqmp, &m_r, NULL); + m_dmp1, m_dmq1, m_iqmp, &m_r, &rmsg); /* Convert the response */ r->top = m_r.size / sizeof(BN_ULONG); @@ -1171,6 +1197,26 @@ static void hwcrhk_mutex_destroy(HWCryptoHook_Mutex *mt) CRYPTO_destroy_dynlockid(mt->lockid); } +/* Mutex upcalls to use if the application does not support dynamic locks */ + +static int hwcrhk_static_mutex_init(HWCryptoHook_Mutex *m, + HWCryptoHook_CallerContext *c) + { + return 0; + } +static int hwcrhk_static_mutex_lock(HWCryptoHook_Mutex *m) + { + CRYPTO_w_lock(CRYPTO_LOCK_HWCRHK); + return 0; + } +static void hwcrhk_static_mutex_unlock(HWCryptoHook_Mutex *m) + { + CRYPTO_w_unlock(CRYPTO_LOCK_HWCRHK); + } +static void hwcrhk_static_mutex_destroy(HWCryptoHook_Mutex *m) + { + } + static int hwcrhk_get_pass(const char *prompt_info, int *len_io, char *buf, HWCryptoHook_PassphraseContext *ppctx, @@ -1318,7 +1364,7 @@ static void hwcrhk_log_message(void *logstr, const char *message) lstream=*(BIO **)logstr; if (lstream) { - BIO_write(lstream, message, strlen(message)); + BIO_printf(lstream, "%s\n", message); } CRYPTO_w_unlock(CRYPTO_LOCK_BIO); } diff --git a/lib/libcrypto/engine/hw_ncipher_err.c b/lib/libcrypto/engine/hw_ncipher_err.c index 24024cfc6f4..5bc94581b74 100644 --- a/lib/libcrypto/engine/hw_ncipher_err.c +++ b/lib/libcrypto/engine/hw_ncipher_err.c @@ -1,6 +1,6 @@ /* hw_ncipher_err.c */ /* ==================================================================== - * Copyright (c) 1999 The OpenSSL Project. All rights reserved. + * Copyright (c) 1999-2002 The OpenSSL Project. All rights reserved. * * Redistribution and use in source and binary forms, with or without * modification, are permitted provided that the following conditions @@ -86,6 +86,7 @@ static ERR_STRING_DATA HWCRHK_str_reasons[]= {HWCRHK_R_CHIL_ERROR ,"chil error"}, {HWCRHK_R_CTRL_COMMAND_NOT_IMPLEMENTED ,"ctrl command not implemented"}, {HWCRHK_R_DSO_FAILURE ,"dso failure"}, +{HWCRHK_R_DYNAMIC_LOCKING_MISSING ,"dynamic locking missing"}, {HWCRHK_R_MISSING_KEY_COMPONENTS ,"missing key components"}, {HWCRHK_R_NOT_INITIALISED ,"not initialised"}, {HWCRHK_R_NOT_LOADED ,"not loaded"}, diff --git a/lib/libcrypto/engine/hw_ncipher_err.h b/lib/libcrypto/engine/hw_ncipher_err.h index 4d65b1d4700..d232d023198 100644 --- a/lib/libcrypto/engine/hw_ncipher_err.h +++ b/lib/libcrypto/engine/hw_ncipher_err.h @@ -84,6 +84,7 @@ static void ERR_HWCRHK_error(int function, int reason, char *file, int line); #define HWCRHK_R_CHIL_ERROR 102 #define HWCRHK_R_CTRL_COMMAND_NOT_IMPLEMENTED 103 #define HWCRHK_R_DSO_FAILURE 104 +#define HWCRHK_R_DYNAMIC_LOCKING_MISSING 114 #define HWCRHK_R_MISSING_KEY_COMPONENTS 105 #define HWCRHK_R_NOT_INITIALISED 106 #define HWCRHK_R_NOT_LOADED 107 diff --git a/lib/libcrypto/engine/hw_nuron.c b/lib/libcrypto/engine/hw_nuron.c index 130b6d8b405..fb9188bfe5b 100644 --- a/lib/libcrypto/engine/hw_nuron.c +++ b/lib/libcrypto/engine/hw_nuron.c @@ -374,6 +374,7 @@ static int bind_helper(ENGINE *e) return 1; } +#ifndef ENGINE_DYNAMIC_SUPPORT static ENGINE *engine_nuron(void) { ENGINE *ret = ENGINE_new(); @@ -396,6 +397,7 @@ void ENGINE_load_nuron(void) ENGINE_free(toadd); ERR_clear_error(); } +#endif /* This stuff is needed if this ENGINE is being compiled into a self-contained * shared-library. */ diff --git a/lib/libcrypto/engine/hw_ubsec.c b/lib/libcrypto/engine/hw_ubsec.c index ed8401ec162..6286dd851c6 100644 --- a/lib/libcrypto/engine/hw_ubsec.c +++ b/lib/libcrypto/engine/hw_ubsec.c @@ -242,6 +242,7 @@ static int bind_helper(ENGINE *e) return 1; } +#ifndef ENGINE_DYNAMIC_SUPPORT static ENGINE *engine_ubsec(void) { ENGINE *ret = ENGINE_new(); @@ -264,6 +265,7 @@ void ENGINE_load_ubsec(void) ENGINE_free(toadd); ERR_clear_error(); } +#endif /* This is a process-global DSO handle used for loading and unloading * the UBSEC library. NB: This is only set (or unset) during an diff --git a/lib/libcrypto/engine/tb_cipher.c b/lib/libcrypto/engine/tb_cipher.c index c5a50fc9102..50b3cec1fa5 100644 --- a/lib/libcrypto/engine/tb_cipher.c +++ b/lib/libcrypto/engine/tb_cipher.c @@ -81,7 +81,7 @@ int ENGINE_register_ciphers(ENGINE *e) int num_nids = e->ciphers(e, NULL, &nids, 0); if(num_nids > 0) return engine_table_register(&cipher_table, - &engine_unregister_all_ciphers, e, nids, + engine_unregister_all_ciphers, e, nids, num_nids, 0); } return 1; @@ -103,7 +103,7 @@ int ENGINE_set_default_ciphers(ENGINE *e) int num_nids = e->ciphers(e, NULL, &nids, 0); if(num_nids > 0) return engine_table_register(&cipher_table, - &engine_unregister_all_ciphers, e, nids, + engine_unregister_all_ciphers, e, nids, num_nids, 1); } return 1; diff --git a/lib/libcrypto/engine/tb_dh.c b/lib/libcrypto/engine/tb_dh.c index c9347235ead..e290e1702b2 100644 --- a/lib/libcrypto/engine/tb_dh.c +++ b/lib/libcrypto/engine/tb_dh.c @@ -78,7 +78,7 @@ int ENGINE_register_DH(ENGINE *e) { if(e->dh_meth) return engine_table_register(&dh_table, - &engine_unregister_all_DH, e, &dummy_nid, 1, 0); + engine_unregister_all_DH, e, &dummy_nid, 1, 0); return 1; } @@ -94,7 +94,7 @@ int ENGINE_set_default_DH(ENGINE *e) { if(e->dh_meth) return engine_table_register(&dh_table, - &engine_unregister_all_DH, e, &dummy_nid, 1, 1); + engine_unregister_all_DH, e, &dummy_nid, 1, 1); return 1; } diff --git a/lib/libcrypto/engine/tb_digest.c b/lib/libcrypto/engine/tb_digest.c index 2c4dd6f796f..e82d2a17c9c 100644 --- a/lib/libcrypto/engine/tb_digest.c +++ b/lib/libcrypto/engine/tb_digest.c @@ -81,7 +81,7 @@ int ENGINE_register_digests(ENGINE *e) int num_nids = e->digests(e, NULL, &nids, 0); if(num_nids > 0) return engine_table_register(&digest_table, - &engine_unregister_all_digests, e, nids, + engine_unregister_all_digests, e, nids, num_nids, 0); } return 1; @@ -103,7 +103,7 @@ int ENGINE_set_default_digests(ENGINE *e) int num_nids = e->digests(e, NULL, &nids, 0); if(num_nids > 0) return engine_table_register(&digest_table, - &engine_unregister_all_digests, e, nids, + engine_unregister_all_digests, e, nids, num_nids, 1); } return 1; diff --git a/lib/libcrypto/engine/tb_dsa.c b/lib/libcrypto/engine/tb_dsa.c index e9209476b83..80170591f20 100644 --- a/lib/libcrypto/engine/tb_dsa.c +++ b/lib/libcrypto/engine/tb_dsa.c @@ -78,7 +78,7 @@ int ENGINE_register_DSA(ENGINE *e) { if(e->dsa_meth) return engine_table_register(&dsa_table, - &engine_unregister_all_DSA, e, &dummy_nid, 1, 0); + engine_unregister_all_DSA, e, &dummy_nid, 1, 0); return 1; } @@ -94,7 +94,7 @@ int ENGINE_set_default_DSA(ENGINE *e) { if(e->dsa_meth) return engine_table_register(&dsa_table, - &engine_unregister_all_DSA, e, &dummy_nid, 1, 0); + engine_unregister_all_DSA, e, &dummy_nid, 1, 0); return 1; } diff --git a/lib/libcrypto/engine/tb_rand.c b/lib/libcrypto/engine/tb_rand.c index 0b1d031f1ec..69b67111bc6 100644 --- a/lib/libcrypto/engine/tb_rand.c +++ b/lib/libcrypto/engine/tb_rand.c @@ -78,7 +78,7 @@ int ENGINE_register_RAND(ENGINE *e) { if(e->rand_meth) return engine_table_register(&rand_table, - &engine_unregister_all_RAND, e, &dummy_nid, 1, 0); + engine_unregister_all_RAND, e, &dummy_nid, 1, 0); return 1; } @@ -94,7 +94,7 @@ int ENGINE_set_default_RAND(ENGINE *e) { if(e->rand_meth) return engine_table_register(&rand_table, - &engine_unregister_all_RAND, e, &dummy_nid, 1, 1); + engine_unregister_all_RAND, e, &dummy_nid, 1, 1); return 1; } diff --git a/lib/libcrypto/engine/tb_rsa.c b/lib/libcrypto/engine/tb_rsa.c index f84fea3968c..fee4867f520 100644 --- a/lib/libcrypto/engine/tb_rsa.c +++ b/lib/libcrypto/engine/tb_rsa.c @@ -78,7 +78,7 @@ int ENGINE_register_RSA(ENGINE *e) { if(e->rsa_meth) return engine_table_register(&rsa_table, - &engine_unregister_all_RSA, e, &dummy_nid, 1, 0); + engine_unregister_all_RSA, e, &dummy_nid, 1, 0); return 1; } @@ -94,7 +94,7 @@ int ENGINE_set_default_RSA(ENGINE *e) { if(e->rsa_meth) return engine_table_register(&rsa_table, - &engine_unregister_all_RSA, e, &dummy_nid, 1, 1); + engine_unregister_all_RSA, e, &dummy_nid, 1, 1); return 1; } diff --git a/lib/libcrypto/err/Makefile.ssl b/lib/libcrypto/err/Makefile.ssl index f0c95e2ef29..b253061d072 100644 --- a/lib/libcrypto/err/Makefile.ssl +++ b/lib/libcrypto/err/Makefile.ssl @@ -68,7 +68,7 @@ lint: lint -DLINT $(INCLUDES) $(SRC)>fluff depend: - $(MAKEDEPEND) $(CFLAG) $(INCLUDES) $(DEPFLAG) $(PROGS) $(LIBSRC) + $(MAKEDEPEND) -- $(CFLAG) $(INCLUDES) $(DEPFLAG) -- $(PROGS) $(LIBSRC) dclean: $(PERL) -pe 'if (/^# DO NOT DELETE THIS LINE/) {print; exit(0);}' $(MAKEFILE) >Makefile.new diff --git a/lib/libcrypto/err/err.c b/lib/libcrypto/err/err.c index 9b532d1f4ca..a4f4a260afa 100644 --- a/lib/libcrypto/err/err.c +++ b/lib/libcrypto/err/err.c @@ -211,6 +211,7 @@ static ERR_STRING_DATA ERR_str_reasons[]= {0,NULL}, }; +#endif /* Define the predeclared (but externally opaque) "ERR_FNS" type */ @@ -491,6 +492,7 @@ static int int_err_get_next_lib(void) } +#ifndef OPENSSL_NO_ERR #define NUM_SYS_STR_REASONS 127 #define LEN_SYS_STR_REASON 32 diff --git a/lib/libcrypto/err/err_all.c b/lib/libcrypto/err/err_all.c index 90029fd159f..dc505d9d9d4 100644 --- a/lib/libcrypto/err/err_all.c +++ b/lib/libcrypto/err/err_all.c @@ -82,7 +82,9 @@ #include <openssl/pkcs12.h> #include <openssl/rand.h> #include <openssl/dso.h> +#ifndef OPENSSL_NO_ENGINE #include <openssl/engine.h> +#endif #include <openssl/ocsp.h> #include <openssl/err.h> @@ -122,7 +124,9 @@ void ERR_load_crypto_strings(void) ERR_load_PKCS12_strings(); ERR_load_RAND_strings(); ERR_load_DSO_strings(); +#ifndef OPENSSL_NO_ENGINE ERR_load_ENGINE_strings(); +#endif ERR_load_OCSP_strings(); ERR_load_UI_strings(); #endif diff --git a/lib/libcrypto/err/err_prn.c b/lib/libcrypto/err/err_prn.c index c156663f0ef..81e34bd6ce7 100644 --- a/lib/libcrypto/err/err_prn.c +++ b/lib/libcrypto/err/err_prn.c @@ -62,7 +62,6 @@ #include "cryptlib.h" #include <openssl/buffer.h> #include <openssl/err.h> -#include <openssl/crypto.h> void ERR_print_errors_cb(int (*cb)(const char *str, size_t len, void *u), void *u) diff --git a/lib/libcrypto/evp/Makefile.ssl b/lib/libcrypto/evp/Makefile.ssl index 58843f61a96..b4172406ae4 100644 --- a/lib/libcrypto/evp/Makefile.ssl +++ b/lib/libcrypto/evp/Makefile.ssl @@ -70,7 +70,7 @@ links: @sh $(TOP)/util/point.sh Makefile.ssl Makefile @$(PERL) $(TOP)/util/mklink.pl ../../include/openssl $(EXHEADER) @$(PERL) $(TOP)/util/mklink.pl ../../test $(TEST) - @$(PERL) $(TOP)/util/mklink.pl ../../test $(TESTDATA) + cp $(TESTDATA) ../../test @$(PERL) $(TOP)/util/mklink.pl ../../apps $(APPS) install: @@ -89,7 +89,7 @@ lint: lint -DLINT $(INCLUDES) $(SRC)>fluff depend: - $(MAKEDEPEND) $(CFLAG) $(INCLUDES) $(DEPFLAG) $(LIBSRC) + $(MAKEDEPEND) -- $(CFLAG) $(INCLUDES) $(DEPFLAG) -- $(LIBSRC) dclean: $(PERL) -pe 'if (/^# DO NOT DELETE THIS LINE/) {print; exit(0);}' $(MAKEFILE) >Makefile.new @@ -496,21 +496,19 @@ evp_acnf.o: ../../include/openssl/buffer.h ../../include/openssl/cast.h evp_acnf.o: ../../include/openssl/conf.h ../../include/openssl/crypto.h evp_acnf.o: ../../include/openssl/des.h ../../include/openssl/des_old.h evp_acnf.o: ../../include/openssl/dh.h ../../include/openssl/dsa.h -evp_acnf.o: ../../include/openssl/e_os2.h ../../include/openssl/engine.h -evp_acnf.o: ../../include/openssl/err.h ../../include/openssl/evp.h -evp_acnf.o: ../../include/openssl/idea.h ../../include/openssl/lhash.h -evp_acnf.o: ../../include/openssl/md2.h ../../include/openssl/md4.h -evp_acnf.o: ../../include/openssl/md5.h ../../include/openssl/mdc2.h -evp_acnf.o: ../../include/openssl/obj_mac.h ../../include/openssl/objects.h -evp_acnf.o: ../../include/openssl/opensslconf.h +evp_acnf.o: ../../include/openssl/e_os2.h ../../include/openssl/err.h +evp_acnf.o: ../../include/openssl/evp.h ../../include/openssl/idea.h +evp_acnf.o: ../../include/openssl/lhash.h ../../include/openssl/md2.h +evp_acnf.o: ../../include/openssl/md4.h ../../include/openssl/md5.h +evp_acnf.o: ../../include/openssl/mdc2.h ../../include/openssl/obj_mac.h +evp_acnf.o: ../../include/openssl/objects.h ../../include/openssl/opensslconf.h evp_acnf.o: ../../include/openssl/opensslv.h ../../include/openssl/ossl_typ.h -evp_acnf.o: ../../include/openssl/rand.h ../../include/openssl/rc2.h -evp_acnf.o: ../../include/openssl/rc4.h ../../include/openssl/rc5.h -evp_acnf.o: ../../include/openssl/ripemd.h ../../include/openssl/rsa.h -evp_acnf.o: ../../include/openssl/safestack.h ../../include/openssl/sha.h -evp_acnf.o: ../../include/openssl/stack.h ../../include/openssl/symhacks.h -evp_acnf.o: ../../include/openssl/ui.h ../../include/openssl/ui_compat.h -evp_acnf.o: ../cryptlib.h evp_acnf.c +evp_acnf.o: ../../include/openssl/rc2.h ../../include/openssl/rc4.h +evp_acnf.o: ../../include/openssl/rc5.h ../../include/openssl/ripemd.h +evp_acnf.o: ../../include/openssl/rsa.h ../../include/openssl/safestack.h +evp_acnf.o: ../../include/openssl/sha.h ../../include/openssl/stack.h +evp_acnf.o: ../../include/openssl/symhacks.h ../../include/openssl/ui.h +evp_acnf.o: ../../include/openssl/ui_compat.h ../cryptlib.h evp_acnf.c evp_enc.o: ../../e_os.h ../../include/openssl/aes.h evp_enc.o: ../../include/openssl/asn1.h ../../include/openssl/bio.h evp_enc.o: ../../include/openssl/blowfish.h ../../include/openssl/bn.h diff --git a/lib/libcrypto/evp/bio_b64.c b/lib/libcrypto/evp/bio_b64.c index f12eac1b55a..6e550f6a430 100644 --- a/lib/libcrypto/evp/bio_b64.c +++ b/lib/libcrypto/evp/bio_b64.c @@ -165,6 +165,7 @@ static int b64_read(BIO *b, char *out, int outl) { i=ctx->buf_len-ctx->buf_off; if (i > outl) i=outl; + OPENSSL_assert(ctx->buf_off+i < sizeof ctx->buf); memcpy(out,&(ctx->buf[ctx->buf_off]),i); ret=i; out+=i; diff --git a/lib/libcrypto/evp/bio_enc.c b/lib/libcrypto/evp/bio_enc.c index 64fb2353af6..ab818515034 100644 --- a/lib/libcrypto/evp/bio_enc.c +++ b/lib/libcrypto/evp/bio_enc.c @@ -132,7 +132,7 @@ static int enc_free(BIO *a) if (a == NULL) return(0); b=(BIO_ENC_CTX *)a->ptr; EVP_CIPHER_CTX_cleanup(&(b->cipher)); - memset(a->ptr,0,sizeof(BIO_ENC_CTX)); + OPENSSL_cleanse(a->ptr,sizeof(BIO_ENC_CTX)); OPENSSL_free(a->ptr); a->ptr=NULL; a->init=0; @@ -271,7 +271,7 @@ static int enc_write(BIO *b, const char *in, int inl) if (i <= 0) { BIO_copy_next_retry(b); - return(i); + return (ret == inl) ? i : ret - inl; } n-=i; ctx->buf_off+=i; @@ -325,10 +325,7 @@ again: { i=enc_write(b,NULL,0); if (i < 0) - { - ret=i; - break; - } + return i; } if (!ctx->finished) diff --git a/lib/libcrypto/evp/bio_ok.c b/lib/libcrypto/evp/bio_ok.c index d2be03be82b..4e3f10141bf 100644 --- a/lib/libcrypto/evp/bio_ok.c +++ b/lib/libcrypto/evp/bio_ok.c @@ -211,7 +211,7 @@ static int ok_free(BIO *a) { if (a == NULL) return(0); EVP_MD_CTX_cleanup(&((BIO_OK_CTX *)a->ptr)->md); - memset(a->ptr,0,sizeof(BIO_OK_CTX)); + OPENSSL_cleanse(a->ptr,sizeof(BIO_OK_CTX)); OPENSSL_free(a->ptr); a->ptr=NULL; a->init=0; diff --git a/lib/libcrypto/evp/c_all.c b/lib/libcrypto/evp/c_all.c index 3d59812e209..1b31a14e37c 100644 --- a/lib/libcrypto/evp/c_all.c +++ b/lib/libcrypto/evp/c_all.c @@ -73,5 +73,9 @@ void OPENSSL_add_all_algorithms_noconf(void) { OpenSSL_add_all_ciphers(); OpenSSL_add_all_digests(); - ENGINE_setup_openbsd(); +#ifndef OPENSSL_NO_ENGINE +# if defined(__OpenBSD__) || defined(__FreeBSD__) + ENGINE_setup_bsd_cryptodev(); +# endif +#endif } diff --git a/lib/libcrypto/evp/digest.c b/lib/libcrypto/evp/digest.c index a969ac69edb..b22eed44211 100644 --- a/lib/libcrypto/evp/digest.c +++ b/lib/libcrypto/evp/digest.c @@ -113,7 +113,9 @@ #include "cryptlib.h" #include <openssl/objects.h> #include <openssl/evp.h> +#ifndef OPENSSL_NO_ENGINE #include <openssl/engine.h> +#endif void EVP_MD_CTX_init(EVP_MD_CTX *ctx) { @@ -138,6 +140,7 @@ int EVP_DigestInit(EVP_MD_CTX *ctx, const EVP_MD *type) int EVP_DigestInit_ex(EVP_MD_CTX *ctx, const EVP_MD *type, ENGINE *impl) { EVP_MD_CTX_clear_flags(ctx,EVP_MD_CTX_FLAG_CLEANED); +#ifndef OPENSSL_NO_ENGINE /* Whether it's nice or not, "Inits" can be used on "Final"'d contexts * so this context may already have an ENGINE! Try to avoid releasing * the previous handle, re-querying for an ENGINE, and having a @@ -183,11 +186,13 @@ int EVP_DigestInit_ex(EVP_MD_CTX *ctx, const EVP_MD *type, ENGINE *impl) else ctx->engine = NULL; } - else if(!ctx->digest) + else + if(!ctx->digest) { EVPerr(EVP_F_EVP_DIGESTINIT, EVP_R_NO_DIGEST_SET); return 0; } +#endif if (ctx->digest != type) { if (ctx->digest && ctx->digest->ctx_size) @@ -196,7 +201,9 @@ int EVP_DigestInit_ex(EVP_MD_CTX *ctx, const EVP_MD *type, ENGINE *impl) if (type->ctx_size) ctx->md_data=OPENSSL_malloc(type->ctx_size); } +#ifndef OPENSSL_NO_ENGINE skip_to_init: +#endif return ctx->digest->init(ctx); } @@ -219,6 +226,8 @@ int EVP_DigestFinal(EVP_MD_CTX *ctx, unsigned char *md, unsigned int *size) int EVP_DigestFinal_ex(EVP_MD_CTX *ctx, unsigned char *md, unsigned int *size) { int ret; + + OPENSSL_assert(ctx->digest->md_size <= EVP_MAX_MD_SIZE); ret=ctx->digest->final(ctx,md); if (size != NULL) *size=ctx->digest->md_size; @@ -244,12 +253,14 @@ int EVP_MD_CTX_copy_ex(EVP_MD_CTX *out, const EVP_MD_CTX *in) EVPerr(EVP_F_EVP_MD_CTX_COPY,EVP_R_INPUT_NOT_INITIALIZED); return 0; } +#ifndef OPENSSL_NO_ENGINE /* Make sure it's safe to copy a digest context using an ENGINE */ if (in->engine && !ENGINE_init(in->engine)) { EVPerr(EVP_F_EVP_MD_CTX_COPY,ERR_R_ENGINE_LIB); return 0; } +#endif EVP_MD_CTX_cleanup(out); memcpy(out,in,sizeof *out); @@ -299,13 +310,15 @@ int EVP_MD_CTX_cleanup(EVP_MD_CTX *ctx) ctx->digest->cleanup(ctx); if (ctx->digest && ctx->digest->ctx_size && ctx->md_data) { - memset(ctx->md_data,0,ctx->digest->ctx_size); + OPENSSL_cleanse(ctx->md_data,ctx->digest->ctx_size); OPENSSL_free(ctx->md_data); } +#ifndef OPENSSL_NO_ENGINE if(ctx->engine) /* The EVP_MD we used belongs to an ENGINE, release the * functional reference we held for this reason. */ ENGINE_finish(ctx->engine); +#endif memset(ctx,'\0',sizeof *ctx); return 1; diff --git a/lib/libcrypto/evp/e_aes.c b/lib/libcrypto/evp/e_aes.c index c323fa28922..fe8bcda631f 100644 --- a/lib/libcrypto/evp/e_aes.c +++ b/lib/libcrypto/evp/e_aes.c @@ -52,7 +52,6 @@ #include <openssl/evp.h> #include <openssl/err.h> #include <string.h> -#include <assert.h> #include <openssl/aes.h> #include "evp_locl.h" diff --git a/lib/libcrypto/evp/e_idea.c b/lib/libcrypto/evp/e_idea.c index ed838d3e620..b9efa75ae7c 100644 --- a/lib/libcrypto/evp/e_idea.c +++ b/lib/libcrypto/evp/e_idea.c @@ -109,7 +109,7 @@ static int idea_init_key(EVP_CIPHER_CTX *ctx, const unsigned char *key, idea_set_encrypt_key(key,&tmp); idea_set_decrypt_key(&tmp,ctx->cipher_data); - memset((unsigned char *)&tmp,0, + OPENSSL_cleanse((unsigned char *)&tmp, sizeof(IDEA_KEY_SCHEDULE)); } return 1; diff --git a/lib/libcrypto/evp/e_rc2.c b/lib/libcrypto/evp/e_rc2.c index 4685198e2e5..d42cbfd17ec 100644 --- a/lib/libcrypto/evp/e_rc2.c +++ b/lib/libcrypto/evp/e_rc2.c @@ -174,6 +174,7 @@ static int rc2_get_asn1_type_and_iv(EVP_CIPHER_CTX *c, ASN1_TYPE *type) if (type != NULL) { l=EVP_CIPHER_CTX_iv_length(c); + OPENSSL_assert(l <= sizeof iv); i=ASN1_TYPE_get_int_octetstring(type,&num,iv,l); if (i != l) return(-1); diff --git a/lib/libcrypto/evp/e_rc4.c b/lib/libcrypto/evp/e_rc4.c index 4064cc5fa04..d58f507837b 100644 --- a/lib/libcrypto/evp/e_rc4.c +++ b/lib/libcrypto/evp/e_rc4.c @@ -69,8 +69,6 @@ typedef struct { - /* FIXME: what is the key for? */ - unsigned char key[EVP_RC4_KEY_SIZE]; RC4_KEY ks; /* working key */ } EVP_RC4_KEY; @@ -121,9 +119,8 @@ const EVP_CIPHER *EVP_rc4_40(void) static int rc4_init_key(EVP_CIPHER_CTX *ctx, const unsigned char *key, const unsigned char *iv, int enc) { - memcpy(&data(ctx)->key[0],key,EVP_CIPHER_CTX_key_length(ctx)); RC4_set_key(&data(ctx)->ks,EVP_CIPHER_CTX_key_length(ctx), - data(ctx)->key); + key); return 1; } diff --git a/lib/libcrypto/evp/encode.c b/lib/libcrypto/evp/encode.c index 12c6379df18..08209357ce0 100644 --- a/lib/libcrypto/evp/encode.c +++ b/lib/libcrypto/evp/encode.c @@ -136,6 +136,7 @@ void EVP_EncodeUpdate(EVP_ENCODE_CTX *ctx, unsigned char *out, int *outl, *outl=0; if (inl == 0) return; + OPENSSL_assert(ctx->length <= sizeof ctx->enc_data); if ((ctx->num+inl) < ctx->length) { memcpy(&(ctx->enc_data[ctx->num]),in,inl); @@ -258,6 +259,7 @@ int EVP_DecodeUpdate(EVP_ENCODE_CTX *ctx, unsigned char *out, int *outl, /* only save the good data :-) */ if (!B64_NOT_BASE64(v)) { + OPENSSL_assert(n < sizeof ctx->enc_data); d[n++]=tmp; ln++; } diff --git a/lib/libcrypto/evp/evp_acnf.c b/lib/libcrypto/evp/evp_acnf.c index a68b979bdbd..ff3e311cc52 100644 --- a/lib/libcrypto/evp/evp_acnf.c +++ b/lib/libcrypto/evp/evp_acnf.c @@ -59,7 +59,6 @@ #include "cryptlib.h" #include <openssl/evp.h> #include <openssl/conf.h> -#include <openssl/engine.h> /* Load all algorithms and configure OpenSSL. diff --git a/lib/libcrypto/evp/evp_enc.c b/lib/libcrypto/evp/evp_enc.c index 32a1c7a2e94..be0758a8796 100644 --- a/lib/libcrypto/evp/evp_enc.c +++ b/lib/libcrypto/evp/evp_enc.c @@ -60,11 +60,11 @@ #include "cryptlib.h" #include <openssl/evp.h> #include <openssl/err.h> +#ifndef OPENSSL_NO_ENGINE #include <openssl/engine.h> +#endif #include "evp_locl.h" -#include <assert.h> - const char *EVP_version="EVP" OPENSSL_VERSION_PTEXT; void EVP_CIPHER_CTX_init(EVP_CIPHER_CTX *ctx) @@ -93,6 +93,7 @@ int EVP_CipherInit_ex(EVP_CIPHER_CTX *ctx, const EVP_CIPHER *cipher, ENGINE *imp enc = 1; ctx->encrypt = enc; } +#ifndef OPENSSL_NO_ENGINE /* Whether it's nice or not, "Inits" can be used on "Final"'d contexts * so this context may already have an ENGINE! Try to avoid releasing * the previous handle, re-querying for an ENGINE, and having a @@ -100,6 +101,7 @@ int EVP_CipherInit_ex(EVP_CIPHER_CTX *ctx, const EVP_CIPHER *cipher, ENGINE *imp if (ctx->engine && ctx->cipher && (!cipher || (cipher && (cipher->nid == ctx->cipher->nid)))) goto skip_to_init; +#endif if (cipher) { /* Ensure a context left lying around from last time is cleared @@ -109,6 +111,7 @@ int EVP_CipherInit_ex(EVP_CIPHER_CTX *ctx, const EVP_CIPHER *cipher, ENGINE *imp /* Restore encrypt field: it is zeroed by cleanup */ ctx->encrypt = enc; +#ifndef OPENSSL_NO_ENGINE if(impl) { if (!ENGINE_init(impl)) @@ -142,6 +145,7 @@ int EVP_CipherInit_ex(EVP_CIPHER_CTX *ctx, const EVP_CIPHER *cipher, ENGINE *imp } else ctx->engine = NULL; +#endif ctx->cipher=cipher; ctx->cipher_data=OPENSSL_malloc(ctx->cipher->ctx_size); @@ -161,11 +165,13 @@ int EVP_CipherInit_ex(EVP_CIPHER_CTX *ctx, const EVP_CIPHER *cipher, ENGINE *imp EVPerr(EVP_F_EVP_CIPHERINIT, EVP_R_NO_CIPHER_SET); return 0; } +#ifndef OPENSSL_NO_ENGINE skip_to_init: +#endif /* we assume block size is a power of 2 in *cryptUpdate */ - assert(ctx->cipher->block_size == 1 - || ctx->cipher->block_size == 8 - || ctx->cipher->block_size == 16); + OPENSSL_assert(ctx->cipher->block_size == 1 + || ctx->cipher->block_size == 8 + || ctx->cipher->block_size == 16); if(!(EVP_CIPHER_CTX_flags(ctx) & EVP_CIPH_CUSTOM_IV)) { switch(EVP_CIPHER_CTX_mode(ctx)) { @@ -181,6 +187,7 @@ skip_to_init: case EVP_CIPH_CBC_MODE: + OPENSSL_assert(EVP_CIPHER_CTX_iv_length(ctx) <= sizeof ctx->iv); if(iv) memcpy(ctx->oiv, iv, EVP_CIPHER_CTX_iv_length(ctx)); memcpy(ctx->iv, ctx->oiv, EVP_CIPHER_CTX_iv_length(ctx)); break; @@ -237,7 +244,7 @@ int EVP_EncryptInit_ex(EVP_CIPHER_CTX *ctx,const EVP_CIPHER *cipher, ENGINE *imp int EVP_DecryptInit(EVP_CIPHER_CTX *ctx, const EVP_CIPHER *cipher, const unsigned char *key, const unsigned char *iv) { - return EVP_CipherInit_ex(ctx, cipher, NULL, key, iv, 0); + return EVP_CipherInit(ctx, cipher, key, iv, 0); } int EVP_DecryptInit_ex(EVP_CIPHER_CTX *ctx, const EVP_CIPHER *cipher, ENGINE *impl, @@ -251,6 +258,7 @@ int EVP_EncryptUpdate(EVP_CIPHER_CTX *ctx, unsigned char *out, int *outl, { int i,j,bl; + OPENSSL_assert(inl > 0); if(ctx->buf_len == 0 && (inl&(ctx->block_mask)) == 0) { if(ctx->cipher->do_cipher(ctx,out,in,inl)) @@ -266,6 +274,7 @@ int EVP_EncryptUpdate(EVP_CIPHER_CTX *ctx, unsigned char *out, int *outl, } i=ctx->buf_len; bl=ctx->cipher->block_size; + OPENSSL_assert(bl <= sizeof ctx->buf); if (i != 0) { if (i+inl < bl) @@ -314,6 +323,7 @@ int EVP_EncryptFinal_ex(EVP_CIPHER_CTX *ctx, unsigned char *out, int *outl) int i,n,b,bl,ret; b=ctx->cipher->block_size; + OPENSSL_assert(b <= sizeof ctx->buf); if (b == 1) { *outl=0; @@ -358,6 +368,7 @@ int EVP_DecryptUpdate(EVP_CIPHER_CTX *ctx, unsigned char *out, int *outl, return EVP_EncryptUpdate(ctx, out, outl, in, inl); b=ctx->cipher->block_size; + OPENSSL_assert(b <= sizeof ctx->final); if(ctx->final_used) { @@ -420,6 +431,7 @@ int EVP_DecryptFinal_ex(EVP_CIPHER_CTX *ctx, unsigned char *out, int *outl) EVPerr(EVP_F_EVP_DECRYPTFINAL,EVP_R_WRONG_FINAL_BLOCK_LENGTH); return(0); } + OPENSSL_assert(b <= sizeof ctx->final); n=ctx->final[b-1]; if (n > b) { @@ -450,16 +462,18 @@ int EVP_CIPHER_CTX_cleanup(EVP_CIPHER_CTX *c) { if(c->cipher->cleanup && !c->cipher->cleanup(c)) return 0; - /* Zero cipher context data */ + /* Cleanse cipher context data */ if (c->cipher_data) - memset(c->cipher_data, 0, c->cipher->ctx_size); + OPENSSL_cleanse(c->cipher_data, c->cipher->ctx_size); } if (c->cipher_data) OPENSSL_free(c->cipher_data); +#ifndef OPENSSL_NO_ENGINE if (c->engine) /* The EVP_CIPHER we used belongs to an ENGINE, release the * functional reference we held for this reason. */ ENGINE_finish(c->engine); +#endif memset(c,0,sizeof(EVP_CIPHER_CTX)); return 1; } diff --git a/lib/libcrypto/evp/evp_key.c b/lib/libcrypto/evp/evp_key.c index 4271393069d..5f387a94d32 100644 --- a/lib/libcrypto/evp/evp_key.c +++ b/lib/libcrypto/evp/evp_key.c @@ -103,7 +103,7 @@ int EVP_read_pw_string(char *buf, int len, const char *prompt, int verify) buff,0,(len>=BUFSIZ)?BUFSIZ-1:len,buf); ret = UI_process(ui); UI_free(ui); - memset(buff,0,BUFSIZ); + OPENSSL_cleanse(buff,BUFSIZ); return ret; } @@ -118,6 +118,8 @@ int EVP_BytesToKey(const EVP_CIPHER *type, const EVP_MD *md, nkey=type->key_len; niv=type->iv_len; + OPENSSL_assert(nkey <= EVP_MAX_KEY_LENGTH); + OPENSSL_assert(niv <= EVP_MAX_IV_LENGTH); if (data == NULL) return(nkey); @@ -166,7 +168,7 @@ int EVP_BytesToKey(const EVP_CIPHER *type, const EVP_MD *md, if ((nkey == 0) && (niv == 0)) break; } EVP_MD_CTX_cleanup(&c); - memset(&(md_buf[0]),0,EVP_MAX_MD_SIZE); + OPENSSL_cleanse(&(md_buf[0]),EVP_MAX_MD_SIZE); return(type->key_len); } diff --git a/lib/libcrypto/evp/evp_lib.c b/lib/libcrypto/evp/evp_lib.c index a431945ef5c..52a3b287bee 100644 --- a/lib/libcrypto/evp/evp_lib.c +++ b/lib/libcrypto/evp/evp_lib.c @@ -90,6 +90,7 @@ int EVP_CIPHER_get_asn1_iv(EVP_CIPHER_CTX *c, ASN1_TYPE *type) if (type != NULL) { l=EVP_CIPHER_CTX_iv_length(c); + OPENSSL_assert(l <= sizeof c->iv); i=ASN1_TYPE_get_octetstring(type,c->oiv,l); if (i != l) return(-1); @@ -106,6 +107,7 @@ int EVP_CIPHER_set_asn1_iv(EVP_CIPHER_CTX *c, ASN1_TYPE *type) if (type != NULL) { j=EVP_CIPHER_CTX_iv_length(c); + OPENSSL_assert(j <= sizeof c->iv); i=ASN1_TYPE_set_octetstring(type,c->oiv,j); } return(i); diff --git a/lib/libcrypto/evp/evp_pbe.c b/lib/libcrypto/evp/evp_pbe.c index 4234cd76849..bc98e633632 100644 --- a/lib/libcrypto/evp/evp_pbe.c +++ b/lib/libcrypto/evp/evp_pbe.c @@ -88,7 +88,7 @@ int EVP_PBE_CipherInit (ASN1_OBJECT *pbe_obj, const char *pass, int passlen, char obj_tmp[80]; EVPerr(EVP_F_EVP_PBE_CIPHERINIT,EVP_R_UNKNOWN_PBE_ALGORITHM); if (!pbe_obj) strlcpy (obj_tmp, "NULL", sizeof obj_tmp); - else i2t_ASN1_OBJECT(obj_tmp, 80, pbe_obj); + else i2t_ASN1_OBJECT(obj_tmp, sizeof obj_tmp, pbe_obj); ERR_add_error_data(2, "TYPE=", obj_tmp); return 0; } diff --git a/lib/libcrypto/evp/evp_test.c b/lib/libcrypto/evp/evp_test.c index 90294ef686e..28460173f7e 100644 --- a/lib/libcrypto/evp/evp_test.c +++ b/lib/libcrypto/evp/evp_test.c @@ -49,8 +49,14 @@ #include <stdio.h> #include <string.h> + +#include "../e_os.h" + #include <openssl/evp.h> +#ifndef OPENSSL_NO_ENGINE #include <openssl/engine.h> +#endif +#include <openssl/err.h> #include <openssl/conf.h> static void hexdump(FILE *f,const char *title,const unsigned char *s,int l) @@ -78,7 +84,7 @@ static int convert(unsigned char *s) if(!s[1]) { fprintf(stderr,"Odd number of hex digits!"); - exit(4); + EXIT(4); } sscanf((char *)s,"%2x",&n); *d=(unsigned char)n; @@ -120,6 +126,12 @@ static char *sstrsep(char **string, const char *delim) static unsigned char *ustrsep(char **p,const char *sep) { return (unsigned char *)sstrsep(p,sep); } +static int test1_exit(int ec) + { + EXIT(ec); + return(0); /* To keep some compilers quiet */ + } + static void test1(const EVP_CIPHER *c,const unsigned char *key,int kn, const unsigned char *iv,int in, const unsigned char *plaintext,int pn, @@ -142,7 +154,7 @@ static void test1(const EVP_CIPHER *c,const unsigned char *key,int kn, { fprintf(stderr,"Key length doesn't match, got %d expected %d\n",kn, c->key_len); - exit(5); + test1_exit(5); } EVP_CIPHER_CTX_init(&ctx); if (encdec != 0) @@ -150,26 +162,26 @@ static void test1(const EVP_CIPHER *c,const unsigned char *key,int kn, if(!EVP_EncryptInit_ex(&ctx,c,NULL,key,iv)) { fprintf(stderr,"EncryptInit failed\n"); - exit(10); + test1_exit(10); } EVP_CIPHER_CTX_set_padding(&ctx,0); if(!EVP_EncryptUpdate(&ctx,out,&outl,plaintext,pn)) { fprintf(stderr,"Encrypt failed\n"); - exit(6); + test1_exit(6); } if(!EVP_EncryptFinal_ex(&ctx,out+outl,&outl2)) { fprintf(stderr,"EncryptFinal failed\n"); - exit(7); + test1_exit(7); } if(outl+outl2 != cn) { fprintf(stderr,"Ciphertext length mismatch got %d expected %d\n", outl+outl2,cn); - exit(8); + test1_exit(8); } if(memcmp(out,ciphertext,cn)) @@ -177,7 +189,7 @@ static void test1(const EVP_CIPHER *c,const unsigned char *key,int kn, fprintf(stderr,"Ciphertext mismatch\n"); hexdump(stderr,"Got",out,cn); hexdump(stderr,"Expected",ciphertext,cn); - exit(9); + test1_exit(9); } } @@ -186,26 +198,26 @@ static void test1(const EVP_CIPHER *c,const unsigned char *key,int kn, if(!EVP_DecryptInit_ex(&ctx,c,NULL,key,iv)) { fprintf(stderr,"DecryptInit failed\n"); - exit(11); + test1_exit(11); } EVP_CIPHER_CTX_set_padding(&ctx,0); if(!EVP_DecryptUpdate(&ctx,out,&outl,ciphertext,cn)) { fprintf(stderr,"Decrypt failed\n"); - exit(6); + test1_exit(6); } if(!EVP_DecryptFinal_ex(&ctx,out+outl,&outl2)) { fprintf(stderr,"DecryptFinal failed\n"); - exit(7); + test1_exit(7); } if(outl+outl2 != cn) { fprintf(stderr,"Plaintext length mismatch got %d expected %d\n", outl+outl2,cn); - exit(8); + test1_exit(8); } if(memcmp(out,plaintext,cn)) @@ -213,7 +225,7 @@ static void test1(const EVP_CIPHER *c,const unsigned char *key,int kn, fprintf(stderr,"Plaintext mismatch\n"); hexdump(stderr,"Got",out,cn); hexdump(stderr,"Expected",plaintext,cn); - exit(9); + test1_exit(9); } } @@ -260,24 +272,24 @@ static int test_digest(const char *digest, if(!EVP_DigestInit_ex(&ctx,d, NULL)) { fprintf(stderr,"DigestInit failed\n"); - exit(100); + EXIT(100); } if(!EVP_DigestUpdate(&ctx,plaintext,pn)) { fprintf(stderr,"DigestUpdate failed\n"); - exit(101); + EXIT(101); } if(!EVP_DigestFinal_ex(&ctx,md,&mdn)) { fprintf(stderr,"DigestFinal failed\n"); - exit(101); + EXIT(101); } EVP_MD_CTX_cleanup(&ctx); if(mdn != cn) { fprintf(stderr,"Digest length mismatch, got %d expected %d\n",mdn,cn); - exit(102); + EXIT(102); } if(memcmp(md,ciphertext,cn)) @@ -285,7 +297,7 @@ static int test_digest(const char *digest, fprintf(stderr,"Digest mismatch\n"); hexdump(stderr,"Got",md,cn); hexdump(stderr,"Expected",ciphertext,cn); - exit(103); + EXIT(103); } printf("\n"); @@ -303,7 +315,7 @@ int main(int argc,char **argv) if(argc != 2) { fprintf(stderr,"%s <test file>\n",argv[0]); - exit(1); + EXIT(1); } CRYPTO_malloc_debug_init(); CRYPTO_set_mem_debug_options(V_CRYPTO_MDEBUG_ALL); @@ -315,17 +327,20 @@ int main(int argc,char **argv) if(!f) { perror(szTestFile); - exit(2); + EXIT(2); } /* Load up the software EVP_CIPHER and EVP_MD definitions */ OpenSSL_add_all_ciphers(); OpenSSL_add_all_digests(); +#ifndef OPENSSL_NO_ENGINE /* Load all compiled-in ENGINEs */ ENGINE_load_builtin_engines(); +#endif #if 0 OPENSSL_config(); #endif +#ifndef OPENSSL_NO_ENGINE /* Register all available ENGINE implementations of ciphers and digests. * This could perhaps be changed to "ENGINE_register_all_complete()"? */ ENGINE_register_all_ciphers(); @@ -334,6 +349,7 @@ int main(int argc,char **argv) * It'll prevent ENGINEs being ENGINE_init()ialised for cipher/digest use if * they weren't already initialised. */ /* ENGINE_set_cipher_flags(ENGINE_CIPHER_FLAG_NOINIT); */ +#endif for( ; ; ) { @@ -371,11 +387,13 @@ int main(int argc,char **argv) && !test_digest(cipher,plaintext,pn,ciphertext,cn)) { fprintf(stderr,"Can't find %s\n",cipher); - exit(3); + EXIT(3); } } +#ifndef OPENSSL_NO_ENGINE ENGINE_cleanup(); +#endif EVP_cleanup(); CRYPTO_cleanup_all_ex_data(); ERR_remove_state(0); diff --git a/lib/libcrypto/evp/p5_crpt.c b/lib/libcrypto/evp/p5_crpt.c index 27a8286489f..a1874e83b25 100644 --- a/lib/libcrypto/evp/p5_crpt.c +++ b/lib/libcrypto/evp/p5_crpt.c @@ -140,12 +140,14 @@ int PKCS5_PBE_keyivgen(EVP_CIPHER_CTX *cctx, const char *pass, int passlen, EVP_DigestFinal_ex (&ctx, md_tmp, NULL); } EVP_MD_CTX_cleanup(&ctx); + OPENSSL_assert(EVP_CIPHER_key_length(cipher) <= sizeof md_tmp); memcpy(key, md_tmp, EVP_CIPHER_key_length(cipher)); + OPENSSL_assert(EVP_CIPHER_iv_length(cipher) <= 16); memcpy(iv, md_tmp + (16 - EVP_CIPHER_iv_length(cipher)), EVP_CIPHER_iv_length(cipher)); EVP_CipherInit_ex(cctx, cipher, NULL, key, iv, en_de); - memset(md_tmp, 0, EVP_MAX_MD_SIZE); - memset(key, 0, EVP_MAX_KEY_LENGTH); - memset(iv, 0, EVP_MAX_IV_LENGTH); + OPENSSL_cleanse(md_tmp, EVP_MAX_MD_SIZE); + OPENSSL_cleanse(key, EVP_MAX_KEY_LENGTH); + OPENSSL_cleanse(iv, EVP_MAX_IV_LENGTH); return 1; } diff --git a/lib/libcrypto/evp/p5_crpt2.c b/lib/libcrypto/evp/p5_crpt2.c index 7485d6a278c..1f94e1ef88b 100644 --- a/lib/libcrypto/evp/p5_crpt2.c +++ b/lib/libcrypto/evp/p5_crpt2.c @@ -190,6 +190,7 @@ int PKCS5_v2_PBE_keyivgen(EVP_CIPHER_CTX *ctx, const char *pass, int passlen, goto err; } keylen = EVP_CIPHER_CTX_key_length(ctx); + OPENSSL_assert(keylen <= sizeof key); /* Now decode key derivation function */ @@ -230,7 +231,7 @@ int PKCS5_v2_PBE_keyivgen(EVP_CIPHER_CTX *ctx, const char *pass, int passlen, iter = ASN1_INTEGER_get(kdf->iter); PKCS5_PBKDF2_HMAC_SHA1(pass, passlen, salt, saltlen, iter, keylen, key); EVP_CipherInit_ex(ctx, NULL, NULL, key, NULL, en_de); - memset(key, 0, keylen); + OPENSSL_cleanse(key, keylen); PBKDF2PARAM_free(kdf); return 1; diff --git a/lib/libcrypto/evp/p_open.c b/lib/libcrypto/evp/p_open.c index 6976f2a867d..5a933d1cda3 100644 --- a/lib/libcrypto/evp/p_open.c +++ b/lib/libcrypto/evp/p_open.c @@ -101,7 +101,7 @@ int EVP_OpenInit(EVP_CIPHER_CTX *ctx, const EVP_CIPHER *type, unsigned char *ek, ret=1; err: - if (key != NULL) memset(key,0,size); + if (key != NULL) OPENSSL_cleanse(key,size); OPENSSL_free(key); return(ret); } diff --git a/lib/libcrypto/hmac/Makefile.ssl b/lib/libcrypto/hmac/Makefile.ssl index 2bb3264f0e8..f1c07322c4b 100644 --- a/lib/libcrypto/hmac/Makefile.ssl +++ b/lib/libcrypto/hmac/Makefile.ssl @@ -68,7 +68,7 @@ lint: lint -DLINT $(INCLUDES) $(SRC)>fluff depend: - $(MAKEDEPEND) $(CFLAG) $(INCLUDES) $(DEPFLAG) $(PROGS) $(LIBSRC) + $(MAKEDEPEND) -- $(CFLAG) $(INCLUDES) $(DEPFLAG) -- $(PROGS) $(LIBSRC) dclean: $(PERL) -pe 'if (/^# DO NOT DELETE THIS LINE/) {print; exit(0);}' $(MAKEFILE) >Makefile.new @@ -79,21 +79,23 @@ clean: # DO NOT DELETE THIS LINE -- make depend depends on it. -hmac.o: ../../include/openssl/aes.h ../../include/openssl/asn1.h +hmac.o: ../../e_os.h ../../include/openssl/aes.h ../../include/openssl/asn1.h hmac.o: ../../include/openssl/bio.h ../../include/openssl/blowfish.h -hmac.o: ../../include/openssl/bn.h ../../include/openssl/cast.h -hmac.o: ../../include/openssl/crypto.h ../../include/openssl/des.h -hmac.o: ../../include/openssl/des_old.h ../../include/openssl/dh.h -hmac.o: ../../include/openssl/dsa.h ../../include/openssl/e_os2.h +hmac.o: ../../include/openssl/bn.h ../../include/openssl/buffer.h +hmac.o: ../../include/openssl/cast.h ../../include/openssl/crypto.h +hmac.o: ../../include/openssl/des.h ../../include/openssl/des_old.h +hmac.o: ../../include/openssl/dh.h ../../include/openssl/dsa.h +hmac.o: ../../include/openssl/e_os2.h ../../include/openssl/err.h hmac.o: ../../include/openssl/evp.h ../../include/openssl/hmac.h -hmac.o: ../../include/openssl/idea.h ../../include/openssl/md2.h -hmac.o: ../../include/openssl/md4.h ../../include/openssl/md5.h -hmac.o: ../../include/openssl/mdc2.h ../../include/openssl/obj_mac.h -hmac.o: ../../include/openssl/objects.h ../../include/openssl/opensslconf.h -hmac.o: ../../include/openssl/opensslv.h ../../include/openssl/ossl_typ.h -hmac.o: ../../include/openssl/rc2.h ../../include/openssl/rc4.h -hmac.o: ../../include/openssl/rc5.h ../../include/openssl/ripemd.h -hmac.o: ../../include/openssl/rsa.h ../../include/openssl/safestack.h -hmac.o: ../../include/openssl/sha.h ../../include/openssl/stack.h -hmac.o: ../../include/openssl/symhacks.h ../../include/openssl/ui.h -hmac.o: ../../include/openssl/ui_compat.h hmac.c +hmac.o: ../../include/openssl/idea.h ../../include/openssl/lhash.h +hmac.o: ../../include/openssl/md2.h ../../include/openssl/md4.h +hmac.o: ../../include/openssl/md5.h ../../include/openssl/mdc2.h +hmac.o: ../../include/openssl/obj_mac.h ../../include/openssl/objects.h +hmac.o: ../../include/openssl/opensslconf.h ../../include/openssl/opensslv.h +hmac.o: ../../include/openssl/ossl_typ.h ../../include/openssl/rc2.h +hmac.o: ../../include/openssl/rc4.h ../../include/openssl/rc5.h +hmac.o: ../../include/openssl/ripemd.h ../../include/openssl/rsa.h +hmac.o: ../../include/openssl/safestack.h ../../include/openssl/sha.h +hmac.o: ../../include/openssl/stack.h ../../include/openssl/symhacks.h +hmac.o: ../../include/openssl/ui.h ../../include/openssl/ui_compat.h +hmac.o: ../cryptlib.h hmac.c diff --git a/lib/libcrypto/hmac/hmac.c b/lib/libcrypto/hmac/hmac.c index da363b79507..4c91f919d56 100644 --- a/lib/libcrypto/hmac/hmac.c +++ b/lib/libcrypto/hmac/hmac.c @@ -59,6 +59,7 @@ #include <stdlib.h> #include <string.h> #include <openssl/hmac.h> +#include "cryptlib.h" void HMAC_Init_ex(HMAC_CTX *ctx, const void *key, int len, const EVP_MD *md, ENGINE *impl) @@ -78,6 +79,7 @@ void HMAC_Init_ex(HMAC_CTX *ctx, const void *key, int len, { reset=1; j=EVP_MD_block_size(md); + OPENSSL_assert(j <= sizeof ctx->key); if (j < len) { EVP_DigestInit_ex(&ctx->md_ctx,md, impl); @@ -87,6 +89,7 @@ void HMAC_Init_ex(HMAC_CTX *ctx, const void *key, int len, } else { + OPENSSL_assert(len <= sizeof ctx->key); memcpy(ctx->key,key,len); ctx->key_length=len; } diff --git a/lib/libcrypto/hmac/hmactest.c b/lib/libcrypto/hmac/hmactest.c index 96d3beb8e61..1b906b81afb 100644 --- a/lib/libcrypto/hmac/hmactest.c +++ b/lib/libcrypto/hmac/hmactest.c @@ -60,6 +60,8 @@ #include <string.h> #include <stdlib.h> +#include "../e_os.h" + #ifdef OPENSSL_NO_HMAC int main(int argc, char *argv[]) { @@ -68,12 +70,15 @@ int main(int argc, char *argv[]) } #else #include <openssl/hmac.h> +#ifndef OPENSSL_NO_MD5 #include <openssl/md5.h> +#endif #ifdef CHARSET_EBCDIC #include <openssl/ebcdic.h> #endif +#ifndef OPENSSL_NO_MD5 static struct test_st { unsigned char key[16]; @@ -113,13 +118,20 @@ static struct test_st (unsigned char *)"56be34521d144c88dbb8c733f0e8b3f6", }, }; - +#endif static char *pt(unsigned char *md); int main(int argc, char *argv[]) { - int i,err=0; +#ifndef OPENSSL_NO_MD5 + int i; char *p; +#endif + int err=0; + +#ifdef OPENSSL_NO_MD5 + printf("test skipped: MD5 disabled\n"); +#else #ifdef CHARSET_EBCDIC ebcdic2ascii(test[0].data, test[0].data, test[0].data_len); @@ -144,10 +156,12 @@ int main(int argc, char *argv[]) else printf("test %d ok\n",i); } - exit(err); +#endif /* OPENSSL_NO_MD5 */ + EXIT(err); return(0); } +#ifndef OPENSSL_NO_MD5 static char *pt(unsigned char *md) { int i; @@ -158,3 +172,4 @@ static char *pt(unsigned char *md) return(buf); } #endif +#endif diff --git a/lib/libcrypto/idea/Makefile.ssl b/lib/libcrypto/idea/Makefile.ssl index 87c9aa484b3..fa016ea399e 100644 --- a/lib/libcrypto/idea/Makefile.ssl +++ b/lib/libcrypto/idea/Makefile.ssl @@ -68,7 +68,7 @@ lint: lint -DLINT $(INCLUDES) $(SRC)>fluff depend: - $(MAKEDEPEND) $(CFLAG) $(INCLUDES) $(DEPFLAG) $(PROGS) $(LIBSRC) + $(MAKEDEPEND) -- $(CFLAG) $(INCLUDES) $(DEPFLAG) -- $(PROGS) $(LIBSRC) dclean: $(PERL) -pe 'if (/^# DO NOT DELETE THIS LINE/) {print; exit(0);}' $(MAKEFILE) >Makefile.new diff --git a/lib/libcrypto/krb5/Makefile.ssl b/lib/libcrypto/krb5/Makefile.ssl index 7ad0cbb0bcc..d9224c0f092 100644 --- a/lib/libcrypto/krb5/Makefile.ssl +++ b/lib/libcrypto/krb5/Makefile.ssl @@ -41,7 +41,7 @@ all: lib lib: $(LIBOBJ) $(AR) $(LIB) $(LIBOBJ) - $(RANLIB) $(LIB) + $(RANLIB) $(LIB) || echo Never mind. @touch lib files: @@ -69,7 +69,7 @@ lint: lint -DLINT $(INCLUDES) $(SRC)>fluff depend: - $(MAKEDEPEND) $(CFLAG) $(INCLUDES) $(DEPFLAG) $(LIBSRC) + $(MAKEDEPEND) -- $(CFLAG) $(INCLUDES) $(DEPFLAG) -- $(LIBSRC) dclean: $(PERL) -pe 'if (/^# DO NOT DELETE THIS LINE/) {print; exit(0);}' $(MAKEFILE) >Makefile.new diff --git a/lib/libcrypto/lhash/Makefile.ssl b/lib/libcrypto/lhash/Makefile.ssl index b3ad272cf72..60e7ee33931 100644 --- a/lib/libcrypto/lhash/Makefile.ssl +++ b/lib/libcrypto/lhash/Makefile.ssl @@ -68,7 +68,7 @@ lint: lint -DLINT $(INCLUDES) $(SRC)>fluff depend: - $(MAKEDEPEND) $(CFLAG) $(INCLUDES) $(DEPFLAG) $(PROGS) $(LIBSRC) + $(MAKEDEPEND) -- $(CFLAG) $(INCLUDES) $(DEPFLAG) -- $(PROGS) $(LIBSRC) dclean: $(PERL) -pe 'if (/^# DO NOT DELETE THIS LINE/) {print; exit(0);}' $(MAKEFILE) >Makefile.new diff --git a/lib/libcrypto/lhash/lh_stats.c b/lib/libcrypto/lhash/lh_stats.c index 8e6f57c7418..5aa7766aa61 100644 --- a/lib/libcrypto/lhash/lh_stats.c +++ b/lib/libcrypto/lhash/lh_stats.c @@ -179,63 +179,29 @@ end:; void lh_stats_bio(const LHASH *lh, BIO *out) { - char buf[128]; - - snprintf(buf,sizeof buf,"num_items = %lu\n",lh->num_items); - BIO_puts(out,buf); - snprintf(buf,sizeof buf,"num_nodes = %u\n",lh->num_nodes); - BIO_puts(out,buf); - snprintf(buf,sizeof buf,"num_alloc_nodes = %u\n", - lh->num_alloc_nodes); - BIO_puts(out,buf); - snprintf(buf,sizeof buf,"num_expands = %lu\n", - lh->num_expands); - BIO_puts(out,buf); - snprintf(buf,sizeof buf,"num_expand_reallocs = %lu\n", - lh->num_expand_reallocs); - BIO_puts(out,buf); - snprintf(buf,sizeof buf,"num_contracts = %lu\n", - lh->num_contracts); - BIO_puts(out,buf); - snprintf(buf,sizeof buf,"num_contract_reallocs = %lu\n", - lh->num_contract_reallocs); - BIO_puts(out,buf); - snprintf(buf,sizeof buf,"num_hash_calls = %lu\n", - lh->num_hash_calls); - BIO_puts(out,buf); - snprintf(buf,sizeof buf,"num_comp_calls = %lu\n", - lh->num_comp_calls); - BIO_puts(out,buf); - snprintf(buf,sizeof buf,"num_insert = %lu\n", - lh->num_insert); - BIO_puts(out,buf); - snprintf(buf,sizeof buf,"num_replace = %lu\n", - lh->num_replace); - BIO_puts(out,buf); - snprintf(buf,sizeof buf,"num_delete = %lu\n", - lh->num_delete); - BIO_puts(out,buf); - snprintf(buf,sizeof buf,"num_no_delete = %lu\n", - lh->num_no_delete); - BIO_puts(out,buf); - snprintf(buf,sizeof buf,"num_retrieve = %lu\n", - lh->num_retrieve); - BIO_puts(out,buf); - snprintf(buf,sizeof buf,"num_retrieve_miss = %lu\n", - lh->num_retrieve_miss); - BIO_puts(out,buf); - snprintf(buf,sizeof buf,"num_hash_comps = %lu\n", - lh->num_hash_comps); - BIO_puts(out,buf); + BIO_printf(out,"num_items = %lu\n",lh->num_items); + BIO_printf(out,"num_nodes = %u\n",lh->num_nodes); + BIO_printf(out,"num_alloc_nodes = %u\n",lh->num_alloc_nodes); + BIO_printf(out,"num_expands = %lu\n",lh->num_expands); + BIO_printf(out,"num_expand_reallocs = %lu\n", + lh->num_expand_reallocs); + BIO_printf(out,"num_contracts = %lu\n",lh->num_contracts); + BIO_printf(out,"num_contract_reallocs = %lu\n", + lh->num_contract_reallocs); + BIO_printf(out,"num_hash_calls = %lu\n",lh->num_hash_calls); + BIO_printf(out,"num_comp_calls = %lu\n",lh->num_comp_calls); + BIO_printf(out,"num_insert = %lu\n",lh->num_insert); + BIO_printf(out,"num_replace = %lu\n",lh->num_replace); + BIO_printf(out,"num_delete = %lu\n",lh->num_delete); + BIO_printf(out,"num_no_delete = %lu\n",lh->num_no_delete); + BIO_printf(out,"num_retrieve = %lu\n",lh->num_retrieve); + BIO_printf(out,"num_retrieve_miss = %lu\n",lh->num_retrieve_miss); + BIO_printf(out,"num_hash_comps = %lu\n",lh->num_hash_comps); #if 0 - snprintf(buf,sizeof buf,"p = %u\n",lh->p); - BIO_puts(out,buf); - snprintf(buf,sizeof buf,"pmax = %u\n",lh->pmax); - BIO_puts(out,buf); - snprintf(buf,sizeof buf,"up_load = %lu\n",lh->up_load); - BIO_puts(out,buf); - snprintf(buf,sizeof buf,"down_load = %lu\n",lh->down_load); - BIO_puts(out,buf); + BIO_printf(out,"p = %u\n",lh->p); + BIO_printf(out,"pmax = %u\n",lh->pmax); + BIO_printf(out,"up_load = %lu\n",lh->up_load); + BIO_printf(out,"down_load = %lu\n",lh->down_load); #endif } @@ -243,14 +209,12 @@ void lh_node_stats_bio(const LHASH *lh, BIO *out) { LHASH_NODE *n; unsigned int i,num; - char buf[128]; for (i=0; i<lh->num_nodes; i++) { for (n=lh->b[i],num=0; n != NULL; n=n->next) num++; - snprintf(buf,sizeof buf,"node %6u -> %3u\n",i,num); - BIO_puts(out,buf); + BIO_printf(out,"node %6u -> %3u\n",i,num); } } @@ -260,7 +224,6 @@ void lh_node_usage_stats_bio(const LHASH *lh, BIO *out) unsigned long num; unsigned int i; unsigned long total=0,n_used=0; - char buf[128]; for (i=0; i<lh->num_nodes; i++) { @@ -272,18 +235,14 @@ void lh_node_usage_stats_bio(const LHASH *lh, BIO *out) total+=num; } } - snprintf(buf,sizeof buf,"%lu nodes used out of %u\n",n_used, - lh->num_nodes); - BIO_puts(out,buf); - snprintf(buf,sizeof buf,"%lu items\n",total); - BIO_puts(out,buf); + BIO_printf(out,"%lu nodes used out of %u\n",n_used,lh->num_nodes); + BIO_printf(out,"%lu items\n",total); if (n_used == 0) return; - snprintf(buf,sizeof buf,"load %d.%02d actual load %d.%02d\n", - (int)(total/lh->num_nodes), - (int)((total%lh->num_nodes)*100/lh->num_nodes), - (int)(total/n_used), - (int)((total%n_used)*100/n_used)); - BIO_puts(out,buf); + BIO_printf(out,"load %d.%02d actual load %d.%02d\n", + (int)(total/lh->num_nodes), + (int)((total%lh->num_nodes)*100/lh->num_nodes), + (int)(total/n_used), + (int)((total%n_used)*100/n_used)); } #endif diff --git a/lib/libcrypto/md2/Makefile.ssl b/lib/libcrypto/md2/Makefile.ssl index e89a17f3a43..3206924c900 100644 --- a/lib/libcrypto/md2/Makefile.ssl +++ b/lib/libcrypto/md2/Makefile.ssl @@ -68,7 +68,7 @@ lint: lint -DLINT $(INCLUDES) $(SRC)>fluff depend: - $(MAKEDEPEND) $(CFLAG) $(INCLUDES) $(DEPFLAG) $(PROGS) $(LIBSRC) + $(MAKEDEPEND) -- $(CFLAG) $(INCLUDES) $(DEPFLAG) -- $(PROGS) $(LIBSRC) dclean: $(PERL) -pe 'if (/^# DO NOT DELETE THIS LINE/) {print; exit(0);}' $(MAKEFILE) >Makefile.new @@ -79,8 +79,11 @@ clean: # DO NOT DELETE THIS LINE -- make depend depends on it. +md2_dgst.o: ../../include/openssl/crypto.h ../../include/openssl/e_os2.h md2_dgst.o: ../../include/openssl/md2.h ../../include/openssl/opensslconf.h -md2_dgst.o: ../../include/openssl/opensslv.h md2_dgst.c +md2_dgst.o: ../../include/openssl/opensslv.h ../../include/openssl/safestack.h +md2_dgst.o: ../../include/openssl/stack.h ../../include/openssl/symhacks.h +md2_dgst.o: md2_dgst.c md2_one.o: ../../e_os.h ../../include/openssl/bio.h md2_one.o: ../../include/openssl/buffer.h ../../include/openssl/crypto.h md2_one.o: ../../include/openssl/e_os2.h ../../include/openssl/err.h diff --git a/lib/libcrypto/md2/md2_dgst.c b/lib/libcrypto/md2/md2_dgst.c index e25dd00e026..ecb64f0ec40 100644 --- a/lib/libcrypto/md2/md2_dgst.c +++ b/lib/libcrypto/md2/md2_dgst.c @@ -61,6 +61,7 @@ #include <string.h> #include <openssl/md2.h> #include <openssl/opensslv.h> +#include <openssl/crypto.h> const char *MD2_version="MD2" OPENSSL_VERSION_PTEXT; @@ -118,9 +119,9 @@ const char *MD2_options(void) int MD2_Init(MD2_CTX *c) { c->num=0; - memset(c->state,0,MD2_BLOCK*sizeof(MD2_INT)); - memset(c->cksm,0,MD2_BLOCK*sizeof(MD2_INT)); - memset(c->data,0,MD2_BLOCK); + memset(c->state,0,sizeof c->state); + memset(c->cksm,0,sizeof c->cksm); + memset(c->data,0,sizeof c->data); return 1; } @@ -196,7 +197,7 @@ static void md2_block(MD2_CTX *c, const unsigned char *d) t=(t+i)&0xff; } memcpy(sp1,state,16*sizeof(MD2_INT)); - memset(state,0,48*sizeof(MD2_INT)); + OPENSSL_cleanse(state,48*sizeof(MD2_INT)); } int MD2_Final(unsigned char *md, MD2_CTX *c) diff --git a/lib/libcrypto/md2/md2_one.c b/lib/libcrypto/md2/md2_one.c index b12c37ce4de..835160ef56d 100644 --- a/lib/libcrypto/md2/md2_one.c +++ b/lib/libcrypto/md2/md2_one.c @@ -88,6 +88,6 @@ unsigned char *MD2(const unsigned char *d, unsigned long n, unsigned char *md) } #endif MD2_Final(md,&c); - memset(&c,0,sizeof(c)); /* Security consideration */ + OPENSSL_cleanse(&c,sizeof(c)); /* Security consideration */ return(md); } diff --git a/lib/libcrypto/md2/md2test.c b/lib/libcrypto/md2/md2test.c index 7d3664faf59..901d0a7d8ea 100644 --- a/lib/libcrypto/md2/md2test.c +++ b/lib/libcrypto/md2/md2test.c @@ -61,6 +61,8 @@ #include <string.h> #include <openssl/md2.h> +#include "../e_os.h" + #ifdef OPENSSL_NO_MD2 int main(int argc, char *argv[]) { @@ -122,8 +124,7 @@ int main(int argc, char *argv[]) R++; P++; } - exit(err); - return(0); + EXIT(err); } static char *pt(unsigned char *md) diff --git a/lib/libcrypto/md32_common.h b/lib/libcrypto/md32_common.h index 353d2b96add..573850b1228 100644 --- a/lib/libcrypto/md32_common.h +++ b/lib/libcrypto/md32_common.h @@ -1,6 +1,6 @@ /* crypto/md32_common.h */ /* ==================================================================== - * Copyright (c) 1999 The OpenSSL Project. All rights reserved. + * Copyright (c) 1999-2002 The OpenSSL Project. All rights reserved. * * Redistribution and use in source and binary forms, with or without * modification, are permitted provided that the following conditions @@ -198,7 +198,7 @@ * * <appro@fy.chalmers.se> */ -# if defined(__i386) || defined(__i386__) +# if defined(__i386) || defined(__i386__) || defined(__x86_64) || defined(__x86_64__) # define ROTATE(a,n) ({ register unsigned int ret; \ asm ( \ "roll %1,%0" \ @@ -224,7 +224,7 @@ */ # if defined(__GNUC__) && __GNUC__>=2 && !defined(OPENSSL_NO_ASM) && !defined(OPENSSL_NO_INLINE_ASM) /* some GNU C inline assembler templates by <appro@fy.chalmers.se> */ -# if (defined(__i386) || defined(__i386__)) && !defined(I386_ONLY) +# if (defined(__i386) || defined(__i386__) || defined(__x86_64) || defined(__x86_64__)) && !defined(I386_ONLY) # define BE_FETCH32(a) ({ register unsigned int l=(a);\ asm ( \ "bswapl %0" \ @@ -456,7 +456,10 @@ int HASH_UPDATE (HASH_CTX *c, const void *data_, unsigned long len) { ew=(c->num>>2); ec=(c->num&0x03); - l=p[sw]; HOST_p_c2l(data,l,sc); p[sw++]=l; + if (sc) + l=p[sw]; + HOST_p_c2l(data,l,sc); + p[sw++]=l; for (; sw < ew; sw++) { HOST_c2l(data,l); p[sw]=l; @@ -603,7 +606,32 @@ int HASH_FINAL (unsigned char *md, HASH_CTX *c) c->num=0; /* clear stuff, HASH_BLOCK may be leaving some stuff on the stack * but I'm not worried :-) - memset((void *)c,0,sizeof(HASH_CTX)); + OPENSSL_cleanse((void *)c,sizeof(HASH_CTX)); */ return 1; } + +#ifndef MD32_REG_T +#define MD32_REG_T long +/* + * This comment was originaly written for MD5, which is why it + * discusses A-D. But it basically applies to all 32-bit digests, + * which is why it was moved to common header file. + * + * In case you wonder why A-D are declared as long and not + * as MD5_LONG. Doing so results in slight performance + * boost on LP64 architectures. The catch is we don't + * really care if 32 MSBs of a 64-bit register get polluted + * with eventual overflows as we *save* only 32 LSBs in + * *either* case. Now declaring 'em long excuses the compiler + * from keeping 32 MSBs zeroed resulting in 13% performance + * improvement under SPARC Solaris7/64 and 5% under AlphaLinux. + * Well, to be honest it should say that this *prevents* + * performance degradation. + * <appro@fy.chalmers.se> + * Apparently there're LP64 compilers that generate better + * code if A-D are declared int. Most notably GCC-x86_64 + * generates better code. + * <appro@fy.chalmers.se> + */ +#endif diff --git a/lib/libcrypto/md4/Makefile.ssl b/lib/libcrypto/md4/Makefile.ssl index 1de72571d8e..7d2e8d8d3b3 100644 --- a/lib/libcrypto/md4/Makefile.ssl +++ b/lib/libcrypto/md4/Makefile.ssl @@ -69,7 +69,7 @@ lint: lint -DLINT $(INCLUDES) $(SRC)>fluff depend: - $(MAKEDEPEND) $(CFLAG) $(INCLUDES) $(DEPFLAG) $(PROGS) $(LIBSRC) + $(MAKEDEPEND) -- $(CFLAG) $(INCLUDES) $(DEPFLAG) -- $(PROGS) $(LIBSRC) dclean: $(PERL) -pe 'if (/^# DO NOT DELETE THIS LINE/) {print; exit(0);}' $(MAKEFILE) >Makefile.new @@ -84,5 +84,8 @@ md4_dgst.o: ../../include/openssl/e_os2.h ../../include/openssl/md4.h md4_dgst.o: ../../include/openssl/opensslconf.h md4_dgst.o: ../../include/openssl/opensslv.h ../md32_common.h md4_dgst.c md4_dgst.o: md4_locl.h -md4_one.o: ../../include/openssl/e_os2.h ../../include/openssl/md4.h -md4_one.o: ../../include/openssl/opensslconf.h md4_one.c +md4_one.o: ../../include/openssl/crypto.h ../../include/openssl/e_os2.h +md4_one.o: ../../include/openssl/md4.h ../../include/openssl/opensslconf.h +md4_one.o: ../../include/openssl/opensslv.h ../../include/openssl/safestack.h +md4_one.o: ../../include/openssl/stack.h ../../include/openssl/symhacks.h +md4_one.o: md4_one.c diff --git a/lib/libcrypto/md4/md4.c b/lib/libcrypto/md4/md4.c index e4b0aac0117..141415ad4df 100644 --- a/lib/libcrypto/md4/md4.c +++ b/lib/libcrypto/md4/md4.c @@ -64,7 +64,7 @@ void do_fp(FILE *f); void pt(unsigned char *md); -#ifndef _OSD_POSIX +#if !defined(_OSD_POSIX) && !defined(__DJGPP__) int read(int, void *, unsigned int); #endif @@ -108,7 +108,7 @@ void do_fp(FILE *f) MD4_Init(&c); for (;;) { - i=read(fd,buf,BUFSIZE); + i=read(fd,buf,sizeof buf); if (i <= 0) break; MD4_Update(&c,buf,(unsigned long)i); } diff --git a/lib/libcrypto/md4/md4_dgst.c b/lib/libcrypto/md4/md4_dgst.c index 6446f5f5e7e..7afb7185b68 100644 --- a/lib/libcrypto/md4/md4_dgst.c +++ b/lib/libcrypto/md4/md4_dgst.c @@ -86,21 +86,7 @@ int MD4_Init(MD4_CTX *c) void md4_block_host_order (MD4_CTX *c, const void *data, int num) { const MD4_LONG *X=data; - register unsigned long A,B,C,D; - /* - * In case you wonder why A-D are declared as long and not - * as MD4_LONG. Doing so results in slight performance - * boost on LP64 architectures. The catch is we don't - * really care if 32 MSBs of a 64-bit register get polluted - * with eventual overflows as we *save* only 32 LSBs in - * *either* case. Now declaring 'em long excuses the compiler - * from keeping 32 MSBs zeroed resulting in 13% performance - * improvement under SPARC Solaris7/64 and 5% under AlphaLinux. - * Well, to be honest it should say that this *prevents* - * performance degradation. - * - * <appro@fy.chalmers.se> - */ + register unsigned MD32_REG_T A,B,C,D; A=c->A; B=c->B; @@ -176,25 +162,11 @@ void md4_block_host_order (MD4_CTX *c, const void *data, int num) void md4_block_data_order (MD4_CTX *c, const void *data_, int num) { const unsigned char *data=data_; - register unsigned long A,B,C,D,l; - /* - * In case you wonder why A-D are declared as long and not - * as MD4_LONG. Doing so results in slight performance - * boost on LP64 architectures. The catch is we don't - * really care if 32 MSBs of a 64-bit register get polluted - * with eventual overflows as we *save* only 32 LSBs in - * *either* case. Now declaring 'em long excuses the compiler - * from keeping 32 MSBs zeroed resulting in 13% performance - * improvement under SPARC Solaris7/64 and 5% under AlphaLinux. - * Well, to be honest it should say that this *prevents* - * performance degradation. - * - * <appro@fy.chalmers.se> - */ + register unsigned MD32_REG_T A,B,C,D,l; #ifndef MD32_XARRAY /* See comment in crypto/sha/sha_locl.h for details. */ - unsigned long XX0, XX1, XX2, XX3, XX4, XX5, XX6, XX7, - XX8, XX9,XX10,XX11,XX12,XX13,XX14,XX15; + unsigned MD32_REG_T XX0, XX1, XX2, XX3, XX4, XX5, XX6, XX7, + XX8, XX9,XX10,XX11,XX12,XX13,XX14,XX15; # define X(i) XX##i #else MD4_LONG XX[MD4_LBLOCK]; diff --git a/lib/libcrypto/md4/md4_one.c b/lib/libcrypto/md4/md4_one.c index 87a995d38d4..00565507e4b 100644 --- a/lib/libcrypto/md4/md4_one.c +++ b/lib/libcrypto/md4/md4_one.c @@ -59,6 +59,7 @@ #include <stdio.h> #include <string.h> #include <openssl/md4.h> +#include <openssl/crypto.h> #ifdef CHARSET_EBCDIC #include <openssl/ebcdic.h> @@ -89,7 +90,7 @@ unsigned char *MD4(const unsigned char *d, unsigned long n, unsigned char *md) } #endif MD4_Final(md,&c); - memset(&c,0,sizeof(c)); /* security consideration */ + OPENSSL_cleanse(&c,sizeof(c)); /* security consideration */ return(md); } diff --git a/lib/libcrypto/md4/md4test.c b/lib/libcrypto/md4/md4test.c index e0fdc42282d..21a77d96f71 100644 --- a/lib/libcrypto/md4/md4test.c +++ b/lib/libcrypto/md4/md4test.c @@ -60,6 +60,8 @@ #include <string.h> #include <stdlib.h> +#include "../e_os.h" + #ifdef OPENSSL_NO_MD4 int main(int argc, char *argv[]) { @@ -118,7 +120,7 @@ int main(int argc, char *argv[]) R++; P++; } - exit(err); + EXIT(err); return(0); } diff --git a/lib/libcrypto/md5/Makefile.ssl b/lib/libcrypto/md5/Makefile.ssl index 5f1bbfb8ffb..b11ab476d6a 100644 --- a/lib/libcrypto/md5/Makefile.ssl +++ b/lib/libcrypto/md5/Makefile.ssl @@ -21,14 +21,6 @@ MD5_ASM_OBJ= CFLAGS= $(INCLUDES) $(CFLAG) -# We let the C compiler driver to take care of .s files. This is done in -# order to be excused from maintaining a separate set of architecture -# dependent assembler flags. E.g. if you throw -mcpu=ultrasparc at SPARC -# gcc, then the driver will automatically translate it to -xarch=v8plus -# and pass it down to assembler. -AS=$(CC) -c -ASFLAGS=$(CFLAGS) - GENERAL=Makefile TEST=md5test.c APPS= @@ -55,14 +47,8 @@ lib: $(LIBOBJ) @touch lib # elf -asm/mx86-elf.o: asm/mx86unix.cpp - $(CPP) -DELF -x c asm/mx86unix.cpp | as -o asm/mx86-elf.o - -# solaris -asm/mx86-sol.o: asm/mx86unix.cpp - $(CC) -E -DSOL asm/mx86unix.cpp | sed 's/^#.*//' > asm/mx86-sol.s - as -o asm/mx86-sol.o asm/mx86-sol.s - rm -f asm/mx86-sol.s +asm/mx86-elf.s: asm/md5-586.pl ../perlasm/x86asm.pl + (cd asm; $(PERL) md5-586.pl elf $(CFLAGS) > mx86-elf.s) # a.out asm/mx86-out.o: asm/mx86unix.cpp @@ -118,18 +104,23 @@ lint: lint -DLINT $(INCLUDES) $(SRC)>fluff depend: - $(MAKEDEPEND) $(CFLAG) $(INCLUDES) $(DEPFLAG) $(PROGS) $(LIBSRC) + $(MAKEDEPEND) -- $(CFLAG) $(INCLUDES) $(DEPFLAG) -- $(PROGS) $(LIBSRC) dclean: $(PERL) -pe 'if (/^# DO NOT DELETE THIS LINE/) {print; exit(0);}' $(MAKEFILE) >Makefile.new mv -f Makefile.new $(MAKEFILE) clean: - rm -f asm/mx86unix.cpp *.o asm/*.o *.obj lib tags core .pure .nfs* *.old *.bak fluff + rm -f asm/mx86unix.cpp asm/*-elf.* *.o asm/*.o *.obj lib tags core .pure .nfs* *.old *.bak fluff # DO NOT DELETE THIS LINE -- make depend depends on it. -md5_dgst.o: ../../include/openssl/md5.h ../../include/openssl/opensslconf.h +md5_dgst.o: ../../include/openssl/e_os2.h ../../include/openssl/md5.h +md5_dgst.o: ../../include/openssl/opensslconf.h md5_dgst.o: ../../include/openssl/opensslv.h ../md32_common.h md5_dgst.c md5_dgst.o: md5_locl.h -md5_one.o: ../../include/openssl/md5.h md5_one.c +md5_one.o: ../../include/openssl/crypto.h ../../include/openssl/e_os2.h +md5_one.o: ../../include/openssl/md5.h ../../include/openssl/opensslconf.h +md5_one.o: ../../include/openssl/opensslv.h ../../include/openssl/safestack.h +md5_one.o: ../../include/openssl/stack.h ../../include/openssl/symhacks.h +md5_one.o: md5_one.c diff --git a/lib/libcrypto/md5/md5.c b/lib/libcrypto/md5/md5.c index 7ed0024ae19..563733abc50 100644 --- a/lib/libcrypto/md5/md5.c +++ b/lib/libcrypto/md5/md5.c @@ -64,7 +64,7 @@ void do_fp(FILE *f); void pt(unsigned char *md); -#ifndef _OSD_POSIX +#if !defined(_OSD_POSIX) && !defined(__DJGPP__) int read(int, void *, unsigned int); #endif diff --git a/lib/libcrypto/md5/md5.h b/lib/libcrypto/md5/md5.h index 52cb753e6a9..a252e021154 100644 --- a/lib/libcrypto/md5/md5.h +++ b/lib/libcrypto/md5/md5.h @@ -59,6 +59,8 @@ #ifndef HEADER_MD5_H #define HEADER_MD5_H +#include <openssl/e_os2.h> + #ifdef __cplusplus extern "C" { #endif @@ -76,7 +78,7 @@ extern "C" { #if defined(OPENSSL_SYS_WIN16) || defined(__LP32__) #define MD5_LONG unsigned long -#elif defined(OENSSL_SYS_CRAY) || defined(__ILP64__) +#elif defined(OPENSSL_SYS_CRAY) || defined(__ILP64__) #define MD5_LONG unsigned long #define MD5_LONG_LOG2 3 /* diff --git a/lib/libcrypto/md5/md5_dgst.c b/lib/libcrypto/md5/md5_dgst.c index c38a3f021e9..9c7abc36972 100644 --- a/lib/libcrypto/md5/md5_dgst.c +++ b/lib/libcrypto/md5/md5_dgst.c @@ -86,21 +86,7 @@ int MD5_Init(MD5_CTX *c) void md5_block_host_order (MD5_CTX *c, const void *data, int num) { const MD5_LONG *X=data; - register unsigned long A,B,C,D; - /* - * In case you wonder why A-D are declared as long and not - * as MD5_LONG. Doing so results in slight performance - * boost on LP64 architectures. The catch is we don't - * really care if 32 MSBs of a 64-bit register get polluted - * with eventual overflows as we *save* only 32 LSBs in - * *either* case. Now declaring 'em long excuses the compiler - * from keeping 32 MSBs zeroed resulting in 13% performance - * improvement under SPARC Solaris7/64 and 5% under AlphaLinux. - * Well, to be honest it should say that this *prevents* - * performance degradation. - * - * <appro@fy.chalmers.se> - */ + register unsigned MD32_REG_T A,B,C,D; A=c->A; B=c->B; @@ -193,25 +179,11 @@ void md5_block_host_order (MD5_CTX *c, const void *data, int num) void md5_block_data_order (MD5_CTX *c, const void *data_, int num) { const unsigned char *data=data_; - register unsigned long A,B,C,D,l; - /* - * In case you wonder why A-D are declared as long and not - * as MD5_LONG. Doing so results in slight performance - * boost on LP64 architectures. The catch is we don't - * really care if 32 MSBs of a 64-bit register get polluted - * with eventual overflows as we *save* only 32 LSBs in - * *either* case. Now declaring 'em long excuses the compiler - * from keeping 32 MSBs zeroed resulting in 13% performance - * improvement under SPARC Solaris7/64 and 5% under AlphaLinux. - * Well, to be honest it should say that this *prevents* - * performance degradation. - * - * <appro@fy.chalmers.se> - */ + register unsigned MD32_REG_T A,B,C,D,l; #ifndef MD32_XARRAY /* See comment in crypto/sha/sha_locl.h for details. */ - unsigned long XX0, XX1, XX2, XX3, XX4, XX5, XX6, XX7, - XX8, XX9,XX10,XX11,XX12,XX13,XX14,XX15; + unsigned MD32_REG_T XX0, XX1, XX2, XX3, XX4, XX5, XX6, XX7, + XX8, XX9,XX10,XX11,XX12,XX13,XX14,XX15; # define X(i) XX##i #else MD5_LONG XX[MD5_LBLOCK]; diff --git a/lib/libcrypto/md5/md5_locl.h b/lib/libcrypto/md5/md5_locl.h index 34c5257306d..9e360da732a 100644 --- a/lib/libcrypto/md5/md5_locl.h +++ b/lib/libcrypto/md5/md5_locl.h @@ -58,7 +58,7 @@ #include <stdlib.h> #include <string.h> -#include <openssl/opensslconf.h> +#include <openssl/e_os2.h> #include <openssl/md5.h> #ifndef MD5_LONG_LOG2 diff --git a/lib/libcrypto/md5/md5_one.c b/lib/libcrypto/md5/md5_one.c index b89dec850d2..c5dd2d81db4 100644 --- a/lib/libcrypto/md5/md5_one.c +++ b/lib/libcrypto/md5/md5_one.c @@ -59,6 +59,7 @@ #include <stdio.h> #include <string.h> #include <openssl/md5.h> +#include <openssl/crypto.h> #ifdef CHARSET_EBCDIC #include <openssl/ebcdic.h> @@ -89,7 +90,7 @@ unsigned char *MD5(const unsigned char *d, unsigned long n, unsigned char *md) } #endif MD5_Final(md,&c); - memset(&c,0,sizeof(c)); /* security consideration */ + OPENSSL_cleanse(&c,sizeof(c)); /* security consideration */ return(md); } diff --git a/lib/libcrypto/md5/md5test.c b/lib/libcrypto/md5/md5test.c index 862b89658aa..bfd62629ed2 100644 --- a/lib/libcrypto/md5/md5test.c +++ b/lib/libcrypto/md5/md5test.c @@ -60,6 +60,8 @@ #include <string.h> #include <stdlib.h> +#include "../e_os.h" + #ifdef OPENSSL_NO_MD5 int main(int argc, char *argv[]) { @@ -118,7 +120,7 @@ int main(int argc, char *argv[]) R++; P++; } - exit(err); + EXIT(err); return(0); } diff --git a/lib/libcrypto/mdc2/Makefile.ssl b/lib/libcrypto/mdc2/Makefile.ssl index 087b8eb9eea..33f366fb087 100644 --- a/lib/libcrypto/mdc2/Makefile.ssl +++ b/lib/libcrypto/mdc2/Makefile.ssl @@ -68,7 +68,7 @@ lint: lint -DLINT $(INCLUDES) $(SRC)>fluff depend: - $(MAKEDEPEND) $(CFLAG) $(INCLUDES) $(DEPFLAG) $(PROGS) $(LIBSRC) + $(MAKEDEPEND) -- $(CFLAG) $(INCLUDES) $(DEPFLAG) -- $(PROGS) $(LIBSRC) dclean: $(PERL) -pe 'if (/^# DO NOT DELETE THIS LINE/) {print; exit(0);}' $(MAKEFILE) >Makefile.new diff --git a/lib/libcrypto/mem.c b/lib/libcrypto/mem.c index 87d0ebc7144..29df7d35b24 100644 --- a/lib/libcrypto/mem.c +++ b/lib/libcrypto/mem.c @@ -250,6 +250,7 @@ void CRYPTO_get_mem_debug_functions(void (**m)(void *,int,const char *,int,int), void *CRYPTO_malloc_locked(int num, const char *file, int line) { void *ret = NULL; + extern unsigned char cleanse_ctr; if (num < 0) return NULL; @@ -266,6 +267,12 @@ void *CRYPTO_malloc_locked(int num, const char *file, int line) if (malloc_debug_func != NULL) malloc_debug_func(ret, num, file, line, 1); + /* Create a dependency on the value of 'cleanse_ctr' so our memory + * sanitisation function can't be optimised out. NB: We only do + * this for >2Kb so the overhead doesn't bother us. */ + if(ret && (num > 2048)) + ((unsigned char *)ret)[0] = cleanse_ctr; + return ret; } @@ -284,6 +291,7 @@ void CRYPTO_free_locked(void *str) void *CRYPTO_malloc(int num, const char *file, int line) { void *ret = NULL; + extern unsigned char cleanse_ctr; if (num < 0) return NULL; @@ -300,6 +308,12 @@ void *CRYPTO_malloc(int num, const char *file, int line) if (malloc_debug_func != NULL) malloc_debug_func(ret, num, file, line, 1); + /* Create a dependency on the value of 'cleanse_ctr' so our memory + * sanitisation function can't be optimised out. NB: We only do + * this for >2Kb so the overhead doesn't bother us. */ + if(ret && (num > 2048)) + ((unsigned char *)ret)[0] = cleanse_ctr; + return ret; } @@ -310,8 +324,8 @@ void *CRYPTO_realloc(void *str, int num, const char *file, int line) if (str == NULL) return CRYPTO_malloc(num, file, line); - if (num < 0) return NULL; - + if (num < 0) return NULL; + if (realloc_debug_func != NULL) realloc_debug_func(str, NULL, num, file, line, 0); ret = realloc_ex_func(str,num,file,line); @@ -324,6 +338,32 @@ void *CRYPTO_realloc(void *str, int num, const char *file, int line) return ret; } +void *CRYPTO_realloc_clean(void *str, int old_len, int num, const char *file, + int line) + { + void *ret = NULL; + + if (str == NULL) + return CRYPTO_malloc(num, file, line); + + if (num < 0) return NULL; + + if (realloc_debug_func != NULL) + realloc_debug_func(str, NULL, num, file, line, 0); + ret=malloc_ex_func(num,file,line); + if(ret) + memcpy(ret,str,old_len); + OPENSSL_cleanse(str,old_len); + free_func(str); +#ifdef LEVITTE_DEBUG_MEM + fprintf(stderr, "LEVITTE_DEBUG_MEM: | 0x%p -> 0x%p (%d)\n", str, ret, num); +#endif + if (realloc_debug_func != NULL) + realloc_debug_func(str, ret, num, file, line, 1); + + return ret; + } + void CRYPTO_free(void *str) { if (free_debug_func != NULL) @@ -343,7 +383,6 @@ void *CRYPTO_remalloc(void *a, int num, const char *file, int line) return(a); } - void CRYPTO_set_mem_debug_options(long bits) { if (set_debug_options_func != NULL) diff --git a/lib/libcrypto/mem_dbg.c b/lib/libcrypto/mem_dbg.c index ea94eee6f4d..9221df00bdb 100644 --- a/lib/libcrypto/mem_dbg.c +++ b/lib/libcrypto/mem_dbg.c @@ -102,6 +102,8 @@ typedef struct app_mem_info_st int references; } APP_INFO; +static void app_info_free(APP_INFO *); + static LHASH *amih=NULL; /* hash-table with those app_mem_info_st's * that are at the top of their thread's stack * (with `thread' as key); @@ -140,6 +142,18 @@ static unsigned long disabling_thread = 0; /* Valid iff num_disable > 0. * thread named in disabling_thread). */ +static void app_info_free(APP_INFO *inf) + { + if (--(inf->references) <= 0) + { + if (inf->next != NULL) + { + app_info_free(inf->next); + } + OPENSSL_free(inf); + } + } + int CRYPTO_mem_ctrl(int mode) { int ret=mh_mode; @@ -502,9 +516,7 @@ void CRYPTO_dbg_free(void *addr, int before_p) mp->order, mp->addr, mp->num); #endif if (mp->app_info != NULL) - { - mp->app_info->references--; - } + app_info_free(mp->app_info); OPENSSL_free(mp); } @@ -669,7 +681,6 @@ static IMPLEMENT_LHASH_DOALL_ARG_FN(print_leak, const MEM *, MEM_LEAK *) void CRYPTO_mem_leaks(BIO *b) { MEM_LEAK ml; - char buf[80]; if (mh == NULL && amih == NULL) return; @@ -684,9 +695,8 @@ void CRYPTO_mem_leaks(BIO *b) (char *)&ml); if (ml.chunks != 0) { - snprintf(buf,sizeof buf,"%ld bytes leaked in %d chunks\n", - ml.bytes,ml.chunks); - BIO_puts(b,buf); + BIO_printf(b,"%ld bytes leaked in %d chunks\n", + ml.bytes,ml.chunks); } else { diff --git a/lib/libcrypto/o_time.c b/lib/libcrypto/o_time.c index 1bc0297b365..723eb1b5af7 100644 --- a/lib/libcrypto/o_time.c +++ b/lib/libcrypto/o_time.c @@ -80,6 +80,9 @@ struct tm *OPENSSL_gmtime(const time_t *timer, struct tm *result) ts = result; #elif !defined(OPENSSL_SYS_VMS) ts = gmtime(timer); + if (ts == NULL) + return NULL; + memcpy(result, ts, sizeof(struct tm)); ts = result; #endif diff --git a/lib/libcrypto/objects/Makefile.ssl b/lib/libcrypto/objects/Makefile.ssl index cd5cbc95ce6..3e7a194cf99 100644 --- a/lib/libcrypto/objects/Makefile.ssl +++ b/lib/libcrypto/objects/Makefile.ssl @@ -76,7 +76,7 @@ lint: lint -DLINT $(INCLUDES) $(SRC)>fluff depend: - $(MAKEDEPEND) $(CFLAG) $(INCLUDES) $(DEPFLAG) $(PROGS) $(LIBSRC) + $(MAKEDEPEND) -- $(CFLAG) $(INCLUDES) $(DEPFLAG) -- $(PROGS) $(LIBSRC) dclean: $(PERL) -pe 'if (/^# DO NOT DELETE THIS LINE/) {print; exit(0);}' $(MAKEFILE) >Makefile.new diff --git a/lib/libcrypto/objects/obj_dat.c b/lib/libcrypto/objects/obj_dat.c index 202bd168ac2..ae97108e93d 100644 --- a/lib/libcrypto/objects/obj_dat.c +++ b/lib/libcrypto/objects/obj_dat.c @@ -464,7 +464,7 @@ int OBJ_obj2txt(char *buf, int buf_len, const ASN1_OBJECT *a, int no_name) snprintf(tbuf,sizeof tbuf,"%d.%lu",i,l); i=strlen(tbuf); - strncpy(buf,tbuf,buf_len); + BUF_strlcpy(buf,tbuf,buf_len); buf_len-=i; buf+=i; n+=i; @@ -476,7 +476,7 @@ int OBJ_obj2txt(char *buf, int buf_len, const ASN1_OBJECT *a, int no_name) snprintf(tbuf,sizeof tbuf,".%lu",l); i=strlen(tbuf); if (buf_len > 0) - strncpy(buf,tbuf,buf_len); + BUF_strlcpy(buf,tbuf,buf_len); buf_len-=i; buf+=i; n+=i; @@ -488,10 +488,9 @@ int OBJ_obj2txt(char *buf, int buf_len, const ASN1_OBJECT *a, int no_name) s=OBJ_nid2ln(nid); if (s == NULL) s=OBJ_nid2sn(nid); - strncpy(buf,s,buf_len); + BUF_strlcpy(buf,s,buf_len); n=strlen(s); } - buf[buf_len-1]='\0'; return(n); } diff --git a/lib/libcrypto/objects/obj_mac.num b/lib/libcrypto/objects/obj_mac.num index 14861996616..9838072b65c 100644 --- a/lib/libcrypto/objects/obj_mac.num +++ b/lib/libcrypto/objects/obj_mac.num @@ -645,3 +645,5 @@ rsaOAEPEncryptionSET 644 itu_t 645 joint_iso_itu_t 646 international_organizations 647 +ms_smartcard_login 648 +ms_upn 649 diff --git a/lib/libcrypto/objects/objects.txt b/lib/libcrypto/objects/objects.txt index 71a49084852..3ba11f65ccf 100644 --- a/lib/libcrypto/objects/objects.txt +++ b/lib/libcrypto/objects/objects.txt @@ -276,6 +276,10 @@ rsadsi 3 8 : RC5-CBC : rc5-cbc 1 3 6 1 4 1 311 10 3 3 : msSGC : Microsoft Server Gated Crypto !Cname ms-efs 1 3 6 1 4 1 311 10 3 4 : msEFS : Microsoft Encrypted File System +!Cname ms-smartcard-login +1 3 6 1 4 1 311 20 2 2 : msSmartcardLogin : Microsoft Smartcardlogin +!Cname ms-upn +1 3 6 1 4 1 311 20 2 3 : msUPN : Microsoft Universal Principal Name 1 3 6 1 4 1 188 7 1 1 2 : IDEA-CBC : idea-cbc : IDEA-ECB : idea-ecb @@ -537,7 +541,7 @@ X509 11 : OU : organizationalUnitName X509 12 : : title X509 13 : : description X509 41 : name : name -X509 42 : gn : givenName +X509 42 : GN : givenName X509 43 : : initials X509 44 : : generationQualifier X509 45 : : x500UniqueIdentifier diff --git a/lib/libcrypto/ocsp/Makefile.ssl b/lib/libcrypto/ocsp/Makefile.ssl index 2be98179aea..02477be5386 100644 --- a/lib/libcrypto/ocsp/Makefile.ssl +++ b/lib/libcrypto/ocsp/Makefile.ssl @@ -43,7 +43,7 @@ all: lib lib: $(LIBOBJ) $(AR) $(LIB) $(LIBOBJ) - $(RANLIB) $(LIB) + $(RANLIB) $(LIB) || echo Never mind. @touch lib files: @@ -71,7 +71,7 @@ lint: lint -DLINT $(INCLUDES) $(SRC)>fluff depend: - $(MAKEDEPEND) $(CFLAG) $(INCLUDES) $(DEPFLAG) $(LIBSRC) + $(MAKEDEPEND) -- $(CFLAG) $(INCLUDES) $(DEPFLAG) -- $(LIBSRC) dclean: $(PERL) -pe 'if (/^# DO NOT DELETE THIS LINE/) {print; exit(0);}' $(MAKEFILE) >Makefile.new diff --git a/lib/libcrypto/ocsp/ocsp_asn.c b/lib/libcrypto/ocsp/ocsp_asn.c index 8c148cda6a8..6a3a360d544 100644 --- a/lib/libcrypto/ocsp/ocsp_asn.c +++ b/lib/libcrypto/ocsp/ocsp_asn.c @@ -117,7 +117,7 @@ IMPLEMENT_ASN1_FUNCTIONS(OCSP_RESPONSE) ASN1_CHOICE(OCSP_RESPID) = { ASN1_EXP(OCSP_RESPID, value.byName, X509_NAME, 1), - ASN1_IMP(OCSP_RESPID, value.byKey, ASN1_OCTET_STRING, 2) + ASN1_EXP(OCSP_RESPID, value.byKey, ASN1_OCTET_STRING, 2) } ASN1_CHOICE_END(OCSP_RESPID) IMPLEMENT_ASN1_FUNCTIONS(OCSP_RESPID) diff --git a/lib/libcrypto/ocsp/ocsp_ht.c b/lib/libcrypto/ocsp/ocsp_ht.c index b78cd370921..9213e58ae49 100644 --- a/lib/libcrypto/ocsp/ocsp_ht.c +++ b/lib/libcrypto/ocsp/ocsp_ht.c @@ -64,6 +64,9 @@ #include <openssl/ocsp.h> #include <openssl/err.h> #include <openssl/buffer.h> +#ifdef OPENSSL_SYS_SUNOS +#define strtoul (unsigned long)strtol +#endif /* OPENSSL_SYS_SUNOS */ /* Quick and dirty HTTP OCSP request handler. * Could make this a bit cleverer by adding @@ -94,7 +97,7 @@ Content-Length: %d\r\n\r\n"; } if(!(mem = BIO_new(BIO_s_mem()))) goto err; /* Copy response to a memory BIO: socket bios can't do gets! */ - while ((len = BIO_read(b, tmpbuf, 1024))) { + while ((len = BIO_read(b, tmpbuf, sizeof tmpbuf))) { if(len < 0) { OCSPerr(OCSP_F_OCSP_SENDREQ_BIO,OCSP_R_SERVER_READ_ERROR); goto err; @@ -107,7 +110,7 @@ Content-Length: %d\r\n\r\n"; } /* Parse the HTTP response. This will look like this: * "HTTP/1.0 200 OK". We need to obtain the numeric code and - * informational message. + * (optional) informational message. */ /* Skip to first white space (passed protocol info) */ @@ -135,13 +138,19 @@ Content-Length: %d\r\n\r\n"; if(*r) goto err; /* Skip over any leading white space in message */ while(*q && isspace((unsigned char)*q)) q++; - if(!*q) goto err; + if(*q) { /* Finally zap any trailing white space in message (include CRLF) */ /* We know q has a non white space character so this is OK */ - for(r = q + strlen(q) - 1; isspace((unsigned char)*r); r--) *r = 0; + for(r = q + strlen(q) - 1; isspace((unsigned char)*r); r--) *r = 0; + } if(retcode != 200) { OCSPerr(OCSP_F_OCSP_SENDREQ_BIO,OCSP_R_SERVER_RESPONSE_ERROR); - ERR_add_error_data(4, "Code=", p, ",Reason=", q); + if(!*q) { + ERR_add_error_data(2, "Code=", p); + } + else { + ERR_add_error_data(4, "Code=", p, ",Reason=", q); + } goto err; } /* Find blank line marking beginning of content */ diff --git a/lib/libcrypto/opensslconf.h.in b/lib/libcrypto/opensslconf.h.in index 9082a16c46f..685e83b7a33 100644 --- a/lib/libcrypto/opensslconf.h.in +++ b/lib/libcrypto/opensslconf.h.in @@ -47,7 +47,7 @@ #endif #endif -#if (defined(HEADER_DES_H) || defined(HEADER_DES_OLD_H)) && !defined(DES_LONG) +#if (defined(HEADER_NEW_DES_H) || defined(HEADER_DES_H)) && !defined(DES_LONG) /* If this is set to 'unsigned int' on a DEC Alpha, this gives about a * %20 speed up (longs are 8 bytes, int's are 4). */ #ifndef DES_LONG diff --git a/lib/libcrypto/opensslv.h b/lib/libcrypto/opensslv.h index 9689b49c5b8..08cb1d5018c 100644 --- a/lib/libcrypto/opensslv.h +++ b/lib/libcrypto/opensslv.h @@ -25,8 +25,8 @@ * (Prior to 0.9.5a beta1, a different scheme was used: MMNNFFRBB for * major minor fix final patch/beta) */ -#define OPENSSL_VERSION_NUMBER 0x00907003L -#define OPENSSL_VERSION_TEXT "OpenSSL 0.9.7-beta3 30 Jul 2002" +#define OPENSSL_VERSION_NUMBER 0x0090702fL +#define OPENSSL_VERSION_TEXT "OpenSSL 0.9.7b 10 Apr 2003" #define OPENSSL_VERSION_PTEXT " part of " OPENSSL_VERSION_TEXT diff --git a/lib/libcrypto/ossl_typ.h b/lib/libcrypto/ossl_typ.h index 6bd42aee4d4..285fd0b1d97 100644 --- a/lib/libcrypto/ossl_typ.h +++ b/lib/libcrypto/ossl_typ.h @@ -55,6 +55,8 @@ #ifndef HEADER_OPENSSL_TYPES_H #define HEADER_OPENSSL_TYPES_H +#include <openssl/e_os2.h> + #ifdef NO_ASN1_TYPEDEFS #define ASN1_INTEGER ASN1_STRING #define ASN1_ENUMERATED ASN1_STRING diff --git a/lib/libcrypto/pem/Makefile.ssl b/lib/libcrypto/pem/Makefile.ssl index 5075d9107b0..d3043eb4013 100644 --- a/lib/libcrypto/pem/Makefile.ssl +++ b/lib/libcrypto/pem/Makefile.ssl @@ -71,7 +71,7 @@ lint: lint -DLINT $(INCLUDES) $(SRC)>fluff depend: - $(MAKEDEPEND) $(CFLAG) $(INCLUDES) $(DEPFLAG) $(LIBSRC) + $(MAKEDEPEND) -- $(CFLAG) $(INCLUDES) $(DEPFLAG) -- $(LIBSRC) dclean: $(PERL) -pe 'if (/^# DO NOT DELETE THIS LINE/) {print; exit(0);}' $(MAKEFILE) >Makefile.new diff --git a/lib/libcrypto/pem/pem.h b/lib/libcrypto/pem/pem.h index 3785fca77dd..d330cbf9a32 100644 --- a/lib/libcrypto/pem/pem.h +++ b/lib/libcrypto/pem/pem.h @@ -149,7 +149,7 @@ typedef struct pem_recip_st int cipher; int key_enc; - char iv[8]; + /* char iv[8]; unused and wrong size */ } PEM_USER; typedef struct pem_ctx_st @@ -165,7 +165,8 @@ typedef struct pem_ctx_st struct { int cipher; - unsigned char iv[8]; + /* unused, and wrong size + unsigned char iv[8]; */ } DEK_info; PEM_USER *originator; @@ -187,7 +188,8 @@ typedef struct pem_ctx_st EVP_CIPHER *dec; /* date encryption cipher */ int key_len; /* key length */ unsigned char *key; /* key */ - unsigned char iv[8]; /* the iv */ + /* unused, and wrong size + unsigned char iv[8]; */ int data_enc; /* is the data encrypted */ diff --git a/lib/libcrypto/pem/pem_info.c b/lib/libcrypto/pem/pem_info.c index 9a6dffb45cf..9e4af29c954 100644 --- a/lib/libcrypto/pem/pem_info.c +++ b/lib/libcrypto/pem/pem_info.c @@ -324,6 +324,7 @@ int PEM_X509_INFO_write_bio(BIO *bp, X509_INFO *xi, EVP_CIPHER *enc, } /* create the right magic header stuff */ + OPENSSL_assert(strlen(objstr)+23+2*enc->iv_len+13 <= sizeof buf); buf[0]='\0'; PEM_proc_type(buf,PEM_TYPE_ENCRYPTED); PEM_dek_info(buf,objstr,enc->iv_len,(char *)iv); @@ -358,7 +359,7 @@ int PEM_X509_INFO_write_bio(BIO *bp, X509_INFO *xi, EVP_CIPHER *enc, ret=1; err: - memset((char *)&ctx,0,sizeof(ctx)); - memset(buf,0,PEM_BUFSIZE); + OPENSSL_cleanse((char *)&ctx,sizeof(ctx)); + OPENSSL_cleanse(buf,PEM_BUFSIZE); return(ret); } diff --git a/lib/libcrypto/pem/pem_lib.c b/lib/libcrypto/pem/pem_lib.c index 50f5733654a..3bec2d7e9f4 100644 --- a/lib/libcrypto/pem/pem_lib.c +++ b/lib/libcrypto/pem/pem_lib.c @@ -138,7 +138,7 @@ void PEM_proc_type(char *buf, int type) void PEM_dek_info(char *buf, const char *type, int len, char *str) { - static unsigned char map[17]="0123456789ABCDEF"; + static const unsigned char map[17]="0123456789ABCDEF"; long i; int j; @@ -251,7 +251,7 @@ int PEM_bytes_read_bio(unsigned char **pdata, long *plen, char **pnm, const char ret = 1; err: - if (!pnm) OPENSSL_free(nm); + if (!ret || !pnm) OPENSSL_free(nm); OPENSSL_free(header); if (!ret) OPENSSL_free(data); return ret; @@ -306,6 +306,7 @@ int PEM_ASN1_write_bio(int (*i2d)(), const char *name, BIO *bp, char *x, goto err; } /* dzise + 8 bytes are needed */ + /* actually it needs the cipher block size extra... */ data=(unsigned char *)OPENSSL_malloc((unsigned int)dsize+20); if (data == NULL) { @@ -335,13 +336,16 @@ int PEM_ASN1_write_bio(int (*i2d)(), const char *name, BIO *bp, char *x, kstr=(unsigned char *)buf; } RAND_add(data,i,0);/* put in the RSA key. */ + OPENSSL_assert(enc->iv_len <= sizeof iv); if (RAND_pseudo_bytes(iv,enc->iv_len) < 0) /* Generate a salt */ goto err; /* The 'iv' is used as the iv and as a salt. It is * NOT taken from the BytesToKey function */ EVP_BytesToKey(enc,EVP_md5(),iv,kstr,klen,1,key,NULL); - if (kstr == (unsigned char *)buf) memset(buf,0,PEM_BUFSIZE); + if (kstr == (unsigned char *)buf) OPENSSL_cleanse(buf,PEM_BUFSIZE); + + OPENSSL_assert(strlen(objstr)+23+2*enc->iv_len+13 <= sizeof buf); buf[0]='\0'; PEM_proc_type(buf,PEM_TYPE_ENCRYPTED); @@ -364,13 +368,13 @@ int PEM_ASN1_write_bio(int (*i2d)(), const char *name, BIO *bp, char *x, i=PEM_write_bio(bp,name,buf,data,i); if (i <= 0) ret=0; err: - memset(key,0,sizeof(key)); - memset(iv,0,sizeof(iv)); - memset((char *)&ctx,0,sizeof(ctx)); - memset(buf,0,PEM_BUFSIZE); + OPENSSL_cleanse(key,sizeof(key)); + OPENSSL_cleanse(iv,sizeof(iv)); + OPENSSL_cleanse((char *)&ctx,sizeof(ctx)); + OPENSSL_cleanse(buf,PEM_BUFSIZE); if (data != NULL) { - memset(data,0,(unsigned int)dsize); + OPENSSL_cleanse(data,(unsigned int)dsize); OPENSSL_free(data); } return(ret); @@ -411,8 +415,8 @@ int PEM_do_header(EVP_CIPHER_INFO *cipher, unsigned char *data, long *plen, EVP_DecryptUpdate(&ctx,data,&i,data,j); o=EVP_DecryptFinal_ex(&ctx,&(data[i]),&j); EVP_CIPHER_CTX_cleanup(&ctx); - memset((char *)buf,0,sizeof(buf)); - memset((char *)key,0,sizeof(key)); + OPENSSL_cleanse((char *)buf,sizeof(buf)); + OPENSSL_cleanse((char *)key,sizeof(key)); j+=i; if (!o) { @@ -693,7 +697,7 @@ int PEM_read_bio(BIO *bp, char **name, char **header, unsigned char **data, if (strncmp(buf,"-----END ",9) == 0) break; if (i > 65) break; - if (!BUF_MEM_grow(dataB,i+bl+9)) + if (!BUF_MEM_grow_clean(dataB,i+bl+9)) { PEMerr(PEM_F_PEM_READ_BIO,ERR_R_MALLOC_FAILURE); goto err; diff --git a/lib/libcrypto/pem/pem_pk8.c b/lib/libcrypto/pem/pem_pk8.c index f44182ffb5a..db38a2a79de 100644 --- a/lib/libcrypto/pem/pem_pk8.c +++ b/lib/libcrypto/pem/pem_pk8.c @@ -136,7 +136,7 @@ static int do_pk8pkey(BIO *bp, EVP_PKEY *x, int isder, int nid, const EVP_CIPHER kstr = buf; } p8 = PKCS8_encrypt(nid, enc, kstr, klen, NULL, 0, 0, p8inf); - if(kstr == buf) memset(buf, 0, klen); + if(kstr == buf) OPENSSL_cleanse(buf, klen); PKCS8_PRIV_KEY_INFO_free(p8inf); if(isder) ret = i2d_PKCS8_bio(bp, p8); else ret = PEM_write_bio_PKCS8(bp, p8); diff --git a/lib/libcrypto/pem/pem_seal.c b/lib/libcrypto/pem/pem_seal.c index ae463a301de..56e08abd705 100644 --- a/lib/libcrypto/pem/pem_seal.c +++ b/lib/libcrypto/pem/pem_seal.c @@ -112,7 +112,7 @@ int PEM_SealInit(PEM_ENCODE_SEAL_CTX *ctx, EVP_CIPHER *type, EVP_MD *md_type, ret=npubk; err: if (s != NULL) OPENSSL_free(s); - memset(key,0,EVP_MAX_KEY_LENGTH); + OPENSSL_cleanse(key,EVP_MAX_KEY_LENGTH); return(ret); } diff --git a/lib/libcrypto/perlasm/cbc.pl b/lib/libcrypto/perlasm/cbc.pl index 0145c4f0cc6..22149c680ec 100644 --- a/lib/libcrypto/perlasm/cbc.pl +++ b/lib/libcrypto/perlasm/cbc.pl @@ -146,9 +146,15 @@ sub cbc &mov($count, &wparam(2)); # length &and($count, 7); &jz(&label("finish")); + &call(&label("PIC_point")); +&set_label("PIC_point"); + &blindpop("edx"); + &lea("ecx",&DWP(&label("cbc_enc_jmp_table")."-".&label("PIC_point"),"edx")); + &mov($count,&DWP(0,"ecx",$count,4)) + &add($count,"edx"); &xor("ecx","ecx"); &xor("edx","edx"); - &mov($count,&DWP(&label("cbc_enc_jmp_table"),"",$count,4)); + #&mov($count,&DWP(&label("cbc_enc_jmp_table"),"",$count,4)); &jmp_ptr($count); &set_label("ej7"); @@ -318,22 +324,23 @@ sub cbc &set_label("cbc_enc_jmp_table",1); &data_word("0"); - &data_word(&label("ej1")); - &data_word(&label("ej2")); - &data_word(&label("ej3")); - &data_word(&label("ej4")); - &data_word(&label("ej5")); - &data_word(&label("ej6")); - &data_word(&label("ej7")); - &set_label("cbc_dec_jmp_table",1); - &data_word("0"); - &data_word(&label("dj1")); - &data_word(&label("dj2")); - &data_word(&label("dj3")); - &data_word(&label("dj4")); - &data_word(&label("dj5")); - &data_word(&label("dj6")); - &data_word(&label("dj7")); + &data_word(&label("ej1")."-".&label("PIC_point")); + &data_word(&label("ej2")."-".&label("PIC_point")); + &data_word(&label("ej3")."-".&label("PIC_point")); + &data_word(&label("ej4")."-".&label("PIC_point")); + &data_word(&label("ej5")."-".&label("PIC_point")); + &data_word(&label("ej6")."-".&label("PIC_point")); + &data_word(&label("ej7")."-".&label("PIC_point")); + # not used + #&set_label("cbc_dec_jmp_table",1); + #&data_word("0"); + #&data_word(&label("dj1")."-".&label("PIC_point")); + #&data_word(&label("dj2")."-".&label("PIC_point")); + #&data_word(&label("dj3")."-".&label("PIC_point")); + #&data_word(&label("dj4")."-".&label("PIC_point")); + #&data_word(&label("dj5")."-".&label("PIC_point")); + #&data_word(&label("dj6")."-".&label("PIC_point")); + #&data_word(&label("dj7")."-".&label("PIC_point")); &function_end_B($name); diff --git a/lib/libcrypto/perlasm/x86asm.pl b/lib/libcrypto/perlasm/x86asm.pl index 9a3d85b0984..1cb96e914ab 100644 --- a/lib/libcrypto/perlasm/x86asm.pl +++ b/lib/libcrypto/perlasm/x86asm.pl @@ -18,9 +18,9 @@ sub main'asm_init ($type,$fn,$i386)=@_; $filename=$fn; - $cpp=$sol=$aout=$win32=$gaswin=0; + $elf=$cpp=$sol=$aout=$win32=$gaswin=0; if ( ($type eq "elf")) - { require "x86unix.pl"; } + { $elf=1; require "x86unix.pl"; } elsif ( ($type eq "a.out")) { $aout=1; require "x86unix.pl"; } elsif ( ($type eq "gaswin")) @@ -47,6 +47,9 @@ EOF exit(1); } + $pic=0; + for (@ARGV) { $pic=1 if (/\-[fK]PIC/i); } + &asm_init_output(); &comment("Don't even think of reading this code"); @@ -91,7 +94,7 @@ $tmp #undef SIZE #undef TYPE #define SIZE(a,b) -#define TYPE(a,b) +#define TYPE(a,b) .def a; .scl 2; .type 32; .endef #endif /* __CYGWIN || __DJGPP */ #endif diff --git a/lib/libcrypto/perlasm/x86ms.pl b/lib/libcrypto/perlasm/x86ms.pl index 206452341d1..35f1a4ddb93 100644 --- a/lib/libcrypto/perlasm/x86ms.pl +++ b/lib/libcrypto/perlasm/x86ms.pl @@ -92,6 +92,8 @@ sub get_mem $addr="_$addr"; } + if ($addr =~ /^.+\-.+$/) { $addr="($addr)"; } + $reg1="$regs{$reg1}" if defined($regs{$reg1}); $reg2="$regs{$reg2}" if defined($regs{$reg2}); if (($addr ne "") && ($addr ne 0)) @@ -111,6 +113,7 @@ sub get_mem { $ret.="[$reg1$post]" } + $ret =~ s/\[\]//; # in case $addr was the only argument return($ret); } @@ -151,7 +154,7 @@ sub main'push { &out1("push",@_); $stack+=4; } sub main'pop { &out1("pop",@_); $stack-=4; } sub main'bswap { &out1("bswap",@_); &using486(); } sub main'not { &out1("not",@_); } -sub main'call { &out1("call",'_'.$_[0]); } +sub main'call { &out1("call",($_[0]=~/^\$L/?'':'_').$_[0]); } sub main'ret { &out0("ret"); } sub main'nop { &out0("nop"); } @@ -338,7 +341,7 @@ sub main'set_label { if (!defined($label{$_[0]})) { - $label{$_[0]}="${label}${_[0]}"; + $label{$_[0]}="\$${label}${_[0]}"; $label++; } if((defined $_[2]) && ($_[2] == 1)) @@ -363,3 +366,11 @@ sub out1p push(@out,"\t$name\t ".&conv($p1)."\n"); } + +sub main'picmeup + { + local($dst,$sym)=@_; + &main'lea($dst,&main'DWP($sym)); + } + +sub main'blindpop { &out1("pop",@_); } diff --git a/lib/libcrypto/perlasm/x86nasm.pl b/lib/libcrypto/perlasm/x86nasm.pl index 519d8a58672..f30b7466d45 100644 --- a/lib/libcrypto/perlasm/x86nasm.pl +++ b/lib/libcrypto/perlasm/x86nasm.pl @@ -98,6 +98,8 @@ sub get_mem $addr="_$addr"; } + if ($addr =~ /^.+\-.+$/) { $addr="($addr)"; } + $reg1="$regs{$reg1}" if defined($regs{$reg1}); $reg2="$regs{$reg2}" if defined($regs{$reg2}); if (($addr ne "") && ($addr ne 0)) @@ -117,6 +119,7 @@ sub get_mem { $ret.="$reg1$post]" } + $ret =~ s/\+\]/]/; # in case $addr was the only argument return($ret); } @@ -160,7 +163,7 @@ sub main'push { &out1("push",@_); $stack+=4; } sub main'pop { &out1("pop",@_); $stack-=4; } sub main'bswap { &out1("bswap",@_); &using486(); } sub main'not { &out1("not",@_); } -sub main'call { &out1("call",'_'.$_[0]); } +sub main'call { &out1("call",($_[0]=~/^\$L/?'':'_').$_[0]); } sub main'ret { &out0("ret"); } sub main'nop { &out0("nop"); } @@ -322,7 +325,7 @@ sub main'set_label { if (!defined($label{$_[0]})) { - $label{$_[0]}="${label}${_[0]}"; + $label{$_[0]}="\$${label}${_[0]}"; $label++; } push(@out,"$label{$_[0]}:\n"); @@ -340,3 +343,11 @@ sub out1p push(@out,"\t$name\t ".&conv($p1)."\n"); } + +sub main'picmeup + { + local($dst,$sym)=@_; + &main'lea($dst,&main'DWP($sym)); + } + +sub main'blindpop { &out1("pop",@_); } diff --git a/lib/libcrypto/perlasm/x86unix.pl b/lib/libcrypto/perlasm/x86unix.pl index 9ceabf0705e..72bde061c56 100644 --- a/lib/libcrypto/perlasm/x86unix.pl +++ b/lib/libcrypto/perlasm/x86unix.pl @@ -87,12 +87,12 @@ sub main'DWP $ret.=$addr if ($addr ne "") && ($addr ne 0); if ($reg2 ne "") { - if($idx ne "") + if($idx ne "" && $idx != 0) { $ret.="($reg1,$reg2,$idx)"; } else { $ret.="($reg1,$reg2)"; } } - else + elsif ($reg1 ne "") { $ret.="($reg1)" } return($ret); } @@ -167,7 +167,7 @@ sub main'pop { &out1("popl",@_); $stack-=4; } sub main'pushf { &out0("pushf"); $stack+=4; } sub main'popf { &out0("popf"); $stack-=4; } sub main'not { &out1("notl",@_); } -sub main'call { &out1("call",$under.$_[0]); } +sub main'call { &out1("call",($_[0]=~/^\.L/?'':$under).$_[0]); } sub main'ret { &out0("ret"); } sub main'nop { &out0("nop"); } @@ -345,15 +345,15 @@ sub main'function_end popl %ebx popl %ebp ret -.${func}_end: +.L_${func}_end: EOF push(@out,$tmp); if ($main'cpp) - { push(@out,"\tSIZE($func,.${func}_end-$func)\n"); } + { push(@out,"\tSIZE($func,.L_${func}_end-$func)\n"); } elsif ($main'gaswin) { $tmp=push(@out,"\t.align 4\n"); } - else { push(@out,"\t.size\t$func,.${func}_end-$func\n"); } + else { push(@out,"\t.size\t$func,.L_${func}_end-$func\n"); } push(@out,".ident \"$func\"\n"); $stack=0; %label=(); @@ -426,6 +426,11 @@ sub main'swtmp sub main'comment { + if ($main'elf) # GNU and SVR4 as'es use different comment delimiters, + { # so we just skip comments... + push(@out,"\n"); + return; + } foreach (@_) { if (/^\s*$/) @@ -542,3 +547,39 @@ sub popvars &main'pop("edx"); &main'popf(); } + +sub main'picmeup + { + local($dst,$sym)=@_; + if ($main'cpp) + { + local($tmp)=<<___; +#if (defined(ELF) || defined(SOL)) && defined(PIC) + .align 8 + call 1f +1: popl $regs{$dst} + addl \$_GLOBAL_OFFSET_TABLE_+[.-1b],$regs{$dst} + movl $sym\@GOT($regs{$dst}),$regs{$dst} +#else + leal $sym,$regs{$dst} +#endif +___ + push(@out,$tmp); + } + elsif ($main'pic && ($main'elf || $main'aout)) + { + push(@out,"\t.align\t8\n"); + &main'call(&main'label("PIC_me_up")); + &main'set_label("PIC_me_up"); + &main'blindpop($dst); + &main'add($dst,"\$$under"."_GLOBAL_OFFSET_TABLE_+[.-". + &main'label("PIC_me_up") . "]"); + &main'mov($dst,&main'DWP($sym."\@GOT",$dst)); + } + else + { + &main'lea($dst,&main'DWP($sym)); + } + } + +sub main'blindpop { &out1("popl",@_); } diff --git a/lib/libcrypto/pkcs12/Makefile.ssl b/lib/libcrypto/pkcs12/Makefile.ssl index 2b1d175157b..a6e47b40855 100644 --- a/lib/libcrypto/pkcs12/Makefile.ssl +++ b/lib/libcrypto/pkcs12/Makefile.ssl @@ -74,7 +74,7 @@ lint: lint -DLINT $(INCLUDES) $(SRC)>fluff depend: - $(MAKEDEPEND) $(CFLAG) $(INCLUDES) $(DEPFLAG) $(PROGS) $(LIBSRC) + $(MAKEDEPEND) -- $(CFLAG) $(INCLUDES) $(DEPFLAG) -- $(PROGS) $(LIBSRC) dclean: $(PERL) -pe 'if (/^# DO NOT DELETE THIS LINE/) {print; exit(0);}' $(MAKEFILE) >Makefile.new diff --git a/lib/libcrypto/pkcs12/p12_crpt.c b/lib/libcrypto/pkcs12/p12_crpt.c index 97be6a5fb53..5e8958612b4 100644 --- a/lib/libcrypto/pkcs12/p12_crpt.c +++ b/lib/libcrypto/pkcs12/p12_crpt.c @@ -118,7 +118,7 @@ int PKCS12_PBE_keyivgen (EVP_CIPHER_CTX *ctx, const char *pass, int passlen, } PBEPARAM_free(pbe); EVP_CipherInit_ex(ctx, cipher, NULL, key, iv, en_de); - memset(key, 0, EVP_MAX_KEY_LENGTH); - memset(iv, 0, EVP_MAX_IV_LENGTH); + OPENSSL_cleanse(key, EVP_MAX_KEY_LENGTH); + OPENSSL_cleanse(iv, EVP_MAX_IV_LENGTH); return 1; } diff --git a/lib/libcrypto/pkcs12/p12_decr.c b/lib/libcrypto/pkcs12/p12_decr.c index 394af368f4d..b5684a83ba3 100644 --- a/lib/libcrypto/pkcs12/p12_decr.c +++ b/lib/libcrypto/pkcs12/p12_decr.c @@ -136,7 +136,7 @@ void * PKCS12_item_decrypt_d2i(X509_ALGOR *algor, const ASN1_ITEM *it, } #endif ret = ASN1_item_d2i(NULL, &p, outlen, it); - if (zbuf) memset(out, 0, outlen); + if (zbuf) OPENSSL_cleanse(out, outlen); if(!ret) PKCS12err(PKCS12_F_PKCS12_DECRYPT_D2I,PKCS12_R_DECODE_ERROR); OPENSSL_free(out); return ret; @@ -168,7 +168,7 @@ ASN1_OCTET_STRING *PKCS12_item_i2d_encrypt(X509_ALGOR *algor, const ASN1_ITEM *i OPENSSL_free(in); return NULL; } - if (zbuf) memset(in, 0, inlen); + if (zbuf) OPENSSL_cleanse(in, inlen); OPENSSL_free(in); return oct; } diff --git a/lib/libcrypto/pkcs12/p12_key.c b/lib/libcrypto/pkcs12/p12_key.c index 0d39ebde8c8..9196a34b4a9 100644 --- a/lib/libcrypto/pkcs12/p12_key.c +++ b/lib/libcrypto/pkcs12/p12_key.c @@ -91,7 +91,7 @@ int PKCS12_key_gen_asc(const char *pass, int passlen, unsigned char *salt, ret = PKCS12_key_gen_uni(unipass, uniplen, salt, saltlen, id, iter, n, out, md_type); if(unipass) { - memset(unipass, 0, uniplen); /* Clear password from memory */ + OPENSSL_cleanse(unipass, uniplen); /* Clear password from memory */ OPENSSL_free(unipass); } return ret; diff --git a/lib/libcrypto/pkcs12/p12_npas.c b/lib/libcrypto/pkcs12/p12_npas.c index a549433eebb..af708a27436 100644 --- a/lib/libcrypto/pkcs12/p12_npas.c +++ b/lib/libcrypto/pkcs12/p12_npas.c @@ -107,7 +107,7 @@ static int newpass_p12(PKCS12 *p12, char *oldpass, char *newpass) { STACK_OF(PKCS7) *asafes, *newsafes; STACK_OF(PKCS12_SAFEBAG) *bags; - int i, bagnid, pbe_nid, pbe_iter, pbe_saltlen; + int i, bagnid, pbe_nid = 0, pbe_iter = 0, pbe_saltlen = 0; PKCS7 *p7, *p7new; ASN1_OCTET_STRING *p12_data_tmp = NULL, *macnew = NULL; unsigned char mac[EVP_MAX_MD_SIZE]; diff --git a/lib/libcrypto/pkcs7/Makefile.ssl b/lib/libcrypto/pkcs7/Makefile.ssl index 1302469defb..c3bfc7d560e 100644 --- a/lib/libcrypto/pkcs7/Makefile.ssl +++ b/lib/libcrypto/pkcs7/Makefile.ssl @@ -89,7 +89,7 @@ lint: lint -DLINT $(INCLUDES) $(SRC)>fluff depend: - $(MAKEDEPEND) $(CFLAG) $(INCLUDES) $(DEPFLAG) $(PROGS) $(LIBSRC) + $(MAKEDEPEND) -- $(CFLAG) $(INCLUDES) $(DEPFLAG) -- $(PROGS) $(LIBSRC) dclean: $(PERL) -pe 'if (/^# DO NOT DELETE THIS LINE/) {print; exit(0);}' $(MAKEFILE) >Makefile.new diff --git a/lib/libcrypto/pkcs7/bio_ber.c b/lib/libcrypto/pkcs7/bio_ber.c index 42331f7ab0e..895a91177be 100644 --- a/lib/libcrypto/pkcs7/bio_ber.c +++ b/lib/libcrypto/pkcs7/bio_ber.c @@ -145,7 +145,7 @@ static int ber_free(BIO *a) if (a == NULL) return(0); b=(BIO_BER_CTX *)a->ptr; - memset(a->ptr,0,sizeof(BIO_BER_CTX)); + OPENSSL_cleanse(a->ptr,sizeof(BIO_BER_CTX)); OPENSSL_free(a->ptr); a->ptr=NULL; a->init=0; diff --git a/lib/libcrypto/pkcs7/pk7_doit.c b/lib/libcrypto/pkcs7/pk7_doit.c index 4a4ff340ce3..0060a2ea3df 100644 --- a/lib/libcrypto/pkcs7/pk7_doit.c +++ b/lib/libcrypto/pkcs7/pk7_doit.c @@ -241,7 +241,7 @@ BIO *PKCS7_dataInit(PKCS7 *p7, BIO *bio) M_ASN1_OCTET_STRING_set(ri->enc_key,tmp,jj); } OPENSSL_free(tmp); - memset(key, 0, keylen); + OPENSSL_cleanse(key, keylen); if (out == NULL) out=btmp; @@ -448,7 +448,7 @@ BIO *PKCS7_dataDecode(PKCS7 *p7, EVP_PKEY *pkey, BIO *in_bio, X509 *pcert) } EVP_CipherInit_ex(evp_ctx,NULL,NULL,tmp,NULL,0); - memset(tmp,0,jj); + OPENSSL_cleanse(tmp,jj); if (out == NULL) out=etmp; @@ -578,7 +578,7 @@ int PKCS7_dataFinal(PKCS7 *p7, BIO *bio) /* We now have the EVP_MD_CTX, lets do the * signing. */ EVP_MD_CTX_copy_ex(&ctx_tmp,mdc); - if (!BUF_MEM_grow(buf,EVP_PKEY_size(si->pkey))) + if (!BUF_MEM_grow_clean(buf,EVP_PKEY_size(si->pkey))) { PKCS7err(PKCS7_F_PKCS7_DATASIGN,ERR_R_BIO_LIB); goto err; diff --git a/lib/libcrypto/rand/Makefile.ssl b/lib/libcrypto/rand/Makefile.ssl index 73b5f568e89..df807023736 100644 --- a/lib/libcrypto/rand/Makefile.ssl +++ b/lib/libcrypto/rand/Makefile.ssl @@ -70,7 +70,7 @@ lint: lint -DLINT $(INCLUDES) $(SRC)>fluff depend: - $(MAKEDEPEND) $(CFLAG) $(INCLUDES) $(DEPFLAG) $(PROGS) $(LIBSRC) + $(MAKEDEPEND) -- $(CFLAG) $(INCLUDES) $(DEPFLAG) -- $(PROGS) $(LIBSRC) dclean: $(PERL) -pe 'if (/^# DO NOT DELETE THIS LINE/) {print; exit(0);}' $(MAKEFILE) >Makefile.new diff --git a/lib/libcrypto/rand/md_rand.c b/lib/libcrypto/rand/md_rand.c index a00ed707185..eeffc0df4cb 100644 --- a/lib/libcrypto/rand/md_rand.c +++ b/lib/libcrypto/rand/md_rand.c @@ -177,10 +177,10 @@ RAND_METHOD *RAND_SSLeay(void) static void ssleay_rand_cleanup(void) { - memset(state,0,sizeof(state)); + OPENSSL_cleanse(state,sizeof(state)); state_num=0; state_index=0; - memset(md,0,MD_DIGEST_LENGTH); + OPENSSL_cleanse(md,MD_DIGEST_LENGTH); md_count[0]=0; md_count[1]=0; entropy=0; diff --git a/lib/libcrypto/rand/rand.h b/lib/libcrypto/rand/rand.h index 66e39991ec7..606382dd211 100644 --- a/lib/libcrypto/rand/rand.h +++ b/lib/libcrypto/rand/rand.h @@ -87,7 +87,9 @@ extern int rand_predictable; int RAND_set_rand_method(const RAND_METHOD *meth); const RAND_METHOD *RAND_get_rand_method(void); +#ifndef OPENSSL_NO_ENGINE int RAND_set_rand_engine(ENGINE *engine); +#endif RAND_METHOD *RAND_SSLeay(void); void RAND_cleanup(void ); int RAND_bytes(unsigned char *buf,int num); diff --git a/lib/libcrypto/rand/rand_egd.c b/lib/libcrypto/rand/rand_egd.c index 96019c07a6e..895967476ea 100644 --- a/lib/libcrypto/rand/rand_egd.c +++ b/lib/libcrypto/rand/rand_egd.c @@ -94,7 +94,7 @@ * RAND_egd() is a wrapper for RAND_egd_bytes() with numbytes=255. */ -#if defined(OPENSSL_SYS_WIN32) || defined(OPENSSL_SYS_VMS) || defined(__DJGPP__) +#if defined(OPENSSL_SYS_WIN32) || defined(OPENSSL_SYS_VMS) || defined(OPENSSL_SYS_MSDOS) || defined(OPENSSL_SYS_VXWORKS) int RAND_query_egd_bytes(const char *path, unsigned char *buf, int bytes) { return(-1); @@ -114,7 +114,7 @@ int RAND_egd_bytes(const char *path,int bytes) #include <sys/types.h> #include <sys/socket.h> #ifndef NO_SYS_UN_H -# ifdef OPENSSL_SYS_VSWORKS +# ifdef OPENSSL_SYS_VXWORKS # include <streams/un.h> # else # include <sys/un.h> @@ -143,7 +143,7 @@ int RAND_query_egd_bytes(const char *path, unsigned char *buf, int bytes) memset(&addr, 0, sizeof(addr)); addr.sun_family = AF_UNIX; - if (strlen(path) > sizeof(addr.sun_path)) + if (strlen(path) >= sizeof(addr.sun_path)) return (-1); strlcpy(addr.sun_path,path,sizeof addr.sun_path); len = offsetof(struct sockaddr_un, sun_path) + strlen(path); diff --git a/lib/libcrypto/rand/rand_lib.c b/lib/libcrypto/rand/rand_lib.c index 5cf5dc11886..513e3389859 100644 --- a/lib/libcrypto/rand/rand_lib.c +++ b/lib/libcrypto/rand/rand_lib.c @@ -60,19 +60,25 @@ #include <time.h> #include "cryptlib.h" #include <openssl/rand.h> +#ifndef OPENSSL_NO_ENGINE #include <openssl/engine.h> +#endif +#ifndef OPENSSL_NO_ENGINE /* non-NULL if default_RAND_meth is ENGINE-provided */ static ENGINE *funct_ref =NULL; +#endif static const RAND_METHOD *default_RAND_meth = NULL; int RAND_set_rand_method(const RAND_METHOD *meth) { +#ifndef OPENSSL_NO_ENGINE if(funct_ref) { ENGINE_finish(funct_ref); funct_ref = NULL; } +#endif default_RAND_meth = meth; return 1; } @@ -81,6 +87,7 @@ const RAND_METHOD *RAND_get_rand_method(void) { if (!default_RAND_meth) { +#ifndef OPENSSL_NO_ENGINE ENGINE *e = ENGINE_get_default_RAND(); if(e) { @@ -94,11 +101,13 @@ const RAND_METHOD *RAND_get_rand_method(void) if(e) funct_ref = e; else +#endif default_RAND_meth = RAND_SSLeay(); } return default_RAND_meth; } +#ifndef OPENSSL_NO_ENGINE int RAND_set_rand_engine(ENGINE *engine) { const RAND_METHOD *tmp_meth = NULL; @@ -118,6 +127,7 @@ int RAND_set_rand_engine(ENGINE *engine) funct_ref = engine; return 1; } +#endif void RAND_cleanup(void) { diff --git a/lib/libcrypto/rand/rand_unix.c b/lib/libcrypto/rand/rand_unix.c index fa2bab57c60..0599719dd1d 100644 --- a/lib/libcrypto/rand/rand_unix.c +++ b/lib/libcrypto/rand/rand_unix.c @@ -115,7 +115,7 @@ #include <openssl/rand.h> #include "rand_lcl.h" -#if !(defined(OPENSSL_SYS_WINDOWS) || defined(OPENSSL_SYS_WIN32) || defined(OPENSSL_SYS_VMS) || defined(OPENSSL_SYS_OS2)) +#if !(defined(OPENSSL_SYS_WINDOWS) || defined(OPENSSL_SYS_WIN32) || defined(OPENSSL_SYS_VMS) || defined(OPENSSL_SYS_OS2) || defined(OPENSSL_SYS_VXWORKS)) #include <sys/types.h> #include <sys/time.h> @@ -233,7 +233,7 @@ int RAND_poll(void) if (n > 0) { RAND_add(tmpbuf,sizeof tmpbuf,n); - memset(tmpbuf,0,n); + OPENSSL_cleanse(tmpbuf,n); } #endif @@ -255,3 +255,10 @@ int RAND_poll(void) #endif #endif + +#if defined(OPENSSL_SYS_VXWORKS) +int RAND_poll(void) +{ + return 0; +} +#endif diff --git a/lib/libcrypto/rand/rand_win.c b/lib/libcrypto/rand/rand_win.c index c1b955b06f0..113b58678f3 100644 --- a/lib/libcrypto/rand/rand_win.c +++ b/lib/libcrypto/rand/rand_win.c @@ -125,7 +125,7 @@ * http://developer.intel.com/design/security/rng/redist_license.htm */ #define PROV_INTEL_SEC 22 -#define INTEL_DEF_PROV "Intel Hardware Cryptographic Service Provider" +#define INTEL_DEF_PROV TEXT("Intel Hardware Cryptographic Service Provider") static void readtimer(void); static void readscreen(void); @@ -170,7 +170,9 @@ typedef BOOL (WINAPI *THREAD32)(HANDLE, LPTHREADENTRY32); typedef BOOL (WINAPI *MODULE32)(HANDLE, LPMODULEENTRY32); #include <lmcons.h> +#ifndef OPENSSL_SYS_WINCE #include <lmstats.h> +#endif #if 1 /* The NET API is Unicode only. It requires the use of the UNICODE * macro. When UNICODE is defined LPTSTR becomes LPWSTR. LMSTR was * was added to the Platform SDK to allow the NET API to be used in @@ -209,20 +211,32 @@ int RAND_poll(void) osverinfo.dwOSVersionInfoSize = sizeof(OSVERSIONINFO) ; GetVersionEx( &osverinfo ) ; +#if defined(OPENSSL_SYS_WINCE) && WCEPLATFORM!=MS_HPC_PRO + /* poll the CryptoAPI PRNG */ + /* The CryptoAPI returns sizeof(buf) bytes of randomness */ + if (CryptAcquireContext(&hProvider, 0, 0, PROV_RSA_FULL, CRYPT_VERIFYCONTEXT)) + { + if (CryptGenRandom(hProvider, sizeof(buf), buf)) + RAND_add(buf, sizeof(buf), sizeof(buf)); + CryptReleaseContext(hProvider, 0); + } +#endif + /* load functions dynamically - not available on all systems */ - advapi = LoadLibrary("ADVAPI32.DLL"); - kernel = LoadLibrary("KERNEL32.DLL"); - user = LoadLibrary("USER32.DLL"); - netapi = LoadLibrary("NETAPI32.DLL"); + advapi = LoadLibrary(TEXT("ADVAPI32.DLL")); + kernel = LoadLibrary(TEXT("KERNEL32.DLL")); + user = LoadLibrary(TEXT("USER32.DLL")); + netapi = LoadLibrary(TEXT("NETAPI32.DLL")); +#ifndef OPENSSL_SYS_WINCE #if 1 /* There was previously a problem with NETSTATGET. Currently, this * section is still experimental, but if all goes well, this conditional * will be removed */ if (netapi) { - netstatget = (NETSTATGET) GetProcAddress(netapi,"NetStatisticsGet"); - netfree = (NETFREE) GetProcAddress(netapi,"NetApiBufferFree"); + netstatget = (NETSTATGET) GetProcAddress(netapi,TEXT("NetStatisticsGet")); + netfree = (NETFREE) GetProcAddress(netapi,TEXT("NetApiBufferFree")); } if (netstatget && netfree) @@ -249,7 +263,9 @@ int RAND_poll(void) if (netapi) FreeLibrary(netapi); #endif /* 1 */ +#endif /* !OPENSSL_SYS_WINCE */ +#ifndef OPENSSL_SYS_WINCE /* It appears like this can cause an exception deep within ADVAPI32.DLL * at random times on Windows 2000. Reported by Jeffrey Altman. * Only use it on NT. @@ -280,30 +296,40 @@ int RAND_poll(void) bufsz += 8192; length = bufsz; - rc = RegQueryValueEx(HKEY_PERFORMANCE_DATA, "Global", + rc = RegQueryValueEx(HKEY_PERFORMANCE_DATA, TEXT("Global"), NULL, NULL, buf, &length); } if (rc == ERROR_SUCCESS) { /* For entropy count assume only least significant * byte of each DWORD is random. - */ + */ RAND_add(&length, sizeof(length), 0); RAND_add(buf, length, length / 4.0); + + /* Close the Registry Key to allow Windows to cleanup/close + * the open handle + * Note: The 'HKEY_PERFORMANCE_DATA' key is implicitly opened + * when the RegQueryValueEx above is done. However, if + * it is not explicitly closed, it can cause disk + * partition manipulation problems. + */ + RegCloseKey(HKEY_PERFORMANCE_DATA); } if (buf) free(buf); } #endif +#endif /* !OPENSSL_SYS_WINCE */ if (advapi) { acquire = (CRYPTACQUIRECONTEXT) GetProcAddress(advapi, - "CryptAcquireContextA"); + TEXT("CryptAcquireContextA")); gen = (CRYPTGENRANDOM) GetProcAddress(advapi, - "CryptGenRandom"); + TEXT("CryptGenRandom")); release = (CRYPTRELEASECONTEXT) GetProcAddress(advapi, - "CryptReleaseContext"); + TEXT("CryptReleaseContext")); } if (acquire && gen && release) @@ -357,9 +383,9 @@ int RAND_poll(void) GETFOREGROUNDWINDOW win; GETQUEUESTATUS queue; - win = (GETFOREGROUNDWINDOW) GetProcAddress(user, "GetForegroundWindow"); - cursor = (GETCURSORINFO) GetProcAddress(user, "GetCursorInfo"); - queue = (GETQUEUESTATUS) GetProcAddress(user, "GetQueueStatus"); + win = (GETFOREGROUNDWINDOW) GetProcAddress(user, TEXT("GetForegroundWindow")); + cursor = (GETCURSORINFO) GetProcAddress(user, TEXT("GetCursorInfo")); + queue = (GETQUEUESTATUS) GetProcAddress(user, TEXT("GetQueueStatus")); if (win) { @@ -430,17 +456,17 @@ int RAND_poll(void) MODULEENTRY32 m; snap = (CREATETOOLHELP32SNAPSHOT) - GetProcAddress(kernel, "CreateToolhelp32Snapshot"); - heap_first = (HEAP32FIRST) GetProcAddress(kernel, "Heap32First"); - heap_next = (HEAP32NEXT) GetProcAddress(kernel, "Heap32Next"); - heaplist_first = (HEAP32LIST) GetProcAddress(kernel, "Heap32ListFirst"); - heaplist_next = (HEAP32LIST) GetProcAddress(kernel, "Heap32ListNext"); - process_first = (PROCESS32) GetProcAddress(kernel, "Process32First"); - process_next = (PROCESS32) GetProcAddress(kernel, "Process32Next"); - thread_first = (THREAD32) GetProcAddress(kernel, "Thread32First"); - thread_next = (THREAD32) GetProcAddress(kernel, "Thread32Next"); - module_first = (MODULE32) GetProcAddress(kernel, "Module32First"); - module_next = (MODULE32) GetProcAddress(kernel, "Module32Next"); + GetProcAddress(kernel, TEXT("CreateToolhelp32Snapshot")); + heap_first = (HEAP32FIRST) GetProcAddress(kernel, TEXT("Heap32First")); + heap_next = (HEAP32NEXT) GetProcAddress(kernel, TEXT("Heap32Next")); + heaplist_first = (HEAP32LIST) GetProcAddress(kernel, TEXT("Heap32ListFirst")); + heaplist_next = (HEAP32LIST) GetProcAddress(kernel, TEXT("Heap32ListNext")); + process_first = (PROCESS32) GetProcAddress(kernel, TEXT("Process32First")); + process_next = (PROCESS32) GetProcAddress(kernel, TEXT("Process32Next")); + thread_first = (THREAD32) GetProcAddress(kernel, TEXT("Thread32First")); + thread_next = (THREAD32) GetProcAddress(kernel, TEXT("Thread32Next")); + module_first = (MODULE32) GetProcAddress(kernel, TEXT("Module32First")); + module_next = (MODULE32) GetProcAddress(kernel, TEXT("Module32Next")); if (snap && heap_first && heap_next && heaplist_first && heaplist_next && process_first && process_next && @@ -575,7 +601,7 @@ static void readtimer(void) DWORD w; LARGE_INTEGER l; static int have_perfc = 1; -#ifdef _MSC_VER +#if defined(_MSC_VER) && !defined(OPENSSL_SYS_WINCE) static int have_tsc = 1; DWORD cyclecount; @@ -628,6 +654,7 @@ static void readtimer(void) static void readscreen(void) { +#ifndef OPENSSL_SYS_WINCE HDC hScrDC; /* screen DC */ HDC hMemDC; /* memory DC */ HBITMAP hBitmap; /* handle for our bitmap */ @@ -641,7 +668,7 @@ static void readscreen(void) int n = 16; /* number of screen lines to grab at a time */ /* Create a screen DC and a memory DC compatible to screen DC */ - hScrDC = CreateDC("DISPLAY", NULL, NULL, NULL); + hScrDC = CreateDC(TEXT("DISPLAY"), NULL, NULL, NULL); hMemDC = CreateCompatibleDC(hScrDC); /* Get screen resolution */ @@ -688,6 +715,7 @@ static void readscreen(void) DeleteObject(hBitmap); DeleteDC(hMemDC); DeleteDC(hScrDC); +#endif /* !OPENSSL_SYS_WINCE */ } #endif diff --git a/lib/libcrypto/rand/randfile.c b/lib/libcrypto/rand/randfile.c index 311dd27a7b2..cfbec2ac1fd 100644 --- a/lib/libcrypto/rand/randfile.c +++ b/lib/libcrypto/rand/randfile.c @@ -132,7 +132,7 @@ int RAND_load_file(const char *file, long bytes) } } fclose(in); - memset(buf,0,BUFSIZE); + OPENSSL_cleanse(buf,BUFSIZE); err: return(ret); } @@ -210,7 +210,7 @@ int RAND_write_file(const char *file) #endif /* OPENSSL_SYS_VMS */ fclose(out); - memset(buf,0,BUFSIZE); + OPENSSL_cleanse(buf,BUFSIZE); err: return (rand_err ? -1 : ret); } @@ -225,8 +225,8 @@ const char *RAND_file_name(char *buf, size_t size) s=getenv("RANDFILE"); if (s != NULL && *s && strlen(s) + 1 < size) { - strlcpy(buf,s,size); - ok = 1; + if (strlcpy(buf,s,size) >= size) + return NULL; } else { diff --git a/lib/libcrypto/rand/randtest.c b/lib/libcrypto/rand/randtest.c index b64de616dbc..701932e6ee2 100644 --- a/lib/libcrypto/rand/randtest.c +++ b/lib/libcrypto/rand/randtest.c @@ -60,6 +60,8 @@ #include <stdlib.h> #include <openssl/rand.h> +#include "../e_os.h" + /* some FIPS 140-1 random number test */ /* some simple tests */ @@ -209,6 +211,6 @@ int main() printf("test 4 done\n"); err: err=((err)?1:0); - exit(err); + EXIT(err); return(err); } diff --git a/lib/libcrypto/rc2/Makefile.ssl b/lib/libcrypto/rc2/Makefile.ssl index 88e41bb98ee..98d5960d5d6 100644 --- a/lib/libcrypto/rc2/Makefile.ssl +++ b/lib/libcrypto/rc2/Makefile.ssl @@ -68,7 +68,7 @@ lint: lint -DLINT $(INCLUDES) $(SRC)>fluff depend: - $(MAKEDEPEND) $(CFLAG) $(INCLUDES) $(DEPFLAG) $(PROGS) $(LIBSRC) + $(MAKEDEPEND) -- $(CFLAG) $(INCLUDES) $(DEPFLAG) -- $(PROGS) $(LIBSRC) dclean: $(PERL) -pe 'if (/^# DO NOT DELETE THIS LINE/) {print; exit(0);}' $(MAKEFILE) >Makefile.new diff --git a/lib/libcrypto/rc2/rc2test.c b/lib/libcrypto/rc2/rc2test.c index d9a2a0a1cbd..b67bafb49f4 100644 --- a/lib/libcrypto/rc2/rc2test.c +++ b/lib/libcrypto/rc2/rc2test.c @@ -63,6 +63,8 @@ #include <string.h> #include <stdlib.h> +#include "../e_os.h" + #ifdef OPENSSL_NO_RC2 int main(int argc, char *argv[]) { @@ -203,7 +205,7 @@ int main(int argc, char *argv[]) printf("ok\n"); #endif - exit(err); + EXIT(err); return(err); } diff --git a/lib/libcrypto/rc4/Makefile.ssl b/lib/libcrypto/rc4/Makefile.ssl index 6e5bbf9894e..9f9e16068fd 100644 --- a/lib/libcrypto/rc4/Makefile.ssl +++ b/lib/libcrypto/rc4/Makefile.ssl @@ -52,14 +52,8 @@ lib: $(LIBOBJ) @touch lib # elf -asm/rx86-elf.o: asm/rx86unix.cpp - $(CPP) -DELF -x c asm/rx86unix.cpp | as -o asm/rx86-elf.o - -# solaris -asm/rx86-sol.o: asm/rx86unix.cpp - $(CC) -E -DSOL asm/rx86unix.cpp | sed 's/^#.*//' > asm/rx86-sol.s - as -o asm/rx86-sol.o asm/rx86-sol.s - rm -f asm/rx86-sol.s +asm/rx86-elf.s: asm/rc4-586.pl ../perlasm/x86asm.pl + (cd asm; $(PERL) rc4-586.pl elf $(CFLAGS) > rx86-elf.s) # a.out asm/rx86-out.o: asm/rx86unix.cpp @@ -97,14 +91,14 @@ lint: lint -DLINT $(INCLUDES) $(SRC)>fluff depend: - $(MAKEDEPEND) $(CFLAG) $(INCLUDES) $(DEPFLAG) $(PROGS) $(LIBSRC) + $(MAKEDEPEND) -- $(CFLAG) $(INCLUDES) $(DEPFLAG) -- $(PROGS) $(LIBSRC) dclean: $(PERL) -pe 'if (/^# DO NOT DELETE THIS LINE/) {print; exit(0);}' $(MAKEFILE) >Makefile.new mv -f Makefile.new $(MAKEFILE) clean: - rm -f asm/rx86unix.cpp *.o *.obj lib tags core .pure .nfs* *.old *.bak fluff asm/*.o + rm -f asm/rx86unix.cpp asm/*-elf.* *.o *.obj lib tags core .pure .nfs* *.old *.bak fluff asm/*.o # DO NOT DELETE THIS LINE -- make depend depends on it. diff --git a/lib/libcrypto/rc4/rc4.c b/lib/libcrypto/rc4/rc4.c index c2165b0b759..b39c070292c 100644 --- a/lib/libcrypto/rc4/rc4.c +++ b/lib/libcrypto/rc4/rc4.c @@ -155,7 +155,7 @@ bad: i=EVP_read_pw_string(buf,BUFSIZ,"Enter RC4 password:",0); if (i != 0) { - memset(buf,0,BUFSIZ); + OPENSSL_cleanse(buf,BUFSIZ); fprintf(stderr,"bad password read\n"); exit(1); } @@ -163,7 +163,7 @@ bad: } EVP_Digest((unsigned char *)keystr,(unsigned long)strlen(keystr),md,NULL,EVP_md5()); - memset(keystr,0,strlen(keystr)); + OPENSSL_cleanse(keystr,strlen(keystr)); RC4_set_key(&key,MD5_DIGEST_LENGTH,md); for(;;) diff --git a/lib/libcrypto/rc4/rc4test.c b/lib/libcrypto/rc4/rc4test.c index a28d457c8d5..b9d8f209753 100644 --- a/lib/libcrypto/rc4/rc4test.c +++ b/lib/libcrypto/rc4/rc4test.c @@ -60,6 +60,8 @@ #include <stdlib.h> #include <string.h> +#include "../e_os.h" + #ifdef OPENSSL_NO_RC4 int main(int argc, char *argv[]) { @@ -195,7 +197,7 @@ int main(int argc, char *argv[]) } } printf("done\n"); - exit(err); + EXIT(err); return(0); } #endif diff --git a/lib/libcrypto/rc5/Makefile.ssl b/lib/libcrypto/rc5/Makefile.ssl index ff31ab47a9d..a86f202f7b2 100644 --- a/lib/libcrypto/rc5/Makefile.ssl +++ b/lib/libcrypto/rc5/Makefile.ssl @@ -49,14 +49,8 @@ lib: $(LIBOBJ) @touch lib # elf -asm/r586-elf.o: asm/r586unix.cpp - $(CPP) -DELF -x c asm/r586unix.cpp | as -o asm/r586-elf.o - -# solaris -asm/r586-sol.o: asm/r586unix.cpp - $(CC) -E -DSOL asm/r586unix.cpp | sed 's/^#.*//' > asm/r586-sol.s - as -o asm/r586-sol.o asm/r586-sol.s - rm -f asm/r586-sol.s +asm/r586-elf.s: asm/rc5-586.pl ../perlasm/x86asm.pl ../perlasm/cbc.pl + (cd asm; $(PERL) rc5-586.pl elf $(CFLAGS) > r586-elf.s) # a.out asm/r586-out.o: asm/r586unix.cpp @@ -94,14 +88,14 @@ lint: lint -DLINT $(INCLUDES) $(SRC)>fluff depend: - $(MAKEDEPEND) $(CFLAG) $(INCLUDES) $(DEPFLAG) $(PROGS) $(LIBSRC) + $(MAKEDEPEND) -- $(CFLAG) $(INCLUDES) $(DEPFLAG) -- $(PROGS) $(LIBSRC) dclean: $(PERL) -pe 'if (/^# DO NOT DELETE THIS LINE/) {print; exit(0);}' $(MAKEFILE) >Makefile.new mv -f Makefile.new $(MAKEFILE) clean: - rm -f asm/r586unix.cpp *.o asm/*.o *.obj lib tags core .pure .nfs* *.old *.bak fluff + rm -f asm/r586unix.cpp asm/*-elf.* *.o asm/*.o *.obj lib tags core .pure .nfs* *.old *.bak fluff # DO NOT DELETE THIS LINE -- make depend depends on it. diff --git a/lib/libcrypto/ripemd/Makefile.ssl b/lib/libcrypto/ripemd/Makefile.ssl index 7ab5d2fc9e3..d85515353b2 100644 --- a/lib/libcrypto/ripemd/Makefile.ssl +++ b/lib/libcrypto/ripemd/Makefile.ssl @@ -47,14 +47,8 @@ lib: $(LIBOBJ) @touch lib # elf -asm/rm86-elf.o: asm/rm86unix.cpp - $(CPP) -DELF -x c asm/rm86unix.cpp | as -o asm/rm86-elf.o - -# solaris -asm/rm86-sol.o: asm/rm86unix.cpp - $(CC) -E -DSOL asm/rm86unix.cpp | sed 's/^#.*//' > asm/rm86-sol.s - as -o asm/rm86-sol.o asm/rm86-sol.s - rm -f asm/rm86-sol.s +asm/rm86-elf.s: asm/rmd-586.pl ../perlasm/x86asm.pl + (cd asm; $(PERL) rmd-586.pl elf $(CFLAGS) > rm86-elf.s) # a.out asm/rm86-out.o: asm/rm86unix.cpp @@ -92,19 +86,22 @@ lint: lint -DLINT $(INCLUDES) $(SRC)>fluff depend: - $(MAKEDEPEND) $(CFLAG) $(INCLUDES) $(DEPFLAG) $(PROGS) $(LIBSRC) + $(MAKEDEPEND) -- $(CFLAG) $(INCLUDES) $(DEPFLAG) -- $(PROGS) $(LIBSRC) dclean: $(PERL) -pe 'if (/^# DO NOT DELETE THIS LINE/) {print; exit(0);}' $(MAKEFILE) >Makefile.new mv -f Makefile.new $(MAKEFILE) clean: - rm -f asm/rm86unix.cpp *.o asm/*.o *.obj lib tags core .pure .nfs* *.old *.bak fluff + rm -f asm/rm86unix.cpp asm/*-elf.* *.o asm/*.o *.obj lib tags core .pure .nfs* *.old *.bak fluff # DO NOT DELETE THIS LINE -- make depend depends on it. rmd_dgst.o: ../../include/openssl/e_os2.h ../../include/openssl/opensslconf.h rmd_dgst.o: ../../include/openssl/opensslv.h ../../include/openssl/ripemd.h rmd_dgst.o: ../md32_common.h rmd_dgst.c rmd_locl.h rmdconst.h -rmd_one.o: ../../include/openssl/e_os2.h ../../include/openssl/opensslconf.h -rmd_one.o: ../../include/openssl/ripemd.h rmd_one.c +rmd_one.o: ../../include/openssl/crypto.h ../../include/openssl/e_os2.h +rmd_one.o: ../../include/openssl/opensslconf.h ../../include/openssl/opensslv.h +rmd_one.o: ../../include/openssl/ripemd.h ../../include/openssl/safestack.h +rmd_one.o: ../../include/openssl/stack.h ../../include/openssl/symhacks.h +rmd_one.o: rmd_one.c diff --git a/lib/libcrypto/ripemd/rmd160.c b/lib/libcrypto/ripemd/rmd160.c index 4f8b88a18ac..b0ec5744989 100644 --- a/lib/libcrypto/ripemd/rmd160.c +++ b/lib/libcrypto/ripemd/rmd160.c @@ -64,7 +64,7 @@ void do_fp(FILE *f); void pt(unsigned char *md); -#ifndef _OSD_POSIX +#if !defined(_OSD_POSIX) && !defined(__DJGPP__) int read(int, void *, unsigned int); #endif diff --git a/lib/libcrypto/ripemd/rmd_dgst.c b/lib/libcrypto/ripemd/rmd_dgst.c index a3170f7c8a7..f351f00eea0 100644 --- a/lib/libcrypto/ripemd/rmd_dgst.c +++ b/lib/libcrypto/ripemd/rmd_dgst.c @@ -90,8 +90,8 @@ int RIPEMD160_Init(RIPEMD160_CTX *c) void ripemd160_block_host_order (RIPEMD160_CTX *ctx, const void *p, int num) { const RIPEMD160_LONG *XX=p; - register unsigned long A,B,C,D,E; - register unsigned long a,b,c,d,e; + register unsigned MD32_REG_T A,B,C,D,E; + register unsigned MD32_REG_T a,b,c,d,e; for (;num--;XX+=HASH_LBLOCK) { @@ -290,12 +290,12 @@ void ripemd160_block_host_order (RIPEMD160_CTX *ctx, const void *p, int num) void ripemd160_block_data_order (RIPEMD160_CTX *ctx, const void *p, int num) { const unsigned char *data=p; - register unsigned long A,B,C,D,E; - unsigned long a,b,c,d,e,l; + register unsigned MD32_REG_T A,B,C,D,E; + unsigned MD32_REG_T a,b,c,d,e,l; #ifndef MD32_XARRAY /* See comment in crypto/sha/sha_locl.h for details. */ - unsigned long XX0, XX1, XX2, XX3, XX4, XX5, XX6, XX7, - XX8, XX9,XX10,XX11,XX12,XX13,XX14,XX15; + unsigned MD32_REG_T XX0, XX1, XX2, XX3, XX4, XX5, XX6, XX7, + XX8, XX9,XX10,XX11,XX12,XX13,XX14,XX15; # define X(i) XX##i #else RIPEMD160_LONG XX[16]; diff --git a/lib/libcrypto/ripemd/rmd_one.c b/lib/libcrypto/ripemd/rmd_one.c index efdf2dd6efc..f8b580c33a3 100644 --- a/lib/libcrypto/ripemd/rmd_one.c +++ b/lib/libcrypto/ripemd/rmd_one.c @@ -59,6 +59,7 @@ #include <stdio.h> #include <string.h> #include <openssl/ripemd.h> +#include <openssl/crypto.h> unsigned char *RIPEMD160(const unsigned char *d, unsigned long n, unsigned char *md) @@ -70,7 +71,7 @@ unsigned char *RIPEMD160(const unsigned char *d, unsigned long n, RIPEMD160_Init(&c); RIPEMD160_Update(&c,d,n); RIPEMD160_Final(md,&c); - memset(&c,0,sizeof(c)); /* security consideration */ + OPENSSL_cleanse(&c,sizeof(c)); /* security consideration */ return(md); } diff --git a/lib/libcrypto/ripemd/rmdtest.c b/lib/libcrypto/ripemd/rmdtest.c index be1fb8b1f6d..d4c709e6466 100644 --- a/lib/libcrypto/ripemd/rmdtest.c +++ b/lib/libcrypto/ripemd/rmdtest.c @@ -60,6 +60,8 @@ #include <string.h> #include <stdlib.h> +#include "../e_os.h" + #ifdef OPENSSL_NO_RIPEMD int main(int argc, char *argv[]) { @@ -127,7 +129,7 @@ int main(int argc, char *argv[]) R++; P++; } - exit(err); + EXIT(err); return(0); } diff --git a/lib/libcrypto/rsa/Makefile.ssl b/lib/libcrypto/rsa/Makefile.ssl index 8c44b7f142e..8089344a046 100644 --- a/lib/libcrypto/rsa/Makefile.ssl +++ b/lib/libcrypto/rsa/Makefile.ssl @@ -72,7 +72,7 @@ lint: lint -DLINT $(INCLUDES) $(SRC)>fluff depend: - $(MAKEDEPEND) $(CFLAG) $(INCLUDES) $(DEPFLAG) $(PROGS) $(LIBSRC) + $(MAKEDEPEND) -- $(CFLAG) $(INCLUDES) $(DEPFLAG) -- $(PROGS) $(LIBSRC) dclean: $(PERL) -pe 'if (/^# DO NOT DELETE THIS LINE/) {print; exit(0);}' $(MAKEFILE) >Makefile.new @@ -104,14 +104,12 @@ rsa_chk.o: rsa_chk.c rsa_eay.o: ../../e_os.h ../../include/openssl/asn1.h rsa_eay.o: ../../include/openssl/bio.h ../../include/openssl/bn.h rsa_eay.o: ../../include/openssl/buffer.h ../../include/openssl/crypto.h -rsa_eay.o: ../../include/openssl/dh.h ../../include/openssl/dsa.h -rsa_eay.o: ../../include/openssl/e_os2.h ../../include/openssl/engine.h -rsa_eay.o: ../../include/openssl/err.h ../../include/openssl/lhash.h -rsa_eay.o: ../../include/openssl/opensslconf.h ../../include/openssl/opensslv.h -rsa_eay.o: ../../include/openssl/ossl_typ.h ../../include/openssl/rand.h -rsa_eay.o: ../../include/openssl/rsa.h ../../include/openssl/safestack.h -rsa_eay.o: ../../include/openssl/stack.h ../../include/openssl/symhacks.h -rsa_eay.o: ../../include/openssl/ui.h ../cryptlib.h rsa_eay.c +rsa_eay.o: ../../include/openssl/e_os2.h ../../include/openssl/err.h +rsa_eay.o: ../../include/openssl/lhash.h ../../include/openssl/opensslconf.h +rsa_eay.o: ../../include/openssl/opensslv.h ../../include/openssl/ossl_typ.h +rsa_eay.o: ../../include/openssl/rand.h ../../include/openssl/rsa.h +rsa_eay.o: ../../include/openssl/safestack.h ../../include/openssl/stack.h +rsa_eay.o: ../../include/openssl/symhacks.h ../cryptlib.h rsa_eay.c rsa_err.o: ../../include/openssl/asn1.h ../../include/openssl/bio.h rsa_err.o: ../../include/openssl/bn.h ../../include/openssl/crypto.h rsa_err.o: ../../include/openssl/e_os2.h ../../include/openssl/err.h @@ -217,21 +215,21 @@ rsa_sign.o: ../../include/openssl/buffer.h ../../include/openssl/cast.h rsa_sign.o: ../../include/openssl/crypto.h ../../include/openssl/des.h rsa_sign.o: ../../include/openssl/des_old.h ../../include/openssl/dh.h rsa_sign.o: ../../include/openssl/dsa.h ../../include/openssl/e_os2.h -rsa_sign.o: ../../include/openssl/engine.h ../../include/openssl/err.h -rsa_sign.o: ../../include/openssl/evp.h ../../include/openssl/idea.h -rsa_sign.o: ../../include/openssl/lhash.h ../../include/openssl/md2.h -rsa_sign.o: ../../include/openssl/md4.h ../../include/openssl/md5.h -rsa_sign.o: ../../include/openssl/mdc2.h ../../include/openssl/obj_mac.h -rsa_sign.o: ../../include/openssl/objects.h ../../include/openssl/opensslconf.h +rsa_sign.o: ../../include/openssl/err.h ../../include/openssl/evp.h +rsa_sign.o: ../../include/openssl/idea.h ../../include/openssl/lhash.h +rsa_sign.o: ../../include/openssl/md2.h ../../include/openssl/md4.h +rsa_sign.o: ../../include/openssl/md5.h ../../include/openssl/mdc2.h +rsa_sign.o: ../../include/openssl/obj_mac.h ../../include/openssl/objects.h +rsa_sign.o: ../../include/openssl/opensslconf.h rsa_sign.o: ../../include/openssl/opensslv.h ../../include/openssl/ossl_typ.h -rsa_sign.o: ../../include/openssl/pkcs7.h ../../include/openssl/rand.h -rsa_sign.o: ../../include/openssl/rc2.h ../../include/openssl/rc4.h -rsa_sign.o: ../../include/openssl/rc5.h ../../include/openssl/ripemd.h -rsa_sign.o: ../../include/openssl/rsa.h ../../include/openssl/safestack.h -rsa_sign.o: ../../include/openssl/sha.h ../../include/openssl/stack.h -rsa_sign.o: ../../include/openssl/symhacks.h ../../include/openssl/ui.h -rsa_sign.o: ../../include/openssl/ui_compat.h ../../include/openssl/x509.h -rsa_sign.o: ../../include/openssl/x509_vfy.h ../cryptlib.h rsa_sign.c +rsa_sign.o: ../../include/openssl/pkcs7.h ../../include/openssl/rc2.h +rsa_sign.o: ../../include/openssl/rc4.h ../../include/openssl/rc5.h +rsa_sign.o: ../../include/openssl/ripemd.h ../../include/openssl/rsa.h +rsa_sign.o: ../../include/openssl/safestack.h ../../include/openssl/sha.h +rsa_sign.o: ../../include/openssl/stack.h ../../include/openssl/symhacks.h +rsa_sign.o: ../../include/openssl/ui.h ../../include/openssl/ui_compat.h +rsa_sign.o: ../../include/openssl/x509.h ../../include/openssl/x509_vfy.h +rsa_sign.o: ../cryptlib.h rsa_sign.c rsa_ssl.o: ../../e_os.h ../../include/openssl/asn1.h rsa_ssl.o: ../../include/openssl/bio.h ../../include/openssl/bn.h rsa_ssl.o: ../../include/openssl/buffer.h ../../include/openssl/crypto.h diff --git a/lib/libcrypto/rsa/rsa.h b/lib/libcrypto/rsa/rsa.h index 98b3bd7cc52..e26a68b4828 100644 --- a/lib/libcrypto/rsa/rsa.h +++ b/lib/libcrypto/rsa/rsa.h @@ -158,6 +158,11 @@ struct rsa_st #define RSA_FLAG_CACHE_PUBLIC 0x02 #define RSA_FLAG_CACHE_PRIVATE 0x04 #define RSA_FLAG_BLINDING 0x08 +#define RSA_FLAG_NO_BLINDING 0x80 /* new with 0.9.6j and 0.9.7b; the built-in + * RSA implementation now uses blinding by + * default (ignoring RSA_FLAG_BLINDING), + * but other engines might not need it + */ #define RSA_FLAG_THREAD_SAFE 0x10 /* This flag means the private key operations will be handled by rsa_mod_exp * and that they do not depend on the private key components being present: @@ -170,11 +175,15 @@ struct rsa_st */ #define RSA_FLAG_SIGN_VER 0x40 +#define RSA_FLAG_NO_BLINDING 0x80 + #define RSA_PKCS1_PADDING 1 #define RSA_SSLV23_PADDING 2 #define RSA_NO_PADDING 3 #define RSA_PKCS1_OAEP_PADDING 4 +#define RSA_PKCS1_PADDING_SIZE 11 + #define RSA_set_app_data(s,arg) RSA_set_ex_data(s,0,arg) #define RSA_get_app_data(s) RSA_get_ex_data(s,0) diff --git a/lib/libcrypto/rsa/rsa_eay.c b/lib/libcrypto/rsa/rsa_eay.c index a3f549d8e69..027b4dc754f 100644 --- a/lib/libcrypto/rsa/rsa_eay.c +++ b/lib/libcrypto/rsa/rsa_eay.c @@ -61,7 +61,6 @@ #include <openssl/bn.h> #include <openssl/rsa.h> #include <openssl/rand.h> -#include <openssl/engine.h> #ifndef RSA_NULL @@ -187,7 +186,7 @@ err: BN_clear_free(&ret); if (buf != NULL) { - memset(buf,0,num); + OPENSSL_cleanse(buf,num); OPENSSL_free(buf); } return(r); @@ -206,12 +205,46 @@ static int rsa_eay_blinding(RSA *rsa, BN_CTX *ctx) #define BLINDING_HELPER(rsa, ctx, err_instr) \ do { \ - if(((rsa)->flags & RSA_FLAG_BLINDING) && \ - ((rsa)->blinding == NULL) && \ - !rsa_eay_blinding(rsa, ctx)) \ - err_instr \ + if((!((rsa)->flags & RSA_FLAG_NO_BLINDING)) && \ + ((rsa)->blinding == NULL) && \ + !rsa_eay_blinding(rsa, ctx)) \ + err_instr \ } while(0) +static BN_BLINDING *setup_blinding(RSA *rsa, BN_CTX *ctx) + { + BIGNUM *A, *Ai; + BN_BLINDING *ret = NULL; + + /* added in OpenSSL 0.9.6j and 0.9.7b */ + + /* NB: similar code appears in RSA_blinding_on (rsa_lib.c); + * this should be placed in a new function of its own, but for reasons + * of binary compatibility can't */ + + BN_CTX_start(ctx); + A = BN_CTX_get(ctx); + if ((RAND_status() == 0) && rsa->d != NULL && rsa->d->d != NULL) + { + /* if PRNG is not properly seeded, resort to secret exponent as unpredictable seed */ + RAND_add(rsa->d->d, rsa->d->dmax * sizeof rsa->d->d[0], 0); + if (!BN_pseudo_rand_range(A,rsa->n)) goto err; + } + else + { + if (!BN_rand_range(A,rsa->n)) goto err; + } + if ((Ai=BN_mod_inverse(NULL,A,rsa->n,ctx)) == NULL) goto err; + + if (!rsa->meth->bn_mod_exp(A,A,rsa->e,rsa->n,ctx,rsa->_method_mod_n)) + goto err; + ret = BN_BLINDING_new(A,Ai,rsa->n); + BN_free(Ai); +err: + BN_CTX_end(ctx); + return ret; + } + /* signing */ static int RSA_eay_private_encrypt(int flen, const unsigned char *from, unsigned char *to, RSA *rsa, int padding) @@ -220,6 +253,8 @@ static int RSA_eay_private_encrypt(int flen, const unsigned char *from, int i,j,k,num=0,r= -1; unsigned char *buf=NULL; BN_CTX *ctx=NULL; + int local_blinding = 0; + BN_BLINDING *blinding = NULL; BN_init(&f); BN_init(&ret); @@ -257,9 +292,38 @@ static int RSA_eay_private_encrypt(int flen, const unsigned char *from, } BLINDING_HELPER(rsa, ctx, goto err;); + blinding = rsa->blinding; + + /* Now unless blinding is disabled, 'blinding' is non-NULL. + * But the BN_BLINDING object may be owned by some other thread + * (we don't want to keep it constant and we don't want to use + * lots of locking to avoid race conditions, so only a single + * thread can use it; other threads have to use local blinding + * factors) */ + if (!(rsa->flags & RSA_FLAG_NO_BLINDING)) + { + if (blinding == NULL) + { + RSAerr(RSA_F_RSA_EAY_PRIVATE_ENCRYPT, ERR_R_INTERNAL_ERROR); + goto err; + } + } + + if (blinding != NULL) + { + if (blinding->thread_id != CRYPTO_thread_id()) + { + /* we need a local one-time blinding factor */ + + blinding = setup_blinding(rsa, ctx); + if (blinding == NULL) + goto err; + local_blinding = 1; + } + } - if (rsa->flags & RSA_FLAG_BLINDING) - if (!BN_BLINDING_convert(&f,rsa->blinding,ctx)) goto err; + if (blinding) + if (!BN_BLINDING_convert(&f, blinding, ctx)) goto err; if ( (rsa->flags & RSA_FLAG_EXT_PKEY) || ((rsa->p != NULL) && @@ -273,8 +337,8 @@ static int RSA_eay_private_encrypt(int flen, const unsigned char *from, if (!rsa->meth->bn_mod_exp(&ret,&f,rsa->d,rsa->n,ctx,NULL)) goto err; } - if (rsa->flags & RSA_FLAG_BLINDING) - if (!BN_BLINDING_invert(&ret,rsa->blinding,ctx)) goto err; + if (blinding) + if (!BN_BLINDING_invert(&ret, blinding, ctx)) goto err; /* put in leading 0 bytes if the number is less than the * length of the modulus */ @@ -288,9 +352,11 @@ err: if (ctx != NULL) BN_CTX_free(ctx); BN_clear_free(&ret); BN_clear_free(&f); + if (local_blinding) + BN_BLINDING_free(blinding); if (buf != NULL) { - memset(buf,0,num); + OPENSSL_cleanse(buf,num); OPENSSL_free(buf); } return(r); @@ -304,6 +370,8 @@ static int RSA_eay_private_decrypt(int flen, const unsigned char *from, unsigned char *p; unsigned char *buf=NULL; BN_CTX *ctx=NULL; + int local_blinding = 0; + BN_BLINDING *blinding = NULL; BN_init(&f); BN_init(&ret); @@ -336,9 +404,38 @@ static int RSA_eay_private_decrypt(int flen, const unsigned char *from, } BLINDING_HELPER(rsa, ctx, goto err;); + blinding = rsa->blinding; + + /* Now unless blinding is disabled, 'blinding' is non-NULL. + * But the BN_BLINDING object may be owned by some other thread + * (we don't want to keep it constant and we don't want to use + * lots of locking to avoid race conditions, so only a single + * thread can use it; other threads have to use local blinding + * factors) */ + if (!(rsa->flags & RSA_FLAG_NO_BLINDING)) + { + if (blinding == NULL) + { + RSAerr(RSA_F_RSA_EAY_PRIVATE_DECRYPT, ERR_R_INTERNAL_ERROR); + goto err; + } + } + + if (blinding != NULL) + { + if (blinding->thread_id != CRYPTO_thread_id()) + { + /* we need a local one-time blinding factor */ + + blinding = setup_blinding(rsa, ctx); + if (blinding == NULL) + goto err; + local_blinding = 1; + } + } - if (rsa->flags & RSA_FLAG_BLINDING) - if (!BN_BLINDING_convert(&f,rsa->blinding,ctx)) goto err; + if (blinding) + if (!BN_BLINDING_convert(&f, blinding, ctx)) goto err; /* do the decrypt */ if ( (rsa->flags & RSA_FLAG_EXT_PKEY) || @@ -354,8 +451,8 @@ static int RSA_eay_private_decrypt(int flen, const unsigned char *from, goto err; } - if (rsa->flags & RSA_FLAG_BLINDING) - if (!BN_BLINDING_invert(&ret,rsa->blinding,ctx)) goto err; + if (blinding) + if (!BN_BLINDING_invert(&ret, blinding, ctx)) goto err; p=buf; j=BN_bn2bin(&ret,p); /* j is only used with no-padding mode */ @@ -389,7 +486,7 @@ err: BN_clear_free(&ret); if (buf != NULL) { - memset(buf,0,num); + OPENSSL_cleanse(buf,num); OPENSSL_free(buf); } return(r); @@ -486,7 +583,7 @@ err: BN_clear_free(&ret); if (buf != NULL) { - memset(buf,0,num); + OPENSSL_cleanse(buf,num); OPENSSL_free(buf); } return(r); diff --git a/lib/libcrypto/rsa/rsa_lib.c b/lib/libcrypto/rsa/rsa_lib.c index 37fff8bce3a..53c5092014b 100644 --- a/lib/libcrypto/rsa/rsa_lib.c +++ b/lib/libcrypto/rsa/rsa_lib.c @@ -62,7 +62,10 @@ #include <openssl/lhash.h> #include <openssl/bn.h> #include <openssl/rsa.h> +#include <openssl/rand.h> +#ifndef OPENSSL_NO_ENGINE #include <openssl/engine.h> +#endif const char *RSA_version="RSA" OPENSSL_VERSION_PTEXT; @@ -72,10 +75,6 @@ RSA *RSA_new(void) { RSA *r=RSA_new_method(NULL); -#ifndef OPENSSL_NO_FORCE_RSA_BLINDING - r->flags|=RSA_FLAG_BLINDING; -#endif - return r; } @@ -114,11 +113,13 @@ int RSA_set_method(RSA *rsa, const RSA_METHOD *meth) const RSA_METHOD *mtmp; mtmp = rsa->meth; if (mtmp->finish) mtmp->finish(rsa); +#ifndef OPENSSL_NO_ENGINE if (rsa->engine) { ENGINE_finish(rsa->engine); rsa->engine = NULL; } +#endif rsa->meth = meth; if (meth->init) meth->init(rsa); return 1; @@ -136,6 +137,7 @@ RSA *RSA_new_method(ENGINE *engine) } ret->meth = RSA_get_default_method(); +#ifndef OPENSSL_NO_ENGINE if (engine) { if (!ENGINE_init(engine)) @@ -160,6 +162,7 @@ RSA *RSA_new_method(ENGINE *engine) return NULL; } } +#endif ret->pad=0; ret->version=0; @@ -181,8 +184,10 @@ RSA *RSA_new_method(ENGINE *engine) CRYPTO_new_ex_data(CRYPTO_EX_INDEX_RSA, ret, &ret->ex_data); if ((ret->meth->init != NULL) && !ret->meth->init(ret)) { +#ifndef OPENSSL_NO_ENGINE if (ret->engine) ENGINE_finish(ret->engine); +#endif CRYPTO_free_ex_data(CRYPTO_EX_INDEX_RSA, ret, &ret->ex_data); OPENSSL_free(ret); ret=NULL; @@ -211,8 +216,10 @@ void RSA_free(RSA *r) if (r->meth->finish) r->meth->finish(r); +#ifndef OPENSSL_NO_ENGINE if (r->engine) ENGINE_finish(r->engine); +#endif CRYPTO_free_ex_data(CRYPTO_EX_INDEX_RSA, r, &r->ex_data); @@ -303,7 +310,8 @@ void RSA_blinding_off(RSA *rsa) BN_BLINDING_free(rsa->blinding); rsa->blinding=NULL; } - rsa->flags&= ~RSA_FLAG_BLINDING; + rsa->flags &= ~RSA_FLAG_BLINDING; + rsa->flags |= RSA_FLAG_NO_BLINDING; } int RSA_blinding_on(RSA *rsa, BN_CTX *p_ctx) @@ -322,15 +330,32 @@ int RSA_blinding_on(RSA *rsa, BN_CTX *p_ctx) if (rsa->blinding != NULL) BN_BLINDING_free(rsa->blinding); + /* NB: similar code appears in setup_blinding (rsa_eay.c); + * this should be placed in a new function of its own, but for reasons + * of binary compatibility can't */ + BN_CTX_start(ctx); A = BN_CTX_get(ctx); - if (!BN_rand_range(A,rsa->n)) goto err; + if ((RAND_status() == 0) && rsa->d != NULL && rsa->d->d != NULL) + { + /* if PRNG is not properly seeded, resort to secret exponent as unpredictable seed */ + RAND_add(rsa->d->d, rsa->d->dmax * sizeof rsa->d->d[0], 0); + if (!BN_pseudo_rand_range(A,rsa->n)) goto err; + } + else + { + if (!BN_rand_range(A,rsa->n)) goto err; + } if ((Ai=BN_mod_inverse(NULL,A,rsa->n,ctx)) == NULL) goto err; if (!rsa->meth->bn_mod_exp(A,A,rsa->e,rsa->n,ctx,rsa->_method_mod_n)) - goto err; - rsa->blinding=BN_BLINDING_new(A,Ai,rsa->n); - rsa->flags|=RSA_FLAG_BLINDING; + goto err; + if ((rsa->blinding=BN_BLINDING_new(A,Ai,rsa->n)) == NULL) goto err; + /* to make things thread-safe without excessive locking, + * rsa->blinding will be used just by the current thread: */ + rsa->blinding->thread_id = CRYPTO_thread_id(); + rsa->flags |= RSA_FLAG_BLINDING; + rsa->flags &= ~RSA_FLAG_NO_BLINDING; BN_free(Ai); ret=1; err: diff --git a/lib/libcrypto/rsa/rsa_pk1.c b/lib/libcrypto/rsa/rsa_pk1.c index c1edd6764fc..8560755f1d1 100644 --- a/lib/libcrypto/rsa/rsa_pk1.c +++ b/lib/libcrypto/rsa/rsa_pk1.c @@ -68,7 +68,7 @@ int RSA_padding_add_PKCS1_type_1(unsigned char *to, int tlen, int j; unsigned char *p; - if (flen > (tlen-11)) + if (flen > (tlen-RSA_PKCS1_PADDING_SIZE)) { RSAerr(RSA_F_RSA_PADDING_ADD_PKCS1_TYPE_1,RSA_R_DATA_TOO_LARGE_FOR_KEY_SIZE); return(0); diff --git a/lib/libcrypto/rsa/rsa_saos.c b/lib/libcrypto/rsa/rsa_saos.c index 85adacc08fd..f462716a57f 100644 --- a/lib/libcrypto/rsa/rsa_saos.c +++ b/lib/libcrypto/rsa/rsa_saos.c @@ -77,7 +77,7 @@ int RSA_sign_ASN1_OCTET_STRING(int type, i=i2d_ASN1_OCTET_STRING(&sig,NULL); j=RSA_size(rsa); - if ((i-RSA_PKCS1_PADDING) > j) + if (i > (j-RSA_PKCS1_PADDING_SIZE)) { RSAerr(RSA_F_RSA_SIGN_ASN1_OCTET_STRING,RSA_R_DIGEST_TOO_BIG_FOR_RSA_KEY); return(0); @@ -96,7 +96,7 @@ int RSA_sign_ASN1_OCTET_STRING(int type, else *siglen=i; - memset(s,0,(unsigned int)j+1); + OPENSSL_cleanse(s,(unsigned int)j+1); OPENSSL_free(s); return(ret); } @@ -139,7 +139,7 @@ int RSA_verify_ASN1_OCTET_STRING(int dtype, ret=1; err: if (sig != NULL) M_ASN1_OCTET_STRING_free(sig); - memset(s,0,(unsigned int)siglen); + OPENSSL_cleanse(s,(unsigned int)siglen); OPENSSL_free(s); return(ret); } diff --git a/lib/libcrypto/rsa/rsa_sign.c b/lib/libcrypto/rsa/rsa_sign.c index 2a440901de3..8a1e642183c 100644 --- a/lib/libcrypto/rsa/rsa_sign.c +++ b/lib/libcrypto/rsa/rsa_sign.c @@ -62,7 +62,6 @@ #include <openssl/rsa.h> #include <openssl/objects.h> #include <openssl/x509.h> -#include <openssl/engine.h> /* Size of an SSL signature: MD5+SHA1 */ #define SSL_SIG_LENGTH 36 @@ -77,10 +76,11 @@ int RSA_sign(int type, const unsigned char *m, unsigned int m_len, const unsigned char *s = NULL; X509_ALGOR algor; ASN1_OCTET_STRING digest; - if((rsa->flags & RSA_FLAG_SIGN_VER) - && ENGINE_get_RSA(rsa->engine)->rsa_sign) - return ENGINE_get_RSA(rsa->engine)->rsa_sign(type, - m, m_len, sigret, siglen, rsa); + if((rsa->flags & RSA_FLAG_SIGN_VER) && rsa->meth->rsa_sign) + { + return rsa->meth->rsa_sign(type, m, m_len, + sigret, siglen, rsa); + } /* Special case: SSL signature, just check the length */ if(type == NID_md5_sha1) { if(m_len != SSL_SIG_LENGTH) { @@ -113,7 +113,7 @@ int RSA_sign(int type, const unsigned char *m, unsigned int m_len, i=i2d_X509_SIG(&sig,NULL); } j=RSA_size(rsa); - if ((i-RSA_PKCS1_PADDING) > j) + if (i > (j-RSA_PKCS1_PADDING_SIZE)) { RSAerr(RSA_F_RSA_SIGN,RSA_R_DIGEST_TOO_BIG_FOR_RSA_KEY); return(0); @@ -136,7 +136,7 @@ int RSA_sign(int type, const unsigned char *m, unsigned int m_len, *siglen=i; if(type != NID_md5_sha1) { - memset(tmps,0,(unsigned int)j+1); + OPENSSL_cleanse(tmps,(unsigned int)j+1); OPENSSL_free(tmps); } return(ret); @@ -155,10 +155,11 @@ int RSA_verify(int dtype, const unsigned char *m, unsigned int m_len, return(0); } - if((rsa->flags & RSA_FLAG_SIGN_VER) - && ENGINE_get_RSA(rsa->engine)->rsa_verify) - return ENGINE_get_RSA(rsa->engine)->rsa_verify(dtype, - m, m_len, sigbuf, siglen, rsa); + if((rsa->flags & RSA_FLAG_SIGN_VER) && rsa->meth->rsa_verify) + { + return rsa->meth->rsa_verify(dtype, m, m_len, + sigbuf, siglen, rsa); + } s=(unsigned char *)OPENSSL_malloc((unsigned int)siglen); if (s == NULL) @@ -221,7 +222,7 @@ int RSA_verify(int dtype, const unsigned char *m, unsigned int m_len, } err: if (sig != NULL) X509_SIG_free(sig); - memset(s,0,(unsigned int)siglen); + OPENSSL_cleanse(s,(unsigned int)siglen); OPENSSL_free(s); return(ret); } diff --git a/lib/libcrypto/rsa/rsa_test.c b/lib/libcrypto/rsa/rsa_test.c index b8b462d33b5..924e9ad1f6c 100644 --- a/lib/libcrypto/rsa/rsa_test.c +++ b/lib/libcrypto/rsa/rsa_test.c @@ -16,7 +16,6 @@ int main(int argc, char *argv[]) } #else #include <openssl/rsa.h> -#include <openssl/engine.h> #define SetKey \ key->n = BN_bin2bn(n, sizeof(n)-1, key->n); \ diff --git a/lib/libcrypto/sha/Makefile.ssl b/lib/libcrypto/sha/Makefile.ssl index 0aa678d6f4d..d52fb62b4f0 100644 --- a/lib/libcrypto/sha/Makefile.ssl +++ b/lib/libcrypto/sha/Makefile.ssl @@ -47,14 +47,8 @@ lib: $(LIBOBJ) @touch lib # elf -asm/sx86-elf.o: asm/sx86unix.cpp - $(CPP) -DELF -x c asm/sx86unix.cpp | as -o asm/sx86-elf.o - -# solaris -asm/sx86-sol.o: asm/sx86unix.cpp - $(CC) -E -DSOL asm/sx86unix.cpp | sed 's/^#.*//' > asm/sx86-sol.s - as -o asm/sx86-sol.o asm/sx86-sol.s - rm -f asm/sx86-sol.s +asm/sx86-elf.s: asm/sha1-586.pl ../perlasm/x86asm.pl + (cd asm; $(PERL) sha1-586.pl elf $(CFLAGS) $(PROCESSOR) > sx86-elf.s) # a.out asm/sx86-out.o: asm/sx86unix.cpp @@ -92,24 +86,30 @@ lint: lint -DLINT $(INCLUDES) $(SRC)>fluff depend: - $(MAKEDEPEND) $(CFLAG) $(INCLUDES) $(DEPFLAG) $(PROGS) $(LIBSRC) + $(MAKEDEPEND) -- $(CFLAG) $(INCLUDES) $(DEPFLAG) -- $(PROGS) $(LIBSRC) dclean: $(PERL) -pe 'if (/^# DO NOT DELETE THIS LINE/) {print; exit(0);}' $(MAKEFILE) >Makefile.new mv -f Makefile.new $(MAKEFILE) clean: - rm -f asm/sx86unix.cpp *.o *.obj lib tags core .pure .nfs* *.old *.bak fluff asm/*.o + rm -f asm/sx86unix.cpp asm/*-elf.* *.o *.obj lib tags core .pure .nfs* *.old *.bak fluff asm/*.o # DO NOT DELETE THIS LINE -- make depend depends on it. -sha1_one.o: ../../include/openssl/e_os2.h ../../include/openssl/opensslconf.h -sha1_one.o: ../../include/openssl/sha.h sha1_one.c +sha1_one.o: ../../include/openssl/crypto.h ../../include/openssl/e_os2.h +sha1_one.o: ../../include/openssl/opensslconf.h +sha1_one.o: ../../include/openssl/opensslv.h ../../include/openssl/safestack.h +sha1_one.o: ../../include/openssl/sha.h ../../include/openssl/stack.h +sha1_one.o: ../../include/openssl/symhacks.h sha1_one.c sha1dgst.o: ../../include/openssl/e_os2.h ../../include/openssl/opensslconf.h sha1dgst.o: ../../include/openssl/opensslv.h ../../include/openssl/sha.h sha1dgst.o: ../md32_common.h sha1dgst.c sha_locl.h sha_dgst.o: ../../include/openssl/e_os2.h ../../include/openssl/opensslconf.h sha_dgst.o: ../../include/openssl/opensslv.h ../../include/openssl/sha.h sha_dgst.o: ../md32_common.h sha_dgst.c sha_locl.h -sha_one.o: ../../include/openssl/e_os2.h ../../include/openssl/opensslconf.h -sha_one.o: ../../include/openssl/sha.h sha_one.c +sha_one.o: ../../include/openssl/crypto.h ../../include/openssl/e_os2.h +sha_one.o: ../../include/openssl/opensslconf.h ../../include/openssl/opensslv.h +sha_one.o: ../../include/openssl/safestack.h ../../include/openssl/sha.h +sha_one.o: ../../include/openssl/stack.h ../../include/openssl/symhacks.h +sha_one.o: sha_one.c diff --git a/lib/libcrypto/sha/sha1_one.c b/lib/libcrypto/sha/sha1_one.c index e6a24888ed5..20e660c71df 100644 --- a/lib/libcrypto/sha/sha1_one.c +++ b/lib/libcrypto/sha/sha1_one.c @@ -59,6 +59,7 @@ #include <stdio.h> #include <string.h> #include <openssl/sha.h> +#include <openssl/crypto.h> #ifndef OPENSSL_NO_SHA1 unsigned char *SHA1(const unsigned char *d, unsigned long n, unsigned char *md) @@ -70,7 +71,7 @@ unsigned char *SHA1(const unsigned char *d, unsigned long n, unsigned char *md) SHA1_Init(&c); SHA1_Update(&c,d,n); SHA1_Final(md,&c); - memset(&c,0,sizeof(c)); + OPENSSL_cleanse(&c,sizeof(c)); return(md); } #endif diff --git a/lib/libcrypto/sha/sha1test.c b/lib/libcrypto/sha/sha1test.c index 499a1cf5af0..4f2e4ada2d2 100644 --- a/lib/libcrypto/sha/sha1test.c +++ b/lib/libcrypto/sha/sha1test.c @@ -60,6 +60,8 @@ #include <string.h> #include <stdlib.h> +#include "../e_os.h" + #ifdef OPENSSL_NO_SHA int main(int argc, char *argv[]) { @@ -155,7 +157,7 @@ int main(int argc, char *argv[]) } else printf("test 3 ok\n"); - exit(err); + EXIT(err); EVP_MD_CTX_cleanup(&c); return(0); } diff --git a/lib/libcrypto/sha/sha_locl.h b/lib/libcrypto/sha/sha_locl.h index 471dfb9f8f2..2dd63a62a64 100644 --- a/lib/libcrypto/sha/sha_locl.h +++ b/lib/libcrypto/sha/sha_locl.h @@ -224,10 +224,10 @@ int HASH_INIT (SHA_CTX *c) void HASH_BLOCK_HOST_ORDER (SHA_CTX *c, const void *d, int num) { const SHA_LONG *W=d; - register unsigned long A,B,C,D,E,T; + register unsigned MD32_REG_T A,B,C,D,E,T; #ifndef MD32_XARRAY - unsigned long XX0, XX1, XX2, XX3, XX4, XX5, XX6, XX7, - XX8, XX9,XX10,XX11,XX12,XX13,XX14,XX15; + unsigned MD32_REG_T XX0, XX1, XX2, XX3, XX4, XX5, XX6, XX7, + XX8, XX9,XX10,XX11,XX12,XX13,XX14,XX15; #else SHA_LONG XX[16]; #endif @@ -349,10 +349,10 @@ void HASH_BLOCK_HOST_ORDER (SHA_CTX *c, const void *d, int num) void HASH_BLOCK_DATA_ORDER (SHA_CTX *c, const void *p, int num) { const unsigned char *data=p; - register unsigned long A,B,C,D,E,T,l; + register unsigned MD32_REG_T A,B,C,D,E,T,l; #ifndef MD32_XARRAY - unsigned long XX0, XX1, XX2, XX3, XX4, XX5, XX6, XX7, - XX8, XX9,XX10,XX11,XX12,XX13,XX14,XX15; + unsigned MD32_REG_T XX0, XX1, XX2, XX3, XX4, XX5, XX6, XX7, + XX8, XX9,XX10,XX11,XX12,XX13,XX14,XX15; #else SHA_LONG XX[16]; #endif diff --git a/lib/libcrypto/sha/sha_one.c b/lib/libcrypto/sha/sha_one.c index 5426faae4af..e61c63f3e99 100644 --- a/lib/libcrypto/sha/sha_one.c +++ b/lib/libcrypto/sha/sha_one.c @@ -59,6 +59,7 @@ #include <stdio.h> #include <string.h> #include <openssl/sha.h> +#include <openssl/crypto.h> #ifndef OPENSSL_NO_SHA0 unsigned char *SHA(const unsigned char *d, unsigned long n, unsigned char *md) @@ -70,7 +71,7 @@ unsigned char *SHA(const unsigned char *d, unsigned long n, unsigned char *md) SHA_Init(&c); SHA_Update(&c,d,n); SHA_Final(md,&c); - memset(&c,0,sizeof(c)); + OPENSSL_cleanse(&c,sizeof(c)); return(md); } #endif diff --git a/lib/libcrypto/sha/shatest.c b/lib/libcrypto/sha/shatest.c index 331294a74f9..5d2b1d3b1ae 100644 --- a/lib/libcrypto/sha/shatest.c +++ b/lib/libcrypto/sha/shatest.c @@ -60,6 +60,8 @@ #include <string.h> #include <stdlib.h> +#include "../e_os.h" + #ifdef OPENSSL_NO_SHA int main(int argc, char *argv[]) { @@ -156,7 +158,7 @@ int main(int argc, char *argv[]) else printf("test 3 ok\n"); EVP_MD_CTX_cleanup(&c); - exit(err); + EXIT(err); return(0); } diff --git a/lib/libcrypto/stack/Makefile.ssl b/lib/libcrypto/stack/Makefile.ssl index 8574739c765..7120fb804a0 100644 --- a/lib/libcrypto/stack/Makefile.ssl +++ b/lib/libcrypto/stack/Makefile.ssl @@ -68,7 +68,7 @@ lint: lint -DLINT $(INCLUDES) $(SRC)>fluff depend: - $(MAKEDEPEND) $(CFLAG) $(INCLUDES) $(DEPFLAG) $(PROGS) $(LIBSRC) + $(MAKEDEPEND) -- $(CFLAG) $(INCLUDES) $(DEPFLAG) -- $(PROGS) $(LIBSRC) dclean: $(PERL) -pe 'if (/^# DO NOT DELETE THIS LINE/) {print; exit(0);}' $(MAKEFILE) >Makefile.new diff --git a/lib/libcrypto/threads/mttest.c b/lib/libcrypto/threads/mttest.c index c474a63c746..8973921778a 100644 --- a/lib/libcrypto/threads/mttest.c +++ b/lib/libcrypto/threads/mttest.c @@ -86,11 +86,6 @@ #include <openssl/err.h> #include <openssl/rand.h> -#ifdef OPENSSL_NO_FP_API -#define APPS_WIN16 -#include "../buffer/bss_file.c" -#endif - #define TEST_SERVER_CERT "../../apps/server.pem" #define TEST_CLIENT_CERT "../../apps/client.pem" diff --git a/lib/libcrypto/tmdiff.c b/lib/libcrypto/tmdiff.c index 7ebf2b202a0..307523ebba3 100644 --- a/lib/libcrypto/tmdiff.c +++ b/lib/libcrypto/tmdiff.c @@ -59,13 +59,16 @@ #include <stdlib.h> #include "cryptlib.h" #include <openssl/tmdiff.h> +#if !defined(OPENSSL_SYS_MSDOS) +#include OPENSSL_UNISTD +#endif #ifdef TIMEB #undef OPENSSL_SYS_WIN32 #undef TIMES #endif -#if !defined(OPENSSL_SYS_MSDOS) && !defined(OPENSSL_SYS_WIN32) && !defined(OPENSSL_SYS_VMS) || defined(__DECC) && !defined(OPENSSL_SYS_MACOSX) && !defined(OPENSSL_SYS_VXWORKS) +#if !defined(OPENSSL_SYS_MSDOS) && !defined(OPENSSL_SYS_WIN32) && !(defined(OPENSSL_SYS_VMS) || defined(__DECC)) && !defined(OPENSSL_SYS_MACOSX_RHAPSODY) && !defined(OPENSSL_SYS_VXWORKS) # define TIMES #endif @@ -101,14 +104,19 @@ /* The following if from times(3) man page. It may need to be changed */ #ifndef HZ -# ifndef CLK_TCK -# ifndef _BSD_CLK_TCK_ /* FreeBSD hack */ -# define HZ 100.0 -# else /* _BSD_CLK_TCK_ */ -# define HZ ((double)_BSD_CLK_TCK_) +# if defined(_SC_CLK_TCK) \ + && (!defined(OPENSSL_SYS_VMS) || __CTRL_VER >= 70000000) +# define HZ ((double)sysconf(_SC_CLK_TCK)) +# else +# ifndef CLK_TCK +# ifndef _BSD_CLK_TCK_ /* FreeBSD hack */ +# define HZ 100.0 +# else /* _BSD_CLK_TCK_ */ +# define HZ ((double)_BSD_CLK_TCK_) +# endif +# else /* CLK_TCK */ +# define HZ ((double)CLK_TCK) # endif -# else /* CLK_TCK */ -# define HZ ((double)CLK_TCK) # endif #endif @@ -121,7 +129,7 @@ typedef struct ms_tm HANDLE thread_id; FILETIME ms_win32; # else -# ifdef OPENSSL_SYS_VSWORKS +# ifdef OPENSSL_SYS_VXWORKS unsigned long ticks; # else struct timeb ms_timeb; @@ -163,7 +171,7 @@ void ms_time_get(char *a) # ifdef OPENSSL_SYS_WIN32 GetThreadTimes(tm->thread_id,&tmpa,&tmpb,&tmpc,&(tm->ms_win32)); # else -# ifdef OPENSSL_SYS_VSWORKS +# ifdef OPENSSL_SYS_VXWORKS tm->ticks = tickGet(); # else ftime(&tm->ms_timeb); @@ -197,7 +205,7 @@ double ms_time_diff(char *ap, char *bp) ret=((double)(lb-la))/1e7; } # else -# ifdef OPENSSL_SYS_VSWORKS +# ifdef OPENSSL_SYS_VXWORKS ret = (double)(b->ticks - a->ticks) / (double)sysClkRateGet(); # else ret= (double)(b->ms_timeb.time-a->ms_timeb.time)+ @@ -222,7 +230,7 @@ int ms_time_cmp(char *ap, char *bp) d =(b->ms_win32.dwHighDateTime&0x000fffff)*10+b->ms_win32.dwLowDateTime/1e7; d-=(a->ms_win32.dwHighDateTime&0x000fffff)*10+a->ms_win32.dwLowDateTime/1e7; # else -# ifdef OPENSSL_SYS_VSWORKS +# ifdef OPENSSL_SYS_VXWORKS d = (b->ticks - a->ticks); # else d= (double)(b->ms_timeb.time-a->ms_timeb.time)+ diff --git a/lib/libcrypto/txt_db/Makefile.ssl b/lib/libcrypto/txt_db/Makefile.ssl index 61ff3613484..6221dfae4d1 100644 --- a/lib/libcrypto/txt_db/Makefile.ssl +++ b/lib/libcrypto/txt_db/Makefile.ssl @@ -68,7 +68,7 @@ lint: lint -DLINT $(INCLUDES) $(SRC)>fluff depend: - $(MAKEDEPEND) $(CFLAG) $(INCLUDES) $(DEPFLAG) $(PROGS) $(LIBSRC) + $(MAKEDEPEND) -- $(CFLAG) $(INCLUDES) $(DEPFLAG) -- $(PROGS) $(LIBSRC) dclean: $(PERL) -pe 'if (/^# DO NOT DELETE THIS LINE/) {print; exit(0);}' $(MAKEFILE) >Makefile.new diff --git a/lib/libcrypto/txt_db/txt_db.c b/lib/libcrypto/txt_db/txt_db.c index 9b186f2da53..58b300b00b0 100644 --- a/lib/libcrypto/txt_db/txt_db.c +++ b/lib/libcrypto/txt_db/txt_db.c @@ -108,7 +108,7 @@ TXT_DB *TXT_DB_read(BIO *in, int num) if (offset != 0) { size+=BUFSIZE; - if (!BUF_MEM_grow(buf,size)) goto err; + if (!BUF_MEM_grow_clean(buf,size)) goto err; } buf->data[offset]='\0'; BIO_gets(in,&(buf->data[offset]),size-offset); @@ -268,7 +268,7 @@ long TXT_DB_write(BIO *out, TXT_DB *db) if (pp[j] != NULL) l+=strlen(pp[j]); } - if (!BUF_MEM_grow(buf,(int)(l*2+nn))) goto err; + if (!BUF_MEM_grow_clean(buf,(int)(l*2+nn))) goto err; p=buf->data; for (j=0; j<nn; j++) diff --git a/lib/libcrypto/ui/Makefile.ssl b/lib/libcrypto/ui/Makefile.ssl index 57b2e38335f..ba46951d1c3 100644 --- a/lib/libcrypto/ui/Makefile.ssl +++ b/lib/libcrypto/ui/Makefile.ssl @@ -44,7 +44,7 @@ all: lib lib: $(LIBOBJ) $(AR) $(LIB) $(LIBOBJ) - $(RANLIB) $(LIB) + $(RANLIB) $(LIB) || echo Never mind. @touch lib files: @@ -72,7 +72,7 @@ lint: lint -DLINT $(INCLUDES) $(SRC)>fluff depend: - $(MAKEDEPEND) $(CFLAG) $(INCLUDES) $(DEPFLAG) $(PROGS) $(LIBSRC) + $(MAKEDEPEND) -- $(CFLAG) $(INCLUDES) $(DEPFLAG) -- $(PROGS) $(LIBSRC) dclean: $(PERL) -pe 'if (/^# DO NOT DELETE THIS LINE/) {print; exit(0);}' $(MAKEFILE) >Makefile.new @@ -95,13 +95,13 @@ ui_err.o: ../../include/openssl/lhash.h ../../include/openssl/opensslconf.h ui_err.o: ../../include/openssl/opensslv.h ../../include/openssl/safestack.h ui_err.o: ../../include/openssl/stack.h ../../include/openssl/symhacks.h ui_err.o: ../../include/openssl/ui.h ui_err.c -ui_lib.o: ../../include/openssl/bio.h ../../include/openssl/buffer.h -ui_lib.o: ../../include/openssl/crypto.h ../../include/openssl/e_os2.h -ui_lib.o: ../../include/openssl/err.h ../../include/openssl/lhash.h -ui_lib.o: ../../include/openssl/opensslconf.h ../../include/openssl/opensslv.h -ui_lib.o: ../../include/openssl/safestack.h ../../include/openssl/stack.h -ui_lib.o: ../../include/openssl/symhacks.h ../../include/openssl/ui.h ui_lib.c -ui_lib.o: ui_locl.h +ui_lib.o: ../../e_os.h ../../include/openssl/bio.h +ui_lib.o: ../../include/openssl/buffer.h ../../include/openssl/crypto.h +ui_lib.o: ../../include/openssl/e_os2.h ../../include/openssl/err.h +ui_lib.o: ../../include/openssl/lhash.h ../../include/openssl/opensslconf.h +ui_lib.o: ../../include/openssl/opensslv.h ../../include/openssl/safestack.h +ui_lib.o: ../../include/openssl/stack.h ../../include/openssl/symhacks.h +ui_lib.o: ../../include/openssl/ui.h ../cryptlib.h ui_lib.c ui_locl.h ui_openssl.o: ../../e_os.h ../../include/openssl/bio.h ui_openssl.o: ../../include/openssl/buffer.h ../../include/openssl/crypto.h ui_openssl.o: ../../include/openssl/e_os2.h ../../include/openssl/err.h diff --git a/lib/libcrypto/ui/ui_lib.c b/lib/libcrypto/ui/ui_lib.c index cce9075ac1d..33c86d76ef2 100644 --- a/lib/libcrypto/ui/ui_lib.c +++ b/lib/libcrypto/ui/ui_lib.c @@ -62,6 +62,7 @@ #include <openssl/ui.h> #include <openssl/err.h> #include "ui_locl.h" +#include "cryptlib.h" IMPLEMENT_STACK_OF(UI_STRING_ST) @@ -144,7 +145,8 @@ static UI_STRING *general_allocate_prompt(UI *ui, const char *prompt, { UIerr(UI_F_GENERAL_ALLOCATE_PROMPT,ERR_R_PASSED_NULL_PARAMETER); } - else if (result_buf == NULL) + else if ((type == UIT_PROMPT || type == UIT_VERIFY + || type == UIT_BOOLEAN) && result_buf == NULL) { UIerr(UI_F_GENERAL_ALLOCATE_PROMPT,UI_R_NO_RESULT_BUFFER); } @@ -235,7 +237,7 @@ static int general_allocate_boolean(UI *ui, return ret; } -/* Returns the index to the place in the stack or 0 for error. Uses a +/* Returns the index to the place in the stack or -1 for error. Uses a direct reference to the prompt. */ int UI_add_input_string(UI *ui, const char *prompt, int flags, char *result_buf, int minsize, int maxsize) @@ -831,8 +833,8 @@ int UI_set_result(UI *ui, UI_STRING *uis, const char *result) case UIT_PROMPT: case UIT_VERIFY: { - char number1[20]; - char number2[20]; + char number1[DECIMAL_SIZE(uis->_.string_data.result_minsize)+1]; + char number2[DECIMAL_SIZE(uis->_.string_data.result_maxsize)+1]; BIO_snprintf(number1, sizeof(number1), "%d", uis->_.string_data.result_minsize); diff --git a/lib/libcrypto/ui/ui_openssl.c b/lib/libcrypto/ui/ui_openssl.c index f47ed31cb02..75318d48a14 100644 --- a/lib/libcrypto/ui/ui_openssl.c +++ b/lib/libcrypto/ui/ui_openssl.c @@ -159,8 +159,10 @@ #ifdef WIN_CONSOLE_BUG # include <windows.h> +#ifndef OPENSSL_SYS_WINCE # include <wincon.h> #endif +#endif /* There are 5 types of terminal interface supported, @@ -191,7 +193,7 @@ # define SGTTY #endif -#if defined(OPENSSL_SYS_VSWORKS) +#if defined(OPENSSL_SYS_VXWORKS) #undef TERMIOS #undef TERMIO #undef SGTTY @@ -221,7 +223,7 @@ # define TTY_set(tty,data) ioctl(tty,TIOCSETP,data) #endif -#if !defined(_LIBC) && !defined(OPENSSL_SYS_MSDOS) && !defined(OPENSSL_SYS_VMS) && !defined(OPENSSL_SYS_MACINTOSH_CLASSIC) +#if !defined(_LIBC) && !defined(OPENSSL_SYS_MSDOS) && !defined(OPENSSL_SYS_VMS) && !defined(OPENSSL_SYS_MACINTOSH_CLASSIC) && !defined(OPENSSL_SYS_SUNOS) # include <sys/ioctl.h> #endif @@ -241,6 +243,10 @@ struct IOSB { }; #endif +#ifdef OPENSSL_SYS_SUNOS + typedef int sig_atomic_t; +#endif + #if defined(OPENSSL_SYS_MACINTOSH_CLASSIC) || defined(MAC_OS_GUSI_SOURCE) /* * This one needs work. As a matter of fact the code is unoperational @@ -277,10 +283,12 @@ static FILE *tty_in, *tty_out; static int is_a_tty; /* Declare static functions */ +#if !defined(OPENSSL_SYS_WIN16) && !defined(OPENSSL_SYS_WINCE) static void read_till_nl(FILE *); static void recsig(int); static void pushsig(void); static void popsig(void); +#endif #if defined(OPENSSL_SYS_MSDOS) && !defined(OPENSSL_SYS_WIN16) static int noecho_fgets(char *buf, int size, FILE *tty); #endif @@ -367,6 +375,7 @@ static int read_string(UI *ui, UI_STRING *uis) } +#if !defined(OPENSSL_SYS_WIN16) && !defined(OPENSSL_SYS_WINCE) /* Internal functions to read a string without echoing */ static void read_till_nl(FILE *in) { @@ -379,6 +388,7 @@ static void read_till_nl(FILE *in) } static volatile sig_atomic_t intr_signal; +#endif static int read_string_inner(UI *ui, UI_STRING *uis, int echo, int strip_nl) { @@ -386,9 +396,9 @@ static int read_string_inner(UI *ui, UI_STRING *uis, int echo, int strip_nl) int ok; char result[BUFSIZ]; int maxsize = BUFSIZ-1; +#if !defined(OPENSSL_SYS_WIN16) && !defined(OPENSSL_SYS_WINCE) char *p; -#ifndef OPENSSL_SYS_WIN16 intr_signal=0; ok=0; ps=0; @@ -439,7 +449,7 @@ error: ok=1; #endif - memset(result,0,BUFSIZ); + OPENSSL_cleanse(result,BUFSIZ); return ok; } @@ -450,7 +460,7 @@ static int open_console(UI *ui) CRYPTO_w_lock(CRYPTO_LOCK_UI); is_a_tty = 1; -#if defined(OPENSSL_SYS_MACINTOSH_CLASSIC) || defined(OPENSSL_SYS_VSWORKS) +#if defined(OPENSSL_SYS_MACINTOSH_CLASSIC) || defined(OPENSSL_SYS_VXWORKS) tty_in=stdin; tty_out=stderr; #else @@ -540,7 +550,7 @@ static int echo_console(UI *ui) static int close_console(UI *ui) { - if (tty_in != stderr) fclose(tty_in); + if (tty_in != stdin) fclose(tty_in); if (tty_out != stderr) fclose(tty_out); #ifdef OPENSSL_SYS_VMS status = sys$dassgn(channel); @@ -551,6 +561,7 @@ static int close_console(UI *ui) } +#if !defined(OPENSSL_SYS_WIN16) && !defined(OPENSSL_SYS_WINCE) /* Internal functions to handle signals and act on them */ static void pushsig(void) { @@ -614,9 +625,10 @@ static void recsig(int i) { intr_signal=i; } +#endif /* Internal functions specific for Windows */ -#if defined(OPENSSL_SYS_MSDOS) && !defined(OPENSSL_SYS_WIN16) +#if defined(OPENSSL_SYS_MSDOS) && !defined(OPENSSL_SYS_WIN16) && !defined(OPENSSL_SYS_WINCE) static int noecho_fgets(char *buf, int size, FILE *tty) { int i; diff --git a/lib/libcrypto/ui/ui_util.c b/lib/libcrypto/ui/ui_util.c index f05573df338..46bc8c1a9a0 100644 --- a/lib/libcrypto/ui/ui_util.c +++ b/lib/libcrypto/ui/ui_util.c @@ -62,7 +62,7 @@ int UI_UTIL_read_pw_string(char *buf,int length,const char *prompt,int verify) int ret; ret=UI_UTIL_read_pw(buf,buff,(length>BUFSIZ)?BUFSIZ:length,prompt,verify); - memset(buff,0,BUFSIZ); + OPENSSL_cleanse(buff,BUFSIZ); return(ret); } @@ -78,12 +78,14 @@ int UI_UTIL_read_pw(char *buf,char *buff,int size,const char *prompt,int verify) if (ui) { ok = UI_add_input_string(ui,prompt,0,buf,0,size-1); - if (ok == 0 && verify) + if (ok >= 0 && verify) ok = UI_add_verify_string(ui,prompt,0,buff,0,size-1, buf); - if (ok == 0) + if (ok >= 0) ok=UI_process(ui); UI_free(ui); } + if (ok > 0) + ok = 0; return(ok); } diff --git a/lib/libcrypto/uid.c b/lib/libcrypto/uid.c index d3d249c36fd..73205a4baa9 100644 --- a/lib/libcrypto/uid.c +++ b/lib/libcrypto/uid.c @@ -65,7 +65,7 @@ int OPENSSL_issetugid(void) return issetugid(); } -#elif defined(OPENSSL_SYS_WIN32) +#elif defined(OPENSSL_SYS_WIN32) || defined(OPENSSL_SYS_VXWORKS) int OPENSSL_issetugid(void) { diff --git a/lib/libcrypto/util/cygwin.sh b/lib/libcrypto/util/cygwin.sh index b607399b028..930f766b4ff 100644 --- a/lib/libcrypto/util/cygwin.sh +++ b/lib/libcrypto/util/cygwin.sh @@ -96,6 +96,8 @@ fi get_openssl_version +make depend || exit 1 + make || exit 1 base_install diff --git a/lib/libcrypto/util/domd b/lib/libcrypto/util/domd index 8cbe383c165..49310bbdd1a 100644 --- a/lib/libcrypto/util/domd +++ b/lib/libcrypto/util/domd @@ -15,9 +15,14 @@ cp Makefile.ssl Makefile.save # fake the presence of Kerberos touch $TOP/krb5.h if [ "$MAKEDEPEND" = "gcc" ]; then + args="" + while [ $# -gt 0 ]; do + if [ "$1" != "--" ]; then args="$args $1"; fi + shift + done sed -e '/^# DO NOT DELETE.*/,$d' < Makefile.ssl > Makefile.tmp echo '# DO NOT DELETE THIS LINE -- make depend depends on it.' >> Makefile.tmp - gcc -D OPENSSL_DOING_MAKEDEPEND -M $@ >> Makefile.tmp + gcc -D OPENSSL_DOING_MAKEDEPEND -M $args >> Makefile.tmp ${PERL} $TOP/util/clean-depend.pl < Makefile.tmp > Makefile.new rm -f Makefile.tmp else diff --git a/lib/libcrypto/util/libeay.num b/lib/libcrypto/util/libeay.num index 7e5728495f6..f5c8c0be8a0 100644 --- a/lib/libcrypto/util/libeay.num +++ b/lib/libcrypto/util/libeay.num @@ -980,7 +980,7 @@ BN_mul_word 999 EXIST::FUNCTION: BN_sub_word 1000 EXIST::FUNCTION: BN_dec2bn 1001 EXIST::FUNCTION: BN_bn2dec 1002 EXIST::FUNCTION: -BIO_ghbn_ctrl 1003 EXIST::FUNCTION: +BIO_ghbn_ctrl 1003 NOEXIST::FUNCTION: CRYPTO_free_ex_data 1004 EXIST::FUNCTION: CRYPTO_get_ex_data 1005 EXIST::FUNCTION: CRYPTO_set_ex_data 1007 EXIST::FUNCTION: @@ -1881,72 +1881,72 @@ BIO_f_linebuffer 2463 EXIST:VMS:FUNCTION: BN_bntest_rand 2464 EXIST::FUNCTION: OPENSSL_issetugid 2465 EXIST::FUNCTION: BN_rand_range 2466 EXIST::FUNCTION: -ERR_load_ENGINE_strings 2467 EXIST::FUNCTION: -ENGINE_set_DSA 2468 EXIST::FUNCTION: -ENGINE_get_finish_function 2469 EXIST::FUNCTION: -ENGINE_get_default_RSA 2470 EXIST::FUNCTION: +ERR_load_ENGINE_strings 2467 EXIST::FUNCTION:ENGINE +ENGINE_set_DSA 2468 EXIST::FUNCTION:ENGINE +ENGINE_get_finish_function 2469 EXIST::FUNCTION:ENGINE +ENGINE_get_default_RSA 2470 EXIST::FUNCTION:ENGINE ENGINE_get_BN_mod_exp 2471 NOEXIST::FUNCTION: DSA_get_default_openssl_method 2472 NOEXIST::FUNCTION: -ENGINE_set_DH 2473 EXIST::FUNCTION: +ENGINE_set_DH 2473 EXIST::FUNCTION:ENGINE ENGINE_set_def_BN_mod_exp_crt 2474 NOEXIST::FUNCTION: ENGINE_set_default_BN_mod_exp_crt 2474 NOEXIST::FUNCTION: -ENGINE_init 2475 EXIST::FUNCTION: +ENGINE_init 2475 EXIST::FUNCTION:ENGINE DH_get_default_openssl_method 2476 NOEXIST::FUNCTION: RSA_set_default_openssl_method 2477 NOEXIST::FUNCTION: -ENGINE_finish 2478 EXIST::FUNCTION: -ENGINE_load_public_key 2479 EXIST::FUNCTION: -ENGINE_get_DH 2480 EXIST::FUNCTION: -ENGINE_ctrl 2481 EXIST::FUNCTION: -ENGINE_get_init_function 2482 EXIST::FUNCTION: -ENGINE_set_init_function 2483 EXIST::FUNCTION: -ENGINE_set_default_DSA 2484 EXIST::FUNCTION: -ENGINE_get_name 2485 EXIST::FUNCTION: -ENGINE_get_last 2486 EXIST::FUNCTION: -ENGINE_get_prev 2487 EXIST::FUNCTION: -ENGINE_get_default_DH 2488 EXIST::FUNCTION: -ENGINE_get_RSA 2489 EXIST::FUNCTION: -ENGINE_set_default 2490 EXIST::FUNCTION: -ENGINE_get_RAND 2491 EXIST::FUNCTION: -ENGINE_get_first 2492 EXIST::FUNCTION: -ENGINE_by_id 2493 EXIST::FUNCTION: -ENGINE_set_finish_function 2494 EXIST::FUNCTION: +ENGINE_finish 2478 EXIST::FUNCTION:ENGINE +ENGINE_load_public_key 2479 EXIST::FUNCTION:ENGINE +ENGINE_get_DH 2480 EXIST::FUNCTION:ENGINE +ENGINE_ctrl 2481 EXIST::FUNCTION:ENGINE +ENGINE_get_init_function 2482 EXIST::FUNCTION:ENGINE +ENGINE_set_init_function 2483 EXIST::FUNCTION:ENGINE +ENGINE_set_default_DSA 2484 EXIST::FUNCTION:ENGINE +ENGINE_get_name 2485 EXIST::FUNCTION:ENGINE +ENGINE_get_last 2486 EXIST::FUNCTION:ENGINE +ENGINE_get_prev 2487 EXIST::FUNCTION:ENGINE +ENGINE_get_default_DH 2488 EXIST::FUNCTION:ENGINE +ENGINE_get_RSA 2489 EXIST::FUNCTION:ENGINE +ENGINE_set_default 2490 EXIST::FUNCTION:ENGINE +ENGINE_get_RAND 2491 EXIST::FUNCTION:ENGINE +ENGINE_get_first 2492 EXIST::FUNCTION:ENGINE +ENGINE_by_id 2493 EXIST::FUNCTION:ENGINE +ENGINE_set_finish_function 2494 EXIST::FUNCTION:ENGINE ENGINE_get_def_BN_mod_exp_crt 2495 NOEXIST::FUNCTION: ENGINE_get_default_BN_mod_exp_crt 2495 NOEXIST::FUNCTION: RSA_get_default_openssl_method 2496 NOEXIST::FUNCTION: -ENGINE_set_RSA 2497 EXIST::FUNCTION: -ENGINE_load_private_key 2498 EXIST::FUNCTION: -ENGINE_set_default_RAND 2499 EXIST::FUNCTION: +ENGINE_set_RSA 2497 EXIST::FUNCTION:ENGINE +ENGINE_load_private_key 2498 EXIST::FUNCTION:ENGINE +ENGINE_set_default_RAND 2499 EXIST::FUNCTION:ENGINE ENGINE_set_BN_mod_exp 2500 NOEXIST::FUNCTION: -ENGINE_remove 2501 EXIST::FUNCTION: -ENGINE_free 2502 EXIST::FUNCTION: +ENGINE_remove 2501 EXIST::FUNCTION:ENGINE +ENGINE_free 2502 EXIST::FUNCTION:ENGINE ENGINE_get_BN_mod_exp_crt 2503 NOEXIST::FUNCTION: -ENGINE_get_next 2504 EXIST::FUNCTION: -ENGINE_set_name 2505 EXIST::FUNCTION: -ENGINE_get_default_DSA 2506 EXIST::FUNCTION: +ENGINE_get_next 2504 EXIST::FUNCTION:ENGINE +ENGINE_set_name 2505 EXIST::FUNCTION:ENGINE +ENGINE_get_default_DSA 2506 EXIST::FUNCTION:ENGINE ENGINE_set_default_BN_mod_exp 2507 NOEXIST::FUNCTION: -ENGINE_set_default_RSA 2508 EXIST::FUNCTION: -ENGINE_get_default_RAND 2509 EXIST::FUNCTION: +ENGINE_set_default_RSA 2508 EXIST::FUNCTION:ENGINE +ENGINE_get_default_RAND 2509 EXIST::FUNCTION:ENGINE ENGINE_get_default_BN_mod_exp 2510 NOEXIST::FUNCTION: -ENGINE_set_RAND 2511 EXIST::FUNCTION: -ENGINE_set_id 2512 EXIST::FUNCTION: +ENGINE_set_RAND 2511 EXIST::FUNCTION:ENGINE +ENGINE_set_id 2512 EXIST::FUNCTION:ENGINE ENGINE_set_BN_mod_exp_crt 2513 NOEXIST::FUNCTION: -ENGINE_set_default_DH 2514 EXIST::FUNCTION: -ENGINE_new 2515 EXIST::FUNCTION: -ENGINE_get_id 2516 EXIST::FUNCTION: +ENGINE_set_default_DH 2514 EXIST::FUNCTION:ENGINE +ENGINE_new 2515 EXIST::FUNCTION:ENGINE +ENGINE_get_id 2516 EXIST::FUNCTION:ENGINE DSA_set_default_openssl_method 2517 NOEXIST::FUNCTION: -ENGINE_add 2518 EXIST::FUNCTION: +ENGINE_add 2518 EXIST::FUNCTION:ENGINE DH_set_default_openssl_method 2519 NOEXIST::FUNCTION: -ENGINE_get_DSA 2520 EXIST::FUNCTION: -ENGINE_get_ctrl_function 2521 EXIST::FUNCTION: -ENGINE_set_ctrl_function 2522 EXIST::FUNCTION: +ENGINE_get_DSA 2520 EXIST::FUNCTION:ENGINE +ENGINE_get_ctrl_function 2521 EXIST::FUNCTION:ENGINE +ENGINE_set_ctrl_function 2522 EXIST::FUNCTION:ENGINE BN_pseudo_rand_range 2523 EXIST::FUNCTION: X509_STORE_CTX_set_verify_cb 2524 EXIST::FUNCTION: ERR_load_COMP_strings 2525 EXIST::FUNCTION: PKCS12_item_decrypt_d2i 2526 EXIST::FUNCTION: ASN1_UTF8STRING_it 2527 EXIST:!EXPORT_VAR_AS_FUNCTION:VARIABLE: ASN1_UTF8STRING_it 2527 EXIST:EXPORT_VAR_AS_FUNCTION:FUNCTION: -ENGINE_unregister_ciphers 2528 EXIST::FUNCTION: -ENGINE_get_ciphers 2529 EXIST::FUNCTION: +ENGINE_unregister_ciphers 2528 EXIST::FUNCTION:ENGINE +ENGINE_get_ciphers 2529 EXIST::FUNCTION:ENGINE d2i_OCSP_BASICRESP 2530 EXIST::FUNCTION: KRB5_CHECKSUM_it 2531 EXIST:!EXPORT_VAR_AS_FUNCTION:VARIABLE: KRB5_CHECKSUM_it 2531 EXIST:EXPORT_VAR_AS_FUNCTION:FUNCTION: @@ -1959,15 +1959,15 @@ X509V3_add1_i2d 2536 EXIST::FUNCTION: PKCS7_ENVELOPE_it 2537 EXIST:!EXPORT_VAR_AS_FUNCTION:VARIABLE: PKCS7_ENVELOPE_it 2537 EXIST:EXPORT_VAR_AS_FUNCTION:FUNCTION: UI_add_input_boolean 2538 EXIST::FUNCTION: -ENGINE_unregister_RSA 2539 EXIST::FUNCTION: +ENGINE_unregister_RSA 2539 EXIST::FUNCTION:ENGINE X509V3_EXT_nconf 2540 EXIST::FUNCTION: ASN1_GENERALSTRING_free 2541 EXIST::FUNCTION: d2i_OCSP_CERTSTATUS 2542 EXIST::FUNCTION: X509_REVOKED_set_serialNumber 2543 EXIST::FUNCTION: X509_print_ex 2544 EXIST::FUNCTION:BIO OCSP_ONEREQ_get1_ext_d2i 2545 EXIST::FUNCTION: -ENGINE_register_all_RAND 2546 EXIST::FUNCTION: -ENGINE_load_dynamic 2547 EXIST::FUNCTION: +ENGINE_register_all_RAND 2546 EXIST::FUNCTION:ENGINE +ENGINE_load_dynamic 2547 EXIST::FUNCTION:ENGINE PBKDF2PARAM_it 2548 EXIST:!EXPORT_VAR_AS_FUNCTION:VARIABLE: PBKDF2PARAM_it 2548 EXIST:EXPORT_VAR_AS_FUNCTION:FUNCTION: EXTENDED_KEY_USAGE_new 2549 EXIST::FUNCTION: @@ -1987,7 +1987,7 @@ X509_STORE_set_purpose 2559 EXIST::FUNCTION: i2d_ASN1_GENERALSTRING 2560 EXIST::FUNCTION: OCSP_response_status 2561 EXIST::FUNCTION: i2d_OCSP_SERVICELOC 2562 EXIST::FUNCTION: -ENGINE_get_digest_engine 2563 EXIST::FUNCTION: +ENGINE_get_digest_engine 2563 EXIST::FUNCTION:ENGINE EC_GROUP_set_curve_GFp 2564 EXIST::FUNCTION:EC OCSP_REQUEST_get_ext_by_OBJ 2565 EXIST::FUNCTION: _ossl_old_des_random_key 2566 EXIST::FUNCTION:DES @@ -2011,7 +2011,7 @@ _shadow_DES_rw_mode 2581 EXIST:!EXPORT_VAR_AS_FUNCTION:VARIA _shadow_DES_rw_mode 2581 EXIST:EXPORT_VAR_AS_FUNCTION:FUNCTION:DES asn1_do_adb 2582 EXIST::FUNCTION: ASN1_template_i2d 2583 EXIST::FUNCTION: -ENGINE_register_DH 2584 EXIST::FUNCTION: +ENGINE_register_DH 2584 EXIST::FUNCTION:ENGINE UI_construct_prompt 2585 EXIST::FUNCTION: X509_STORE_set_trust 2586 EXIST::FUNCTION: UI_dup_input_string 2587 EXIST::FUNCTION: @@ -2039,7 +2039,7 @@ OCSP_resp_find 2605 EXIST::FUNCTION: BN_nnmod 2606 EXIST::FUNCTION: X509_CRL_sort 2607 EXIST::FUNCTION: X509_REVOKED_set_revocationDate 2608 EXIST::FUNCTION: -ENGINE_register_RAND 2609 EXIST::FUNCTION: +ENGINE_register_RAND 2609 EXIST::FUNCTION:ENGINE OCSP_SERVICELOC_new 2610 EXIST::FUNCTION: EC_POINT_set_affine_coordinates_GFp 2611 EXIST:!VMS:FUNCTION:EC EC_POINT_set_affine_coords_GFp 2611 EXIST:VMS:FUNCTION:EC @@ -2049,11 +2049,11 @@ SXNET_it 2613 EXIST:EXPORT_VAR_AS_FUNCTION:FUNCTI UI_dup_input_boolean 2614 EXIST::FUNCTION: PKCS12_add_CSPName_asc 2615 EXIST::FUNCTION: EC_POINT_is_at_infinity 2616 EXIST::FUNCTION:EC -ENGINE_load_openbsd_dev_crypto 2617 EXIST::FUNCTION: +ENGINE_load_cryptodev 2617 EXIST::FUNCTION:ENGINE DSO_convert_filename 2618 EXIST::FUNCTION: POLICYQUALINFO_it 2619 EXIST:!EXPORT_VAR_AS_FUNCTION:VARIABLE: POLICYQUALINFO_it 2619 EXIST:EXPORT_VAR_AS_FUNCTION:FUNCTION: -ENGINE_register_ciphers 2620 EXIST::FUNCTION: +ENGINE_register_ciphers 2620 EXIST::FUNCTION:ENGINE BN_mod_lshift_quick 2621 EXIST::FUNCTION: DSO_set_filename 2622 EXIST::FUNCTION: ASN1_item_free 2623 EXIST::FUNCTION: @@ -2062,7 +2062,7 @@ AUTHORITY_KEYID_it 2625 EXIST:!EXPORT_VAR_AS_FUNCTION:VARIA AUTHORITY_KEYID_it 2625 EXIST:EXPORT_VAR_AS_FUNCTION:FUNCTION: KRB5_APREQBODY_new 2626 EXIST::FUNCTION: X509V3_EXT_REQ_add_nconf 2627 EXIST::FUNCTION: -ENGINE_ctrl_cmd_string 2628 EXIST::FUNCTION: +ENGINE_ctrl_cmd_string 2628 EXIST::FUNCTION:ENGINE i2d_OCSP_RESPDATA 2629 EXIST::FUNCTION: EVP_MD_CTX_init 2630 EXIST::FUNCTION: EXTENDED_KEY_USAGE_free 2631 EXIST::FUNCTION: @@ -2071,8 +2071,8 @@ PKCS7_ATTR_SIGN_it 2632 EXIST:EXPORT_VAR_AS_FUNCTION:FUNCTI UI_add_error_string 2633 EXIST::FUNCTION: KRB5_CHECKSUM_free 2634 EXIST::FUNCTION: OCSP_REQUEST_get_ext 2635 EXIST::FUNCTION: -ENGINE_load_ubsec 2636 EXIST::FUNCTION: -ENGINE_register_all_digests 2637 EXIST::FUNCTION: +ENGINE_load_ubsec 2636 EXIST::FUNCTION:ENGINE +ENGINE_register_all_digests 2637 EXIST::FUNCTION:ENGINE PKEY_USAGE_PERIOD_it 2638 EXIST:!EXPORT_VAR_AS_FUNCTION:VARIABLE: PKEY_USAGE_PERIOD_it 2638 EXIST:EXPORT_VAR_AS_FUNCTION:FUNCTION: PKCS12_unpack_authsafes 2639 EXIST::FUNCTION: @@ -2098,16 +2098,16 @@ OCSP_CERTSTATUS_free 2653 EXIST::FUNCTION: _ossl_old_des_crypt 2654 EXIST::FUNCTION:DES ASN1_item_i2d 2655 EXIST::FUNCTION: EVP_DecryptFinal_ex 2656 EXIST::FUNCTION: -ENGINE_load_openssl 2657 EXIST::FUNCTION: -ENGINE_get_cmd_defns 2658 EXIST::FUNCTION: -ENGINE_set_load_privkey_function 2659 EXIST:!VMS:FUNCTION: -ENGINE_set_load_privkey_fn 2659 EXIST:VMS:FUNCTION: +ENGINE_load_openssl 2657 EXIST::FUNCTION:ENGINE +ENGINE_get_cmd_defns 2658 EXIST::FUNCTION:ENGINE +ENGINE_set_load_privkey_function 2659 EXIST:!VMS:FUNCTION:ENGINE +ENGINE_set_load_privkey_fn 2659 EXIST:VMS:FUNCTION:ENGINE EVP_EncryptFinal_ex 2660 EXIST::FUNCTION: -ENGINE_set_default_digests 2661 EXIST::FUNCTION: +ENGINE_set_default_digests 2661 EXIST::FUNCTION:ENGINE X509_get0_pubkey_bitstr 2662 EXIST::FUNCTION: asn1_ex_i2c 2663 EXIST::FUNCTION: -ENGINE_register_RSA 2664 EXIST::FUNCTION: -ENGINE_unregister_DSA 2665 EXIST::FUNCTION: +ENGINE_register_RSA 2664 EXIST::FUNCTION:ENGINE +ENGINE_unregister_DSA 2665 EXIST::FUNCTION:ENGINE _ossl_old_des_key_sched 2666 EXIST::FUNCTION:DES X509_EXTENSION_it 2667 EXIST:!EXPORT_VAR_AS_FUNCTION:VARIABLE: X509_EXTENSION_it 2667 EXIST:EXPORT_VAR_AS_FUNCTION:FUNCTION: @@ -2120,7 +2120,7 @@ PKCS12_certbag2x509 2672 EXIST::FUNCTION: _ossl_old_des_ofb64_encrypt 2673 EXIST::FUNCTION:DES d2i_EXTENDED_KEY_USAGE 2674 EXIST::FUNCTION: ERR_print_errors_cb 2675 EXIST::FUNCTION: -ENGINE_set_ciphers 2676 EXIST::FUNCTION: +ENGINE_set_ciphers 2676 EXIST::FUNCTION:ENGINE d2i_KRB5_APREQBODY 2677 EXIST::FUNCTION: UI_method_get_flusher 2678 EXIST::FUNCTION: X509_PUBKEY_it 2679 EXIST:!EXPORT_VAR_AS_FUNCTION:VARIABLE: @@ -2156,7 +2156,7 @@ NCONF_get_number_e 2704 EXIST::FUNCTION: _ossl_old_des_decrypt3 2705 EXIST::FUNCTION:DES X509_signature_print 2706 EXIST::FUNCTION:EVP OCSP_SINGLERESP_free 2707 EXIST::FUNCTION: -ENGINE_load_builtin_engines 2708 EXIST::FUNCTION: +ENGINE_load_builtin_engines 2708 EXIST::FUNCTION:ENGINE i2d_OCSP_ONEREQ 2709 EXIST::FUNCTION: OCSP_REQUEST_add_ext 2710 EXIST::FUNCTION: OCSP_RESPBYTES_new 2711 EXIST::FUNCTION: @@ -2184,7 +2184,7 @@ X509_CERT_AUX_it 2727 EXIST:EXPORT_VAR_AS_FUNCTION:FUNCTI CERTIFICATEPOLICIES_it 2728 EXIST:!EXPORT_VAR_AS_FUNCTION:VARIABLE: CERTIFICATEPOLICIES_it 2728 EXIST:EXPORT_VAR_AS_FUNCTION:FUNCTION: _ossl_old_des_ede3_cbc_encrypt 2729 EXIST::FUNCTION:DES -RAND_set_rand_engine 2730 EXIST::FUNCTION: +RAND_set_rand_engine 2730 EXIST::FUNCTION:ENGINE DSO_get_loaded_filename 2731 EXIST::FUNCTION: X509_ATTRIBUTE_it 2732 EXIST:!EXPORT_VAR_AS_FUNCTION:VARIABLE: X509_ATTRIBUTE_it 2732 EXIST:EXPORT_VAR_AS_FUNCTION:FUNCTION: @@ -2206,7 +2206,7 @@ i2d_OCSP_BASICRESP 2744 EXIST::FUNCTION: i2d_OCSP_RESPBYTES 2745 EXIST::FUNCTION: PKCS12_unpack_p7encdata 2746 EXIST::FUNCTION: HMAC_CTX_init 2747 EXIST::FUNCTION:HMAC -ENGINE_get_digest 2748 EXIST::FUNCTION: +ENGINE_get_digest 2748 EXIST::FUNCTION:ENGINE OCSP_RESPONSE_print 2749 EXIST::FUNCTION: KRB5_TKTBODY_it 2750 EXIST:!EXPORT_VAR_AS_FUNCTION:VARIABLE: KRB5_TKTBODY_it 2750 EXIST:EXPORT_VAR_AS_FUNCTION:FUNCTION: @@ -2219,16 +2219,16 @@ PBE2PARAM_it 2753 EXIST:EXPORT_VAR_AS_FUNCTION:FUNCTI PKCS12_certbag2x509crl 2754 EXIST::FUNCTION: PKCS7_SIGNED_it 2755 EXIST:!EXPORT_VAR_AS_FUNCTION:VARIABLE: PKCS7_SIGNED_it 2755 EXIST:EXPORT_VAR_AS_FUNCTION:FUNCTION: -ENGINE_get_cipher 2756 EXIST::FUNCTION: +ENGINE_get_cipher 2756 EXIST::FUNCTION:ENGINE i2d_OCSP_CRLID 2757 EXIST::FUNCTION: OCSP_SINGLERESP_new 2758 EXIST::FUNCTION: -ENGINE_cmd_is_executable 2759 EXIST::FUNCTION: +ENGINE_cmd_is_executable 2759 EXIST::FUNCTION:ENGINE RSA_up_ref 2760 EXIST::FUNCTION:RSA ASN1_GENERALSTRING_it 2761 EXIST:!EXPORT_VAR_AS_FUNCTION:VARIABLE: ASN1_GENERALSTRING_it 2761 EXIST:EXPORT_VAR_AS_FUNCTION:FUNCTION: -ENGINE_register_DSA 2762 EXIST::FUNCTION: +ENGINE_register_DSA 2762 EXIST::FUNCTION:ENGINE X509V3_EXT_add_nconf_sk 2763 EXIST::FUNCTION: -ENGINE_set_load_pubkey_function 2764 EXIST::FUNCTION: +ENGINE_set_load_pubkey_function 2764 EXIST::FUNCTION:ENGINE PKCS8_decrypt 2765 EXIST::FUNCTION: PEM_bytes_read_bio 2766 EXIST::FUNCTION:BIO DIRECTORYSTRING_it 2767 EXIST:!EXPORT_VAR_AS_FUNCTION:VARIABLE: @@ -2265,7 +2265,7 @@ UI_method_set_flusher 2789 EXIST::FUNCTION: X509_ocspid_print 2790 EXIST::FUNCTION:BIO KRB5_ENCDATA_it 2791 EXIST:!EXPORT_VAR_AS_FUNCTION:VARIABLE: KRB5_ENCDATA_it 2791 EXIST:EXPORT_VAR_AS_FUNCTION:FUNCTION: -ENGINE_get_load_pubkey_function 2792 EXIST::FUNCTION: +ENGINE_get_load_pubkey_function 2792 EXIST::FUNCTION:ENGINE UI_add_user_data 2793 EXIST::FUNCTION: OCSP_REQUEST_delete_ext 2794 EXIST::FUNCTION: UI_get_method 2795 EXIST::FUNCTION: @@ -2289,16 +2289,16 @@ ASN1_FBOOLEAN_it 2806 EXIST:!EXPORT_VAR_AS_FUNCTION:VARIA ASN1_FBOOLEAN_it 2806 EXIST:EXPORT_VAR_AS_FUNCTION:FUNCTION: UI_set_ex_data 2807 EXIST::FUNCTION: _ossl_old_des_string_to_key 2808 EXIST::FUNCTION:DES -ENGINE_register_all_RSA 2809 EXIST::FUNCTION: +ENGINE_register_all_RSA 2809 EXIST::FUNCTION:ENGINE d2i_KRB5_PRINCNAME 2810 EXIST::FUNCTION: OCSP_RESPBYTES_it 2811 EXIST:!EXPORT_VAR_AS_FUNCTION:VARIABLE: OCSP_RESPBYTES_it 2811 EXIST:EXPORT_VAR_AS_FUNCTION:FUNCTION: X509_CINF_it 2812 EXIST:!EXPORT_VAR_AS_FUNCTION:VARIABLE: X509_CINF_it 2812 EXIST:EXPORT_VAR_AS_FUNCTION:FUNCTION: -ENGINE_unregister_digests 2813 EXIST::FUNCTION: +ENGINE_unregister_digests 2813 EXIST::FUNCTION:ENGINE d2i_EDIPARTYNAME 2814 EXIST::FUNCTION: d2i_OCSP_SERVICELOC 2815 EXIST::FUNCTION: -ENGINE_get_digests 2816 EXIST::FUNCTION: +ENGINE_get_digests 2816 EXIST::FUNCTION:ENGINE _ossl_old_des_set_odd_parity 2817 EXIST::FUNCTION:DES OCSP_RESPDATA_free 2818 EXIST::FUNCTION: d2i_KRB5_TICKET 2819 EXIST::FUNCTION: @@ -2309,7 +2309,7 @@ d2i_ASN1_GENERALSTRING 2822 EXIST::FUNCTION: X509_CRL_set_version 2823 EXIST::FUNCTION: BN_mod_sub 2824 EXIST::FUNCTION: OCSP_SINGLERESP_get_ext_by_NID 2825 EXIST::FUNCTION: -ENGINE_get_ex_new_index 2826 EXIST::FUNCTION: +ENGINE_get_ex_new_index 2826 EXIST::FUNCTION:ENGINE OCSP_REQUEST_free 2827 EXIST::FUNCTION: OCSP_REQUEST_add1_ext_i2d 2828 EXIST::FUNCTION: X509_VAL_it 2829 EXIST:!EXPORT_VAR_AS_FUNCTION:VARIABLE: @@ -2343,7 +2343,7 @@ EC_POINT_method_of 2852 EXIST::FUNCTION:EC i2d_KRB5_APREQBODY 2853 EXIST::FUNCTION: _ossl_old_des_ecb3_encrypt 2854 EXIST::FUNCTION:DES CRYPTO_get_mem_ex_functions 2855 EXIST::FUNCTION: -ENGINE_get_ex_data 2856 EXIST::FUNCTION: +ENGINE_get_ex_data 2856 EXIST::FUNCTION:ENGINE UI_destroy_method 2857 EXIST::FUNCTION: ASN1_item_i2d_bio 2858 EXIST::FUNCTION:BIO OCSP_ONEREQ_get_ext_by_OBJ 2859 EXIST::FUNCTION: @@ -2367,7 +2367,7 @@ PKCS12_SAFEBAGS_it 2872 EXIST:!EXPORT_VAR_AS_FUNCTION:VARIA PKCS12_SAFEBAGS_it 2872 EXIST:EXPORT_VAR_AS_FUNCTION:FUNCTION: d2i_OCSP_SIGNATURE 2873 EXIST::FUNCTION: OCSP_request_add1_nonce 2874 EXIST::FUNCTION: -ENGINE_set_cmd_defns 2875 EXIST::FUNCTION: +ENGINE_set_cmd_defns 2875 EXIST::FUNCTION:ENGINE OCSP_SERVICELOC_free 2876 EXIST::FUNCTION: EC_GROUP_free 2877 EXIST::FUNCTION:EC ASN1_BIT_STRING_it 2878 EXIST:!EXPORT_VAR_AS_FUNCTION:VARIABLE: @@ -2384,7 +2384,7 @@ EC_GROUP_new_curve_GFp 2885 EXIST::FUNCTION:EC OCSP_REQUEST_get1_ext_d2i 2886 EXIST::FUNCTION: PKCS12_item_pack_safebag 2887 EXIST::FUNCTION: asn1_ex_c2i 2888 EXIST::FUNCTION: -ENGINE_register_digests 2889 EXIST::FUNCTION: +ENGINE_register_digests 2889 EXIST::FUNCTION:ENGINE i2d_OCSP_REVOKEDINFO 2890 EXIST::FUNCTION: asn1_enc_restore 2891 EXIST::FUNCTION: UI_free 2892 EXIST::FUNCTION: @@ -2395,7 +2395,7 @@ EC_POINT_invert 2896 EXIST::FUNCTION:EC OCSP_basic_sign 2897 EXIST::FUNCTION: i2d_OCSP_RESPID 2898 EXIST::FUNCTION: OCSP_check_nonce 2899 EXIST::FUNCTION: -ENGINE_ctrl_cmd 2900 EXIST::FUNCTION: +ENGINE_ctrl_cmd 2900 EXIST::FUNCTION:ENGINE d2i_KRB5_ENCKEY 2901 EXIST::FUNCTION: OCSP_parse_url 2902 EXIST::FUNCTION: OCSP_SINGLERESP_get_ext 2903 EXIST::FUNCTION: @@ -2403,12 +2403,12 @@ OCSP_CRLID_free 2904 EXIST::FUNCTION: OCSP_BASICRESP_get1_ext_d2i 2905 EXIST::FUNCTION: RSAPrivateKey_it 2906 EXIST:!EXPORT_VAR_AS_FUNCTION:VARIABLE:RSA RSAPrivateKey_it 2906 EXIST:EXPORT_VAR_AS_FUNCTION:FUNCTION:RSA -ENGINE_register_all_DH 2907 EXIST::FUNCTION: +ENGINE_register_all_DH 2907 EXIST::FUNCTION:ENGINE i2d_EDIPARTYNAME 2908 EXIST::FUNCTION: EC_POINT_get_affine_coordinates_GFp 2909 EXIST:!VMS:FUNCTION:EC EC_POINT_get_affine_coords_GFp 2909 EXIST:VMS:FUNCTION:EC OCSP_CRLID_new 2910 EXIST::FUNCTION: -ENGINE_get_flags 2911 EXIST::FUNCTION: +ENGINE_get_flags 2911 EXIST::FUNCTION:ENGINE OCSP_ONEREQ_it 2912 EXIST:!EXPORT_VAR_AS_FUNCTION:VARIABLE: OCSP_ONEREQ_it 2912 EXIST:EXPORT_VAR_AS_FUNCTION:FUNCTION: UI_process 2913 EXIST::FUNCTION: @@ -2416,8 +2416,8 @@ ASN1_INTEGER_it 2914 EXIST:!EXPORT_VAR_AS_FUNCTION:VARIA ASN1_INTEGER_it 2914 EXIST:EXPORT_VAR_AS_FUNCTION:FUNCTION: EVP_CipherInit_ex 2915 EXIST::FUNCTION: UI_get_string_type 2916 EXIST::FUNCTION: -ENGINE_unregister_DH 2917 EXIST::FUNCTION: -ENGINE_register_all_DSA 2918 EXIST::FUNCTION: +ENGINE_unregister_DH 2917 EXIST::FUNCTION:ENGINE +ENGINE_register_all_DSA 2918 EXIST::FUNCTION:ENGINE OCSP_ONEREQ_get_ext_by_critical 2919 EXIST::FUNCTION: bn_dup_expand 2920 EXIST::FUNCTION: OCSP_cert_id_new 2921 EXIST::FUNCTION: @@ -2438,11 +2438,11 @@ BN_mod_sub_quick 2933 EXIST::FUNCTION: OCSP_ONEREQ_add_ext 2934 EXIST::FUNCTION: OCSP_request_sign 2935 EXIST::FUNCTION: EVP_DigestFinal_ex 2936 EXIST::FUNCTION: -ENGINE_set_digests 2937 EXIST::FUNCTION: +ENGINE_set_digests 2937 EXIST::FUNCTION:ENGINE OCSP_id_issuer_cmp 2938 EXIST::FUNCTION: OBJ_NAME_do_all 2939 EXIST::FUNCTION: EC_POINTs_mul 2940 EXIST::FUNCTION:EC -ENGINE_register_complete 2941 EXIST::FUNCTION: +ENGINE_register_complete 2941 EXIST::FUNCTION:ENGINE X509V3_EXT_nconf_nid 2942 EXIST::FUNCTION: ASN1_SEQUENCE_it 2943 EXIST:!EXPORT_VAR_AS_FUNCTION:VARIABLE: ASN1_SEQUENCE_it 2943 EXIST:EXPORT_VAR_AS_FUNCTION:FUNCTION: @@ -2451,7 +2451,7 @@ RAND_query_egd_bytes 2945 EXIST::FUNCTION: UI_method_get_writer 2946 EXIST::FUNCTION: UI_OpenSSL 2947 EXIST::FUNCTION: PEM_def_callback 2948 EXIST::FUNCTION: -ENGINE_cleanup 2949 EXIST::FUNCTION: +ENGINE_cleanup 2949 EXIST::FUNCTION:ENGINE DIST_POINT_it 2950 EXIST:!EXPORT_VAR_AS_FUNCTION:VARIABLE: DIST_POINT_it 2950 EXIST:EXPORT_VAR_AS_FUNCTION:FUNCTION: OCSP_SINGLERESP_it 2951 EXIST:!EXPORT_VAR_AS_FUNCTION:VARIABLE: @@ -2475,7 +2475,7 @@ OCSP_RESPID_new 2967 EXIST::FUNCTION: OCSP_RESPDATA_it 2968 EXIST:!EXPORT_VAR_AS_FUNCTION:VARIABLE: OCSP_RESPDATA_it 2968 EXIST:EXPORT_VAR_AS_FUNCTION:FUNCTION: d2i_OCSP_RESPDATA 2969 EXIST::FUNCTION: -ENGINE_register_all_complete 2970 EXIST::FUNCTION: +ENGINE_register_all_complete 2970 EXIST::FUNCTION:ENGINE OCSP_check_validity 2971 EXIST::FUNCTION: PKCS12_BAGS_it 2972 EXIST:!EXPORT_VAR_AS_FUNCTION:VARIABLE: PKCS12_BAGS_it 2972 EXIST:EXPORT_VAR_AS_FUNCTION:FUNCTION: @@ -2487,7 +2487,7 @@ KRB5_AUTHENTBODY_it 2976 EXIST:EXPORT_VAR_AS_FUNCTION:FUNCTI X509_supported_extension 2977 EXIST::FUNCTION: i2d_KRB5_AUTHDATA 2978 EXIST::FUNCTION: UI_method_get_opener 2979 EXIST::FUNCTION: -ENGINE_set_ex_data 2980 EXIST::FUNCTION: +ENGINE_set_ex_data 2980 EXIST::FUNCTION:ENGINE OCSP_REQUEST_print 2981 EXIST::FUNCTION: CBIGNUM_it 2982 EXIST:!EXPORT_VAR_AS_FUNCTION:VARIABLE: CBIGNUM_it 2982 EXIST:EXPORT_VAR_AS_FUNCTION:FUNCTION: @@ -2501,7 +2501,7 @@ OCSP_single_get0_status 2989 EXIST::FUNCTION: BN_swap 2990 EXIST::FUNCTION: POLICYINFO_it 2991 EXIST:!EXPORT_VAR_AS_FUNCTION:VARIABLE: POLICYINFO_it 2991 EXIST:EXPORT_VAR_AS_FUNCTION:FUNCTION: -ENGINE_set_destroy_function 2992 EXIST::FUNCTION: +ENGINE_set_destroy_function 2992 EXIST::FUNCTION:ENGINE asn1_enc_free 2993 EXIST::FUNCTION: OCSP_RESPID_it 2994 EXIST:!EXPORT_VAR_AS_FUNCTION:VARIABLE: OCSP_RESPID_it 2994 EXIST:EXPORT_VAR_AS_FUNCTION:FUNCTION: @@ -2523,8 +2523,8 @@ EDIPARTYNAME_it 3005 EXIST:EXPORT_VAR_AS_FUNCTION:FUNCTI NETSCAPE_SPKI_it 3006 EXIST:!EXPORT_VAR_AS_FUNCTION:VARIABLE: NETSCAPE_SPKI_it 3006 EXIST:EXPORT_VAR_AS_FUNCTION:FUNCTION: UI_get0_test_string 3007 EXIST::FUNCTION: -ENGINE_get_cipher_engine 3008 EXIST::FUNCTION: -ENGINE_register_all_ciphers 3009 EXIST::FUNCTION: +ENGINE_get_cipher_engine 3008 EXIST::FUNCTION:ENGINE +ENGINE_register_all_ciphers 3009 EXIST::FUNCTION:ENGINE EC_POINT_copy 3010 EXIST::FUNCTION:EC BN_kronecker 3011 EXIST::FUNCTION: _ossl_old_des_ede3_ofb64_encrypt 3012 EXIST:!VMS:FUNCTION:DES @@ -2545,9 +2545,9 @@ OCSP_RESPONSE_new 3023 EXIST::FUNCTION: AES_set_encrypt_key 3024 EXIST::FUNCTION:AES OCSP_resp_count 3025 EXIST::FUNCTION: KRB5_CHECKSUM_new 3026 EXIST::FUNCTION: -ENGINE_load_cswift 3027 EXIST::FUNCTION: +ENGINE_load_cswift 3027 EXIST::FUNCTION:ENGINE OCSP_onereq_get0_id 3028 EXIST::FUNCTION: -ENGINE_set_default_ciphers 3029 EXIST::FUNCTION: +ENGINE_set_default_ciphers 3029 EXIST::FUNCTION:ENGINE NOTICEREF_it 3030 EXIST:!EXPORT_VAR_AS_FUNCTION:VARIABLE: NOTICEREF_it 3030 EXIST:EXPORT_VAR_AS_FUNCTION:FUNCTION: X509V3_EXT_CRL_add_nconf 3031 EXIST::FUNCTION: @@ -2565,7 +2565,7 @@ AES_decrypt 3040 EXIST::FUNCTION:AES asn1_enc_init 3041 EXIST::FUNCTION: UI_get_result_maxsize 3042 EXIST::FUNCTION: OCSP_CERTID_new 3043 EXIST::FUNCTION: -ENGINE_unregister_RAND 3044 EXIST::FUNCTION: +ENGINE_unregister_RAND 3044 EXIST::FUNCTION:ENGINE UI_method_get_closer 3045 EXIST::FUNCTION: d2i_KRB5_ENCDATA 3046 EXIST::FUNCTION: OCSP_request_onereq_count 3047 EXIST::FUNCTION: @@ -2576,7 +2576,7 @@ ASN1_primitive_free 3051 EXIST::FUNCTION: i2d_EXTENDED_KEY_USAGE 3052 EXIST::FUNCTION: i2d_OCSP_SIGNATURE 3053 EXIST::FUNCTION: asn1_enc_save 3054 EXIST::FUNCTION: -ENGINE_load_nuron 3055 EXIST::FUNCTION: +ENGINE_load_nuron 3055 EXIST::FUNCTION:ENGINE _ossl_old_des_pcbc_encrypt 3056 EXIST::FUNCTION:DES PKCS12_MAC_DATA_it 3057 EXIST:!EXPORT_VAR_AS_FUNCTION:VARIABLE: PKCS12_MAC_DATA_it 3057 EXIST:EXPORT_VAR_AS_FUNCTION:FUNCTION: @@ -2598,15 +2598,15 @@ ASN1_item_d2i_bio 3069 EXIST::FUNCTION:BIO EC_POINT_dbl 3070 EXIST::FUNCTION:EC asn1_get_choice_selector 3071 EXIST::FUNCTION: i2d_KRB5_CHECKSUM 3072 EXIST::FUNCTION: -ENGINE_set_table_flags 3073 EXIST::FUNCTION: +ENGINE_set_table_flags 3073 EXIST::FUNCTION:ENGINE AES_options 3074 EXIST::FUNCTION:AES -ENGINE_load_chil 3075 EXIST::FUNCTION: +ENGINE_load_chil 3075 EXIST::FUNCTION:ENGINE OCSP_id_cmp 3076 EXIST::FUNCTION: OCSP_BASICRESP_new 3077 EXIST::FUNCTION: OCSP_REQUEST_get_ext_by_NID 3078 EXIST::FUNCTION: KRB5_APREQ_it 3079 EXIST:!EXPORT_VAR_AS_FUNCTION:VARIABLE: KRB5_APREQ_it 3079 EXIST:EXPORT_VAR_AS_FUNCTION:FUNCTION: -ENGINE_get_destroy_function 3080 EXIST::FUNCTION: +ENGINE_get_destroy_function 3080 EXIST::FUNCTION:ENGINE CONF_set_nconf 3081 EXIST::FUNCTION: ASN1_PRINTABLE_free 3082 EXIST::FUNCTION: OCSP_BASICRESP_get_ext_by_NID 3083 EXIST::FUNCTION: @@ -2667,7 +2667,7 @@ OCSP_CRLID_it 3127 EXIST:!EXPORT_VAR_AS_FUNCTION:VARIA OCSP_CRLID_it 3127 EXIST:EXPORT_VAR_AS_FUNCTION:FUNCTION: i2d_KRB5_AUTHENTBODY 3128 EXIST::FUNCTION: OCSP_REQUEST_get_ext_count 3129 EXIST::FUNCTION: -ENGINE_load_atalla 3130 EXIST::FUNCTION: +ENGINE_load_atalla 3130 EXIST::FUNCTION:ENGINE X509_NAME_it 3131 EXIST:!EXPORT_VAR_AS_FUNCTION:VARIABLE: X509_NAME_it 3131 EXIST:EXPORT_VAR_AS_FUNCTION:FUNCTION: USERNOTICE_it 3132 EXIST:!EXPORT_VAR_AS_FUNCTION:VARIABLE: @@ -2685,7 +2685,7 @@ UI_method_set_opener 3140 EXIST::FUNCTION: ASN1_item_ex_free 3141 EXIST::FUNCTION: ASN1_BOOLEAN_it 3142 EXIST:!EXPORT_VAR_AS_FUNCTION:VARIABLE: ASN1_BOOLEAN_it 3142 EXIST:EXPORT_VAR_AS_FUNCTION:FUNCTION: -ENGINE_get_table_flags 3143 EXIST::FUNCTION: +ENGINE_get_table_flags 3143 EXIST::FUNCTION:ENGINE UI_create_method 3144 EXIST::FUNCTION: OCSP_ONEREQ_add1_ext_i2d 3145 EXIST::FUNCTION: _shadow_DES_check_key 3146 EXIST:!EXPORT_VAR_AS_FUNCTION:VARIABLE:DES @@ -2709,7 +2709,7 @@ PKCS7_it 3160 EXIST:!EXPORT_VAR_AS_FUNCTION:VARIA PKCS7_it 3160 EXIST:EXPORT_VAR_AS_FUNCTION:FUNCTION: OCSP_REQUEST_get_ext_by_critical 3161 EXIST:!VMS:FUNCTION: OCSP_REQUEST_get_ext_by_crit 3161 EXIST:VMS:FUNCTION: -ENGINE_set_flags 3162 EXIST::FUNCTION: +ENGINE_set_flags 3162 EXIST::FUNCTION:ENGINE _ossl_old_des_ecb_encrypt 3163 EXIST::FUNCTION:DES OCSP_response_get1_basic 3164 EXIST::FUNCTION: EVP_Digest 3165 EXIST::FUNCTION: @@ -2721,8 +2721,8 @@ ASN1_TIME_to_generalizedtime 3169 EXIST::FUNCTION: BIGNUM_it 3170 EXIST:!EXPORT_VAR_AS_FUNCTION:VARIABLE: BIGNUM_it 3170 EXIST:EXPORT_VAR_AS_FUNCTION:FUNCTION: AES_cbc_encrypt 3171 EXIST::FUNCTION:AES -ENGINE_get_load_privkey_function 3172 EXIST:!VMS:FUNCTION: -ENGINE_get_load_privkey_fn 3172 EXIST:VMS:FUNCTION: +ENGINE_get_load_privkey_function 3172 EXIST:!VMS:FUNCTION:ENGINE +ENGINE_get_load_privkey_fn 3172 EXIST:VMS:FUNCTION:ENGINE OCSP_RESPONSE_free 3173 EXIST::FUNCTION: UI_method_set_reader 3174 EXIST::FUNCTION: i2d_ASN1_T61STRING 3175 EXIST::FUNCTION: @@ -2736,7 +2736,7 @@ OCSP_crlID_new 3181 EXIST:!OS2,!VMS,!WIN16:FUNCTION: OCSP_crlID2_new 3181 EXIST:OS2,VMS,WIN16:FUNCTION: CONF_modules_load_file 3182 EXIST::FUNCTION: CONF_imodule_set_usr_data 3183 EXIST::FUNCTION: -ENGINE_set_default_string 3184 EXIST::FUNCTION: +ENGINE_set_default_string 3184 EXIST::FUNCTION:ENGINE CONF_module_get_usr_data 3185 EXIST::FUNCTION: ASN1_add_oid_module 3186 EXIST::FUNCTION: CONF_modules_finish 3187 EXIST::FUNCTION: @@ -2754,7 +2754,7 @@ CONF_imodule_get_name 3198 EXIST::FUNCTION: ERR_peek_top_error 3199 NOEXIST::FUNCTION: CONF_imodule_get_usr_data 3200 EXIST::FUNCTION: CONF_imodule_set_flags 3201 EXIST::FUNCTION: -ENGINE_add_conf_module 3202 EXIST::FUNCTION: +ENGINE_add_conf_module 3202 EXIST::FUNCTION:ENGINE ERR_peek_last_error_line 3203 EXIST::FUNCTION: ERR_peek_last_error_line_data 3204 EXIST::FUNCTION: ERR_peek_last_error 3205 EXIST::FUNCTION: @@ -2762,8 +2762,8 @@ DES_read_2passwords 3206 EXIST::FUNCTION:DES DES_read_password 3207 EXIST::FUNCTION:DES UI_UTIL_read_pw 3208 EXIST::FUNCTION: UI_UTIL_read_pw_string 3209 EXIST::FUNCTION: -ENGINE_load_aep 3210 EXIST::FUNCTION: -ENGINE_load_sureware 3211 EXIST::FUNCTION: +ENGINE_load_aep 3210 EXIST::FUNCTION:ENGINE +ENGINE_load_sureware 3211 EXIST::FUNCTION:ENGINE OPENSSL_add_all_algorithms_noconf 3212 EXIST:!VMS:FUNCTION: OPENSSL_add_all_algo_noconf 3212 EXIST:VMS:FUNCTION: OPENSSL_add_all_algorithms_conf 3213 EXIST:!VMS:FUNCTION: @@ -2772,7 +2772,7 @@ OPENSSL_load_builtin_modules 3214 EXIST::FUNCTION: AES_ofb128_encrypt 3215 EXIST::FUNCTION:AES AES_ctr128_encrypt 3216 EXIST::FUNCTION:AES AES_cfb128_encrypt 3217 EXIST::FUNCTION:AES -ENGINE_load_4758cca 3218 EXIST::FUNCTION: +ENGINE_load_4758cca 3218 EXIST::FUNCTION:ENGINE _ossl_096_des_random_seed 3219 EXIST::FUNCTION:DES EVP_aes_256_ofb 3220 EXIST::FUNCTION:AES EVP_aes_192_ofb 3221 EXIST::FUNCTION:AES @@ -2793,3 +2793,11 @@ ASN1_UNIVERSALSTRING_it 3234 EXIST:EXPORT_VAR_AS_FUNCTION:FUNCTI d2i_ASN1_UNIVERSALSTRING 3235 EXIST::FUNCTION: EVP_des_ede3_ecb 3236 EXIST::FUNCTION:DES X509_REQ_print_ex 3237 EXIST::FUNCTION:BIO +ENGINE_up_ref 3238 EXIST::FUNCTION:ENGINE +BUF_MEM_grow_clean 3239 EXIST::FUNCTION: +CRYPTO_realloc_clean 3240 EXIST::FUNCTION: +BUF_strlcat 3241 EXIST::FUNCTION: +BIO_indent 3242 EXIST::FUNCTION: +BUF_strlcpy 3243 EXIST::FUNCTION: +OpenSSLDie 3244 EXIST::FUNCTION: +OPENSSL_cleanse 3245 EXIST::FUNCTION: diff --git a/lib/libcrypto/util/mk1mf.pl b/lib/libcrypto/util/mk1mf.pl index c9271bbffee..c538f9dffb1 100644 --- a/lib/libcrypto/util/mk1mf.pl +++ b/lib/libcrypto/util/mk1mf.pl @@ -24,6 +24,7 @@ $infile="MINFO"; %ops=( "VC-WIN32", "Microsoft Visual C++ [4-6] - Windows NT or 9X", + "VC-CE", "Microsoft eMbedded Visual C++ 3.0 - Windows CE ONLY", "VC-NT", "Microsoft Visual C++ [4-6] - Windows NT ONLY", "VC-W31-16", "Microsoft Visual C++ 1.52 - Windows 3.1 - 286", "VC-WIN16", "Alias for VC-W31-32", @@ -63,6 +64,8 @@ and [options] can be one of no-asm - No x86 asm no-krb5 - No KRB5 no-ec - No EC + no-engine - No engine + no-hw - No hw nasm - Use NASM for x86 asm gaswin - Use GNU as with Mingw32 no-socks - No socket code @@ -137,6 +140,10 @@ elsif (($platform eq "VC-WIN32") || ($platform eq "VC-NT")) $NT = 1 if $platform eq "VC-NT"; require 'VC-32.pl'; } +elsif ($platform eq "VC-CE") + { + require 'VC-CE.pl'; + } elsif ($platform eq "Mingw32") { require 'Mingw32.pl'; @@ -213,7 +220,7 @@ $cflags.=" -DOPENSSL_NO_MD4" if $no_md4; $cflags.=" -DOPENSSL_NO_MD5" if $no_md5; $cflags.=" -DOPENSSL_NO_SHA" if $no_sha; $cflags.=" -DOPENSSL_NO_SHA1" if $no_sha1; -$cflags.=" -DOPENSSL_NO_RIPEMD" if $no_rmd160; +$cflags.=" -DOPENSSL_NO_RIPEMD" if $no_ripemd; $cflags.=" -DOPENSSL_NO_MDC2" if $no_mdc2; $cflags.=" -DOPENSSL_NO_BF" if $no_bf; $cflags.=" -DOPENSSL_NO_CAST" if $no_cast; @@ -227,6 +234,8 @@ $cflags.=" -DOPENSSL_NO_SSL3" if $no_ssl3; $cflags.=" -DOPENSSL_NO_ERR" if $no_err; $cflags.=" -DOPENSSL_NO_KRB5" if $no_krb5; $cflags.=" -DOPENSSL_NO_EC" if $no_ec; +$cflags.=" -DOPENSSL_NO_ENGINE" if $no_engine; +$cflags.=" -DOPENSSL_NO_HW" if $no_hw; #$cflags.=" -DRSAref" if $rsaref ne ""; ## if ($unix) @@ -266,6 +275,17 @@ $defs= <<"EOF"; # The one monster makefile better suits building in non-unix # environments. +EOF + +if ($platform eq "VC-CE") + { + $defs.= <<"EOF"; +!INCLUDE <\$(WCECOMPAT)/wcedefs.mak> + +EOF + } + +$defs.= <<"EOF"; INSTALLTOP=$INSTALLTOP # Set your compiler options @@ -632,6 +652,8 @@ sub var_add local($dir,$val)=@_; local(@a,$_,$ret); + return("") if $no_engine && $dir =~ /\/engine/; + return("") if $no_hw && $dir =~ /\/hw/; return("") if $no_idea && $dir =~ /\/idea/; return("") if $no_aes && $dir =~ /\/aes/; return("") if $no_rc2 && $dir =~ /\/rc2/; @@ -641,6 +663,7 @@ sub var_add return("") if $no_rsa && $dir =~ /^rsaref/; return("") if $no_dsa && $dir =~ /\/dsa/; return("") if $no_dh && $dir =~ /\/dh/; + return("") if $no_ec && $dir =~ /\/ec/; if ($no_des && $dir =~ /\/des/) { if ($val =~ /read_pwd/) @@ -675,7 +698,7 @@ sub var_add @a=grep(!/(^md2)|(_md2$)/,@a) if $no_md2; @a=grep(!/(^md4)|(_md4$)/,@a) if $no_md4; @a=grep(!/(^md5)|(_md5$)/,@a) if $no_md5; - @a=grep(!/(rmd)|(ripemd)/,@a) if $no_rmd160; + @a=grep(!/(rmd)|(ripemd)/,@a) if $no_ripemd; @a=grep(!/(^d2i_r_)|(^i2d_r_)/,@a) if $no_rsa; @a=grep(!/(^p_open$)|(^p_seal$)/,@a) if $no_rsa; @@ -692,6 +715,8 @@ sub var_add @a=grep(!/(^sha1)|(_sha1$)|(m_dss1$)/,@a) if $no_sha1; @a=grep(!/_mdc2$/,@a) if $no_mdc2; + @a=grep(!/^engine$/,@a) if $no_engine; + @a=grep(!/^hw$/,@a) if $no_hw; @a=grep(!/(^rsa$)|(^genrsa$)/,@a) if $no_rsa; @a=grep(!/(^dsa$)|(^gendsa$)|(^dsaparam$)/,@a) if $no_dsa; @a=grep(!/^gendsa$/,@a) if $no_sha1; @@ -885,10 +910,12 @@ sub read_options elsif (/^no-sock$/) { $no_sock=1; } elsif (/^no-krb5$/) { $no_krb5=1; } elsif (/^no-ec$/) { $no_ec=1; } + elsif (/^no-engine$/) { $no_engine=1; } + elsif (/^no-hw$/) { $no_hw=1; } elsif (/^just-ssl$/) { $no_rc2=$no_idea=$no_des=$no_bf=$no_cast=1; $no_md2=$no_sha=$no_mdc2=$no_dsa=$no_dh=1; - $no_ssl2=$no_err=$no_rmd160=$no_rc5=1; + $no_ssl2=$no_err=$no_ripemd=$no_rc5=1; $no_aes=1; } elsif (/^rsaref$/) { } diff --git a/lib/libcrypto/util/mkdef.pl b/lib/libcrypto/util/mkdef.pl index adfd447dd31..cdd2164c4e2 100644 --- a/lib/libcrypto/util/mkdef.pl +++ b/lib/libcrypto/util/mkdef.pl @@ -91,7 +91,7 @@ my @known_algorithms = ( "RC2", "RC4", "RC5", "IDEA", "DES", "BF", "BIO", "COMP", "BUFFER", "LHASH", "STACK", "ERR", "LOCKING", # External "algorithms" - "FP_API", "STDIO", "SOCK", "KRB5" ); + "FP_API", "STDIO", "SOCK", "KRB5", "ENGINE", "HW" ); my $options=""; open(IN,"<Makefile.ssl") || die "unable to open Makefile.ssl!\n"; @@ -107,7 +107,7 @@ my $no_rc2; my $no_rc4; my $no_rc5; my $no_idea; my $no_des; my $no_bf; my $no_cast; my $no_md2; my $no_md4; my $no_md5; my $no_sha; my $no_ripemd; my $no_mdc2; my $no_rsa; my $no_dsa; my $no_dh; my $no_hmac=0; my $no_aes; my $no_krb5; -my $no_ec; +my $no_ec; my $no_engine; my $no_hw; my $no_fp_api; foreach (@ARGV, split(/ /, $options)) @@ -176,6 +176,8 @@ foreach (@ARGV, split(/ /, $options)) elsif (/^no-comp$/) { $no_comp=1; } elsif (/^no-dso$/) { $no_dso=1; } elsif (/^no-krb5$/) { $no_krb5=1; } + elsif (/^no-engine$/) { $no_engine=1; } + elsif (/^no-hw$/) { $no_hw=1; } } @@ -235,7 +237,7 @@ $crypto.=" crypto/dh/dh.h" ; # unless $no_dh; $crypto.=" crypto/ec/ec.h" ; # unless $no_ec; $crypto.=" crypto/hmac/hmac.h" ; # unless $no_hmac; -$crypto.=" crypto/engine/engine.h"; +$crypto.=" crypto/engine/engine.h"; # unless $no_engine; $crypto.=" crypto/stack/stack.h" ; # unless $no_stack; $crypto.=" crypto/buffer/buffer.h" ; # unless $no_buffer; $crypto.=" crypto/bio/bio.h" ; # unless $no_bio; @@ -438,7 +440,12 @@ sub do_defs } s/\/\*.*?\*\///gs; # ignore comments + if (/\/\*/) { # if we have part + $line = $_; # of a comment, + next; # continue reading + } s/{[^{}]*}//gs; # ignore {} blocks + print STDERR "DEBUG: \$def=\"$def\"\n" if $debug && $def ne ""; print STDERR "DEBUG: \$_=\"$_\"\n" if $debug; if (/^\#\s*ifndef\s+(.*)/) { push(@tag,"-"); @@ -812,14 +819,14 @@ sub do_defs } elsif (/\(\*(\w*(\{[0-9]+\})?)\([^\)]+/) { $s = $1; print STDERR "DEBUG: found ANSI C function $s\n" if $debug; - } elsif (/\w+\W+(\w+)\W*\(\s*\)$/s) { + } elsif (/\w+\W+(\w+)\W*\(\s*\)(\s*__attribute__\(.*\)\s*)?$/s) { # K&R C print STDERR "DEBUG: found K&R C function $s\n" if $debug; next; - } elsif (/\w+\W+\w+(\{[0-9]+\})?\W*\(.*\)$/s) { - while (not /\(\)$/s) { - s/[^\(\)]*\)$/\)/s; - s/\([^\(\)]*\)\)$/\)/s; + } elsif (/\w+\W+\w+(\{[0-9]+\})?\W*\(.*\)(\s*__attribute__\(.*\)\s*)?$/s) { + while (not /\(\)(\s*__attribute__\(.*\)\s*)?$/s) { + s/[^\(\)]*\)(\s*__attribute__\(.*\)\s*)?$/\)/s; + s/\([^\(\)]*\)\)(\s*__attribute__\(.*\)\s*)?$/\)/s; } s/\(void\)//; /(\w+(\{[0-9]+\})?)\W*\(\)/s; @@ -1052,6 +1059,8 @@ sub is_valid if ($keyword eq "COMP" && $no_comp) { return 0; } if ($keyword eq "DSO" && $no_dso) { return 0; } if ($keyword eq "KRB5" && $no_krb5) { return 0; } + if ($keyword eq "ENGINE" && $no_engine) { return 0; } + if ($keyword eq "HW" && $no_hw) { return 0; } if ($keyword eq "FP_API" && $no_fp_api) { return 0; } # Nothing recognise as true diff --git a/lib/libcrypto/util/mkerr.pl b/lib/libcrypto/util/mkerr.pl index 4105047b217..1b2915c7677 100644 --- a/lib/libcrypto/util/mkerr.pl +++ b/lib/libcrypto/util/mkerr.pl @@ -132,16 +132,16 @@ while (($hdr, $lib) = each %libinc) my $name = $1; $name =~ tr/[a-z]/[A-Z]/; $ftrans{$name} = $1; - } elsif (/\w+\W+(\w+)\W*\(\s*\)$/s){ + } elsif (/\w+\W+(\w+)\W*\(\s*\)(\s*__attribute__\(.*\)\s*)?$/s){ # K&R C next ; - } elsif (/\w+\W+\w+\W*\(.*\)$/s) { - while (not /\(\)$/s) { - s/[^\(\)]*\)$/\)/s; - s/\([^\(\)]*\)\)$/\)/s; + } elsif (/\w+\W+\w+\W*\(.*\)(\s*__attribute__\(.*\)\s*)?$/s) { + while (not /\(\)(\s*__attribute__\(.*\)\s*)?$/s) { + s/[^\(\)]*\)(\s*__attribute__\(.*\)\s*)?$/\)/s; + s/\([^\(\)]*\)\)(\s*__attribute__\(.*\)\s*)?$/\)/s; } s/\(void\)//; - /(\w+)\W*\(\)/s; + /(\w+(\{[0-9]+\})?)\W*\(\)/s; my $name = $1; $name =~ tr/[a-z]/[A-Z]/; $ftrans{$name} = $1; @@ -262,7 +262,7 @@ foreach $lib (keys %csrc) } else { push @out, "/* ====================================================================\n", -" * Copyright (c) 2001-2002 The OpenSSL Project. All rights reserved.\n", +" * Copyright (c) 2001-2003 The OpenSSL Project. All rights reserved.\n", " *\n", " * Redistribution and use in source and binary forms, with or without\n", " * modification, are permitted provided that the following conditions\n", @@ -404,7 +404,7 @@ EOF print OUT <<"EOF"; /* $cfile */ /* ==================================================================== - * Copyright (c) 1999-2002 The OpenSSL Project. All rights reserved. + * Copyright (c) 1999-2003 The OpenSSL Project. All rights reserved. * * Redistribution and use in source and binary forms, with or without * modification, are permitted provided that the following conditions diff --git a/lib/libcrypto/util/pl/BC-32.pl b/lib/libcrypto/util/pl/BC-32.pl index bd7a9d93014..e83b3361908 100644 --- a/lib/libcrypto/util/pl/BC-32.pl +++ b/lib/libcrypto/util/pl/BC-32.pl @@ -51,9 +51,9 @@ $lfile=''; $shlib_ex_obj=""; $app_ex_obj="c0x32.obj"; -$asm='nasmw'; +$asm='nasmw -f obj'; $asm.=" /Zi" if $debug; -$afile='-f obj -o'; +$afile='-o'; $bn_mulw_obj=''; $bn_mulw_src=''; diff --git a/lib/libcrypto/util/pl/Mingw32.pl b/lib/libcrypto/util/pl/Mingw32.pl index 45ab685974e..043a3a53ee2 100644 --- a/lib/libcrypto/util/pl/Mingw32.pl +++ b/lib/libcrypto/util/pl/Mingw32.pl @@ -1,17 +1,17 @@ #!/usr/local/bin/perl # -# Mingw32.pl -- Mingw32 with GNU cp (Mingw32f.pl uses DOS tools) +# Mingw32.pl -- Mingw # $o='/'; $cp='cp'; -$rm='rem'; # use 'rm -f' if using GNU file utilities +$rm='rm -f'; $mkdir='gmkdir'; -# gcc wouldn't accept backslashes in paths -#$o='\\'; -#$cp='copy'; -#$rm='del'; +$o='\\'; +$cp='copy'; +$rm='del'; +$mkdir='mkdir'; # C compiler stuff @@ -19,29 +19,29 @@ $cc='gcc'; if ($debug) { $cflags="-DL_ENDIAN -DDSO_WIN32 -g2 -ggdb"; } else - { $cflags="-DL_ENDIAN -DDSO_WIN32 -fomit-frame-pointer -O3 -m486 -Wall"; } + { $cflags="-DL_ENDIAN -DDSO_WIN32 -fomit-frame-pointer -O3 -mcpu=i486 -Wall"; } if ($gaswin and !$no_asm) { - $bn_asm_obj='$(OBJ_D)/bn-win32.o'; + $bn_asm_obj='$(OBJ_D)\bn-win32.o'; $bn_asm_src='crypto/bn/asm/bn-win32.s'; - $bnco_asm_obj='$(OBJ_D)/co-win32.o'; + $bnco_asm_obj='$(OBJ_D)\co-win32.o'; $bnco_asm_src='crypto/bn/asm/co-win32.s'; - $des_enc_obj='$(OBJ_D)/d-win32.o $(OBJ_D)/y-win32.o'; + $des_enc_obj='$(OBJ_D)\d-win32.o $(OBJ_D)\y-win32.o'; $des_enc_src='crypto/des/asm/d-win32.s crypto/des/asm/y-win32.s'; - $bf_enc_obj='$(OBJ_D)/b-win32.o'; + $bf_enc_obj='$(OBJ_D)\b-win32.o'; $bf_enc_src='crypto/bf/asm/b-win32.s'; -# $cast_enc_obj='$(OBJ_D)/c-win32.o'; +# $cast_enc_obj='$(OBJ_D)\c-win32.o'; # $cast_enc_src='crypto/cast/asm/c-win32.s'; - $rc4_enc_obj='$(OBJ_D)/r4-win32.o'; + $rc4_enc_obj='$(OBJ_D)\r4-win32.o'; $rc4_enc_src='crypto/rc4/asm/r4-win32.s'; - $rc5_enc_obj='$(OBJ_D)/r5-win32.o'; + $rc5_enc_obj='$(OBJ_D)\r5-win32.o'; $rc5_enc_src='crypto/rc5/asm/r5-win32.s'; - $md5_asm_obj='$(OBJ_D)/m5-win32.o'; + $md5_asm_obj='$(OBJ_D)\m5-win32.o'; $md5_asm_src='crypto/md5/asm/m5-win32.s'; - $rmd160_asm_obj='$(OBJ_D)/rm-win32.o'; + $rmd160_asm_obj='$(OBJ_D)\rm-win32.o'; $rmd160_asm_src='crypto/ripemd/asm/rm-win32.s'; - $sha1_asm_obj='$(OBJ_D)/s1-win32.o'; + $sha1_asm_obj='$(OBJ_D)\s1-win32.o'; $sha1_asm_src='crypto/sha/asm/s1-win32.s'; $cflags.=" -DBN_ASM -DMD5_ASM -DSHA1_ASM"; } diff --git a/lib/libcrypto/util/pl/VC-32.pl b/lib/libcrypto/util/pl/VC-32.pl index d6e3a11530f..285990c5896 100644 --- a/lib/libcrypto/util/pl/VC-32.pl +++ b/lib/libcrypto/util/pl/VC-32.pl @@ -91,7 +91,7 @@ if ($shlib) { $mlflags.=" $lflags /dll"; # $cflags =~ s| /MD| /MT|; - $lib_cflag=" -D_WINDLL -D_DLL"; + $lib_cflag=" -D_WINDLL"; $out_def="out32dll"; $tmp_def="tmp32dll"; } diff --git a/lib/libcrypto/util/ssleay.num b/lib/libcrypto/util/ssleay.num index fdea47205dd..46e38a131f9 100644 --- a/lib/libcrypto/util/ssleay.num +++ b/lib/libcrypto/util/ssleay.num @@ -169,7 +169,7 @@ SSL_add_file_cert_subjects_to_stack 185 EXIST:!VMS:FUNCTION:STDIO SSL_add_file_cert_subjs_to_stk 185 EXIST:VMS:FUNCTION:STDIO SSL_set_tmp_rsa_callback 186 EXIST::FUNCTION:RSA SSL_set_tmp_dh_callback 187 EXIST::FUNCTION:DH -SSL_add_dir_cert_subjects_to_stack 188 EXIST:!VMS,!WIN32:FUNCTION:STDIO +SSL_add_dir_cert_subjects_to_stack 188 EXIST:!VMS:FUNCTION:STDIO SSL_add_dir_cert_subjs_to_stk 188 NOEXIST::FUNCTION: SSL_set_session_id_context 189 EXIST::FUNCTION: SSL_CTX_use_certificate_chain_file 222 EXIST:!VMS:FUNCTION:STDIO diff --git a/lib/libcrypto/x509/Makefile.ssl b/lib/libcrypto/x509/Makefile.ssl index ee532946994..3a3452536c5 100644 --- a/lib/libcrypto/x509/Makefile.ssl +++ b/lib/libcrypto/x509/Makefile.ssl @@ -78,7 +78,7 @@ lint: lint -DLINT $(INCLUDES) $(SRC)>fluff depend: - $(MAKEDEPEND) $(CFLAG) $(INCLUDES) $(DEPFLAG) $(PROGS) $(LIBSRC) + $(MAKEDEPEND) -- $(CFLAG) $(INCLUDES) $(DEPFLAG) -- $(PROGS) $(LIBSRC) dclean: $(PERL) -pe 'if (/^# DO NOT DELETE THIS LINE/) {print; exit(0);}' $(MAKEFILE) >Makefile.new diff --git a/lib/libcrypto/x509/by_file.c b/lib/libcrypto/x509/by_file.c index 92e00d2d733..b4b04183d07 100644 --- a/lib/libcrypto/x509/by_file.c +++ b/lib/libcrypto/x509/by_file.c @@ -100,18 +100,19 @@ static int by_file_ctrl(X509_LOOKUP *ctx, int cmd, const char *argp, long argl, case X509_L_FILE_LOAD: if (argl == X509_FILETYPE_DEFAULT) { - ok = (X509_load_cert_crl_file(ctx,X509_get_default_cert_file(), - X509_FILETYPE_PEM) != 0); + file = (char *)Getenv(X509_get_default_cert_file_env()); + if (file) + ok = (X509_load_cert_crl_file(ctx,file, + X509_FILETYPE_PEM) != 0); + + else + ok = (X509_load_cert_crl_file(ctx,X509_get_default_cert_file(), + X509_FILETYPE_PEM) != 0); + if (!ok) { X509err(X509_F_BY_FILE_CTRL,X509_R_LOADING_DEFAULTS); } - else - { - file=(char *)Getenv(X509_get_default_cert_file_env()); - ok = (X509_load_cert_crl_file(ctx,file, - X509_FILETYPE_PEM) != 0); - } } else { @@ -284,7 +285,8 @@ int X509_load_cert_crl_file(X509_LOOKUP *ctx, const char *file, int type) if(itmp->x509) { X509_STORE_add_cert(ctx->store_ctx, itmp->x509); count++; - } else if(itmp->crl) { + } + if(itmp->crl) { X509_STORE_add_crl(ctx->store_ctx, itmp->crl); count++; } diff --git a/lib/libcrypto/x509/x509.h b/lib/libcrypto/x509/x509.h index 7095440d369..eaad5685a8f 100644 --- a/lib/libcrypto/x509/x509.h +++ b/lib/libcrypto/x509/x509.h @@ -87,7 +87,6 @@ #ifndef OPENSSL_NO_SHA #include <openssl/sha.h> #endif -#include <openssl/evp.h> #include <openssl/e_os2.h> #include <openssl/ossl_typ.h> @@ -487,10 +486,12 @@ typedef struct Netscape_certificate_sequence STACK_OF(X509) *certs; } NETSCAPE_CERT_SEQUENCE; +/* Unused (and iv length is wrong) typedef struct CBCParameter_st { unsigned char iv[8]; } CBC_PARAM; +*/ /* Password based encryption structure */ diff --git a/lib/libcrypto/x509/x509_cmp.c b/lib/libcrypto/x509/x509_cmp.c index cd20b6d66f9..f460102f497 100644 --- a/lib/libcrypto/x509/x509_cmp.c +++ b/lib/libcrypto/x509/x509_cmp.c @@ -57,6 +57,7 @@ */ #include <stdio.h> +#include <ctype.h> #include "cryptlib.h" #include <openssl/asn1.h> #include <openssl/objects.h> @@ -81,13 +82,14 @@ unsigned long X509_issuer_and_serial_hash(X509 *a) unsigned long ret=0; EVP_MD_CTX ctx; unsigned char md[16]; - char str[256]; + char *f; EVP_MD_CTX_init(&ctx); - X509_NAME_oneline(a->cert_info->issuer,str,256); - ret=strlen(str); + f=X509_NAME_oneline(a->cert_info->issuer,NULL,0); + ret=strlen(f); EVP_DigestInit_ex(&ctx, EVP_md5(), NULL); - EVP_DigestUpdate(&ctx,(unsigned char *)str,ret); + EVP_DigestUpdate(&ctx,(unsigned char *)f,ret); + OPENSSL_free(f); EVP_DigestUpdate(&ctx,(unsigned char *)a->cert_info->serialNumber->data, (unsigned long)a->cert_info->serialNumber->length); EVP_DigestFinal_ex(&ctx,&(md[0]),NULL); @@ -159,6 +161,99 @@ int X509_cmp(const X509 *a, const X509 *b) } #endif + +/* Case insensitive string comparision */ +static int nocase_cmp(const ASN1_STRING *a, const ASN1_STRING *b) +{ + int i; + + if (a->length != b->length) + return (a->length - b->length); + + for (i=0; i<a->length; i++) + { + int ca, cb; + + ca = tolower(a->data[i]); + cb = tolower(b->data[i]); + + if (ca != cb) + return(ca-cb); + } + return 0; +} + +/* Case insensitive string comparision with space normalization + * Space normalization - ignore leading, trailing spaces, + * multiple spaces between characters are replaced by single space + */ +static int nocase_spacenorm_cmp(const ASN1_STRING *a, const ASN1_STRING *b) +{ + unsigned char *pa = NULL, *pb = NULL; + int la, lb; + + la = a->length; + lb = b->length; + pa = a->data; + pb = b->data; + + /* skip leading spaces */ + while (la > 0 && isspace(*pa)) + { + la--; + pa++; + } + while (lb > 0 && isspace(*pb)) + { + lb--; + pb++; + } + + /* skip trailing spaces */ + while (la > 0 && isspace(pa[la-1])) + la--; + while (lb > 0 && isspace(pb[lb-1])) + lb--; + + /* compare strings with space normalization */ + while (la > 0 && lb > 0) + { + int ca, cb; + + /* compare character */ + ca = tolower(*pa); + cb = tolower(*pb); + if (ca != cb) + return (ca - cb); + + pa++; pb++; + la--; lb--; + + if (la <= 0 || lb <= 0) + break; + + /* is white space next character ? */ + if (isspace(*pa) && isspace(*pb)) + { + /* skip remaining white spaces */ + while (la > 0 && isspace(*pa)) + { + la--; + pa++; + } + while (lb > 0 && isspace(*pb)) + { + lb--; + pb++; + } + } + } + if (la > 0 || lb > 0) + return la - lb; + + return 0; +} + int X509_NAME_cmp(const X509_NAME *a, const X509_NAME *b) { int i,j; @@ -172,10 +267,20 @@ int X509_NAME_cmp(const X509_NAME *a, const X509_NAME *b) { na=sk_X509_NAME_ENTRY_value(a->entries,i); nb=sk_X509_NAME_ENTRY_value(b->entries,i); - j=na->value->length-nb->value->length; + j=na->value->type-nb->value->type; if (j) return(j); - j=memcmp(na->value->data,nb->value->data, - na->value->length); + if (na->value->type == V_ASN1_PRINTABLESTRING) + j=nocase_spacenorm_cmp(na->value, nb->value); + else if (na->value->type == V_ASN1_IA5STRING + && OBJ_obj2nid(na->object) == NID_pkcs9_emailAddress) + j=nocase_cmp(na->value, nb->value); + else + { + j=na->value->length-nb->value->length; + if (j) return(j); + j=memcmp(na->value->data,nb->value->data, + na->value->length); + } if (j) return(j); j=na->set-nb->set; if (j) return(j); diff --git a/lib/libcrypto/x509/x509_v3.c b/lib/libcrypto/x509/x509_v3.c index b5f7daa2e58..67b1796a921 100644 --- a/lib/libcrypto/x509/x509_v3.c +++ b/lib/libcrypto/x509/x509_v3.c @@ -116,7 +116,7 @@ int X509v3_get_ext_by_critical(const STACK_OF(X509_EXTENSION) *sk, int crit, { ex=sk_X509_EXTENSION_value(sk,lastpos); if ( ((ex->critical > 0) && crit) || - (!(ex->critical <= 0) && !crit)) + ((ex->critical <= 0) && !crit)) return(lastpos); } return(-1); diff --git a/lib/libcrypto/x509/x509_vfy.c b/lib/libcrypto/x509/x509_vfy.c index db12f7bd35e..552d1e72516 100644 --- a/lib/libcrypto/x509/x509_vfy.c +++ b/lib/libcrypto/x509/x509_vfy.c @@ -756,7 +756,7 @@ int X509_cmp_time(ASN1_TIME *ctm, time_t *cmp_time) { char *str; ASN1_TIME atm; - time_t offset; + long offset; char buff1[24],buff2[24],*p; int i,j; diff --git a/lib/libcrypto/x509v3/Makefile.ssl b/lib/libcrypto/x509v3/Makefile.ssl index 3534e8b2361..66df90c3462 100644 --- a/lib/libcrypto/x509v3/Makefile.ssl +++ b/lib/libcrypto/x509v3/Makefile.ssl @@ -74,7 +74,7 @@ lint: lint -DLINT $(INCLUDES) $(SRC)>fluff depend: - $(MAKEDEPEND) $(CFLAG) $(INCLUDES) $(DEPFLAG) $(PROGS) $(LIBSRC) + $(MAKEDEPEND) -- $(CFLAG) $(INCLUDES) $(DEPFLAG) -- $(PROGS) $(LIBSRC) dclean: $(PERL) -pe 'if (/^# DO NOT DELETE THIS LINE/) {print; exit(0);}' $(MAKEFILE) >Makefile.new diff --git a/lib/libcrypto/x509v3/ext_dat.h b/lib/libcrypto/x509v3/ext_dat.h index 2fb97d89254..5442480595b 100644 --- a/lib/libcrypto/x509v3/ext_dat.h +++ b/lib/libcrypto/x509v3/ext_dat.h @@ -90,17 +90,23 @@ static X509V3_EXT_METHOD *standard_exts[] = { &v3_crld, &v3_ext_ku, &v3_crl_reason, +#ifndef OPENSSL_NO_OCSP &v3_crl_invdate, +#endif &v3_sxnet, &v3_info, +#ifndef OPENSSL_NO_OCSP &v3_ocsp_nonce, &v3_ocsp_crlid, &v3_ocsp_accresp, &v3_ocsp_nocheck, &v3_ocsp_acutoff, &v3_ocsp_serviceloc, +#endif &v3_sinfo, +#ifndef OPENSSL_NO_OCSP &v3_crl_hold +#endif }; /* Number of standard extensions */ diff --git a/lib/libcrypto/x509v3/v3_info.c b/lib/libcrypto/x509v3/v3_info.c index 92b9316b020..28cc00686ad 100644 --- a/lib/libcrypto/x509v3/v3_info.c +++ b/lib/libcrypto/x509v3/v3_info.c @@ -113,8 +113,8 @@ static STACK_OF(CONF_VALUE) *i2v_AUTHORITY_INFO_ACCESS(X509V3_EXT_METHOD *method ret = i2v_GENERAL_NAME(method, desc->location, ret); if(!ret) break; vtmp = sk_CONF_VALUE_value(ret, i); - i2t_ASN1_OBJECT(objtmp, 80, desc->method); - nlen = strlen(objtmp) + strlen(vtmp->name) + 4; + i2t_ASN1_OBJECT(objtmp, sizeof objtmp, desc->method); + nlen = strlen(objtmp) + strlen(vtmp->name) + 5; ntmp = OPENSSL_malloc(nlen); if(!ntmp) { X509V3err(X509V3_F_I2V_AUTHORITY_INFO_ACCESS, diff --git a/lib/libcrypto/x509v3/v3_ocsp.c b/lib/libcrypto/x509v3/v3_ocsp.c index 083112314e6..21badc13f9f 100644 --- a/lib/libcrypto/x509v3/v3_ocsp.c +++ b/lib/libcrypto/x509v3/v3_ocsp.c @@ -56,6 +56,8 @@ * */ +#ifndef OPENSSL_NO_OCSP + #include <stdio.h> #include "cryptlib.h" #include <openssl/conf.h> @@ -270,3 +272,4 @@ static int i2r_ocsp_serviceloc(X509V3_EXT_METHOD *method, void *in, BIO *bp, int err: return 0; } +#endif diff --git a/lib/libcrypto/x509v3/v3_prn.c b/lib/libcrypto/x509v3/v3_prn.c index aeaf6170fe4..754808b6257 100644 --- a/lib/libcrypto/x509v3/v3_prn.c +++ b/lib/libcrypto/x509v3/v3_prn.c @@ -178,7 +178,7 @@ int X509V3_extensions_print(BIO *bp, char *title, STACK_OF(X509_EXTENSION) *exts ASN1_OBJECT *obj; X509_EXTENSION *ex; ex=sk_X509_EXTENSION_value(exts, i); - if (BIO_printf(bp,"%*s",indent, "") <= 0) return 0; + if (indent && BIO_printf(bp,"%*s",indent, "") <= 0) return 0; obj=X509_EXTENSION_get_object(ex); i2a_ASN1_OBJECT(bp,obj); j=X509_EXTENSION_get_critical(ex); diff --git a/lib/libcrypto/x509v3/v3_purp.c b/lib/libcrypto/x509v3/v3_purp.c index b739e4fd837..4d145f71fd0 100644 --- a/lib/libcrypto/x509v3/v3_purp.c +++ b/lib/libcrypto/x509v3/v3_purp.c @@ -378,6 +378,10 @@ static void x509v3_cache_extensions(X509 *x) case NID_time_stamp: x->ex_xkusage |= XKU_TIMESTAMP; break; + + case NID_dvcs: + x->ex_xkusage |= XKU_DVCS; + break; } } sk_ASN1_OBJECT_pop_free(extusage, ASN1_OBJECT_free); diff --git a/lib/libcrypto/x509v3/v3_utl.c b/lib/libcrypto/x509v3/v3_utl.c index 283e943e462..34ac2998def 100644 --- a/lib/libcrypto/x509v3/v3_utl.c +++ b/lib/libcrypto/x509v3/v3_utl.c @@ -491,7 +491,7 @@ static STACK *get_email(X509_NAME *name, GENERAL_NAMES *gens) i = -1; /* First supplied X509_NAME */ while((i = X509_NAME_get_index_by_NID(name, - NID_pkcs9_emailAddress, i)) > 0) { + NID_pkcs9_emailAddress, i)) >= 0) { ne = X509_NAME_get_entry(name, i); email = X509_NAME_ENTRY_get_data(ne); if(!append_ia5(&ret, email)) return NULL; diff --git a/lib/libcrypto/x509v3/v3conf.c b/lib/libcrypto/x509v3/v3conf.c index 67ee14f3348..00cf5b4a5b2 100644 --- a/lib/libcrypto/x509v3/v3conf.c +++ b/lib/libcrypto/x509v3/v3conf.c @@ -118,7 +118,7 @@ int main(int argc, char **argv) printf("%s", OBJ_nid2ln(OBJ_obj2nid(ext->object))); if(ext->critical) printf(",critical:\n"); else printf(":\n"); - X509V3_EXT_print_fp(stdout, ext, 0); + X509V3_EXT_print_fp(stdout, ext, 0, 0); printf("\n"); } diff --git a/lib/libcrypto/x509v3/x509v3.h b/lib/libcrypto/x509v3/x509v3.h index daecc55271e..fb07a19016f 100644 --- a/lib/libcrypto/x509v3/x509v3.h +++ b/lib/libcrypto/x509v3/x509v3.h @@ -352,6 +352,7 @@ DECLARE_ASN1_SET_OF(POLICYINFO) #define XKU_SGC 0x10 #define XKU_OCSP_SIGN 0x20 #define XKU_TIMESTAMP 0x40 +#define XKU_DVCS 0x80 #define X509_PURPOSE_DYNAMIC 0x1 #define X509_PURPOSE_DYNAMIC_NAME 0x2 |