diff options
| author | Markus Friedl <markus@cvs.openbsd.org> | 2003-11-11 22:15:21 +0000 |
|---|---|---|
| committer | Markus Friedl <markus@cvs.openbsd.org> | 2003-11-11 22:15:21 +0000 |
| commit | bdb4cf312bb57e75d91c0b6c4b3b47fc10463260 (patch) | |
| tree | 159bb0ea93999f8989ed1fc59ad8981ac286c1e1 /lib/libcrypto | |
| parent | 122826059125660856e13fb3df457cb87744c415 (diff) | |
merge 0.9.7c; minor bugsfixes;
API addition: ERR_release_err_state_table
[make includes before you build libssl/libcrypto]
Diffstat (limited to 'lib/libcrypto')
50 files changed, 427 insertions, 171 deletions
diff --git a/lib/libcrypto/aes/aes.h b/lib/libcrypto/aes/aes.h index 8294a41a3ad..da067f4a8fa 100644 --- a/lib/libcrypto/aes/aes.h +++ b/lib/libcrypto/aes/aes.h @@ -100,7 +100,7 @@ void AES_ofb128_encrypt(const unsigned char *in, unsigned char *out, unsigned char *ivec, int *num); void AES_ctr128_encrypt(const unsigned char *in, unsigned char *out, const unsigned long length, const AES_KEY *key, - unsigned char counter[AES_BLOCK_SIZE], + unsigned char ivec[AES_BLOCK_SIZE], unsigned char ecount_buf[AES_BLOCK_SIZE], unsigned int *num); diff --git a/lib/libcrypto/aes/aes_cbc.c b/lib/libcrypto/aes/aes_cbc.c index de438306b15..86b27b10d61 100644 --- a/lib/libcrypto/aes/aes_cbc.c +++ b/lib/libcrypto/aes/aes_cbc.c @@ -72,7 +72,7 @@ void AES_cbc_encrypt(const unsigned char *in, unsigned char *out, if (AES_ENCRYPT == enc) { while (len >= AES_BLOCK_SIZE) { - for(n=0; n < sizeof tmp; ++n) + for(n=0; n < AES_BLOCK_SIZE; ++n) tmp[n] = in[n] ^ ivec[n]; AES_encrypt(tmp, out, key); memcpy(ivec, out, AES_BLOCK_SIZE); @@ -86,12 +86,12 @@ void AES_cbc_encrypt(const unsigned char *in, unsigned char *out, for(n=len; n < AES_BLOCK_SIZE; ++n) tmp[n] = ivec[n]; AES_encrypt(tmp, tmp, key); - memcpy(out, tmp, len); - memcpy(ivec, tmp, sizeof tmp); + memcpy(out, tmp, AES_BLOCK_SIZE); + memcpy(ivec, tmp, AES_BLOCK_SIZE); } } else { while (len >= AES_BLOCK_SIZE) { - memcpy(tmp, in, sizeof tmp); + memcpy(tmp, in, AES_BLOCK_SIZE); AES_decrypt(in, out, key); for(n=0; n < AES_BLOCK_SIZE; ++n) out[n] ^= ivec[n]; @@ -101,11 +101,11 @@ void AES_cbc_encrypt(const unsigned char *in, unsigned char *out, out += AES_BLOCK_SIZE; } if (len) { - memcpy(tmp, in, sizeof tmp); + memcpy(tmp, in, AES_BLOCK_SIZE); AES_decrypt(tmp, tmp, key); for(n=0; n < len; ++n) out[n] ^= ivec[n]; - memcpy(ivec, tmp, sizeof tmp); + memcpy(ivec, tmp, AES_BLOCK_SIZE); } } } diff --git a/lib/libcrypto/aes/aes_ctr.c b/lib/libcrypto/aes/aes_ctr.c index 59088499a0a..79e1c18f193 100644 --- a/lib/libcrypto/aes/aes_ctr.c +++ b/lib/libcrypto/aes/aes_ctr.c @@ -62,19 +62,49 @@ /* NOTE: CTR mode is big-endian. The rest of the AES code * is endian-neutral. */ -/* increment counter (128-bit int) by 2^64 */ +/* increment counter (128-bit int) by 1 */ static void AES_ctr128_inc(unsigned char *counter) { unsigned long c; - /* Grab 3rd dword of counter and increment */ + /* Grab bottom dword of counter and increment */ #ifdef L_ENDIAN - c = GETU32(counter + 8); + c = GETU32(counter + 0); c++; - PUTU32(counter + 8, c); + PUTU32(counter + 0, c); #else - c = GETU32(counter + 4); + c = GETU32(counter + 12); c++; - PUTU32(counter + 4, c); + PUTU32(counter + 12, c); +#endif + + /* if no overflow, we're done */ + if (c) + return; + + /* Grab 1st dword of counter and increment */ +#ifdef L_ENDIAN + c = GETU32(counter + 4); + c++; + PUTU32(counter + 4, c); +#else + c = GETU32(counter + 8); + c++; + PUTU32(counter + 8, c); +#endif + + /* if no overflow, we're done */ + if (c) + return; + + /* Grab 2nd dword of counter and increment */ +#ifdef L_ENDIAN + c = GETU32(counter + 8); + c++; + PUTU32(counter + 8, c); +#else + c = GETU32(counter + 4); + c++; + PUTU32(counter + 4, c); #endif /* if no overflow, we're done */ @@ -100,10 +130,16 @@ static void AES_ctr128_inc(unsigned char *counter) { * encrypted counter is kept in ecount_buf. Both *num and * ecount_buf must be initialised with zeros before the first * call to AES_ctr128_encrypt(). + * + * This algorithm assumes that the counter is in the x lower bits + * of the IV (ivec), and that the application has full control over + * overflow and the rest of the IV. This implementation takes NO + * responsability for checking that the counter doesn't overflow + * into the rest of the IV when incremented. */ void AES_ctr128_encrypt(const unsigned char *in, unsigned char *out, const unsigned long length, const AES_KEY *key, - unsigned char counter[AES_BLOCK_SIZE], + unsigned char ivec[AES_BLOCK_SIZE], unsigned char ecount_buf[AES_BLOCK_SIZE], unsigned int *num) { @@ -117,8 +153,8 @@ void AES_ctr128_encrypt(const unsigned char *in, unsigned char *out, while (l--) { if (n == 0) { - AES_encrypt(counter, ecount_buf, key); - AES_ctr128_inc(counter); + AES_encrypt(ivec, ecount_buf, key); + AES_ctr128_inc(ivec); } *(out++) = *(in++) ^ ecount_buf[n]; n = (n+1) % AES_BLOCK_SIZE; diff --git a/lib/libcrypto/asn1/a_mbstr.c b/lib/libcrypto/asn1/a_mbstr.c index 58b437bc842..c811b11776d 100644 --- a/lib/libcrypto/asn1/a_mbstr.c +++ b/lib/libcrypto/asn1/a_mbstr.c @@ -296,7 +296,7 @@ static int in_utf8(unsigned long value, void *arg) static int out_utf8(unsigned long value, void *arg) { - long *outlen; + int *outlen; outlen = arg; *outlen += UTF8_putc(NULL, -1, value); return 1; diff --git a/lib/libcrypto/asn1/a_strex.c b/lib/libcrypto/asn1/a_strex.c index 1def6c65494..8abfdfe5980 100644 --- a/lib/libcrypto/asn1/a_strex.c +++ b/lib/libcrypto/asn1/a_strex.c @@ -279,7 +279,7 @@ static int do_dump(unsigned long lflags, char_io *io_ch, void *arg, ASN1_STRING * otherwise it is the number of bytes per character */ -const static char tag2nbyte[] = { +const static signed char tag2nbyte[] = { -1, -1, -1, -1, -1, /* 0-4 */ -1, -1, -1, -1, -1, /* 5-9 */ -1, -1, 0, -1, /* 10-13 */ diff --git a/lib/libcrypto/asn1/a_strnid.c b/lib/libcrypto/asn1/a_strnid.c index aa49e9d7d07..613bbc4a7da 100644 --- a/lib/libcrypto/asn1/a_strnid.c +++ b/lib/libcrypto/asn1/a_strnid.c @@ -143,7 +143,7 @@ ASN1_STRING *ASN1_STRING_set_by_NID(ASN1_STRING **out, const unsigned char *in, /* Now the tables and helper functions for the string table: */ -/* size limits: this stuff is taken straight from RFC2459 */ +/* size limits: this stuff is taken straight from RFC3280 */ #define ub_name 32768 #define ub_common_name 64 @@ -153,6 +153,8 @@ ASN1_STRING *ASN1_STRING_set_by_NID(ASN1_STRING **out, const unsigned char *in, #define ub_organization_unit_name 64 #define ub_title 64 #define ub_email_address 128 +#define ub_serial_number 64 + /* This table must be kept in NID order */ @@ -170,6 +172,7 @@ static ASN1_STRING_TABLE tbl_standard[] = { {NID_givenName, 1, ub_name, DIRSTRING_TYPE, 0}, {NID_surname, 1, ub_name, DIRSTRING_TYPE, 0}, {NID_initials, 1, ub_name, DIRSTRING_TYPE, 0}, +{NID_serialNumber, 1, ub_serial_number, B_ASN1_PRINTABLESTRING, STABLE_NO_MASK}, {NID_friendlyName, -1, -1, B_ASN1_BMPSTRING, STABLE_NO_MASK}, {NID_name, 1, ub_name, DIRSTRING_TYPE, 0}, {NID_dnQualifier, -1, -1, B_ASN1_PRINTABLESTRING, STABLE_NO_MASK}, diff --git a/lib/libcrypto/bio/b_print.c b/lib/libcrypto/bio/b_print.c index a9e552f2452..2cfc689dd6b 100644 --- a/lib/libcrypto/bio/b_print.c +++ b/lib/libcrypto/bio/b_print.c @@ -836,5 +836,5 @@ int BIO_vsnprintf(char *buf, size_t n, const char *format, va_list args) * had the buffer been large enough.) */ return -1; else - return (retlen <= INT_MAX) ? retlen : -1; + return (retlen <= INT_MAX) ? (int)retlen : -1; } diff --git a/lib/libcrypto/bio/bf_buff.c b/lib/libcrypto/bio/bf_buff.c index 1cecd705795..c1fd75aaad8 100644 --- a/lib/libcrypto/bio/bf_buff.c +++ b/lib/libcrypto/bio/bf_buff.c @@ -494,6 +494,7 @@ static int buffer_gets(BIO *b, char *buf, int size) if (i <= 0) { BIO_copy_next_retry(b); + *buf='\0'; if (i < 0) return((num > 0)?num:i); if (i == 0) return(num); } diff --git a/lib/libcrypto/bio/bss_bio.c b/lib/libcrypto/bio/bss_bio.c index aa58dab046b..0f9f0955b41 100644 --- a/lib/libcrypto/bio/bss_bio.c +++ b/lib/libcrypto/bio/bss_bio.c @@ -1,4 +1,57 @@ /* crypto/bio/bss_bio.c -*- Mode: C; c-file-style: "eay" -*- */ +/* ==================================================================== + * Copyright (c) 1998-2003 The OpenSSL Project. All rights reserved. + * + * Redistribution and use in source and binary forms, with or without + * modification, are permitted provided that the following conditions + * are met: + * + * 1. Redistributions of source code must retain the above copyright + * notice, this list of conditions and the following disclaimer. + * + * 2. Redistributions in binary form must reproduce the above copyright + * notice, this list of conditions and the following disclaimer in + * the documentation and/or other materials provided with the + * distribution. + * + * 3. All advertising materials mentioning features or use of this + * software must display the following acknowledgment: + * "This product includes software developed by the OpenSSL Project + * for use in the OpenSSL Toolkit. (http://www.openssl.org/)" + * + * 4. The names "OpenSSL Toolkit" and "OpenSSL Project" must not be used to + * endorse or promote products derived from this software without + * prior written permission. For written permission, please contact + * openssl-core@openssl.org. + * + * 5. Products derived from this software may not be called "OpenSSL" + * nor may "OpenSSL" appear in their names without prior written + * permission of the OpenSSL Project. + * + * 6. Redistributions of any form whatsoever must retain the following + * acknowledgment: + * "This product includes software developed by the OpenSSL Project + * for use in the OpenSSL Toolkit (http://www.openssl.org/)" + * + * THIS SOFTWARE IS PROVIDED BY THE OpenSSL PROJECT ``AS IS'' AND ANY + * EXPRESSED OR IMPLIED WARRANTIES, INCLUDING, BUT NOT LIMITED TO, THE + * IMPLIED WARRANTIES OF MERCHANTABILITY AND FITNESS FOR A PARTICULAR + * PURPOSE ARE DISCLAIMED. IN NO EVENT SHALL THE OpenSSL PROJECT OR + * ITS CONTRIBUTORS BE LIABLE FOR ANY DIRECT, INDIRECT, INCIDENTAL, + * SPECIAL, EXEMPLARY, OR CONSEQUENTIAL DAMAGES (INCLUDING, BUT + * NOT LIMITED TO, PROCUREMENT OF SUBSTITUTE GOODS OR SERVICES; + * LOSS OF USE, DATA, OR PROFITS; OR BUSINESS INTERRUPTION) + * HOWEVER CAUSED AND ON ANY THEORY OF LIABILITY, WHETHER IN CONTRACT, + * STRICT LIABILITY, OR TORT (INCLUDING NEGLIGENCE OR OTHERWISE) + * ARISING IN ANY WAY OUT OF THE USE OF THIS SOFTWARE, EVEN IF ADVISED + * OF THE POSSIBILITY OF SUCH DAMAGE. + * ==================================================================== + * + * This product includes cryptographic software written by Eric Young + * (eay@cryptsoft.com). This product includes software written by Tim + * Hudson (tjh@cryptsoft.com). + * + */ /* Special method for a BIO where the other endpoint is also a BIO * of this kind, handled by the same thread (i.e. the "peer" is actually @@ -502,7 +555,7 @@ static long bio_ctrl(BIO *bio, int cmd, long num, void *ptr) break; case BIO_C_DESTROY_BIO_PAIR: - /* Effects both BIOs in the pair -- call just once! + /* Affects both BIOs in the pair -- call just once! * Or let BIO_free(bio1); BIO_free(bio2); do the job. */ bio_destroy_pair(bio); ret = 1; diff --git a/lib/libcrypto/bio/bss_file.c b/lib/libcrypto/bio/bss_file.c index e4e9df144cb..0ca603ee0a5 100644 --- a/lib/libcrypto/bio/bss_file.c +++ b/lib/libcrypto/bio/bss_file.c @@ -213,12 +213,29 @@ static long MS_CALLBACK file_ctrl(BIO *b, int cmd, long num, void *ptr) b->shutdown=(int)num&BIO_CLOSE; b->ptr=(char *)ptr; b->init=1; -#if defined(OPENSSL_SYS_MSDOS) || defined(OPENSSL_SYS_WINDOWS) - /* Set correct text/binary mode */ +#if defined(OPENSSL_SYS_WINDOWS) if (num & BIO_FP_TEXT) _setmode(fileno((FILE *)ptr),_O_TEXT); else _setmode(fileno((FILE *)ptr),_O_BINARY); +#elif defined(OPENSSL_SYS_MSDOS) + { + int fd = fileno((FILE*)ptr); + /* Set correct text/binary mode */ + if (num & BIO_FP_TEXT) + _setmode(fd,_O_TEXT); + /* Dangerous to set stdin/stdout to raw (unless redirected) */ + else + { + if (fd == STDIN_FILENO || fd == STDOUT_FILENO) + { + if (isatty(fd) <= 0) + _setmode(fd,_O_BINARY); + } + else + _setmode(fd,_O_BINARY); + } + } #elif defined(OPENSSL_SYS_OS2) if (num & BIO_FP_TEXT) setmode(fileno((FILE *)ptr), O_TEXT); diff --git a/lib/libcrypto/bn/Makefile.ssl b/lib/libcrypto/bn/Makefile.ssl index fa17d3c7d88..0c6e796d17a 100644 --- a/lib/libcrypto/bn/Makefile.ssl +++ b/lib/libcrypto/bn/Makefile.ssl @@ -22,6 +22,7 @@ BN_ASM= bn_asm.o #BN_ASM= bn86-elf.o CFLAGS= $(INCLUDES) $(CFLAG) +ASFLAGS= $(INCLUDES) $(ASFLAG) GENERAL=Makefile TEST=bntest.c exptest.c diff --git a/lib/libcrypto/bn/bn_mul.c b/lib/libcrypto/bn/bn_mul.c index cb93ac33569..3ae3822bc2a 100644 --- a/lib/libcrypto/bn/bn_mul.c +++ b/lib/libcrypto/bn/bn_mul.c @@ -224,7 +224,7 @@ void bn_mul_part_recursive(BN_ULONG *r, BN_ULONG *a, BN_ULONG *b, int tn, int n, BN_ULONG *t) { int i,j,n2=n*2; - unsigned int c1,c2,neg,zero; + int c1,c2,neg,zero; BN_ULONG ln,lo,*p; # ifdef BN_COUNT @@ -376,7 +376,7 @@ void bn_mul_part_recursive(BN_ULONG *r, BN_ULONG *a, BN_ULONG *b, int tn, /* The overflow will stop before we over write * words we should not overwrite */ - if (ln < c1) + if (ln < (BN_ULONG)c1) { do { p++; diff --git a/lib/libcrypto/des/cfb_enc.c b/lib/libcrypto/des/cfb_enc.c index 17bf77ca9e3..2600bdfc93a 100644 --- a/lib/libcrypto/des/cfb_enc.c +++ b/lib/libcrypto/des/cfb_enc.c @@ -64,32 +64,22 @@ * the second. The second 12 bits will come from the 3rd and half the 4th * byte. */ +/* WARNING WARNING: this uses in and out in 8-byte chunks regardless of + * length */ +/* Until Aug 1 2003 this function did not correctly implement CFB-r, so it + * will not be compatible with any encryption prior to that date. Ben. */ void DES_cfb_encrypt(const unsigned char *in, unsigned char *out, int numbits, - long length, DES_key_schedule *schedule, DES_cblock *ivec, int enc) + long length, DES_key_schedule *schedule, DES_cblock *ivec, + int enc) { register DES_LONG d0,d1,v0,v1,n=(numbits+7)/8; - register DES_LONG mask0,mask1; register unsigned long l=length; register int num=numbits; DES_LONG ti[2]; unsigned char *iv; + unsigned char ovec[16]; if (num > 64) return; - if (num > 32) - { - mask0=0xffffffffL; - if (num == 64) - mask1=mask0; - else mask1=(1L<<(num-32))-1; - } - else - { - if (num == 32) - mask0=0xffffffffL; - else mask0=(1L<<num)-1; - mask1=0x00000000L; - } - iv = &(*ivec)[0]; c2l(iv,v0); c2l(iv,v1); @@ -103,8 +93,8 @@ void DES_cfb_encrypt(const unsigned char *in, unsigned char *out, int numbits, DES_encrypt1((DES_LONG *)ti,schedule,DES_ENCRYPT); c2ln(in,d0,d1,n); in+=n; - d0=(d0^ti[0])&mask0; - d1=(d1^ti[1])&mask1; + d0^=ti[0]; + d1^=ti[1]; l2cn(d0,d1,out,n); out+=n; /* 30-08-94 - eay - changed because l>>32 and @@ -113,15 +103,25 @@ void DES_cfb_encrypt(const unsigned char *in, unsigned char *out, int numbits, { v0=v1; v1=d0; } else if (num == 64) { v0=d0; v1=d1; } - else if (num > 32) /* && num != 64 */ - { - v0=((v1>>(num-32))|(d0<<(64-num)))&0xffffffffL; - v1=((d0>>(num-32))|(d1<<(64-num)))&0xffffffffL; - } - else /* num < 32 */ + else { - v0=((v0>>num)|(v1<<(32-num)))&0xffffffffL; - v1=((v1>>num)|(d0<<(32-num)))&0xffffffffL; + iv=&ovec[0]; + l2c(v0,iv); + l2c(v1,iv); + l2c(d0,iv); + l2c(d1,iv); + /* shift ovec left most of the bits... */ + memmove(ovec,ovec+num/8,8+(num%8 ? 1 : 0)); + /* now the remaining bits */ + if(num%8 != 0) + for(n=0 ; n < 8 ; ++n) + { + ovec[n]<<=num%8; + ovec[n]|=ovec[n+1]>>(8-num%8); + } + iv=&ovec[0]; + c2l(iv,v0); + c2l(iv,v1); } } } @@ -141,18 +141,28 @@ void DES_cfb_encrypt(const unsigned char *in, unsigned char *out, int numbits, { v0=v1; v1=d0; } else if (num == 64) { v0=d0; v1=d1; } - else if (num > 32) /* && num != 64 */ - { - v0=((v1>>(num-32))|(d0<<(64-num)))&0xffffffffL; - v1=((d0>>(num-32))|(d1<<(64-num)))&0xffffffffL; - } - else /* num < 32 */ + else { - v0=((v0>>num)|(v1<<(32-num)))&0xffffffffL; - v1=((v1>>num)|(d0<<(32-num)))&0xffffffffL; + iv=&ovec[0]; + l2c(v0,iv); + l2c(v1,iv); + l2c(d0,iv); + l2c(d1,iv); + /* shift ovec left most of the bits... */ + memmove(ovec,ovec+num/8,8+(num%8 ? 1 : 0)); + /* now the remaining bits */ + if(num%8 != 0) + for(n=0 ; n < 8 ; ++n) + { + ovec[n]<<=num%8; + ovec[n]|=ovec[n+1]>>(8-num%8); + } + iv=&ovec[0]; + c2l(iv,v0); + c2l(iv,v1); } - d0=(d0^ti[0])&mask0; - d1=(d1^ti[1])&mask1; + d0^=ti[0]; + d1^=ti[1]; l2cn(d0,d1,out,n); out+=n; } diff --git a/lib/libcrypto/des/destest.c b/lib/libcrypto/des/destest.c index 687c00c7922..3983ac8e5f1 100644 --- a/lib/libcrypto/des/destest.c +++ b/lib/libcrypto/des/destest.c @@ -431,7 +431,7 @@ int main(int argc, char *argv[]) #ifndef LIBDES_LIT printf("Doing ede ecb\n"); - for (i=0; i<(NUM_TESTS-1); i++) + for (i=0; i<(NUM_TESTS-2); i++) { DES_set_key_unchecked(&key_data[i],&ks); DES_set_key_unchecked(&key_data[i+1],&ks2); diff --git a/lib/libcrypto/dso/dso_dlfcn.c b/lib/libcrypto/dso/dso_dlfcn.c index 906b4703de7..9d49ebc2537 100644 --- a/lib/libcrypto/dso/dso_dlfcn.c +++ b/lib/libcrypto/dso/dso_dlfcn.c @@ -125,7 +125,11 @@ DSO_METHOD *DSO_METHOD_dlfcn(void) # endif # endif #else -# define DLOPEN_FLAG RTLD_NOW /* Hope this works everywhere else */ +# ifdef OPENSSL_SYS_SUNOS +# define DLOPEN_FLAG 1 +# else +# define DLOPEN_FLAG RTLD_NOW /* Hope this works everywhere else */ +# endif #endif /* For this DSO_METHOD, our meth_data STACK will contain; diff --git a/lib/libcrypto/ec/ec_mult.c b/lib/libcrypto/ec/ec_mult.c index 4dbc9311206..16822a73cf5 100644 --- a/lib/libcrypto/ec/ec_mult.c +++ b/lib/libcrypto/ec/ec_mult.c @@ -175,12 +175,13 @@ static signed char *compute_wNAF(const BIGNUM *scalar, int w, size_t *ret_len, B * (thus the boundaries should be increased) */ #define EC_window_bits_for_scalar_size(b) \ - ((b) >= 2000 ? 6 : \ - (b) >= 800 ? 5 : \ - (b) >= 300 ? 4 : \ - (b) >= 70 ? 3 : \ - (b) >= 20 ? 2 : \ - 1) + ((size_t) \ + ((b) >= 2000 ? 6 : \ + (b) >= 800 ? 5 : \ + (b) >= 300 ? 4 : \ + (b) >= 70 ? 3 : \ + (b) >= 20 ? 2 : \ + 1)) /* Compute * \sum scalars[i]*points[i], diff --git a/lib/libcrypto/engine/engine.h b/lib/libcrypto/engine/engine.h index 8686879e1a3..9c3ab182d37 100644 --- a/lib/libcrypto/engine/engine.h +++ b/lib/libcrypto/engine/engine.h @@ -538,10 +538,10 @@ void ENGINE_add_conf_module(void); /**************************/ /* Binary/behaviour compatibility levels */ -#define OSSL_DYNAMIC_VERSION (unsigned long)0x00010100 +#define OSSL_DYNAMIC_VERSION (unsigned long)0x00010200 /* Binary versions older than this are too old for us (whether we're a loader or * a loadee) */ -#define OSSL_DYNAMIC_OLDEST (unsigned long)0x00010100 +#define OSSL_DYNAMIC_OLDEST (unsigned long)0x00010200 /* When compiling an ENGINE entirely as an external shared library, loadable by * the "dynamic" ENGINE, these types are needed. The 'dynamic_fns' structure @@ -630,6 +630,10 @@ typedef int (*dynamic_bind_engine)(ENGINE *e, const char *id, if(!fn(e,id)) return 0; \ return 1; } +#if defined(__OpenBSD__) || defined(__FreeBSD__) +void ENGINE_setup_bsd_cryptodev(void); +#endif + /* BEGIN ERROR CODES */ /* The following lines are auto generated by the script mkerr.pl. Any changes * made after this point may be overwritten when the script is next run. diff --git a/lib/libcrypto/engine/hw_ubsec.c b/lib/libcrypto/engine/hw_ubsec.c index 6286dd851c6..5234a08a07b 100644 --- a/lib/libcrypto/engine/hw_ubsec.c +++ b/lib/libcrypto/engine/hw_ubsec.c @@ -561,7 +561,6 @@ static int ubsec_mod_exp(BIGNUM *r, const BIGNUM *a, const BIGNUM *p, UBSECerr(UBSEC_F_UBSEC_MOD_EXP, UBSEC_R_BN_EXPAND_FAIL); return 0; } - memset(r->d, 0, BN_num_bytes(m)); if ((fd = p_UBSEC_ubsec_open(UBSEC_KEY_DEVICE_NAME)) <= 0) { fd = 0; diff --git a/lib/libcrypto/err/err.c b/lib/libcrypto/err/err.c index a4f4a260afa..6ab119c1ef6 100644 --- a/lib/libcrypto/err/err.c +++ b/lib/libcrypto/err/err.c @@ -225,6 +225,7 @@ struct st_ERR_FNS ERR_STRING_DATA *(*cb_err_del_item)(ERR_STRING_DATA *); /* Works on the "thread_hash" error-state table */ LHASH *(*cb_thread_get)(int create); + void (*cb_thread_release)(LHASH **hash); ERR_STATE *(*cb_thread_get_item)(const ERR_STATE *); ERR_STATE *(*cb_thread_set_item)(ERR_STATE *); void (*cb_thread_del_item)(const ERR_STATE *); @@ -239,6 +240,7 @@ static ERR_STRING_DATA *int_err_get_item(const ERR_STRING_DATA *); static ERR_STRING_DATA *int_err_set_item(ERR_STRING_DATA *); static ERR_STRING_DATA *int_err_del_item(ERR_STRING_DATA *); static LHASH *int_thread_get(int create); +static void int_thread_release(LHASH **hash); static ERR_STATE *int_thread_get_item(const ERR_STATE *); static ERR_STATE *int_thread_set_item(ERR_STATE *); static void int_thread_del_item(const ERR_STATE *); @@ -252,6 +254,7 @@ static const ERR_FNS err_defaults = int_err_set_item, int_err_del_item, int_thread_get, + int_thread_release, int_thread_get_item, int_thread_set_item, int_thread_del_item, @@ -271,6 +274,7 @@ static const ERR_FNS *err_fns = NULL; * and state in the loading application. */ static LHASH *int_error_hash = NULL; static LHASH *int_thread_hash = NULL; +static int int_thread_hash_references = 0; static int int_err_library_number= ERR_LIB_USER; /* Internal function that checks whether "err_fns" is set and if not, sets it to @@ -417,11 +421,37 @@ static LHASH *int_thread_get(int create) CRYPTO_pop_info(); } if (int_thread_hash) + { + int_thread_hash_references++; ret = int_thread_hash; + } CRYPTO_w_unlock(CRYPTO_LOCK_ERR); return ret; } +static void int_thread_release(LHASH **hash) + { + int i; + + if (hash == NULL || *hash == NULL) + return; + + i = CRYPTO_add(&int_thread_hash_references, -1, CRYPTO_LOCK_ERR); + +#ifdef REF_PRINT + fprintf(stderr,"%4d:%s\n",int_thread_hash_references,"ERR"); +#endif + if (i > 0) return; +#ifdef REF_CHECK + if (i < 0) + { + fprintf(stderr,"int_thread_release, bad reference count\n"); + abort(); /* ok */ + } +#endif + *hash = NULL; + } + static ERR_STATE *int_thread_get_item(const ERR_STATE *d) { ERR_STATE *p; @@ -436,6 +466,7 @@ static ERR_STATE *int_thread_get_item(const ERR_STATE *d) p = (ERR_STATE *)lh_retrieve(hash, d); CRYPTO_r_unlock(CRYPTO_LOCK_ERR); + ERRFN(thread_release)(&hash); return p; } @@ -453,6 +484,7 @@ static ERR_STATE *int_thread_set_item(ERR_STATE *d) p = (ERR_STATE *)lh_insert(hash, d); CRYPTO_w_unlock(CRYPTO_LOCK_ERR); + ERRFN(thread_release)(&hash); return p; } @@ -469,13 +501,15 @@ static void int_thread_del_item(const ERR_STATE *d) CRYPTO_w_lock(CRYPTO_LOCK_ERR); p = (ERR_STATE *)lh_delete(hash, d); /* make sure we don't leak memory */ - if (int_thread_hash && (lh_num_items(int_thread_hash) == 0)) + if (int_thread_hash_references == 1 + && int_thread_hash && (lh_num_items(int_thread_hash) == 0)) { lh_free(int_thread_hash); int_thread_hash = NULL; } CRYPTO_w_unlock(CRYPTO_LOCK_ERR); + ERRFN(thread_release)(&hash); if (p) ERR_STATE_free(p); } @@ -845,6 +879,12 @@ LHASH *ERR_get_err_state_table(void) return ERRFN(thread_get)(0); } +void ERR_release_err_state_table(LHASH **hash) + { + err_fns_check(); + ERRFN(thread_release)(hash); + } + const char *ERR_lib_error_string(unsigned long e) { ERR_STRING_DATA d,*p; diff --git a/lib/libcrypto/err/err.h b/lib/libcrypto/err/err.h index 988ef81aa0d..8faa3a7b4f5 100644 --- a/lib/libcrypto/err/err.h +++ b/lib/libcrypto/err/err.h @@ -278,6 +278,7 @@ ERR_STATE *ERR_get_state(void); #ifndef OPENSSL_NO_LHASH LHASH *ERR_get_string_table(void); LHASH *ERR_get_err_state_table(void); +void ERR_release_err_state_table(LHASH **hash); #endif int ERR_get_next_error_library(void); diff --git a/lib/libcrypto/evp/Makefile.ssl b/lib/libcrypto/evp/Makefile.ssl index b4172406ae4..f33aebd33a2 100644 --- a/lib/libcrypto/evp/Makefile.ssl +++ b/lib/libcrypto/evp/Makefile.ssl @@ -185,13 +185,14 @@ c_all.o: ../../include/openssl/bn.h ../../include/openssl/buffer.h c_all.o: ../../include/openssl/cast.h ../../include/openssl/crypto.h c_all.o: ../../include/openssl/des.h ../../include/openssl/des_old.h c_all.o: ../../include/openssl/dh.h ../../include/openssl/dsa.h -c_all.o: ../../include/openssl/e_os2.h ../../include/openssl/err.h -c_all.o: ../../include/openssl/evp.h ../../include/openssl/idea.h -c_all.o: ../../include/openssl/lhash.h ../../include/openssl/md2.h -c_all.o: ../../include/openssl/md4.h ../../include/openssl/md5.h -c_all.o: ../../include/openssl/mdc2.h ../../include/openssl/obj_mac.h -c_all.o: ../../include/openssl/objects.h ../../include/openssl/opensslconf.h -c_all.o: ../../include/openssl/opensslv.h ../../include/openssl/ossl_typ.h +c_all.o: ../../include/openssl/e_os2.h ../../include/openssl/engine.h +c_all.o: ../../include/openssl/err.h ../../include/openssl/evp.h +c_all.o: ../../include/openssl/idea.h ../../include/openssl/lhash.h +c_all.o: ../../include/openssl/md2.h ../../include/openssl/md4.h +c_all.o: ../../include/openssl/md5.h ../../include/openssl/mdc2.h +c_all.o: ../../include/openssl/obj_mac.h ../../include/openssl/objects.h +c_all.o: ../../include/openssl/opensslconf.h ../../include/openssl/opensslv.h +c_all.o: ../../include/openssl/ossl_typ.h ../../include/openssl/rand.h c_all.o: ../../include/openssl/rc2.h ../../include/openssl/rc4.h c_all.o: ../../include/openssl/rc5.h ../../include/openssl/ripemd.h c_all.o: ../../include/openssl/rsa.h ../../include/openssl/safestack.h diff --git a/lib/libcrypto/evp/bio_b64.c b/lib/libcrypto/evp/bio_b64.c index 6e550f6a430..33349c2f989 100644 --- a/lib/libcrypto/evp/bio_b64.c +++ b/lib/libcrypto/evp/bio_b64.c @@ -184,7 +184,9 @@ static int b64_read(BIO *b, char *out, int outl) ret_code=0; while (outl > 0) { - if (ctx->cont <= 0) break; + + if (ctx->cont <= 0) + break; i=BIO_read(b->next_bio,&(ctx->tmp[ctx->tmp_len]), B64_BLOCK_SIZE-ctx->tmp_len); @@ -195,11 +197,21 @@ static int b64_read(BIO *b, char *out, int outl) /* Should be continue next time we are called? */ if (!BIO_should_retry(b->next_bio)) + { ctx->cont=i; - /* else we should continue when called again */ - break; + /* If buffer empty break */ + if(ctx->tmp_len == 0) + break; + /* Fall through and process what we have */ + else + i = 0; + } + /* else we retry and add more data to buffer */ + else + break; } i+=ctx->tmp_len; + ctx->tmp_len = i; /* We need to scan, a line at a time until we * have a valid line if we are starting. */ @@ -255,8 +267,12 @@ static int b64_read(BIO *b, char *out, int outl) * reading until a new line. */ if (p == (unsigned char *)&(ctx->tmp[0])) { - ctx->tmp_nl=1; - ctx->tmp_len=0; + /* Check buffer full */ + if (i == B64_BLOCK_SIZE) + { + ctx->tmp_nl=1; + ctx->tmp_len=0; + } } else if (p != q) /* finished on a '\n' */ { @@ -271,6 +287,11 @@ static int b64_read(BIO *b, char *out, int outl) else ctx->tmp_len=0; } + /* If buffer isn't full and we can retry then + * restart to read in more data. + */ + else if ((i < B64_BLOCK_SIZE) && (ctx->cont > 0)) + continue; if (BIO_get_flags(b) & BIO_FLAGS_BASE64_NO_NL) { @@ -310,8 +331,8 @@ static int b64_read(BIO *b, char *out, int outl) i=EVP_DecodeUpdate(&(ctx->base64), (unsigned char *)ctx->buf,&ctx->buf_len, (unsigned char *)ctx->tmp,i); + ctx->tmp_len = 0; } - ctx->cont=i; ctx->buf_off=0; if (i < 0) { @@ -484,10 +505,7 @@ again: { i=b64_write(b,NULL,0); if (i < 0) - { - ret=i; - break; - } + return i; } if (BIO_get_flags(b) & BIO_FLAGS_BASE64_NO_NL) { diff --git a/lib/libcrypto/evp/c_all.c b/lib/libcrypto/evp/c_all.c index 1b31a14e37c..fa60a73ead1 100644 --- a/lib/libcrypto/evp/c_all.c +++ b/lib/libcrypto/evp/c_all.c @@ -59,6 +59,9 @@ #include <stdio.h> #include "cryptlib.h" #include <openssl/evp.h> +#ifndef OPENSSL_NO_ENGINE +#include <openssl/engine.h> +#endif #if 0 #undef OpenSSL_add_all_algorithms diff --git a/lib/libcrypto/md2/md2test.c b/lib/libcrypto/md2/md2test.c index 901d0a7d8ea..9c1e28b6ce8 100644 --- a/lib/libcrypto/md2/md2test.c +++ b/lib/libcrypto/md2/md2test.c @@ -59,7 +59,6 @@ #include <stdio.h> #include <stdlib.h> #include <string.h> -#include <openssl/md2.h> #include "../e_os.h" @@ -71,6 +70,7 @@ int main(int argc, char *argv[]) } #else #include <openssl/evp.h> +#include <openssl/md2.h> #ifdef CHARSET_EBCDIC #include <openssl/ebcdic.h> diff --git a/lib/libcrypto/md5/Makefile.ssl b/lib/libcrypto/md5/Makefile.ssl index b11ab476d6a..2361775a2dc 100644 --- a/lib/libcrypto/md5/Makefile.ssl +++ b/lib/libcrypto/md5/Makefile.ssl @@ -6,7 +6,7 @@ DIR= md5 TOP= ../.. CC= cc CPP= $(CC) -E -INCLUDES= +INCLUDES=-I.. -I$(TOP) -I../../include CFLAG=-g INSTALL_PREFIX= OPENSSLDIR= /usr/local/ssl @@ -20,6 +20,7 @@ AR= ar r MD5_ASM_OBJ= CFLAGS= $(INCLUDES) $(CFLAG) +ASFLAGS= $(INCLUDES) $(ASFLAG) GENERAL=Makefile TEST=md5test.c diff --git a/lib/libcrypto/md5/asm/md5-586.pl b/lib/libcrypto/md5/asm/md5-586.pl index 5fc6a205ce0..fa3fa3bed59 100644 --- a/lib/libcrypto/md5/asm/md5-586.pl +++ b/lib/libcrypto/md5/asm/md5-586.pl @@ -293,7 +293,7 @@ sub md5_block &mov(&DWP(12,$tmp2,"",0),$D); &cmp($tmp1,$X) unless $normal; # check count - &jge(&label("start")) unless $normal; + &jae(&label("start")) unless $normal; &pop("eax"); # pop the temp variable off the stack &pop("ebx"); diff --git a/lib/libcrypto/md5/asm/md5-sparcv9.S b/lib/libcrypto/md5/asm/md5-sparcv9.S index a599ed5660b..db45aa4c977 100644 --- a/lib/libcrypto/md5/asm/md5-sparcv9.S +++ b/lib/libcrypto/md5/asm/md5-sparcv9.S @@ -34,10 +34,12 @@ * * or if above fails (it does if you have gas): * - * gcc -E -DULTRASPARC -DMD5_BLOCK_DATA_ORDER md5_block.sparc.S | \ + * gcc -E -DOPENSSL_SYSNAMEULTRASPARC -DMD5_BLOCK_DATA_ORDER md5_block.sparc.S | \ * as -xarch=v8plus /dev/fd/0 -o md5-sparcv9.o */ +#include <openssl/e_os2.h> + #define A %o0 #define B %o1 #define C %o2 diff --git a/lib/libcrypto/o_time.c b/lib/libcrypto/o_time.c index 723eb1b5af7..785468131e1 100644 --- a/lib/libcrypto/o_time.c +++ b/lib/libcrypto/o_time.c @@ -73,7 +73,7 @@ struct tm *OPENSSL_gmtime(const time_t *timer, struct tm *result) { struct tm *ts = NULL; -#if defined(OPENSSL_THREADS) && !defined(OPENSSL_SYS_WIN32) && !defined(OPENSSL_SYS_OS2) && !defined(__CYGWIN32__) && (!defined(OPENSSL_SYS_VMS) || defined(gmtime_r)) && !defined(OPENSSL_SYS_MACOSX) +#if defined(OPENSSL_THREADS) && !defined(OPENSSL_SYS_WIN32) && !defined(OPENSSL_SYS_OS2) && !defined(__CYGWIN32__) && (!defined(OPENSSL_SYS_VMS) || defined(gmtime_r)) && !defined(OPENSSL_SYS_MACOSX) && !defined(OPENSSL_SYS_SUNOS) /* should return &data, but doesn't on some systems, so we don't even look at the return value */ gmtime_r(timer,result); diff --git a/lib/libcrypto/opensslv.h b/lib/libcrypto/opensslv.h index 08cb1d5018c..e226d9de796 100644 --- a/lib/libcrypto/opensslv.h +++ b/lib/libcrypto/opensslv.h @@ -25,8 +25,8 @@ * (Prior to 0.9.5a beta1, a different scheme was used: MMNNFFRBB for * major minor fix final patch/beta) */ -#define OPENSSL_VERSION_NUMBER 0x0090702fL -#define OPENSSL_VERSION_TEXT "OpenSSL 0.9.7b 10 Apr 2003" +#define OPENSSL_VERSION_NUMBER 0x0090703fL +#define OPENSSL_VERSION_TEXT "OpenSSL 0.9.7c 30 Sep 2003" #define OPENSSL_VERSION_PTEXT " part of " OPENSSL_VERSION_TEXT diff --git a/lib/libcrypto/perlasm/x86ms.pl b/lib/libcrypto/perlasm/x86ms.pl index 35f1a4ddb93..fbb4afb9bda 100644 --- a/lib/libcrypto/perlasm/x86ms.pl +++ b/lib/libcrypto/perlasm/x86ms.pl @@ -144,7 +144,10 @@ sub main'jle { &out1("jle",@_); } sub main'jz { &out1("jz",@_); } sub main'jge { &out1("jge",@_); } sub main'jl { &out1("jl",@_); } +sub main'ja { &out1("ja",@_); } +sub main'jae { &out1("jae",@_); } sub main'jb { &out1("jb",@_); } +sub main'jbe { &out1("jbe",@_); } sub main'jc { &out1("jc",@_); } sub main'jnc { &out1("jnc",@_); } sub main'jnz { &out1("jnz",@_); } diff --git a/lib/libcrypto/perlasm/x86nasm.pl b/lib/libcrypto/perlasm/x86nasm.pl index f30b7466d45..30346af4eac 100644 --- a/lib/libcrypto/perlasm/x86nasm.pl +++ b/lib/libcrypto/perlasm/x86nasm.pl @@ -152,7 +152,10 @@ sub main'jle { &out1("jle NEAR",@_); } sub main'jz { &out1("jz NEAR",@_); } sub main'jge { &out1("jge NEAR",@_); } sub main'jl { &out1("jl NEAR",@_); } +sub main'ja { &out1("ja NEAR",@_); } +sub main'jae { &out1("jae NEAR",@_); } sub main'jb { &out1("jb NEAR",@_); } +sub main'jbe { &out1("jbe NEAR",@_); } sub main'jc { &out1("jc NEAR",@_); } sub main'jnc { &out1("jnc NEAR",@_); } sub main'jnz { &out1("jnz NEAR",@_); } diff --git a/lib/libcrypto/perlasm/x86unix.pl b/lib/libcrypto/perlasm/x86unix.pl index 72bde061c56..10b669bf049 100644 --- a/lib/libcrypto/perlasm/x86unix.pl +++ b/lib/libcrypto/perlasm/x86unix.pl @@ -156,7 +156,10 @@ sub main'jnz { &out1("jnz",@_); } sub main'jz { &out1("jz",@_); } sub main'jge { &out1("jge",@_); } sub main'jl { &out1("jl",@_); } +sub main'ja { &out1("ja",@_); } +sub main'jae { &out1("jae",@_); } sub main'jb { &out1("jb",@_); } +sub main'jbe { &out1("jbe",@_); } sub main'jc { &out1("jc",@_); } sub main'jnc { &out1("jnc",@_); } sub main'jno { &out1("jno",@_); } diff --git a/lib/libcrypto/pkcs7/pk7_doit.c b/lib/libcrypto/pkcs7/pk7_doit.c index 0060a2ea3df..190ca0e9bf5 100644 --- a/lib/libcrypto/pkcs7/pk7_doit.c +++ b/lib/libcrypto/pkcs7/pk7_doit.c @@ -767,6 +767,11 @@ int PKCS7_signatureVerify(BIO *bio, PKCS7 *p7, PKCS7_SIGNER_INFO *si, } if (EVP_MD_CTX_type(mdc) == md_type) break; + /* Workaround for some broken clients that put the signature + * OID instead of the digest OID in digest_alg->algorithm + */ + if (EVP_MD_pkey_type(EVP_MD_CTX_md(mdc)) == md_type) + break; btmp=BIO_next(btmp); } diff --git a/lib/libcrypto/pkcs7/pk7_mime.c b/lib/libcrypto/pkcs7/pk7_mime.c index 086d3942701..5d2a97839d2 100644 --- a/lib/libcrypto/pkcs7/pk7_mime.c +++ b/lib/libcrypto/pkcs7/pk7_mime.c @@ -3,7 +3,7 @@ * project 1999. */ /* ==================================================================== - * Copyright (c) 1999 The OpenSSL Project. All rights reserved. + * Copyright (c) 1999-2003 The OpenSSL Project. All rights reserved. * * Redistribution and use in source and binary forms, with or without * modification, are permitted provided that the following conditions @@ -101,7 +101,7 @@ static int mime_param_cmp(const MIME_PARAM * const *a, static void mime_param_free(MIME_PARAM *param); static int mime_bound_check(char *line, int linelen, char *bound, int blen); static int multi_split(BIO *bio, char *bound, STACK_OF(BIO) **ret); -static int iscrlf(char c); +static int strip_eol(char *linebuf, int *plen); static MIME_HEADER *mime_hdr_find(STACK_OF(MIME_HEADER) *hdrs, char *name); static MIME_PARAM *mime_param_find(MIME_HEADER *hdr, char *name); static void mime_hdr_free(MIME_HEADER *hdr); @@ -150,9 +150,17 @@ static PKCS7 *B64_read_PKCS7(BIO *bio) int SMIME_write_PKCS7(BIO *bio, PKCS7 *p7, BIO *data, int flags) { - char linebuf[MAX_SMLEN]; char bound[33], c; int i; + char *mime_prefix, *mime_eol; + if (flags & PKCS7_NOOLDMIMETYPE) + mime_prefix = "application/pkcs7-"; + else + mime_prefix = "application/x-pkcs7-"; + if (flags & PKCS7_CRLFEOL) + mime_eol = "\r\n"; + else + mime_eol = "\n"; if((flags & PKCS7_DETACHED) && data) { /* We want multipart/signed */ /* Generate a random boundary */ @@ -164,34 +172,42 @@ int SMIME_write_PKCS7(BIO *bio, PKCS7 *p7, BIO *data, int flags) bound[i] = c; } bound[32] = 0; - BIO_printf(bio, "MIME-Version: 1.0\n"); + BIO_printf(bio, "MIME-Version: 1.0%s", mime_eol); BIO_printf(bio, "Content-Type: multipart/signed;"); - BIO_printf(bio, " protocol=\"application/x-pkcs7-signature\";"); - BIO_printf(bio, " micalg=sha1; boundary=\"----%s\"\n\n", bound); - BIO_printf(bio, "This is an S/MIME signed message\n\n"); + BIO_printf(bio, " protocol=\"%ssignature\";", mime_prefix); + BIO_printf(bio, " micalg=sha1; boundary=\"----%s\"%s%s", + bound, mime_eol, mime_eol); + BIO_printf(bio, "This is an S/MIME signed message%s%s", + mime_eol, mime_eol); /* Now write out the first part */ - BIO_printf(bio, "------%s\n", bound); - if(flags & PKCS7_TEXT) BIO_printf(bio, "Content-Type: text/plain\n\n"); - while((i = BIO_read(data, linebuf, MAX_SMLEN)) > 0) - BIO_write(bio, linebuf, i); - BIO_printf(bio, "\n------%s\n", bound); + BIO_printf(bio, "------%s%s", bound, mime_eol); + SMIME_crlf_copy(data, bio, flags); + BIO_printf(bio, "%s------%s%s", mime_eol, bound, mime_eol); /* Headers for signature */ - BIO_printf(bio, "Content-Type: application/x-pkcs7-signature; name=\"smime.p7s\"\n"); - BIO_printf(bio, "Content-Transfer-Encoding: base64\n"); - BIO_printf(bio, "Content-Disposition: attachment; filename=\"smime.p7s\"\n\n"); + BIO_printf(bio, "Content-Type: %ssignature;", mime_prefix); + BIO_printf(bio, " name=\"smime.p7s\"%s", mime_eol); + BIO_printf(bio, "Content-Transfer-Encoding: base64%s", + mime_eol); + BIO_printf(bio, "Content-Disposition: attachment;"); + BIO_printf(bio, " filename=\"smime.p7s\"%s%s", + mime_eol, mime_eol); B64_write_PKCS7(bio, p7); - BIO_printf(bio,"\n------%s--\n\n", bound); + BIO_printf(bio,"%s------%s--%s%s", mime_eol, bound, + mime_eol, mime_eol); return 1; } /* MIME headers */ - BIO_printf(bio, "MIME-Version: 1.0\n"); - BIO_printf(bio, "Content-Disposition: attachment; filename=\"smime.p7m\"\n"); - BIO_printf(bio, "Content-Type: application/x-pkcs7-mime; name=\"smime.p7m\"\n"); - BIO_printf(bio, "Content-Transfer-Encoding: base64\n\n"); + BIO_printf(bio, "MIME-Version: 1.0%s", mime_eol); + BIO_printf(bio, "Content-Disposition: attachment;"); + BIO_printf(bio, " filename=\"smime.p7m\"%s", mime_eol); + BIO_printf(bio, "Content-Type: %smime;", mime_prefix); + BIO_printf(bio, " name=\"smime.p7m\"%s", mime_eol); + BIO_printf(bio, "Content-Transfer-Encoding: base64%s%s", + mime_eol, mime_eol); B64_write_PKCS7(bio, p7); - BIO_printf(bio, "\n"); + BIO_printf(bio, "%s", mime_eol); return 1; } @@ -316,12 +332,9 @@ int SMIME_crlf_copy(BIO *in, BIO *out, int flags) } if(flags & PKCS7_TEXT) BIO_printf(out, "Content-Type: text/plain\r\n\r\n"); while ((len = BIO_gets(in, linebuf, MAX_SMLEN)) > 0) { - eol = 0; - while(iscrlf(linebuf[len - 1])) { - len--; - eol = 1; - } - BIO_write(out, linebuf, len); + eol = strip_eol(linebuf, &len); + if (len) + BIO_write(out, linebuf, len); if(eol) BIO_write(out, "\r\n", 2); } return 1; @@ -364,6 +377,7 @@ static int multi_split(BIO *bio, char *bound, STACK_OF(BIO) **ret) { char linebuf[MAX_SMLEN]; int len, blen; + int eol = 0, next_eol = 0; BIO *bpart = NULL; STACK_OF(BIO) *parts; char state, part, first; @@ -383,26 +397,23 @@ static int multi_split(BIO *bio, char *bound, STACK_OF(BIO) **ret) sk_BIO_push(parts, bpart); return 1; } else if(part) { + /* Strip CR+LF from linebuf */ + next_eol = strip_eol(linebuf, &len); if(first) { first = 0; if(bpart) sk_BIO_push(parts, bpart); bpart = BIO_new(BIO_s_mem()); - - } else BIO_write(bpart, "\r\n", 2); - /* Strip CR+LF from linebuf */ - while(iscrlf(linebuf[len - 1])) len--; - BIO_write(bpart, linebuf, len); + BIO_set_mem_eof_return(bpart, 0); + } else if (eol) + BIO_write(bpart, "\r\n", 2); + eol = next_eol; + if (len) + BIO_write(bpart, linebuf, len); } } return 0; } -static int iscrlf(char c) -{ - if(c == '\r' || c == '\n') return 1; - return 0; -} - /* This is the big one: parse MIME header lines up to message body */ #define MIME_INVALID 0 @@ -683,3 +694,21 @@ static int mime_bound_check(char *line, int linelen, char *bound, int blen) } return 0; } + +static int strip_eol(char *linebuf, int *plen) + { + int len = *plen; + char *p, c; + int is_eol = 0; + p = linebuf + len - 1; + for (p = linebuf + len - 1; len > 0; len--, p--) + { + c = *p; + if (c == '\n') + is_eol = 1; + else if (c != '\r') + break; + } + *plen = len; + return is_eol; + } diff --git a/lib/libcrypto/pkcs7/pk7_smime.c b/lib/libcrypto/pkcs7/pk7_smime.c index f0d071e2824..6e5735de118 100644 --- a/lib/libcrypto/pkcs7/pk7_smime.c +++ b/lib/libcrypto/pkcs7/pk7_smime.c @@ -3,7 +3,7 @@ * project 1999. */ /* ==================================================================== - * Copyright (c) 1999 The OpenSSL Project. All rights reserved. + * Copyright (c) 1999-2003 The OpenSSL Project. All rights reserved. * * Redistribution and use in source and binary forms, with or without * modification, are permitted provided that the following conditions diff --git a/lib/libcrypto/pkcs7/pkcs7.h b/lib/libcrypto/pkcs7/pkcs7.h index 5819700a850..15372e18f8c 100644 --- a/lib/libcrypto/pkcs7/pkcs7.h +++ b/lib/libcrypto/pkcs7/pkcs7.h @@ -260,6 +260,8 @@ DECLARE_PKCS12_STACK_OF(PKCS7) #define PKCS7_BINARY 0x80 #define PKCS7_NOATTR 0x100 #define PKCS7_NOSMIMECAP 0x200 +#define PKCS7_NOOLDMIMETYPE 0x400 +#define PKCS7_CRLFEOL 0x800 /* Flags: for compatibility with older code */ diff --git a/lib/libcrypto/rand/rand_win.c b/lib/libcrypto/rand/rand_win.c index 113b58678f3..263068d2569 100644 --- a/lib/libcrypto/rand/rand_win.c +++ b/lib/libcrypto/rand/rand_win.c @@ -162,6 +162,7 @@ typedef BOOL (WINAPI *GETCURSORINFO)(PCURSORINFO); typedef DWORD (WINAPI *GETQUEUESTATUS)(UINT); typedef HANDLE (WINAPI *CREATETOOLHELP32SNAPSHOT)(DWORD, DWORD); +typedef BOOL (WINAPI *CLOSETOOLHELP32SNAPSHOT)(HANDLE); typedef BOOL (WINAPI *HEAP32FIRST)(LPHEAPENTRY32, DWORD, DWORD); typedef BOOL (WINAPI *HEAP32NEXT)(LPHEAPENTRY32); typedef BOOL (WINAPI *HEAP32LIST)(HANDLE, LPHEAPLIST32); @@ -431,7 +432,7 @@ int RAND_poll(void) * This seeding method was proposed in Peter Gutmann, Software * Generation of Practically Strong Random Numbers, * http://www.usenix.org/publications/library/proceedings/sec98/gutmann.html - * revised version at http://www.cryptoengines.com/~peter/06_random.pdf + * revised version at http://www.cryptoengines.com/~peter/06_random.pdf * (The assignment of entropy estimates below is arbitrary, but based * on Peter's analysis the full poll appears to be safe. Additional * interactive seeding is encouraged.) @@ -440,6 +441,7 @@ int RAND_poll(void) if (kernel) { CREATETOOLHELP32SNAPSHOT snap; + CLOSETOOLHELP32SNAPSHOT close_snap; HANDLE handle; HEAP32FIRST heap_first; @@ -457,6 +459,8 @@ int RAND_poll(void) snap = (CREATETOOLHELP32SNAPSHOT) GetProcAddress(kernel, TEXT("CreateToolhelp32Snapshot")); + close_snap = (CLOSETOOLHELP32SNAPSHOT) + GetProcAddress(kernel, TEXT("CloseToolhelp32Snapshot")); heap_first = (HEAP32FIRST) GetProcAddress(kernel, TEXT("Heap32First")); heap_next = (HEAP32NEXT) GetProcAddress(kernel, TEXT("Heap32Next")); heaplist_first = (HEAP32LIST) GetProcAddress(kernel, TEXT("Heap32ListFirst")); @@ -472,7 +476,7 @@ int RAND_poll(void) heaplist_next && process_first && process_next && thread_first && thread_next && module_first && module_next && (handle = snap(TH32CS_SNAPALL,0)) - != NULL) + != INVALID_HANDLE_VALUE) { /* heap list and heap walking */ /* HEAPLIST32 contains 3 fields that will change with @@ -534,8 +538,10 @@ int RAND_poll(void) do RAND_add(&m, m.dwSize, 9); while (module_next(handle, &m)); - - CloseHandle(handle); + if (close_snap) + close_snap(handle); + else + CloseHandle(handle); } FreeLibrary(kernel); diff --git a/lib/libcrypto/rsa/rsa.h b/lib/libcrypto/rsa/rsa.h index e26a68b4828..62fa745f79e 100644 --- a/lib/libcrypto/rsa/rsa.h +++ b/lib/libcrypto/rsa/rsa.h @@ -158,11 +158,6 @@ struct rsa_st #define RSA_FLAG_CACHE_PUBLIC 0x02 #define RSA_FLAG_CACHE_PRIVATE 0x04 #define RSA_FLAG_BLINDING 0x08 -#define RSA_FLAG_NO_BLINDING 0x80 /* new with 0.9.6j and 0.9.7b; the built-in - * RSA implementation now uses blinding by - * default (ignoring RSA_FLAG_BLINDING), - * but other engines might not need it - */ #define RSA_FLAG_THREAD_SAFE 0x10 /* This flag means the private key operations will be handled by rsa_mod_exp * and that they do not depend on the private key components being present: @@ -175,7 +170,11 @@ struct rsa_st */ #define RSA_FLAG_SIGN_VER 0x40 -#define RSA_FLAG_NO_BLINDING 0x80 +#define RSA_FLAG_NO_BLINDING 0x80 /* new with 0.9.6j and 0.9.7b; the built-in + * RSA implementation now uses blinding by + * default (ignoring RSA_FLAG_BLINDING), + * but other engines might not need it + */ #define RSA_PKCS1_PADDING 1 #define RSA_SSLV23_PADDING 2 diff --git a/lib/libcrypto/rsa/rsa_eay.c b/lib/libcrypto/rsa/rsa_eay.c index 027b4dc754f..e0d286266e0 100644 --- a/lib/libcrypto/rsa/rsa_eay.c +++ b/lib/libcrypto/rsa/rsa_eay.c @@ -484,6 +484,8 @@ err: if (ctx != NULL) BN_CTX_free(ctx); BN_clear_free(&f); BN_clear_free(&ret); + if (local_blinding) + BN_BLINDING_free(blinding); if (buf != NULL) { OPENSSL_cleanse(buf,num); diff --git a/lib/libcrypto/rsa/rsa_lib.c b/lib/libcrypto/rsa/rsa_lib.c index 53c5092014b..e4d622851ee 100644 --- a/lib/libcrypto/rsa/rsa_lib.c +++ b/lib/libcrypto/rsa/rsa_lib.c @@ -316,7 +316,7 @@ void RSA_blinding_off(RSA *rsa) int RSA_blinding_on(RSA *rsa, BN_CTX *p_ctx) { - BIGNUM *A,*Ai; + BIGNUM *A,*Ai = NULL; BN_CTX *ctx; int ret=0; @@ -327,8 +327,12 @@ int RSA_blinding_on(RSA *rsa, BN_CTX *p_ctx) else ctx=p_ctx; + /* XXXXX: Shouldn't this be RSA_blinding_off(rsa)? */ if (rsa->blinding != NULL) + { BN_BLINDING_free(rsa->blinding); + rsa->blinding = NULL; + } /* NB: similar code appears in setup_blinding (rsa_eay.c); * this should be placed in a new function of its own, but for reasons @@ -356,9 +360,9 @@ int RSA_blinding_on(RSA *rsa, BN_CTX *p_ctx) rsa->blinding->thread_id = CRYPTO_thread_id(); rsa->flags |= RSA_FLAG_BLINDING; rsa->flags &= ~RSA_FLAG_NO_BLINDING; - BN_free(Ai); ret=1; err: + if (Ai != NULL) BN_free(Ai); BN_CTX_end(ctx); if (ctx != p_ctx) BN_CTX_free(ctx); return(ret); diff --git a/lib/libcrypto/util/libeay.num b/lib/libcrypto/util/libeay.num index f5c8c0be8a0..203c7713e72 100644 --- a/lib/libcrypto/util/libeay.num +++ b/lib/libcrypto/util/libeay.num @@ -2801,3 +2801,5 @@ BIO_indent 3242 EXIST::FUNCTION: BUF_strlcpy 3243 EXIST::FUNCTION: OpenSSLDie 3244 EXIST::FUNCTION: OPENSSL_cleanse 3245 EXIST::FUNCTION: +ENGINE_setup_bsd_cryptodev 3246 EXIST:__FreeBSD__:FUNCTION:ENGINE +ERR_release_err_state_table 3247 EXIST::FUNCTION:LHASH diff --git a/lib/libcrypto/util/pl/Mingw32.pl b/lib/libcrypto/util/pl/Mingw32.pl index 043a3a53ee2..4bee638c4a6 100644 --- a/lib/libcrypto/util/pl/Mingw32.pl +++ b/lib/libcrypto/util/pl/Mingw32.pl @@ -85,7 +85,7 @@ sub do_lib_rule ($Name=$name) =~ tr/a-z/A-Z/; $ret.="$target: \$(${Name}OBJ)\n"; - $ret.="\t\$(RM) $target\n"; + $ret.="\tif exist $target \$(RM) $target\n"; $ret.="\t\$(MKLIB) $target \$(${Name}OBJ)\n"; $ret.="\t\$(RANLIB) $target\n\n"; } diff --git a/lib/libcrypto/util/point.sh b/lib/libcrypto/util/point.sh index ce7dcc56dfa..4790e08f8a6 100644 --- a/lib/libcrypto/util/point.sh +++ b/lib/libcrypto/util/point.sh @@ -1,10 +1,10 @@ #!/bin/sh -rm -f $2 +rm -f "$2" if test "$OSTYPE" = msdosdjgpp; then - cp $1 $2 + cp "$1" "$2" else - ln -s $1 $2 + ln -s "$1" "$2" fi echo "$2 => $1" diff --git a/lib/libcrypto/x509/x509_trs.c b/lib/libcrypto/x509/x509_trs.c index 17d69ac005b..881252608d1 100644 --- a/lib/libcrypto/x509/x509_trs.c +++ b/lib/libcrypto/x509/x509_trs.c @@ -82,6 +82,7 @@ static X509_TRUST trstandard[] = { {X509_TRUST_SSL_CLIENT, 0, trust_1oidany, "SSL Client", NID_client_auth, NULL}, {X509_TRUST_SSL_SERVER, 0, trust_1oidany, "SSL Server", NID_server_auth, NULL}, {X509_TRUST_EMAIL, 0, trust_1oidany, "S/MIME email", NID_email_protect, NULL}, +{X509_TRUST_OBJECT_SIGN, 0, trust_1oidany, "Object Signer", NID_code_sign, NULL}, {X509_TRUST_OCSP_SIGN, 0, trust_1oid, "OCSP responder", NID_OCSP_sign, NULL}, {X509_TRUST_OCSP_REQUEST, 0, trust_1oid, "OCSP request", NID_ad_OCSP, NULL} }; diff --git a/lib/libcrypto/x509/x509_vfy.c b/lib/libcrypto/x509/x509_vfy.c index 04997ba4565..2bb21b443ec 100644 --- a/lib/libcrypto/x509/x509_vfy.c +++ b/lib/libcrypto/x509/x509_vfy.c @@ -453,9 +453,9 @@ static int check_revocation(X509_STORE_CTX *ctx) if (!(ctx->flags & X509_V_FLAG_CRL_CHECK)) return 1; if (ctx->flags & X509_V_FLAG_CRL_CHECK_ALL) - last = 0; - else last = sk_X509_num(ctx->chain) - 1; + else + last = 0; for(i = 0; i <= last; i++) { ctx->error_depth = i; diff --git a/lib/libcrypto/x509/x509type.c b/lib/libcrypto/x509/x509type.c index 8e78b344581..f78c2a6b438 100644 --- a/lib/libcrypto/x509/x509type.c +++ b/lib/libcrypto/x509/x509type.c @@ -99,14 +99,15 @@ int X509_certificate_type(X509 *x, EVP_PKEY *pkey) case EVP_PKEY_RSA: ret|=EVP_PKS_RSA; break; - case EVP_PKS_DSA: + case EVP_PKEY_DSA: ret|=EVP_PKS_DSA; break; default: break; } - if (EVP_PKEY_size(pk) <= 512) + if (EVP_PKEY_size(pk) <= 512/8) /* /8 because it's 512 bits we look + for, not bytes */ ret|=EVP_PKT_EXP; if(pkey==NULL) EVP_PKEY_free(pk); return(ret); diff --git a/lib/libcrypto/x509v3/v3_conf.c b/lib/libcrypto/x509v3/v3_conf.c index 1a3448e1217..1284d5aaa54 100644 --- a/lib/libcrypto/x509v3/v3_conf.c +++ b/lib/libcrypto/x509v3/v3_conf.c @@ -236,7 +236,7 @@ static int v3_check_critical(char **value) static int v3_check_generic(char **value) { char *p = *value; - if ((strlen(p) < 4) || strncmp(p, "DER:,", 4)) return 0; + if ((strlen(p) < 4) || strncmp(p, "DER:", 4)) return 0; p+=4; while (isspace((unsigned char)*p)) p++; *value = p; diff --git a/lib/libcrypto/x509v3/v3_cpols.c b/lib/libcrypto/x509v3/v3_cpols.c index 0d4ab1f6803..0d554f3a2c9 100644 --- a/lib/libcrypto/x509v3/v3_cpols.c +++ b/lib/libcrypto/x509v3/v3_cpols.c @@ -73,7 +73,7 @@ static POLICYINFO *policy_section(X509V3_CTX *ctx, STACK_OF(CONF_VALUE) *polstrs, int ia5org); static POLICYQUALINFO *notice_section(X509V3_CTX *ctx, STACK_OF(CONF_VALUE) *unot, int ia5org); -static STACK_OF(ASN1_INTEGER) *nref_nos(STACK_OF(CONF_VALUE) *nos); +static int nref_nos(STACK_OF(ASN1_INTEGER) *nnums, STACK_OF(CONF_VALUE) *nos); X509V3_EXT_METHOD v3_cpols = { NID_certificate_policies, 0,ASN1_ITEM_ref(CERTIFICATEPOLICIES), @@ -226,6 +226,8 @@ static POLICYINFO *policy_section(X509V3_CTX *ctx, qual = notice_section(ctx, unot, ia5org); X509V3_section_free(ctx, unot); if(!qual) goto err; + if(!pol->qualifiers) pol->qualifiers = + sk_POLICYQUALINFO_new_null(); if(!sk_POLICYQUALINFO_push(pol->qualifiers, qual)) goto merr; } else { @@ -255,7 +257,7 @@ static POLICYINFO *policy_section(X509V3_CTX *ctx, static POLICYQUALINFO *notice_section(X509V3_CTX *ctx, STACK_OF(CONF_VALUE) *unot, int ia5org) { - int i; + int i, ret; CONF_VALUE *cnf; USERNOTICE *not; POLICYQUALINFO *qual; @@ -275,8 +277,8 @@ static POLICYQUALINFO *notice_section(X509V3_CTX *ctx, if(!(nref = NOTICEREF_new())) goto merr; not->noticeref = nref; } else nref = not->noticeref; - if(ia5org) nref->organization = M_ASN1_IA5STRING_new(); - else nref->organization = M_ASN1_VISIBLESTRING_new(); + if(ia5org) nref->organization->type = V_ASN1_IA5STRING; + else nref->organization->type = V_ASN1_VISIBLESTRING; if(!ASN1_STRING_set(nref->organization, cnf->value, strlen(cnf->value))) goto merr; } else if(!strcmp(cnf->name, "noticeNumbers")) { @@ -292,12 +294,12 @@ static POLICYQUALINFO *notice_section(X509V3_CTX *ctx, X509V3_conf_err(cnf); goto err; } - nref->noticenos = nref_nos(nos); + ret = nref_nos(nref->noticenos, nos); sk_CONF_VALUE_pop_free(nos, X509V3_conf_free); - if(!nref->noticenos) goto err; + if (!ret) + goto err; } else { X509V3err(X509V3_F_NOTICE_SECTION,X509V3_R_INVALID_OPTION); - X509V3_conf_err(cnf); goto err; } @@ -319,15 +321,13 @@ static POLICYQUALINFO *notice_section(X509V3_CTX *ctx, return NULL; } -static STACK_OF(ASN1_INTEGER) *nref_nos(STACK_OF(CONF_VALUE) *nos) +static int nref_nos(STACK_OF(ASN1_INTEGER) *nnums, STACK_OF(CONF_VALUE) *nos) { - STACK_OF(ASN1_INTEGER) *nnums; CONF_VALUE *cnf; ASN1_INTEGER *aint; int i; - if(!(nnums = sk_ASN1_INTEGER_new_null())) goto merr; for(i = 0; i < sk_CONF_VALUE_num(nos); i++) { cnf = sk_CONF_VALUE_value(nos, i); if(!(aint = s2i_ASN1_INTEGER(NULL, cnf->name))) { @@ -336,14 +336,14 @@ static STACK_OF(ASN1_INTEGER) *nref_nos(STACK_OF(CONF_VALUE) *nos) } if(!sk_ASN1_INTEGER_push(nnums, aint)) goto merr; } - return nnums; + return 1; merr: X509V3err(X509V3_F_NOTICE_SECTION,ERR_R_MALLOC_FAILURE); err: sk_ASN1_INTEGER_pop_free(nnums, ASN1_STRING_free); - return NULL; + return 0; } diff --git a/lib/libcrypto/x509v3/v3_lib.c b/lib/libcrypto/x509v3/v3_lib.c index 482ca8ccf5d..ca5a4a4a570 100644 --- a/lib/libcrypto/x509v3/v3_lib.c +++ b/lib/libcrypto/x509v3/v3_lib.c @@ -202,6 +202,7 @@ void *X509V3_get_d2i(STACK_OF(X509_EXTENSION) *x, int nid, int *crit, int *idx) if(OBJ_obj2nid(ex->object) == nid) { if(idx) { *idx = i; + found_ex = ex; break; } else if(found_ex) { /* Found more than one */ diff --git a/lib/libcrypto/x509v3/v3_prn.c b/lib/libcrypto/x509v3/v3_prn.c index 754808b6257..5d268eb7682 100644 --- a/lib/libcrypto/x509v3/v3_prn.c +++ b/lib/libcrypto/x509v3/v3_prn.c @@ -184,7 +184,7 @@ int X509V3_extensions_print(BIO *bp, char *title, STACK_OF(X509_EXTENSION) *exts j=X509_EXTENSION_get_critical(ex); if (BIO_printf(bp,": %s\n",j?"critical":"","") <= 0) return 0; - if(!X509V3_EXT_print(bp, ex, flag, 12)) + if(!X509V3_EXT_print(bp, ex, flag, indent + 4)) { BIO_printf(bp, "%*s", indent + 4, ""); M_ASN1_OCTET_STRING_print(bp,ex->value); |