diff options
246 files changed, 4057 insertions, 3138 deletions
diff --git a/lib/libcrypto/aes/aes.h b/lib/libcrypto/aes/aes.h index baf0222d49d..450f2b4051b 100644 --- a/lib/libcrypto/aes/aes.h +++ b/lib/libcrypto/aes/aes.h @@ -66,6 +66,10 @@ #define AES_MAXNR 14 #define AES_BLOCK_SIZE 16 +#ifdef OPENSSL_FIPS +#define FIPS_AES_SIZE_T int +#endif + #ifdef __cplusplus extern "C" { #endif diff --git a/lib/libcrypto/aes/aes_cbc.c b/lib/libcrypto/aes/aes_cbc.c index d2ba6bcdb46..373864cd4bd 100644 --- a/lib/libcrypto/aes/aes_cbc.c +++ b/lib/libcrypto/aes/aes_cbc.c @@ -59,6 +59,7 @@ #include <openssl/aes.h> #include "aes_locl.h" +#if !defined(OPENSSL_FIPS_AES_ASM) void AES_cbc_encrypt(const unsigned char *in, unsigned char *out, const unsigned long length, const AES_KEY *key, unsigned char *ivec, const int enc) { @@ -129,3 +130,4 @@ void AES_cbc_encrypt(const unsigned char *in, unsigned char *out, } } } +#endif diff --git a/lib/libcrypto/aes/aes_core.c b/lib/libcrypto/aes/aes_core.c index 3a80e18b0a4..cffdd4daec4 100644 --- a/lib/libcrypto/aes/aes_core.c +++ b/lib/libcrypto/aes/aes_core.c @@ -37,6 +37,10 @@ #include <stdlib.h> #include <openssl/aes.h> +#ifdef OPENSSL_FIPS +#include <openssl/fips.h> +#endif + #include "aes_locl.h" /* @@ -631,6 +635,10 @@ int AES_set_encrypt_key(const unsigned char *userKey, const int bits, int i = 0; u32 temp; +#ifdef OPENSSL_FIPS + FIPS_selftest_check(); +#endif + if (!userKey || !key) return -1; if (bits != 128 && bits != 192 && bits != 256) diff --git a/lib/libcrypto/aes/asm/aes-586.pl b/lib/libcrypto/aes/asm/aes-586.pl index 3da307bef94..e771e839535 100644 --- a/lib/libcrypto/aes/asm/aes-586.pl +++ b/lib/libcrypto/aes/asm/aes-586.pl @@ -955,8 +955,9 @@ my $mark=&DWP(60+240,"esp"); #copy of aes_key->rounds &align (4); &set_label("enc_tail"); - &push ($key eq "edi" ? $key : ""); # push ivp + &mov ($s0,$key eq "edi" ? $key : ""); &mov ($key,$_out); # load out + &push ($s0); # push ivp &mov ($s1,16); &sub ($s1,$s2); &cmp ($key,$acc); # compare with inp diff --git a/lib/libcrypto/asn1/a_mbstr.c b/lib/libcrypto/asn1/a_mbstr.c index 2d4800a22a4..1bcd0468938 100644 --- a/lib/libcrypto/asn1/a_mbstr.c +++ b/lib/libcrypto/asn1/a_mbstr.c @@ -1,5 +1,5 @@ /* a_mbstr.c */ -/* Written by Dr Stephen N Henson (shenson@bigfoot.com) for the OpenSSL +/* Written by Dr Stephen N Henson (steve@openssl.org) for the OpenSSL * project 1999. */ /* ==================================================================== diff --git a/lib/libcrypto/asn1/a_sign.c b/lib/libcrypto/asn1/a_sign.c index 1081950518c..4dee45fbb83 100644 --- a/lib/libcrypto/asn1/a_sign.c +++ b/lib/libcrypto/asn1/a_sign.c @@ -267,7 +267,12 @@ int ASN1_item_sign(const ASN1_ITEM *it, X509_ALGOR *algor1, X509_ALGOR *algor2, goto err; } - EVP_SignInit_ex(&ctx,type, NULL); + if (!EVP_SignInit_ex(&ctx,type, NULL)) + { + outl=0; + ASN1err(ASN1_F_ASN1_ITEM_SIGN,ERR_R_EVP_LIB); + goto err; + } EVP_SignUpdate(&ctx,(unsigned char *)buf_in,inl); if (!EVP_SignFinal(&ctx,(unsigned char *)buf_out, (unsigned int *)&outl,pkey)) diff --git a/lib/libcrypto/asn1/a_strex.c b/lib/libcrypto/asn1/a_strex.c index c2dbb6f9a58..7fc14d3296c 100644 --- a/lib/libcrypto/asn1/a_strex.c +++ b/lib/libcrypto/asn1/a_strex.c @@ -1,5 +1,5 @@ /* a_strex.c */ -/* Written by Dr Stephen N Henson (shenson@bigfoot.com) for the OpenSSL +/* Written by Dr Stephen N Henson (steve@openssl.org) for the OpenSSL * project 2000. */ /* ==================================================================== diff --git a/lib/libcrypto/asn1/a_strnid.c b/lib/libcrypto/asn1/a_strnid.c index 613bbc4a7da..fe515b52bae 100644 --- a/lib/libcrypto/asn1/a_strnid.c +++ b/lib/libcrypto/asn1/a_strnid.c @@ -1,5 +1,5 @@ /* a_strnid.c */ -/* Written by Dr Stephen N Henson (shenson@bigfoot.com) for the OpenSSL +/* Written by Dr Stephen N Henson (steve@openssl.org) for the OpenSSL * project 1999. */ /* ==================================================================== diff --git a/lib/libcrypto/asn1/a_verify.c b/lib/libcrypto/asn1/a_verify.c index fdce6e4380b..da3efaaf8de 100644 --- a/lib/libcrypto/asn1/a_verify.c +++ b/lib/libcrypto/asn1/a_verify.c @@ -100,7 +100,12 @@ int ASN1_verify(i2d_of_void *i2d, X509_ALGOR *a, ASN1_BIT_STRING *signature, p=buf_in; i2d(data,&p); - EVP_VerifyInit_ex(&ctx,type, NULL); + if (!EVP_VerifyInit_ex(&ctx,type, NULL)) + { + ASN1err(ASN1_F_ASN1_VERIFY,ERR_R_EVP_LIB); + ret=0; + goto err; + } EVP_VerifyUpdate(&ctx,(unsigned char *)buf_in,inl); OPENSSL_cleanse(buf_in,(unsigned int)inl); diff --git a/lib/libcrypto/asn1/asn1t.h b/lib/libcrypto/asn1/asn1t.h index bf315e65ed3..ac14f9415b8 100644 --- a/lib/libcrypto/asn1/asn1t.h +++ b/lib/libcrypto/asn1/asn1t.h @@ -1,5 +1,5 @@ /* asn1t.h */ -/* Written by Dr Stephen N Henson (shenson@bigfoot.com) for the OpenSSL +/* Written by Dr Stephen N Henson (steve@openssl.org) for the OpenSSL * project 2000. */ /* ==================================================================== diff --git a/lib/libcrypto/asn1/asn_moid.c b/lib/libcrypto/asn1/asn_moid.c index 9132350f107..1ea6a592483 100644 --- a/lib/libcrypto/asn1/asn_moid.c +++ b/lib/libcrypto/asn1/asn_moid.c @@ -1,5 +1,5 @@ /* asn_moid.c */ -/* Written by Stephen Henson (shenson@bigfoot.com) for the OpenSSL +/* Written by Stephen Henson (steve@openssl.org) for the OpenSSL * project 2001. */ /* ==================================================================== diff --git a/lib/libcrypto/asn1/asn_pack.c b/lib/libcrypto/asn1/asn_pack.c index e8b671b7b51..f1a5a056322 100644 --- a/lib/libcrypto/asn1/asn_pack.c +++ b/lib/libcrypto/asn1/asn_pack.c @@ -1,5 +1,5 @@ /* asn_pack.c */ -/* Written by Dr Stephen N Henson (shenson@bigfoot.com) for the OpenSSL +/* Written by Dr Stephen N Henson (steve@openssl.org) for the OpenSSL * project 1999. */ /* ==================================================================== diff --git a/lib/libcrypto/asn1/nsseq.c b/lib/libcrypto/asn1/nsseq.c index 50e2d4d07a1..e551c57d59d 100644 --- a/lib/libcrypto/asn1/nsseq.c +++ b/lib/libcrypto/asn1/nsseq.c @@ -1,5 +1,5 @@ /* nsseq.c */ -/* Written by Dr Stephen N Henson (shenson@bigfoot.com) for the OpenSSL +/* Written by Dr Stephen N Henson (steve@openssl.org) for the OpenSSL * project 1999. */ /* ==================================================================== diff --git a/lib/libcrypto/asn1/p5_pbe.c b/lib/libcrypto/asn1/p5_pbe.c index da91170094b..c4582f8041e 100644 --- a/lib/libcrypto/asn1/p5_pbe.c +++ b/lib/libcrypto/asn1/p5_pbe.c @@ -1,5 +1,5 @@ /* p5_pbe.c */ -/* Written by Dr Stephen N Henson (shenson@bigfoot.com) for the OpenSSL +/* Written by Dr Stephen N Henson (steve@openssl.org) for the OpenSSL * project 1999. */ /* ==================================================================== diff --git a/lib/libcrypto/asn1/p5_pbev2.c b/lib/libcrypto/asn1/p5_pbev2.c index c834a38ddf3..2b0516afeed 100644 --- a/lib/libcrypto/asn1/p5_pbev2.c +++ b/lib/libcrypto/asn1/p5_pbev2.c @@ -1,5 +1,5 @@ /* p5_pbev2.c */ -/* Written by Dr Stephen N Henson (shenson@bigfoot.com) for the OpenSSL +/* Written by Dr Stephen N Henson (steve@openssl.org) for the OpenSSL * project 1999-2004. */ /* ==================================================================== diff --git a/lib/libcrypto/asn1/p8_pkey.c b/lib/libcrypto/asn1/p8_pkey.c index 24b409132f5..0a1957556e5 100644 --- a/lib/libcrypto/asn1/p8_pkey.c +++ b/lib/libcrypto/asn1/p8_pkey.c @@ -1,5 +1,5 @@ /* p8_pkey.c */ -/* Written by Dr Stephen N Henson (shenson@bigfoot.com) for the OpenSSL +/* Written by Dr Stephen N Henson (steve@openssl.org) for the OpenSSL * project 1999. */ /* ==================================================================== diff --git a/lib/libcrypto/asn1/t_bitst.c b/lib/libcrypto/asn1/t_bitst.c index 397332d9b8e..2e59a25fa1e 100644 --- a/lib/libcrypto/asn1/t_bitst.c +++ b/lib/libcrypto/asn1/t_bitst.c @@ -1,5 +1,5 @@ /* t_bitst.c */ -/* Written by Dr Stephen N Henson (shenson@bigfoot.com) for the OpenSSL +/* Written by Dr Stephen N Henson (steve@openssl.org) for the OpenSSL * project 1999. */ /* ==================================================================== diff --git a/lib/libcrypto/asn1/t_crl.c b/lib/libcrypto/asn1/t_crl.c index 929b3e59043..bdb244c015b 100644 --- a/lib/libcrypto/asn1/t_crl.c +++ b/lib/libcrypto/asn1/t_crl.c @@ -1,5 +1,5 @@ /* t_crl.c */ -/* Written by Dr Stephen N Henson (shenson@bigfoot.com) for the OpenSSL +/* Written by Dr Stephen N Henson (steve@openssl.org) for the OpenSSL * project 1999. */ /* ==================================================================== diff --git a/lib/libcrypto/asn1/t_spki.c b/lib/libcrypto/asn1/t_spki.c index c2a5797dd8b..a73369b9492 100644 --- a/lib/libcrypto/asn1/t_spki.c +++ b/lib/libcrypto/asn1/t_spki.c @@ -1,5 +1,5 @@ /* t_spki.c */ -/* Written by Dr Stephen N Henson (shenson@bigfoot.com) for the OpenSSL +/* Written by Dr Stephen N Henson (steve@openssl.org) for the OpenSSL * project 1999. */ /* ==================================================================== diff --git a/lib/libcrypto/asn1/t_x509.c b/lib/libcrypto/asn1/t_x509.c index cb76c32c8d0..8f746f9c051 100644 --- a/lib/libcrypto/asn1/t_x509.c +++ b/lib/libcrypto/asn1/t_x509.c @@ -393,7 +393,7 @@ int ASN1_GENERALIZEDTIME_print(BIO *bp, ASN1_GENERALIZEDTIME *tm) d= (v[6]-'0')*10+(v[7]-'0'); h= (v[8]-'0')*10+(v[9]-'0'); m= (v[10]-'0')*10+(v[11]-'0'); - if (i >= 14 && + if (tm->length >= 14 && (v[12] >= '0') && (v[12] <= '9') && (v[13] >= '0') && (v[13] <= '9')) s= (v[12]-'0')*10+(v[13]-'0'); @@ -429,7 +429,7 @@ int ASN1_UTCTIME_print(BIO *bp, ASN1_UTCTIME *tm) d= (v[4]-'0')*10+(v[5]-'0'); h= (v[6]-'0')*10+(v[7]-'0'); m= (v[8]-'0')*10+(v[9]-'0'); - if (i >=12 && + if (tm->length >=12 && (v[10] >= '0') && (v[10] <= '9') && (v[11] >= '0') && (v[11] <= '9')) s= (v[10]-'0')*10+(v[11]-'0'); diff --git a/lib/libcrypto/asn1/t_x509a.c b/lib/libcrypto/asn1/t_x509a.c index ffbbfb51f43..8b18801a173 100644 --- a/lib/libcrypto/asn1/t_x509a.c +++ b/lib/libcrypto/asn1/t_x509a.c @@ -1,5 +1,5 @@ /* t_x509a.c */ -/* Written by Dr Stephen N Henson (shenson@bigfoot.com) for the OpenSSL +/* Written by Dr Stephen N Henson (steve@openssl.org) for the OpenSSL * project 1999. */ /* ==================================================================== diff --git a/lib/libcrypto/asn1/tasn_dec.c b/lib/libcrypto/asn1/tasn_dec.c index 0ee406231e7..ced641698eb 100644 --- a/lib/libcrypto/asn1/tasn_dec.c +++ b/lib/libcrypto/asn1/tasn_dec.c @@ -1,5 +1,5 @@ /* tasn_dec.c */ -/* Written by Dr Stephen N Henson (shenson@bigfoot.com) for the OpenSSL +/* Written by Dr Stephen N Henson (steve@openssl.org) for the OpenSSL * project 2000. */ /* ==================================================================== diff --git a/lib/libcrypto/asn1/tasn_enc.c b/lib/libcrypto/asn1/tasn_enc.c index be19b36acd5..2721f904a63 100644 --- a/lib/libcrypto/asn1/tasn_enc.c +++ b/lib/libcrypto/asn1/tasn_enc.c @@ -1,5 +1,5 @@ /* tasn_enc.c */ -/* Written by Dr Stephen N Henson (shenson@bigfoot.com) for the OpenSSL +/* Written by Dr Stephen N Henson (steve@openssl.org) for the OpenSSL * project 2000. */ /* ==================================================================== diff --git a/lib/libcrypto/asn1/tasn_fre.c b/lib/libcrypto/asn1/tasn_fre.c index bb7c1e2af48..d7c017fa1d4 100644 --- a/lib/libcrypto/asn1/tasn_fre.c +++ b/lib/libcrypto/asn1/tasn_fre.c @@ -1,5 +1,5 @@ /* tasn_fre.c */ -/* Written by Dr Stephen N Henson (shenson@bigfoot.com) for the OpenSSL +/* Written by Dr Stephen N Henson (steve@openssl.org) for the OpenSSL * project 2000. */ /* ==================================================================== diff --git a/lib/libcrypto/asn1/tasn_new.c b/lib/libcrypto/asn1/tasn_new.c index 531dad365c0..5c6a2ebd4d0 100644 --- a/lib/libcrypto/asn1/tasn_new.c +++ b/lib/libcrypto/asn1/tasn_new.c @@ -1,5 +1,5 @@ /* tasn_new.c */ -/* Written by Dr Stephen N Henson (shenson@bigfoot.com) for the OpenSSL +/* Written by Dr Stephen N Henson (steve@openssl.org) for the OpenSSL * project 2000. */ /* ==================================================================== diff --git a/lib/libcrypto/asn1/tasn_prn.c b/lib/libcrypto/asn1/tasn_prn.c index 719639b511f..b9c96a6dbe1 100644 --- a/lib/libcrypto/asn1/tasn_prn.c +++ b/lib/libcrypto/asn1/tasn_prn.c @@ -1,5 +1,5 @@ /* tasn_prn.c */ -/* Written by Dr Stephen N Henson (shenson@bigfoot.com) for the OpenSSL +/* Written by Dr Stephen N Henson (steve@openssl.org) for the OpenSSL * project 2000. */ /* ==================================================================== diff --git a/lib/libcrypto/asn1/tasn_typ.c b/lib/libcrypto/asn1/tasn_typ.c index 6f17f1bec71..6252213d15f 100644 --- a/lib/libcrypto/asn1/tasn_typ.c +++ b/lib/libcrypto/asn1/tasn_typ.c @@ -1,5 +1,5 @@ /* tasn_typ.c */ -/* Written by Dr Stephen N Henson (shenson@bigfoot.com) for the OpenSSL +/* Written by Dr Stephen N Henson (steve@openssl.org) for the OpenSSL * project 2000. */ /* ==================================================================== diff --git a/lib/libcrypto/asn1/tasn_utl.c b/lib/libcrypto/asn1/tasn_utl.c index 34d520b180a..ca9ec7a32f5 100644 --- a/lib/libcrypto/asn1/tasn_utl.c +++ b/lib/libcrypto/asn1/tasn_utl.c @@ -1,5 +1,5 @@ /* tasn_utl.c */ -/* Written by Dr Stephen N Henson (shenson@bigfoot.com) for the OpenSSL +/* Written by Dr Stephen N Henson (steve@openssl.org) for the OpenSSL * project 2000. */ /* ==================================================================== diff --git a/lib/libcrypto/asn1/x_algor.c b/lib/libcrypto/asn1/x_algor.c index 33533aba862..99e53429b79 100644 --- a/lib/libcrypto/asn1/x_algor.c +++ b/lib/libcrypto/asn1/x_algor.c @@ -1,5 +1,5 @@ /* x_algor.c */ -/* Written by Dr Stephen N Henson (shenson@bigfoot.com) for the OpenSSL +/* Written by Dr Stephen N Henson (steve@openssl.org) for the OpenSSL * project 2000. */ /* ==================================================================== diff --git a/lib/libcrypto/asn1/x_bignum.c b/lib/libcrypto/asn1/x_bignum.c index 869c05d931d..9cf3204a1b5 100644 --- a/lib/libcrypto/asn1/x_bignum.c +++ b/lib/libcrypto/asn1/x_bignum.c @@ -1,5 +1,5 @@ /* x_bignum.c */ -/* Written by Dr Stephen N Henson (shenson@bigfoot.com) for the OpenSSL +/* Written by Dr Stephen N Henson (steve@openssl.org) for the OpenSSL * project 2000. */ /* ==================================================================== diff --git a/lib/libcrypto/asn1/x_exten.c b/lib/libcrypto/asn1/x_exten.c index 1732e667125..3a21239926a 100644 --- a/lib/libcrypto/asn1/x_exten.c +++ b/lib/libcrypto/asn1/x_exten.c @@ -1,5 +1,5 @@ /* x_exten.c */ -/* Written by Dr Stephen N Henson (shenson@bigfoot.com) for the OpenSSL +/* Written by Dr Stephen N Henson (steve@openssl.org) for the OpenSSL * project 2000. */ /* ==================================================================== diff --git a/lib/libcrypto/asn1/x_long.c b/lib/libcrypto/asn1/x_long.c index 0db233cb95f..bf35457c1f7 100644 --- a/lib/libcrypto/asn1/x_long.c +++ b/lib/libcrypto/asn1/x_long.c @@ -1,5 +1,5 @@ /* x_long.c */ -/* Written by Dr Stephen N Henson (shenson@bigfoot.com) for the OpenSSL +/* Written by Dr Stephen N Henson (steve@openssl.org) for the OpenSSL * project 2000. */ /* ==================================================================== diff --git a/lib/libcrypto/asn1/x_x509a.c b/lib/libcrypto/asn1/x_x509a.c index 13db5fd03fd..b603f82de71 100644 --- a/lib/libcrypto/asn1/x_x509a.c +++ b/lib/libcrypto/asn1/x_x509a.c @@ -1,5 +1,5 @@ /* a_x509a.c */ -/* Written by Dr Stephen N Henson (shenson@bigfoot.com) for the OpenSSL +/* Written by Dr Stephen N Henson (steve@openssl.org) for the OpenSSL * project 1999. */ /* ==================================================================== diff --git a/lib/libcrypto/bf/bf_skey.c b/lib/libcrypto/bf/bf_skey.c index 3673cdee6e2..6ac2aeb2795 100644 --- a/lib/libcrypto/bf/bf_skey.c +++ b/lib/libcrypto/bf/bf_skey.c @@ -59,10 +59,15 @@ #include <stdio.h> #include <string.h> #include <openssl/blowfish.h> +#include <openssl/crypto.h> +#ifdef OPENSSL_FIPS +#include <openssl/fips.h> +#endif + #include "bf_locl.h" #include "bf_pi.h" -void BF_set_key(BF_KEY *key, int len, const unsigned char *data) +FIPS_NON_FIPS_VCIPHER_Init(BF) { int i; BF_LONG *p,ri,in[2]; diff --git a/lib/libcrypto/bf/blowfish.h b/lib/libcrypto/bf/blowfish.h index cd49e85ab29..d24ffccb65f 100644 --- a/lib/libcrypto/bf/blowfish.h +++ b/lib/libcrypto/bf/blowfish.h @@ -104,7 +104,9 @@ typedef struct bf_key_st BF_LONG S[4*256]; } BF_KEY; - +#ifdef OPENSSL_FIPS +void private_BF_set_key(BF_KEY *key, int len, const unsigned char *data); +#endif void BF_set_key(BF_KEY *key, int len, const unsigned char *data); void BF_encrypt(BF_LONG *data,const BF_KEY *key); diff --git a/lib/libcrypto/bio/bss_bio.c b/lib/libcrypto/bio/bss_bio.c index 0f9f0955b41..76bd48e7679 100644 --- a/lib/libcrypto/bio/bss_bio.c +++ b/lib/libcrypto/bio/bss_bio.c @@ -919,6 +919,6 @@ int BIO_nwrite(BIO *bio, char **buf, int num) ret = BIO_ctrl(bio, BIO_C_NWRITE, num, buf); if (ret > 0) - bio->num_read += ret; + bio->num_write += ret; return ret; } diff --git a/lib/libcrypto/bio/bss_file.c b/lib/libcrypto/bio/bss_file.c index 0c8c8115faa..e692a08e586 100644 --- a/lib/libcrypto/bio/bss_file.c +++ b/lib/libcrypto/bio/bss_file.c @@ -279,7 +279,7 @@ static long MS_CALLBACK file_ctrl(BIO *b, int cmd, long num, void *ptr) #endif { #if defined(OPENSSL_SYS_WINDOWS) - int fd = fileno((FILE*)ptr); + int fd = _fileno((FILE*)ptr); if (num & BIO_FP_TEXT) _setmode(fd,_O_TEXT); else diff --git a/lib/libcrypto/bn/Makefile b/lib/libcrypto/bn/Makefile index 0491e3db4c4..f5e8f65a469 100644 --- a/lib/libcrypto/bn/Makefile +++ b/lib/libcrypto/bn/Makefile @@ -28,13 +28,13 @@ LIBSRC= bn_add.c bn_div.c bn_exp.c bn_lib.c bn_ctx.c bn_mul.c bn_mod.c \ bn_print.c bn_rand.c bn_shift.c bn_word.c bn_blind.c \ bn_kron.c bn_sqrt.c bn_gcd.c bn_prime.c bn_err.c bn_sqr.c bn_asm.c \ bn_recp.c bn_mont.c bn_mpi.c bn_exp2.c bn_gf2m.c bn_nist.c \ - bn_depr.c bn_const.c + bn_depr.c bn_x931p.c bn_const.c bn_opt.c LIBOBJ= bn_add.o bn_div.o bn_exp.o bn_lib.o bn_ctx.o bn_mul.o bn_mod.o \ bn_print.o bn_rand.o bn_shift.o bn_word.o bn_blind.o \ bn_kron.o bn_sqrt.o bn_gcd.o bn_prime.o bn_err.o bn_sqr.o $(BN_ASM) \ bn_recp.o bn_mont.o bn_mpi.o bn_exp2.o bn_gf2m.o bn_nist.o \ - bn_depr.o bn_const.o + bn_depr.o bn_x931p.o bn_const.o bn_opt.o SRC= $(LIBSRC) @@ -58,7 +58,7 @@ bnbug: bnbug.c ../../libcrypto.a top cc -g -I../../include bnbug.c -o bnbug ../../libcrypto.a lib: $(LIBOBJ) - $(AR) $(LIB) $(LIBOBJ) + $(ARX) $(LIB) $(LIBOBJ) $(RANLIB) $(LIB) || echo Never mind. @touch lib @@ -292,6 +292,13 @@ bn_nist.o: ../../include/openssl/lhash.h ../../include/openssl/opensslconf.h bn_nist.o: ../../include/openssl/opensslv.h ../../include/openssl/ossl_typ.h bn_nist.o: ../../include/openssl/safestack.h ../../include/openssl/stack.h bn_nist.o: ../../include/openssl/symhacks.h ../cryptlib.h bn_lcl.h bn_nist.c +bn_opt.o: ../../e_os.h ../../include/openssl/bio.h ../../include/openssl/bn.h +bn_opt.o: ../../include/openssl/buffer.h ../../include/openssl/crypto.h +bn_opt.o: ../../include/openssl/e_os2.h ../../include/openssl/err.h +bn_opt.o: ../../include/openssl/lhash.h ../../include/openssl/opensslconf.h +bn_opt.o: ../../include/openssl/opensslv.h ../../include/openssl/ossl_typ.h +bn_opt.o: ../../include/openssl/safestack.h ../../include/openssl/stack.h +bn_opt.o: ../../include/openssl/symhacks.h ../cryptlib.h bn_lcl.h bn_opt.c bn_prime.o: ../../e_os.h ../../include/openssl/bio.h ../../include/openssl/bn.h bn_prime.o: ../../include/openssl/buffer.h ../../include/openssl/crypto.h bn_prime.o: ../../include/openssl/e_os2.h ../../include/openssl/err.h @@ -350,3 +357,6 @@ bn_word.o: ../../include/openssl/lhash.h ../../include/openssl/opensslconf.h bn_word.o: ../../include/openssl/opensslv.h ../../include/openssl/ossl_typ.h bn_word.o: ../../include/openssl/safestack.h ../../include/openssl/stack.h bn_word.o: ../../include/openssl/symhacks.h ../cryptlib.h bn_lcl.h bn_word.c +bn_x931p.o: ../../include/openssl/bn.h ../../include/openssl/e_os2.h +bn_x931p.o: ../../include/openssl/opensslconf.h +bn_x931p.o: ../../include/openssl/ossl_typ.h bn_x931p.c diff --git a/lib/libcrypto/bn/bn.h b/lib/libcrypto/bn/bn.h index 6d754d55477..f1719a5877f 100644 --- a/lib/libcrypto/bn/bn.h +++ b/lib/libcrypto/bn/bn.h @@ -408,8 +408,8 @@ BIGNUM *BN_CTX_get(BN_CTX *ctx); void BN_CTX_end(BN_CTX *ctx); int BN_rand(BIGNUM *rnd, int bits, int top,int bottom); int BN_pseudo_rand(BIGNUM *rnd, int bits, int top,int bottom); -int BN_rand_range(BIGNUM *rnd, BIGNUM *range); -int BN_pseudo_rand_range(BIGNUM *rnd, BIGNUM *range); +int BN_rand_range(BIGNUM *rnd, const BIGNUM *range); +int BN_pseudo_rand_range(BIGNUM *rnd, const BIGNUM *range); int BN_num_bits(const BIGNUM *a); int BN_num_bits_word(BN_ULONG); BIGNUM *BN_new(void); @@ -531,6 +531,17 @@ int BN_is_prime_ex(const BIGNUM *p,int nchecks, BN_CTX *ctx, BN_GENCB *cb); int BN_is_prime_fasttest_ex(const BIGNUM *p,int nchecks, BN_CTX *ctx, int do_trial_division, BN_GENCB *cb); +int BN_X931_generate_Xpq(BIGNUM *Xp, BIGNUM *Xq, int nbits, BN_CTX *ctx); + +int BN_X931_derive_prime_ex(BIGNUM *p, BIGNUM *p1, BIGNUM *p2, + const BIGNUM *Xp, const BIGNUM *Xp1, const BIGNUM *Xp2, + const BIGNUM *e, BN_CTX *ctx, BN_GENCB *cb); +int BN_X931_generate_prime_ex(BIGNUM *p, BIGNUM *p1, BIGNUM *p2, + BIGNUM *Xp1, BIGNUM *Xp2, + const BIGNUM *Xp, + const BIGNUM *e, BN_CTX *ctx, + BN_GENCB *cb); + BN_MONT_CTX *BN_MONT_CTX_new(void ); void BN_MONT_CTX_init(BN_MONT_CTX *ctx); int BN_mod_mul_montgomery(BIGNUM *r,const BIGNUM *a,const BIGNUM *b, diff --git a/lib/libcrypto/bn/bn_lib.c b/lib/libcrypto/bn/bn_lib.c index 2649b8c5385..32a8fbaf51e 100644 --- a/lib/libcrypto/bn/bn_lib.c +++ b/lib/libcrypto/bn/bn_lib.c @@ -139,25 +139,6 @@ const BIGNUM *BN_value_one(void) return(&const_one); } -char *BN_options(void) - { - static int init=0; - static char data[16]; - - if (!init) - { - init++; -#ifdef BN_LLONG - BIO_snprintf(data,sizeof data,"bn(%d,%d)", - (int)sizeof(BN_ULLONG)*8,(int)sizeof(BN_ULONG)*8); -#else - BIO_snprintf(data,sizeof data,"bn(%d,%d)", - (int)sizeof(BN_ULONG)*8,(int)sizeof(BN_ULONG)*8); -#endif - } - return(data); - } - int BN_num_bits_word(BN_ULONG l) { static const char bits[256]={ diff --git a/lib/libcrypto/bn/bn_nist.c b/lib/libcrypto/bn/bn_nist.c index 1fc94f55c32..2ca5b013911 100644 --- a/lib/libcrypto/bn/bn_nist.c +++ b/lib/libcrypto/bn/bn_nist.c @@ -66,46 +66,157 @@ #define BN_NIST_384_TOP (384+BN_BITS2-1)/BN_BITS2 #define BN_NIST_521_TOP (521+BN_BITS2-1)/BN_BITS2 +/* pre-computed tables are "carry-less" values of modulus*(i+1) */ #if BN_BITS2 == 64 -static const BN_ULONG _nist_p_192[] = - {0xFFFFFFFFFFFFFFFFULL,0xFFFFFFFFFFFFFFFEULL, - 0xFFFFFFFFFFFFFFFFULL}; -static const BN_ULONG _nist_p_224[] = +static const BN_ULONG _nist_p_192[][BN_NIST_192_TOP] = { + {0xFFFFFFFFFFFFFFFFULL,0xFFFFFFFFFFFFFFFEULL,0xFFFFFFFFFFFFFFFFULL}, + {0xFFFFFFFFFFFFFFFEULL,0xFFFFFFFFFFFFFFFDULL,0xFFFFFFFFFFFFFFFFULL}, + {0xFFFFFFFFFFFFFFFDULL,0xFFFFFFFFFFFFFFFCULL,0xFFFFFFFFFFFFFFFFULL} + }; +static const BN_ULONG _nist_p_192_sqr[] = { + 0x0000000000000001ULL,0x0000000000000002ULL,0x0000000000000001ULL, + 0xFFFFFFFFFFFFFFFEULL,0xFFFFFFFFFFFFFFFDULL,0xFFFFFFFFFFFFFFFFULL + }; +static const BN_ULONG _nist_p_224[][BN_NIST_224_TOP] = { {0x0000000000000001ULL,0xFFFFFFFF00000000ULL, - 0xFFFFFFFFFFFFFFFFULL,0x00000000FFFFFFFFULL}; -static const BN_ULONG _nist_p_256[] = + 0xFFFFFFFFFFFFFFFFULL,0x00000000FFFFFFFFULL}, + {0x0000000000000002ULL,0xFFFFFFFE00000000ULL, + 0xFFFFFFFFFFFFFFFFULL,0x00000001FFFFFFFFULL} /* this one is "carry-full" */ + }; +static const BN_ULONG _nist_p_224_sqr[] = { + 0x0000000000000001ULL,0xFFFFFFFE00000000ULL, + 0xFFFFFFFFFFFFFFFFULL,0x0000000200000000ULL, + 0x0000000000000000ULL,0xFFFFFFFFFFFFFFFEULL, + 0xFFFFFFFFFFFFFFFFULL + }; +static const BN_ULONG _nist_p_256[][BN_NIST_256_TOP] = { {0xFFFFFFFFFFFFFFFFULL,0x00000000FFFFFFFFULL, - 0x0000000000000000ULL,0xFFFFFFFF00000001ULL}; -static const BN_ULONG _nist_p_384[] = - {0x00000000FFFFFFFFULL,0xFFFFFFFF00000000ULL, - 0xFFFFFFFFFFFFFFFEULL,0xFFFFFFFFFFFFFFFFULL, - 0xFFFFFFFFFFFFFFFFULL,0xFFFFFFFFFFFFFFFFULL}; + 0x0000000000000000ULL,0xFFFFFFFF00000001ULL}, + {0xFFFFFFFFFFFFFFFEULL,0x00000001FFFFFFFFULL, + 0x0000000000000000ULL,0xFFFFFFFE00000002ULL}, + {0xFFFFFFFFFFFFFFFDULL,0x00000002FFFFFFFFULL, + 0x0000000000000000ULL,0xFFFFFFFD00000003ULL}, + {0xFFFFFFFFFFFFFFFCULL,0x00000003FFFFFFFFULL, + 0x0000000000000000ULL,0xFFFFFFFC00000004ULL}, + {0xFFFFFFFFFFFFFFFBULL,0x00000004FFFFFFFFULL, + 0x0000000000000000ULL,0xFFFFFFFB00000005ULL}, + }; +static const BN_ULONG _nist_p_256_sqr[] = { + 0x0000000000000001ULL,0xFFFFFFFE00000000ULL, + 0xFFFFFFFFFFFFFFFFULL,0x00000001FFFFFFFEULL, + 0x00000001FFFFFFFEULL,0x00000001FFFFFFFEULL, + 0xFFFFFFFE00000001ULL,0xFFFFFFFE00000002ULL + }; +static const BN_ULONG _nist_p_384[][BN_NIST_384_TOP] = { + {0x00000000FFFFFFFFULL,0xFFFFFFFF00000000ULL,0xFFFFFFFFFFFFFFFEULL, + 0xFFFFFFFFFFFFFFFFULL,0xFFFFFFFFFFFFFFFFULL,0xFFFFFFFFFFFFFFFFULL}, + {0x00000001FFFFFFFEULL,0xFFFFFFFE00000000ULL,0xFFFFFFFFFFFFFFFDULL, + 0xFFFFFFFFFFFFFFFFULL,0xFFFFFFFFFFFFFFFFULL,0xFFFFFFFFFFFFFFFFULL}, + {0x00000002FFFFFFFDULL,0xFFFFFFFD00000000ULL,0xFFFFFFFFFFFFFFFCULL, + 0xFFFFFFFFFFFFFFFFULL,0xFFFFFFFFFFFFFFFFULL,0xFFFFFFFFFFFFFFFFULL}, + {0x00000003FFFFFFFCULL,0xFFFFFFFC00000000ULL,0xFFFFFFFFFFFFFFFBULL, + 0xFFFFFFFFFFFFFFFFULL,0xFFFFFFFFFFFFFFFFULL,0xFFFFFFFFFFFFFFFFULL}, + {0x00000004FFFFFFFBULL,0xFFFFFFFB00000000ULL,0xFFFFFFFFFFFFFFFAULL, + 0xFFFFFFFFFFFFFFFFULL,0xFFFFFFFFFFFFFFFFULL,0xFFFFFFFFFFFFFFFFULL}, + }; +static const BN_ULONG _nist_p_384_sqr[] = { + 0xFFFFFFFE00000001ULL,0x0000000200000000ULL,0xFFFFFFFE00000000ULL, + 0x0000000200000000ULL,0x0000000000000001ULL,0x0000000000000000ULL, + 0x00000001FFFFFFFEULL,0xFFFFFFFE00000000ULL,0xFFFFFFFFFFFFFFFDULL, + 0xFFFFFFFFFFFFFFFFULL,0xFFFFFFFFFFFFFFFFULL,0xFFFFFFFFFFFFFFFFULL + }; static const BN_ULONG _nist_p_521[] = {0xFFFFFFFFFFFFFFFFULL,0xFFFFFFFFFFFFFFFFULL, 0xFFFFFFFFFFFFFFFFULL,0xFFFFFFFFFFFFFFFFULL, 0xFFFFFFFFFFFFFFFFULL,0xFFFFFFFFFFFFFFFFULL, 0xFFFFFFFFFFFFFFFFULL,0xFFFFFFFFFFFFFFFFULL, 0x00000000000001FFULL}; +static const BN_ULONG _nist_p_521_sqr[] = { + 0x0000000000000001ULL,0x0000000000000000ULL,0x0000000000000000ULL, + 0x0000000000000000ULL,0x0000000000000000ULL,0x0000000000000000ULL, + 0x0000000000000000ULL,0x0000000000000000ULL,0xFFFFFFFFFFFFFC00ULL, + 0xFFFFFFFFFFFFFFFFULL,0xFFFFFFFFFFFFFFFFULL,0xFFFFFFFFFFFFFFFFULL, + 0xFFFFFFFFFFFFFFFFULL,0xFFFFFFFFFFFFFFFFULL,0xFFFFFFFFFFFFFFFFULL, + 0xFFFFFFFFFFFFFFFFULL,0x000000000003FFFFULL + }; #elif BN_BITS2 == 32 -static const BN_ULONG _nist_p_192[] = {0xFFFFFFFF,0xFFFFFFFF,0xFFFFFFFE, - 0xFFFFFFFF,0xFFFFFFFF,0xFFFFFFFF}; -static const BN_ULONG _nist_p_224[] = {0x00000001,0x00000000,0x00000000, - 0xFFFFFFFF,0xFFFFFFFF,0xFFFFFFFF,0xFFFFFFFF}; -static const BN_ULONG _nist_p_256[] = {0xFFFFFFFF,0xFFFFFFFF,0xFFFFFFFF, - 0x00000000,0x00000000,0x00000000,0x00000001,0xFFFFFFFF}; -static const BN_ULONG _nist_p_384[] = {0xFFFFFFFF,0x00000000,0x00000000, - 0xFFFFFFFF,0xFFFFFFFE,0xFFFFFFFF,0xFFFFFFFF,0xFFFFFFFF,0xFFFFFFFF, - 0xFFFFFFFF,0xFFFFFFFF,0xFFFFFFFF}; +static const BN_ULONG _nist_p_192[][BN_NIST_192_TOP] = { + {0xFFFFFFFF,0xFFFFFFFF,0xFFFFFFFE,0xFFFFFFFF,0xFFFFFFFF,0xFFFFFFFF}, + {0xFFFFFFFE,0xFFFFFFFF,0xFFFFFFFD,0xFFFFFFFF,0xFFFFFFFF,0xFFFFFFFF}, + {0xFFFFFFFD,0xFFFFFFFF,0xFFFFFFFC,0xFFFFFFFF,0xFFFFFFFF,0xFFFFFFFF} + }; +static const BN_ULONG _nist_p_192_sqr[] = { + 0x00000001,0x00000000,0x00000002,0x00000000,0x00000001,0x00000000, + 0xFFFFFFFE,0xFFFFFFFF,0xFFFFFFFD,0xFFFFFFFF,0xFFFFFFFF,0xFFFFFFFF + }; +static const BN_ULONG _nist_p_224[][BN_NIST_224_TOP] = { + {0x00000001,0x00000000,0x00000000,0xFFFFFFFF, + 0xFFFFFFFF,0xFFFFFFFF,0xFFFFFFFF}, + {0x00000002,0x00000000,0x00000000,0xFFFFFFFE, + 0xFFFFFFFF,0xFFFFFFFF,0xFFFFFFFF} + }; +static const BN_ULONG _nist_p_224_sqr[] = { + 0x00000001,0x00000000,0x00000000,0xFFFFFFFE, + 0xFFFFFFFF,0xFFFFFFFF,0x00000000,0x00000002, + 0x00000000,0x00000000,0xFFFFFFFE,0xFFFFFFFF, + 0xFFFFFFFF,0xFFFFFFFF + }; +static const BN_ULONG _nist_p_256[][BN_NIST_256_TOP] = { + {0xFFFFFFFF,0xFFFFFFFF,0xFFFFFFFF,0x00000000, + 0x00000000,0x00000000,0x00000001,0xFFFFFFFF}, + {0xFFFFFFFE,0xFFFFFFFF,0xFFFFFFFF,0x00000001, + 0x00000000,0x00000000,0x00000002,0xFFFFFFFE}, + {0xFFFFFFFD,0xFFFFFFFF,0xFFFFFFFF,0x00000002, + 0x00000000,0x00000000,0x00000003,0xFFFFFFFD}, + {0xFFFFFFFC,0xFFFFFFFF,0xFFFFFFFF,0x00000003, + 0x00000000,0x00000000,0x00000004,0xFFFFFFFC}, + {0xFFFFFFFB,0xFFFFFFFF,0xFFFFFFFF,0x00000004, + 0x00000000,0x00000000,0x00000005,0xFFFFFFFB}, + }; +static const BN_ULONG _nist_p_256_sqr[] = { + 0x00000001,0x00000000,0x00000000,0xFFFFFFFE, + 0xFFFFFFFF,0xFFFFFFFF,0xFFFFFFFE,0x00000001, + 0xFFFFFFFE,0x00000001,0xFFFFFFFE,0x00000001, + 0x00000001,0xFFFFFFFE,0x00000002,0xFFFFFFFE + }; +static const BN_ULONG _nist_p_384[][BN_NIST_384_TOP] = { + {0xFFFFFFFF,0x00000000,0x00000000,0xFFFFFFFF,0xFFFFFFFE,0xFFFFFFFF, + 0xFFFFFFFF,0xFFFFFFFF,0xFFFFFFFF,0xFFFFFFFF,0xFFFFFFFF,0xFFFFFFFF}, + {0xFFFFFFFE,0x00000001,0x00000000,0xFFFFFFFE,0xFFFFFFFD,0xFFFFFFFF, + 0xFFFFFFFF,0xFFFFFFFF,0xFFFFFFFF,0xFFFFFFFF,0xFFFFFFFF,0xFFFFFFFF}, + {0xFFFFFFFD,0x00000002,0x00000000,0xFFFFFFFD,0xFFFFFFFC,0xFFFFFFFF, + 0xFFFFFFFF,0xFFFFFFFF,0xFFFFFFFF,0xFFFFFFFF,0xFFFFFFFF,0xFFFFFFFF}, + {0xFFFFFFFC,0x00000003,0x00000000,0xFFFFFFFC,0xFFFFFFFB,0xFFFFFFFF, + 0xFFFFFFFF,0xFFFFFFFF,0xFFFFFFFF,0xFFFFFFFF,0xFFFFFFFF,0xFFFFFFFF}, + {0xFFFFFFFB,0x00000004,0x00000000,0xFFFFFFFB,0xFFFFFFFA,0xFFFFFFFF, + 0xFFFFFFFF,0xFFFFFFFF,0xFFFFFFFF,0xFFFFFFFF,0xFFFFFFFF,0xFFFFFFFF}, + }; +static const BN_ULONG _nist_p_384_sqr[] = { + 0x00000001,0xFFFFFFFE,0x00000000,0x00000002,0x00000000,0xFFFFFFFE, + 0x00000000,0x00000002,0x00000001,0x00000000,0x00000000,0x00000000, + 0xFFFFFFFE,0x00000001,0x00000000,0xFFFFFFFE,0xFFFFFFFD,0xFFFFFFFF, + 0xFFFFFFFF,0xFFFFFFFF,0xFFFFFFFF,0xFFFFFFFF,0xFFFFFFFF,0xFFFFFFFF + }; static const BN_ULONG _nist_p_521[] = {0xFFFFFFFF,0xFFFFFFFF,0xFFFFFFFF, 0xFFFFFFFF,0xFFFFFFFF,0xFFFFFFFF,0xFFFFFFFF,0xFFFFFFFF,0xFFFFFFFF, 0xFFFFFFFF,0xFFFFFFFF,0xFFFFFFFF,0xFFFFFFFF,0xFFFFFFFF,0xFFFFFFFF, 0xFFFFFFFF,0x000001FF}; +static const BN_ULONG _nist_p_521_sqr[] = { + 0x00000001,0x00000000,0x00000000,0x00000000,0x00000000,0x00000000, + 0x00000000,0x00000000,0x00000000,0x00000000,0x00000000,0x00000000, + 0x00000000,0x00000000,0x00000000,0x00000000,0xFFFFFC00,0xFFFFFFFF, + 0xFFFFFFFF,0xFFFFFFFF,0xFFFFFFFF,0xFFFFFFFF,0xFFFFFFFF,0xFFFFFFFF, + 0xFFFFFFFF,0xFFFFFFFF,0xFFFFFFFF,0xFFFFFFFF,0xFFFFFFFF,0xFFFFFFFF, + 0xFFFFFFFF,0xFFFFFFFF,0x0003FFFF + }; +#else +#error "unsupported BN_BITS2" #endif static const BIGNUM _bignum_nist_p_192 = { - (BN_ULONG *)_nist_p_192, + (BN_ULONG *)_nist_p_192[0], BN_NIST_192_TOP, BN_NIST_192_TOP, 0, @@ -114,7 +225,7 @@ static const BIGNUM _bignum_nist_p_192 = static const BIGNUM _bignum_nist_p_224 = { - (BN_ULONG *)_nist_p_224, + (BN_ULONG *)_nist_p_224[0], BN_NIST_224_TOP, BN_NIST_224_TOP, 0, @@ -123,7 +234,7 @@ static const BIGNUM _bignum_nist_p_224 = static const BIGNUM _bignum_nist_p_256 = { - (BN_ULONG *)_nist_p_256, + (BN_ULONG *)_nist_p_256[0], BN_NIST_256_TOP, BN_NIST_256_TOP, 0, @@ -132,7 +243,7 @@ static const BIGNUM _bignum_nist_p_256 = static const BIGNUM _bignum_nist_p_384 = { - (BN_ULONG *)_nist_p_384, + (BN_ULONG *)_nist_p_384[0], BN_NIST_384_TOP, BN_NIST_384_TOP, 0, @@ -180,7 +291,9 @@ static void nist_cp_bn_0(BN_ULONG *buf, BN_ULONG *a, int top, int max) int i; BN_ULONG *_tmp1 = (buf), *_tmp2 = (a); +#ifdef BN_DEBUG OPENSSL_assert(top <= max); +#endif for (i = (top); i != 0; i--) *_tmp1++ = *_tmp2++; for (i = (max) - (top); i != 0; i--) @@ -198,9 +311,14 @@ static void nist_cp_bn(BN_ULONG *buf, BN_ULONG *a, int top) #if BN_BITS2 == 64 #define bn_cp_64(to, n, from, m) (to)[n] = (m>=0)?((from)[m]):0; #define bn_64_set_0(to, n) (to)[n] = (BN_ULONG)0; -/* TBD */ -#define bn_cp_32(to, n, from, m) (to)[n] = (m>=0)?((from)[m]):0; -#define bn_32_set_0(to, n) (to)[n] = (BN_ULONG)0; +/* + * two following macros are implemented under assumption that they + * are called in a sequence with *ascending* n, i.e. as they are... + */ +#define bn_cp_32_naked(to, n, from, m) (((n)&1)?(to[(n)/2]|=((m)&1)?(from[(m)/2]&BN_MASK2h):(from[(m)/2]<<32))\ + :(to[(n)/2] =((m)&1)?(from[(m)/2]>>32):(from[(m)/2]&BN_MASK2l))) +#define bn_32_set_0(to, n) (((n)&1)?(to[(n)/2]&=BN_MASK2l):(to[(n)/2]=0)); +#define bn_cp_32(to,n,from,m) ((m)>=0)?bn_cp_32_naked(to,n,from,m):bn_32_set_0(to,n) #else #define bn_cp_64(to, n, from, m) \ { \ @@ -221,9 +339,9 @@ static void nist_cp_bn(BN_ULONG *buf, BN_ULONG *a, int top) #define nist_set_192(to, from, a1, a2, a3) \ { \ - if (a3 != 0) bn_cp_64(to, 0, from, (a3) - 3) else bn_64_set_0(to, 0)\ + bn_cp_64(to, 0, from, (a3) - 3) \ bn_cp_64(to, 1, from, (a2) - 3) \ - if (a1 != 0) bn_cp_64(to, 2, from, (a1) - 3) else bn_64_set_0(to, 2)\ + bn_cp_64(to, 2, from, (a1) - 3) \ } int BN_nist_mod_192(BIGNUM *r, const BIGNUM *a, const BIGNUM *field, @@ -237,11 +355,16 @@ int BN_nist_mod_192(BIGNUM *r, const BIGNUM *a, const BIGNUM *field, c_d[BN_NIST_192_TOP], *res; size_t mask; + static const BIGNUM _bignum_nist_p_192_sqr = { + (BN_ULONG *)_nist_p_192_sqr, + sizeof(_nist_p_192_sqr)/sizeof(_nist_p_192_sqr[0]), + sizeof(_nist_p_192_sqr)/sizeof(_nist_p_192_sqr[0]), + 0,BN_FLG_STATIC_DATA }; field = &_bignum_nist_p_192; /* just to make sure */ - if (BN_is_negative(a) || a->top > 2*BN_NIST_192_TOP) - return BN_nnmod(r, field, a, ctx); + if (BN_is_negative(a) || BN_ucmp(a,&_bignum_nist_p_192_sqr)>=0) + return BN_nnmod(r, a, field, ctx); i = BN_ucmp(field, a); if (i == 0) @@ -265,50 +388,49 @@ int BN_nist_mod_192(BIGNUM *r, const BIGNUM *a, const BIGNUM *field, nist_cp_bn_0(buf, a_d + BN_NIST_192_TOP, top - BN_NIST_192_TOP, BN_NIST_192_TOP); nist_set_192(t_d, buf, 0, 3, 3); - carry = bn_add_words(r_d, r_d, t_d, BN_NIST_192_TOP); - mask = 0-(size_t)bn_sub_words(c_d,r_d,_nist_p_192,BN_NIST_192_TOP); - mask = ~mask | (0-(size_t)carry); - res = (BN_ULONG *)(((size_t)c_d&mask) | ((size_t)r_d&~mask)); - + carry = (int)bn_add_words(r_d, r_d, t_d, BN_NIST_192_TOP); nist_set_192(t_d, buf, 4, 4, 0); - carry = bn_add_words(r_d, res, t_d, BN_NIST_192_TOP); - mask = 0-(size_t)bn_sub_words(c_d,r_d,_nist_p_192,BN_NIST_192_TOP); - mask = ~mask | (0-(size_t)carry); - res = (BN_ULONG *)(((size_t)c_d&mask) | ((size_t)r_d&~mask)); - + carry += (int)bn_add_words(r_d, r_d, t_d, BN_NIST_192_TOP); nist_set_192(t_d, buf, 5, 5, 5) - carry = bn_add_words(r_d, res, t_d, BN_NIST_192_TOP); - mask = 0-(size_t)bn_sub_words(c_d,r_d,_nist_p_192,BN_NIST_192_TOP); - mask = ~mask | (0-(size_t)carry); - res = (BN_ULONG *)(((size_t)c_d&mask) | ((size_t)r_d&~mask)); + carry += (int)bn_add_words(r_d, r_d, t_d, BN_NIST_192_TOP); + if (carry > 0) + carry = (int)bn_sub_words(r_d,r_d,_nist_p_192[carry-1],BN_NIST_192_TOP); + else + carry = 1; + + /* + * we need 'if (carry==0 || result>=modulus) result-=modulus;' + * as comparison implies subtraction, we can write + * 'tmp=result-modulus; if (!carry || !borrow) result=tmp;' + * this is what happens below, but without explicit if:-) a. + */ + mask = 0-(size_t)bn_sub_words(c_d,r_d,_nist_p_192[0],BN_NIST_192_TOP); + mask &= 0-(size_t)carry; + res = (BN_ULONG *)(((size_t)c_d&~mask) | ((size_t)r_d&mask)); nist_cp_bn(r_d, res, BN_NIST_192_TOP); r->top = BN_NIST_192_TOP; bn_correct_top(r); - if (BN_ucmp(field, r) <= 0) - { - if (!BN_usub(r, r, field)) return 0; - } - return 1; } +typedef BN_ULONG (*bn_addsub_f)(BN_ULONG *,const BN_ULONG *,const BN_ULONG *,int); + #define nist_set_224(to, from, a1, a2, a3, a4, a5, a6, a7) \ { \ - if (a7 != 0) bn_cp_32(to, 0, from, (a7) - 7) else bn_32_set_0(to, 0)\ - if (a6 != 0) bn_cp_32(to, 1, from, (a6) - 7) else bn_32_set_0(to, 1)\ - if (a5 != 0) bn_cp_32(to, 2, from, (a5) - 7) else bn_32_set_0(to, 2)\ - if (a4 != 0) bn_cp_32(to, 3, from, (a4) - 7) else bn_32_set_0(to, 3)\ - if (a3 != 0) bn_cp_32(to, 4, from, (a3) - 7) else bn_32_set_0(to, 4)\ - if (a2 != 0) bn_cp_32(to, 5, from, (a2) - 7) else bn_32_set_0(to, 5)\ - if (a1 != 0) bn_cp_32(to, 6, from, (a1) - 7) else bn_32_set_0(to, 6)\ + bn_cp_32(to, 0, from, (a7) - 7) \ + bn_cp_32(to, 1, from, (a6) - 7) \ + bn_cp_32(to, 2, from, (a5) - 7) \ + bn_cp_32(to, 3, from, (a4) - 7) \ + bn_cp_32(to, 4, from, (a3) - 7) \ + bn_cp_32(to, 5, from, (a2) - 7) \ + bn_cp_32(to, 6, from, (a1) - 7) \ } int BN_nist_mod_224(BIGNUM *r, const BIGNUM *a, const BIGNUM *field, BN_CTX *ctx) { -#if BN_BITS2 == 32 int top = a->top, i; int carry; BN_ULONG *r_d, *a_d = a->d; @@ -317,11 +439,18 @@ int BN_nist_mod_224(BIGNUM *r, const BIGNUM *a, const BIGNUM *field, c_d[BN_NIST_224_TOP], *res; size_t mask; + union { bn_addsub_f f; size_t p; } u; + static const BIGNUM _bignum_nist_p_224_sqr = { + (BN_ULONG *)_nist_p_224_sqr, + sizeof(_nist_p_224_sqr)/sizeof(_nist_p_224_sqr[0]), + sizeof(_nist_p_224_sqr)/sizeof(_nist_p_224_sqr[0]), + 0,BN_FLG_STATIC_DATA }; + field = &_bignum_nist_p_224; /* just to make sure */ - if (BN_is_negative(a) || a->top > 2*BN_NIST_224_TOP) - return BN_nnmod(r, field, a, ctx); + if (BN_is_negative(a) || BN_ucmp(a,&_bignum_nist_p_224_sqr)>=0) + return BN_nnmod(r, a, field, ctx); i = BN_ucmp(field, a); if (i == 0) @@ -342,72 +471,77 @@ int BN_nist_mod_224(BIGNUM *r, const BIGNUM *a, const BIGNUM *field, else r_d = a_d; +#if BN_BITS2==64 + /* copy upper 256 bits of 448 bit number ... */ + nist_cp_bn_0(t_d, a_d + (BN_NIST_224_TOP-1), top - (BN_NIST_224_TOP-1), BN_NIST_224_TOP); + /* ... and right shift by 32 to obtain upper 224 bits */ + nist_set_224(buf, t_d, 14, 13, 12, 11, 10, 9, 8); + /* truncate lower part to 224 bits too */ + r_d[BN_NIST_224_TOP-1] &= BN_MASK2l; +#else nist_cp_bn_0(buf, a_d + BN_NIST_224_TOP, top - BN_NIST_224_TOP, BN_NIST_224_TOP); - +#endif nist_set_224(t_d, buf, 10, 9, 8, 7, 0, 0, 0); - carry = bn_add_words(r_d, r_d, t_d, BN_NIST_224_TOP); - mask = 0-(size_t)bn_sub_words(c_d,r_d,_nist_p_224,BN_NIST_224_TOP); - mask = ~mask | (0-(size_t)carry); - res = (BN_ULONG *)(((size_t)c_d&mask) | ((size_t)r_d&~mask)); - + carry = (int)bn_add_words(r_d, r_d, t_d, BN_NIST_224_TOP); nist_set_224(t_d, buf, 0, 13, 12, 11, 0, 0, 0); - carry = bn_add_words(r_d, res, t_d, BN_NIST_224_TOP); - mask = 0-(size_t)bn_sub_words(c_d,r_d,_nist_p_224,BN_NIST_224_TOP); - mask = ~mask | (0-(size_t)carry); - res = (BN_ULONG *)(((size_t)c_d&mask) | ((size_t)r_d&~mask)); - + carry += (int)bn_add_words(r_d, r_d, t_d, BN_NIST_224_TOP); nist_set_224(t_d, buf, 13, 12, 11, 10, 9, 8, 7); -#if BRANCH_FREE - carry = bn_sub_words(r_d, res, t_d, BN_NIST_224_TOP); - bn_add_words(c_d,r_d,_nist_p_224,BN_NIST_224_TOP); - mask = 0-(size_t)carry; - res = (BN_ULONG *)(((size_t)c_d&mask) | ((size_t)r_d&~mask)); -#else - if (bn_sub_words(r_d, res, t_d, BN_NIST_224_TOP)) - bn_add_words(r_d,r_d,_nist_p_224,BN_NIST_224_TOP); -#endif + carry -= (int)bn_sub_words(r_d, r_d, t_d, BN_NIST_224_TOP); nist_set_224(t_d, buf, 0, 0, 0, 0, 13, 12, 11); -#if BRANCH_FREE - carry = bn_sub_words(r_d, res, t_d, BN_NIST_224_TOP); - bn_add_words(c_d,r_d,_nist_p_224,BN_NIST_224_TOP); - mask = 0-(size_t)carry; - res = (BN_ULONG *)(((size_t)c_d&mask) | ((size_t)r_d&~mask)); + carry -= (int)bn_sub_words(r_d, r_d, t_d, BN_NIST_224_TOP); - nist_cp_bn(r_d, res, BN_NIST_224_TOP); -#else - if (bn_sub_words(r_d, r_d, t_d, BN_NIST_224_TOP)) - bn_add_words(r_d,r_d,_nist_p_224,BN_NIST_224_TOP); +#if BN_BITS2==64 + carry = (int)(r_d[BN_NIST_224_TOP-1]>>32); #endif - r->top = BN_NIST_224_TOP; - bn_correct_top(r); - - if (BN_ucmp(field, r) <= 0) + u.f = bn_sub_words; + if (carry > 0) { - if (!BN_usub(r, r, field)) return 0; + carry = (int)bn_sub_words(r_d,r_d,_nist_p_224[carry-1],BN_NIST_224_TOP); +#if BN_BITS2==64 + carry=(int)(~(r_d[BN_NIST_224_TOP-1]>>32))&1; +#endif } + else if (carry < 0) + { + /* it's a bit more comlicated logic in this case. + * if bn_add_words yields no carry, then result + * has to be adjusted by unconditionally *adding* + * the modulus. but if it does, then result has + * to be compared to the modulus and conditionally + * adjusted by *subtracting* the latter. */ + carry = (int)bn_add_words(r_d,r_d,_nist_p_224[-carry-1],BN_NIST_224_TOP); + mask = 0-(size_t)carry; + u.p = ((size_t)bn_sub_words&mask) | ((size_t)bn_add_words&~mask); + } + else + carry = 1; + + /* otherwise it's effectively same as in BN_nist_mod_192... */ + mask = 0-(size_t)(*u.f)(c_d,r_d,_nist_p_224[0],BN_NIST_224_TOP); + mask &= 0-(size_t)carry; + res = (BN_ULONG *)(((size_t)c_d&~mask) | ((size_t)r_d&mask)); + nist_cp_bn(r_d, res, BN_NIST_224_TOP); + r->top = BN_NIST_224_TOP; + bn_correct_top(r); return 1; -#else /* BN_BITS!=32 */ - return 0; -#endif } #define nist_set_256(to, from, a1, a2, a3, a4, a5, a6, a7, a8) \ { \ - if (a8 != 0) bn_cp_32(to, 0, from, (a8) - 8) else bn_32_set_0(to, 0)\ - if (a7 != 0) bn_cp_32(to, 1, from, (a7) - 8) else bn_32_set_0(to, 1)\ - if (a6 != 0) bn_cp_32(to, 2, from, (a6) - 8) else bn_32_set_0(to, 2)\ - if (a5 != 0) bn_cp_32(to, 3, from, (a5) - 8) else bn_32_set_0(to, 3)\ - if (a4 != 0) bn_cp_32(to, 4, from, (a4) - 8) else bn_32_set_0(to, 4)\ - if (a3 != 0) bn_cp_32(to, 5, from, (a3) - 8) else bn_32_set_0(to, 5)\ - if (a2 != 0) bn_cp_32(to, 6, from, (a2) - 8) else bn_32_set_0(to, 6)\ - if (a1 != 0) bn_cp_32(to, 7, from, (a1) - 8) else bn_32_set_0(to, 7)\ + bn_cp_32(to, 0, from, (a8) - 8) \ + bn_cp_32(to, 1, from, (a7) - 8) \ + bn_cp_32(to, 2, from, (a6) - 8) \ + bn_cp_32(to, 3, from, (a5) - 8) \ + bn_cp_32(to, 4, from, (a4) - 8) \ + bn_cp_32(to, 5, from, (a3) - 8) \ + bn_cp_32(to, 6, from, (a2) - 8) \ + bn_cp_32(to, 7, from, (a1) - 8) \ } int BN_nist_mod_256(BIGNUM *r, const BIGNUM *a, const BIGNUM *field, BN_CTX *ctx) { -#if BN_BITS2 == 32 int i, top = a->top; int carry = 0; register BN_ULONG *a_d = a->d, *r_d; @@ -416,11 +550,17 @@ int BN_nist_mod_256(BIGNUM *r, const BIGNUM *a, const BIGNUM *field, c_d[BN_NIST_256_TOP], *res; size_t mask; + union { bn_addsub_f f; size_t p; } u; + static const BIGNUM _bignum_nist_p_256_sqr = { + (BN_ULONG *)_nist_p_256_sqr, + sizeof(_nist_p_256_sqr)/sizeof(_nist_p_256_sqr[0]), + sizeof(_nist_p_256_sqr)/sizeof(_nist_p_256_sqr[0]), + 0,BN_FLG_STATIC_DATA }; field = &_bignum_nist_p_256; /* just to make sure */ - if (BN_is_negative(a) || a->top > 2*BN_NIST_256_TOP) - return BN_nnmod(r, field, a, ctx); + if (BN_is_negative(a) || BN_ucmp(a,&_bignum_nist_p_256_sqr)>=0) + return BN_nnmod(r, a, field, ctx); i = BN_ucmp(field, a); if (i == 0) @@ -446,116 +586,84 @@ int BN_nist_mod_256(BIGNUM *r, const BIGNUM *a, const BIGNUM *field, /*S1*/ nist_set_256(t_d, buf, 15, 14, 13, 12, 11, 0, 0, 0); /*S2*/ - nist_set_256(c_d,buf, 0, 15, 14, 13, 12, 0, 0, 0); - carry = bn_add_words(t_d, t_d, c_d, BN_NIST_256_TOP); - mask = 0-(size_t)bn_sub_words(c_d,t_d,_nist_p_256,BN_NIST_256_TOP); - mask = ~mask | (0-(size_t)carry); - res = (BN_ULONG *)(((size_t)c_d&mask) | ((size_t)t_d&~mask)); - - carry = bn_add_words(t_d, res, res, BN_NIST_256_TOP); - mask = 0-(size_t)bn_sub_words(c_d,t_d,_nist_p_256,BN_NIST_256_TOP); - mask = ~mask | (0-(size_t)carry); - res = (BN_ULONG *)(((size_t)c_d&mask) | ((size_t)t_d&~mask)); - - carry = bn_add_words(r_d, r_d, res, BN_NIST_256_TOP); - mask = 0-(size_t)bn_sub_words(c_d,r_d,_nist_p_256,BN_NIST_256_TOP); - mask = ~mask | (0-(size_t)carry); - res = (BN_ULONG *)(((size_t)c_d&mask) | ((size_t)r_d&~mask)); - + nist_set_256(c_d, buf, 0, 15, 14, 13, 12, 0, 0, 0); + carry = (int)bn_add_words(t_d, t_d, c_d, BN_NIST_256_TOP); + /* left shift */ + { + register BN_ULONG *ap,t,c; + ap = t_d; + c=0; + for (i = BN_NIST_256_TOP; i != 0; --i) + { + t= *ap; + *(ap++)=((t<<1)|c)&BN_MASK2; + c=(t & BN_TBIT)?1:0; + } + carry <<= 1; + carry |= c; + } + carry += (int)bn_add_words(r_d, r_d, t_d, BN_NIST_256_TOP); /*S3*/ nist_set_256(t_d, buf, 15, 14, 0, 0, 0, 10, 9, 8); - carry = bn_add_words(r_d, res, t_d, BN_NIST_256_TOP); - mask = 0-(size_t)bn_sub_words(c_d,r_d,_nist_p_256,BN_NIST_256_TOP); - mask = ~mask | (0-(size_t)carry); - res = (BN_ULONG *)(((size_t)c_d&mask) | ((size_t)r_d&~mask)); - + carry += (int)bn_add_words(r_d, r_d, t_d, BN_NIST_256_TOP); /*S4*/ nist_set_256(t_d, buf, 8, 13, 15, 14, 13, 11, 10, 9); - carry = bn_add_words(r_d, res, t_d, BN_NIST_256_TOP); - mask = 0-(size_t)bn_sub_words(c_d,r_d,_nist_p_256,BN_NIST_256_TOP); - mask = ~mask | (0-(size_t)carry); - res = (BN_ULONG *)(((size_t)c_d&mask) | ((size_t)r_d&~mask)); - + carry += (int)bn_add_words(r_d, r_d, t_d, BN_NIST_256_TOP); /*D1*/ nist_set_256(t_d, buf, 10, 8, 0, 0, 0, 13, 12, 11); -#if BRANCH_FREE - carry = bn_sub_words(r_d, res, t_d, BN_NIST_256_TOP); - bn_add_words(c_d,r_d,_nist_p_256,BN_NIST_256_TOP); - mask = 0-(size_t)carry; - res = (BN_ULONG *)(((size_t)c_d&mask) | ((size_t)r_d&~mask)); -#else - if (bn_sub_words(r_d, res, t_d, BN_NIST_256_TOP)) - bn_add_words(r_d,r_d,_nist_p_256,BN_NIST_256_TOP); -#endif + carry -= (int)bn_sub_words(r_d, r_d, t_d, BN_NIST_256_TOP); /*D2*/ nist_set_256(t_d, buf, 11, 9, 0, 0, 15, 14, 13, 12); -#if BRANCH_FREE - carry = bn_sub_words(r_d, res, t_d, BN_NIST_256_TOP); - bn_add_words(c_d,r_d,_nist_p_256,BN_NIST_256_TOP); - mask = 0-(size_t)carry; - res = (BN_ULONG *)(((size_t)c_d&mask) | ((size_t)r_d&~mask)); -#else - if (bn_sub_words(r_d, r_d, t_d, BN_NIST_256_TOP)) - bn_add_words(r_d,r_d,_nist_p_256,BN_NIST_256_TOP); -#endif + carry -= (int)bn_sub_words(r_d, r_d, t_d, BN_NIST_256_TOP); /*D3*/ nist_set_256(t_d, buf, 12, 0, 10, 9, 8, 15, 14, 13); -#if BRANCH_FREE - carry = bn_sub_words(r_d, res, t_d, BN_NIST_256_TOP); - bn_add_words(c_d,r_d,_nist_p_256,BN_NIST_256_TOP); - mask = 0-(size_t)carry; - res = (BN_ULONG *)(((size_t)c_d&mask) | ((size_t)r_d&~mask)); -#else - if (bn_sub_words(r_d, r_d, t_d, BN_NIST_256_TOP)) - bn_add_words(r_d,r_d,_nist_p_256,BN_NIST_256_TOP); -#endif + carry -= (int)bn_sub_words(r_d, r_d, t_d, BN_NIST_256_TOP); /*D4*/ nist_set_256(t_d, buf, 13, 0, 11, 10, 9, 0, 15, 14); -#if BRANCH_FREE - carry = bn_sub_words(r_d, res, t_d, BN_NIST_256_TOP); - bn_add_words(c_d,r_d,_nist_p_256,BN_NIST_256_TOP); - mask = 0-(size_t)carry; - res = (BN_ULONG *)(((size_t)c_d&mask) | ((size_t)r_d&~mask)); - - nist_cp_bn(r_d, res, BN_NIST_384_TOP); -#else - if (bn_sub_words(r_d, r_d, t_d, BN_NIST_256_TOP)) - bn_add_words(r_d,r_d,_nist_p_256,BN_NIST_256_TOP); -#endif - r->top = BN_NIST_256_TOP; - bn_correct_top(r); + carry -= (int)bn_sub_words(r_d, r_d, t_d, BN_NIST_256_TOP); - if (BN_ucmp(field, r) <= 0) + /* see BN_nist_mod_224 for explanation */ + u.f = bn_sub_words; + if (carry > 0) + carry = (int)bn_sub_words(r_d,r_d,_nist_p_256[carry-1],BN_NIST_256_TOP); + else if (carry < 0) { - if (!BN_usub(r, r, field)) return 0; + carry = (int)bn_add_words(r_d,r_d,_nist_p_256[-carry-1],BN_NIST_256_TOP); + mask = 0-(size_t)carry; + u.p = ((size_t)bn_sub_words&mask) | ((size_t)bn_add_words&~mask); } + else + carry = 1; + + mask = 0-(size_t)(*u.f)(c_d,r_d,_nist_p_256[0],BN_NIST_256_TOP); + mask &= 0-(size_t)carry; + res = (BN_ULONG *)(((size_t)c_d&~mask) | ((size_t)r_d&mask)); + nist_cp_bn(r_d, res, BN_NIST_256_TOP); + r->top = BN_NIST_256_TOP; + bn_correct_top(r); return 1; -#else /* BN_BITS!=32 */ - return 0; -#endif } #define nist_set_384(to,from,a1,a2,a3,a4,a5,a6,a7,a8,a9,a10,a11,a12) \ { \ - if (a12 != 0) bn_cp_32(to, 0, from, (a12) - 12) else bn_32_set_0(to, 0)\ - if (a11 != 0) bn_cp_32(to, 1, from, (a11) - 12) else bn_32_set_0(to, 1)\ - if (a10 != 0) bn_cp_32(to, 2, from, (a10) - 12) else bn_32_set_0(to, 2)\ - if (a9 != 0) bn_cp_32(to, 3, from, (a9) - 12) else bn_32_set_0(to, 3)\ - if (a8 != 0) bn_cp_32(to, 4, from, (a8) - 12) else bn_32_set_0(to, 4)\ - if (a7 != 0) bn_cp_32(to, 5, from, (a7) - 12) else bn_32_set_0(to, 5)\ - if (a6 != 0) bn_cp_32(to, 6, from, (a6) - 12) else bn_32_set_0(to, 6)\ - if (a5 != 0) bn_cp_32(to, 7, from, (a5) - 12) else bn_32_set_0(to, 7)\ - if (a4 != 0) bn_cp_32(to, 8, from, (a4) - 12) else bn_32_set_0(to, 8)\ - if (a3 != 0) bn_cp_32(to, 9, from, (a3) - 12) else bn_32_set_0(to, 9)\ - if (a2 != 0) bn_cp_32(to, 10, from, (a2) - 12) else bn_32_set_0(to, 10)\ - if (a1 != 0) bn_cp_32(to, 11, from, (a1) - 12) else bn_32_set_0(to, 11)\ + bn_cp_32(to, 0, from, (a12) - 12) \ + bn_cp_32(to, 1, from, (a11) - 12) \ + bn_cp_32(to, 2, from, (a10) - 12) \ + bn_cp_32(to, 3, from, (a9) - 12) \ + bn_cp_32(to, 4, from, (a8) - 12) \ + bn_cp_32(to, 5, from, (a7) - 12) \ + bn_cp_32(to, 6, from, (a6) - 12) \ + bn_cp_32(to, 7, from, (a5) - 12) \ + bn_cp_32(to, 8, from, (a4) - 12) \ + bn_cp_32(to, 9, from, (a3) - 12) \ + bn_cp_32(to, 10, from, (a2) - 12) \ + bn_cp_32(to, 11, from, (a1) - 12) \ } int BN_nist_mod_384(BIGNUM *r, const BIGNUM *a, const BIGNUM *field, BN_CTX *ctx) { -#if BN_BITS2 == 32 int i, top = a->top; int carry = 0; register BN_ULONG *r_d, *a_d = a->d; @@ -564,11 +672,18 @@ int BN_nist_mod_384(BIGNUM *r, const BIGNUM *a, const BIGNUM *field, c_d[BN_NIST_384_TOP], *res; size_t mask; + union { bn_addsub_f f; size_t p; } u; + static const BIGNUM _bignum_nist_p_384_sqr = { + (BN_ULONG *)_nist_p_384_sqr, + sizeof(_nist_p_384_sqr)/sizeof(_nist_p_384_sqr[0]), + sizeof(_nist_p_384_sqr)/sizeof(_nist_p_384_sqr[0]), + 0,BN_FLG_STATIC_DATA }; + field = &_bignum_nist_p_384; /* just to make sure */ - if (BN_is_negative(a) || a->top > 2*BN_NIST_384_TOP) - return BN_nnmod(r, field, a, ctx); + if (BN_is_negative(a) || BN_ucmp(a,&_bignum_nist_p_384_sqr)>=0) + return BN_nnmod(r, a, field, ctx); i = BN_ucmp(field, a); if (i == 0) @@ -606,171 +721,116 @@ int BN_nist_mod_384(BIGNUM *r, const BIGNUM *a, const BIGNUM *field, } *ap=c; } - carry = bn_add_words(r_d+(128/BN_BITS2), r_d+(128/BN_BITS2), + carry = (int)bn_add_words(r_d+(128/BN_BITS2), r_d+(128/BN_BITS2), t_d, BN_NIST_256_TOP); - /* - * we need if (result>=modulus) subtract(result,modulus); - * in n-bit space this can be expressed as - * if (carry || result>=modulus) subtract(result,modulus); - * the catch is that comparison implies subtraction and - * therefore one can write tmp=subtract(result,modulus); - * and then if(carry || !borrow) result=tmp; this's what - * happens below, but without explicit if:-) a. - */ - mask = 0-(size_t)bn_sub_words(c_d,r_d,_nist_p_384,BN_NIST_384_TOP); - mask = ~mask | (0-(size_t)carry); - res = (BN_ULONG *)(((size_t)c_d&mask) | ((size_t)r_d&~mask)); - /*S2 */ - carry = bn_add_words(r_d, res, buf, BN_NIST_384_TOP); - mask = 0-(size_t)bn_sub_words(c_d,r_d,_nist_p_384,BN_NIST_384_TOP); - mask = ~mask | (0-(size_t)carry); - res = (BN_ULONG *)(((size_t)c_d&mask) | ((size_t)r_d&~mask)); - + carry += (int)bn_add_words(r_d, r_d, buf, BN_NIST_384_TOP); /*S3*/ nist_set_384(t_d,buf,20,19,18,17,16,15,14,13,12,23,22,21); - carry = bn_add_words(r_d, res, t_d, BN_NIST_384_TOP); - mask = 0-(size_t)bn_sub_words(c_d,r_d,_nist_p_384,BN_NIST_384_TOP); - mask = ~mask | (0-(size_t)carry); - res = (BN_ULONG *)(((size_t)c_d&mask) | ((size_t)r_d&~mask)); - + carry += (int)bn_add_words(r_d, r_d, t_d, BN_NIST_384_TOP); /*S4*/ nist_set_384(t_d,buf,19,18,17,16,15,14,13,12,20,0,23,0); - carry = bn_add_words(r_d, res, t_d, BN_NIST_384_TOP); - mask = 0-(size_t)bn_sub_words(c_d,r_d,_nist_p_384,BN_NIST_384_TOP); - mask = ~mask | (0-(size_t)carry); - res = (BN_ULONG *)(((size_t)c_d&mask) | ((size_t)r_d&~mask)); - + carry += (int)bn_add_words(r_d, r_d, t_d, BN_NIST_384_TOP); /*S5*/ nist_set_384(t_d, buf,0,0,0,0,23,22,21,20,0,0,0,0); - carry = bn_add_words(r_d, res, t_d, BN_NIST_384_TOP); - mask = 0-(size_t)bn_sub_words(c_d,r_d,_nist_p_384,BN_NIST_384_TOP); - mask = ~mask | (0-(size_t)carry); - res = (BN_ULONG *)(((size_t)c_d&mask) | ((size_t)r_d&~mask)); - + carry += (int)bn_add_words(r_d, r_d, t_d, BN_NIST_384_TOP); /*S6*/ nist_set_384(t_d,buf,0,0,0,0,0,0,23,22,21,0,0,20); - carry = bn_add_words(r_d, res, t_d, BN_NIST_384_TOP); - mask = 0-(size_t)bn_sub_words(c_d,r_d,_nist_p_384,BN_NIST_384_TOP); - mask = ~mask | (0-(size_t)carry); - res = (BN_ULONG *)(((size_t)c_d&mask) | ((size_t)r_d&~mask)); - + carry += (int)bn_add_words(r_d, r_d, t_d, BN_NIST_384_TOP); /*D1*/ nist_set_384(t_d,buf,22,21,20,19,18,17,16,15,14,13,12,23); -#if BRANCH_FREE - carry = bn_sub_words(r_d, res, t_d, BN_NIST_384_TOP); - bn_add_words(c_d,r_d,_nist_p_384,BN_NIST_384_TOP); - mask = 0-(size_t)carry; - res = (BN_ULONG *)(((size_t)c_d&mask) | ((size_t)r_d&~mask)); -#else - if (bn_sub_words(r_d, res, t_d, BN_NIST_384_TOP)) - bn_add_words(r_d,r_d,_nist_p_384,BN_NIST_384_TOP); -#endif + carry -= (int)bn_sub_words(r_d, r_d, t_d, BN_NIST_384_TOP); /*D2*/ nist_set_384(t_d,buf,0,0,0,0,0,0,0,23,22,21,20,0); -#if BRANCH_FREE - carry = bn_sub_words(r_d, res, t_d, BN_NIST_384_TOP); - bn_add_words(c_d,r_d,_nist_p_384,BN_NIST_384_TOP); - mask = 0-(size_t)carry; - res = (BN_ULONG *)(((size_t)c_d&mask) | ((size_t)r_d&~mask)); -#else - if (bn_sub_words(r_d, r_d, t_d, BN_NIST_384_TOP)) - bn_add_words(r_d,r_d,_nist_p_384,BN_NIST_384_TOP); -#endif + carry -= (int)bn_sub_words(r_d, r_d, t_d, BN_NIST_384_TOP); /*D3*/ nist_set_384(t_d,buf,0,0,0,0,0,0,0,23,23,0,0,0); -#if BRANCH_FREE - carry = bn_sub_words(r_d, res, t_d, BN_NIST_384_TOP); - bn_add_words(c_d,r_d,_nist_p_384,BN_NIST_384_TOP); - mask = 0-(size_t)carry; - res = (BN_ULONG *)(((size_t)c_d&mask) | ((size_t)r_d&~mask)); + carry -= (int)bn_sub_words(r_d, r_d, t_d, BN_NIST_384_TOP); + /* see BN_nist_mod_224 for explanation */ + u.f = bn_sub_words; + if (carry > 0) + carry = (int)bn_sub_words(r_d,r_d,_nist_p_384[carry-1],BN_NIST_384_TOP); + else if (carry < 0) + { + carry = (int)bn_add_words(r_d,r_d,_nist_p_384[-carry-1],BN_NIST_384_TOP); + mask = 0-(size_t)carry; + u.p = ((size_t)bn_sub_words&mask) | ((size_t)bn_add_words&~mask); + } + else + carry = 1; + + mask = 0-(size_t)(*u.f)(c_d,r_d,_nist_p_384[0],BN_NIST_384_TOP); + mask &= 0-(size_t)carry; + res = (BN_ULONG *)(((size_t)c_d&~mask) | ((size_t)r_d&mask)); nist_cp_bn(r_d, res, BN_NIST_384_TOP); -#else - if (bn_sub_words(r_d, r_d, t_d, BN_NIST_384_TOP)) - bn_add_words(r_d,r_d,_nist_p_384,BN_NIST_384_TOP); -#endif r->top = BN_NIST_384_TOP; bn_correct_top(r); - if (BN_ucmp(field, r) <= 0) - { - if (!BN_usub(r, r, field)) return 0; - } - return 1; -#else /* BN_BITS!=32 */ - return 0; -#endif } +#define BN_NIST_521_RSHIFT (521%BN_BITS2) +#define BN_NIST_521_LSHIFT (BN_BITS2-BN_NIST_521_RSHIFT) +#define BN_NIST_521_TOP_MASK ((BN_ULONG)BN_MASK2>>BN_NIST_521_LSHIFT) + int BN_nist_mod_521(BIGNUM *r, const BIGNUM *a, const BIGNUM *field, BN_CTX *ctx) { -#if BN_BITS2 == 64 -#define BN_NIST_521_TOP_MASK (BN_ULONG)0x1FF -#elif BN_BITS2 == 32 -#define BN_NIST_521_TOP_MASK (BN_ULONG)0x1FF -#endif - int top, ret = 0; - BIGNUM *tmp; + int top = a->top, i; + BN_ULONG *r_d, *a_d = a->d, + t_d[BN_NIST_521_TOP], + val,tmp,*res; + size_t mask; + static const BIGNUM _bignum_nist_p_521_sqr = { + (BN_ULONG *)_nist_p_521_sqr, + sizeof(_nist_p_521_sqr)/sizeof(_nist_p_521_sqr[0]), + sizeof(_nist_p_521_sqr)/sizeof(_nist_p_521_sqr[0]), + 0,BN_FLG_STATIC_DATA }; field = &_bignum_nist_p_521; /* just to make sure */ - if (BN_is_negative(a)) - return BN_nnmod(r, field, a, ctx); + if (BN_is_negative(a) || BN_ucmp(a,&_bignum_nist_p_521_sqr)>=0) + return BN_nnmod(r, a, field, ctx); - /* check whether a reduction is necessary */ - top = a->top; - if (top < BN_NIST_521_TOP || ( top == BN_NIST_521_TOP && - (!(a->d[BN_NIST_521_TOP-1] & ~(BN_NIST_521_TOP_MASK))))) + i = BN_ucmp(field, a); + if (i == 0) { - int i = BN_ucmp(field, a); - if (i == 0) - { - BN_zero(r); - return 1; - } - else - { -#ifdef BN_DEBUG - OPENSSL_assert(i > 0); /* because 'field' is 1111...1111 */ -#endif - return (r == a)? 1 : (BN_copy(r ,a) != NULL); - } + BN_zero(r); + return 1; } + else if (i > 0) + return (r == a)? 1 : (BN_copy(r ,a) != NULL); - if (BN_num_bits(a) > 2*521) - return BN_nnmod(r, field, a, ctx); - - BN_CTX_start(ctx); - tmp = BN_CTX_get(ctx); - if (!tmp) - goto err; - - if (!bn_wexpand(tmp, BN_NIST_521_TOP)) - goto err; - nist_cp_bn(tmp->d, a->d, BN_NIST_521_TOP); - - tmp->top = BN_NIST_521_TOP; - tmp->d[BN_NIST_521_TOP-1] &= BN_NIST_521_TOP_MASK; - bn_correct_top(tmp); - - if (!BN_rshift(r, a, 521)) - goto err; - - if (!BN_uadd(r, tmp, r)) - goto err; - - if (BN_ucmp(field, r) <= 0) + if (r != a) { - if (!BN_usub(r, r, field)) goto err; + if (!bn_wexpand(r,BN_NIST_521_TOP)) + return 0; + r_d = r->d; + nist_cp_bn(r_d,a_d, BN_NIST_521_TOP); } + else + r_d = a_d; - ret = 1; -err: - BN_CTX_end(ctx); + /* upper 521 bits, copy ... */ + nist_cp_bn_0(t_d,a_d + (BN_NIST_521_TOP-1), top - (BN_NIST_521_TOP-1),BN_NIST_521_TOP); + /* ... and right shift */ + for (val=t_d[0],i=0; i<BN_NIST_521_TOP-1; i++) + { + tmp = val>>BN_NIST_521_RSHIFT; + val = t_d[i+1]; + t_d[i] = (tmp | val<<BN_NIST_521_LSHIFT) & BN_MASK2; + } + t_d[i] = val>>BN_NIST_521_RSHIFT; + /* lower 521 bits */ + r_d[i] &= BN_NIST_521_TOP_MASK; + + bn_add_words(r_d,r_d,t_d,BN_NIST_521_TOP); + mask = 0-(size_t)bn_sub_words(t_d,r_d,_nist_p_521,BN_NIST_521_TOP); + res = (BN_ULONG *)(((size_t)t_d&~mask) | ((size_t)r_d&mask)); + nist_cp_bn(r_d,res,BN_NIST_521_TOP); + r->top = BN_NIST_521_TOP; + bn_correct_top(r); - bn_check_top(r); - return ret; + return 1; } diff --git a/lib/libcrypto/bn/bn_rand.c b/lib/libcrypto/bn/bn_rand.c index f51830b12ba..b376c28ff3f 100644 --- a/lib/libcrypto/bn/bn_rand.c +++ b/lib/libcrypto/bn/bn_rand.c @@ -227,7 +227,7 @@ int BN_bntest_rand(BIGNUM *rnd, int bits, int top, int bottom) /* random number r: 0 <= r < range */ -static int bn_rand_range(int pseudo, BIGNUM *r, BIGNUM *range) +static int bn_rand_range(int pseudo, BIGNUM *r, const BIGNUM *range) { int (*bn_rand)(BIGNUM *, int, int, int) = pseudo ? BN_pseudo_rand : BN_rand; int n; @@ -294,12 +294,12 @@ static int bn_rand_range(int pseudo, BIGNUM *r, BIGNUM *range) } -int BN_rand_range(BIGNUM *r, BIGNUM *range) +int BN_rand_range(BIGNUM *r, const BIGNUM *range) { return bn_rand_range(0, r, range); } -int BN_pseudo_rand_range(BIGNUM *r, BIGNUM *range) +int BN_pseudo_rand_range(BIGNUM *r, const BIGNUM *range) { return bn_rand_range(1, r, range); } diff --git a/lib/libcrypto/bn/bn_shift.c b/lib/libcrypto/bn/bn_shift.c index de9312dce23..c4d301afc46 100644 --- a/lib/libcrypto/bn/bn_shift.c +++ b/lib/libcrypto/bn/bn_shift.c @@ -177,7 +177,7 @@ int BN_rshift(BIGNUM *r, const BIGNUM *a, int n) nw=n/BN_BITS2; rb=n%BN_BITS2; lb=BN_BITS2-rb; - if (nw > a->top || a->top == 0) + if (nw >= a->top || a->top == 0) { BN_zero(r); return(1); diff --git a/lib/libcrypto/buffer/buffer.c b/lib/libcrypto/buffer/buffer.c index 3bf03c7eff0..b3e947771d5 100644 --- a/lib/libcrypto/buffer/buffer.c +++ b/lib/libcrypto/buffer/buffer.c @@ -161,61 +161,3 @@ int BUF_MEM_grow_clean(BUF_MEM *str, int len) } return(len); } - -char *BUF_strdup(const char *str) - { - if (str == NULL) return(NULL); - return BUF_strndup(str, strlen(str)); - } - -char *BUF_strndup(const char *str, size_t siz) - { - char *ret; - - if (str == NULL) return(NULL); - - ret=OPENSSL_malloc(siz+1); - if (ret == NULL) - { - BUFerr(BUF_F_BUF_STRNDUP,ERR_R_MALLOC_FAILURE); - return(NULL); - } - BUF_strlcpy(ret,str,siz+1); - return(ret); - } - -void *BUF_memdup(const void *data, size_t siz) - { - void *ret; - - if (data == NULL) return(NULL); - - ret=OPENSSL_malloc(siz); - if (ret == NULL) - { - BUFerr(BUF_F_BUF_MEMDUP,ERR_R_MALLOC_FAILURE); - return(NULL); - } - return memcpy(ret, data, siz); - } - -size_t BUF_strlcpy(char *dst, const char *src, size_t size) - { - size_t l = 0; - for(; size > 1 && *src; size--) - { - *dst++ = *src++; - l++; - } - if (size) - *dst = '\0'; - return l + strlen(src); - } - -size_t BUF_strlcat(char *dst, const char *src, size_t size) - { - size_t l = 0; - for(; size > 0 && *dst; size--, dst++) - l++; - return l + BUF_strlcpy(dst, src, size); - } diff --git a/lib/libcrypto/cast/c_skey.c b/lib/libcrypto/cast/c_skey.c index 76e40005c99..68e690a60c2 100644 --- a/lib/libcrypto/cast/c_skey.c +++ b/lib/libcrypto/cast/c_skey.c @@ -57,6 +57,11 @@ */ #include <openssl/cast.h> +#include <openssl/crypto.h> +#ifdef OPENSSL_FIPS +#include <openssl/fips.h> +#endif + #include "cast_lcl.h" #include "cast_s.h" @@ -72,7 +77,7 @@ #define S6 CAST_S_table6 #define S7 CAST_S_table7 -void CAST_set_key(CAST_KEY *key, int len, const unsigned char *data) +FIPS_NON_FIPS_VCIPHER_Init(CAST) { CAST_LONG x[16]; CAST_LONG z[16]; diff --git a/lib/libcrypto/cast/cast.h b/lib/libcrypto/cast/cast.h index 90b45b950aa..1faf5806aac 100644 --- a/lib/libcrypto/cast/cast.h +++ b/lib/libcrypto/cast/cast.h @@ -83,7 +83,9 @@ typedef struct cast_key_st int short_key; /* Use reduced rounds for short key */ } CAST_KEY; - +#ifdef OPENSSL_FIPS +void private_CAST_set_key(CAST_KEY *key, int len, const unsigned char *data); +#endif void CAST_set_key(CAST_KEY *key, int len, const unsigned char *data); void CAST_ecb_encrypt(const unsigned char *in,unsigned char *out,CAST_KEY *key, int enc); diff --git a/lib/libcrypto/cms/cms_smime.c b/lib/libcrypto/cms/cms_smime.c index b35d28d411a..b9463f9abbc 100644 --- a/lib/libcrypto/cms/cms_smime.c +++ b/lib/libcrypto/cms/cms_smime.c @@ -68,7 +68,10 @@ static int cms_copy_content(BIO *out, BIO *in, unsigned int flags) if (out == NULL) tmpout = BIO_new(BIO_s_null()); else if (flags & CMS_TEXT) + { tmpout = BIO_new(BIO_s_mem()); + BIO_set_mem_eof_return(tmpout, 0); + } else tmpout = out; diff --git a/lib/libcrypto/comp/c_zlib.c b/lib/libcrypto/comp/c_zlib.c index 0f34597e704..eccfd091378 100644 --- a/lib/libcrypto/comp/c_zlib.c +++ b/lib/libcrypto/comp/c_zlib.c @@ -727,6 +727,7 @@ static long bio_zlib_ctrl(BIO *b, int cmd, long num, void *ptr) case BIO_CTRL_RESET: ctx->ocount = 0; ctx->odone = 0; + ret = 1; break; case BIO_CTRL_FLUSH: @@ -771,7 +772,7 @@ static long bio_zlib_ctrl(BIO *b, int cmd, long num, void *ptr) } ctx->obufsize = obs; } - + ret = 1; break; case BIO_C_DO_STATE_MACHINE: @@ -783,7 +784,6 @@ static long bio_zlib_ctrl(BIO *b, int cmd, long num, void *ptr) default: ret = BIO_ctrl(b->next_bio, cmd, num, ptr); break; - } return ret; diff --git a/lib/libcrypto/conf/conf_mall.c b/lib/libcrypto/conf/conf_mall.c index 4ba40cf44cc..1cc1fd55345 100644 --- a/lib/libcrypto/conf/conf_mall.c +++ b/lib/libcrypto/conf/conf_mall.c @@ -1,5 +1,5 @@ /* conf_mall.c */ -/* Written by Stephen Henson (shenson@bigfoot.com) for the OpenSSL +/* Written by Stephen Henson (steve@openssl.org) for the OpenSSL * project 2001. */ /* ==================================================================== @@ -63,6 +63,7 @@ #include <openssl/dso.h> #include <openssl/x509.h> #include <openssl/asn1.h> +#include <openssl/evp.h> #ifndef OPENSSL_NO_ENGINE #include <openssl/engine.h> #endif @@ -76,5 +77,6 @@ void OPENSSL_load_builtin_modules(void) #ifndef OPENSSL_NO_ENGINE ENGINE_add_conf_module(); #endif + EVP_add_alg_module(); } diff --git a/lib/libcrypto/conf/conf_mod.c b/lib/libcrypto/conf/conf_mod.c index 58b23ba9928..e286378cb19 100644 --- a/lib/libcrypto/conf/conf_mod.c +++ b/lib/libcrypto/conf/conf_mod.c @@ -1,5 +1,5 @@ /* conf_mod.c */ -/* Written by Stephen Henson (shenson@bigfoot.com) for the OpenSSL +/* Written by Stephen Henson (steve@openssl.org) for the OpenSSL * project 2001. */ /* ==================================================================== diff --git a/lib/libcrypto/conf/conf_sap.c b/lib/libcrypto/conf/conf_sap.c index 9c53bac1a8c..760dc2632d3 100644 --- a/lib/libcrypto/conf/conf_sap.c +++ b/lib/libcrypto/conf/conf_sap.c @@ -1,5 +1,5 @@ /* conf_sap.c */ -/* Written by Stephen Henson (shenson@bigfoot.com) for the OpenSSL +/* Written by Stephen Henson (steve@openssl.org) for the OpenSSL * project 2001. */ /* ==================================================================== diff --git a/lib/libcrypto/cryptlib.c b/lib/libcrypto/cryptlib.c index 8c686238286..8f9e88e403d 100644 --- a/lib/libcrypto/cryptlib.c +++ b/lib/libcrypto/cryptlib.c @@ -121,275 +121,17 @@ static double SSLeay_MSVC5_hack=0.0; /* and for VC1.5 */ #endif -DECLARE_STACK_OF(CRYPTO_dynlock) -IMPLEMENT_STACK_OF(CRYPTO_dynlock) - -/* real #defines in crypto.h, keep these upto date */ -static const char* const lock_names[CRYPTO_NUM_LOCKS] = - { - "<<ERROR>>", - "err", - "ex_data", - "x509", - "x509_info", - "x509_pkey", - "x509_crl", - "x509_req", - "dsa", - "rsa", - "evp_pkey", - "x509_store", - "ssl_ctx", - "ssl_cert", - "ssl_session", - "ssl_sess_cert", - "ssl", - "ssl_method", - "rand", - "rand2", - "debug_malloc", - "BIO", - "gethostbyname", - "getservbyname", - "readdir", - "RSA_blinding", - "dh", - "debug_malloc2", - "dso", - "dynlock", - "engine", - "ui", - "ecdsa", - "ec", - "ecdh", - "bn", - "ec_pre_comp", - "store", - "comp", -#if CRYPTO_NUM_LOCKS != 39 -# error "Inconsistency between crypto.h and cryptlib.c" -#endif - }; - -/* This is for applications to allocate new type names in the non-dynamic - array of lock names. These are numbered with positive numbers. */ -static STACK *app_locks=NULL; - -/* For applications that want a more dynamic way of handling threads, the - following stack is used. These are externally numbered with negative - numbers. */ -static STACK_OF(CRYPTO_dynlock) *dyn_locks=NULL; - - static void (MS_FAR *locking_callback)(int mode,int type, const char *file,int line)=NULL; static int (MS_FAR *add_lock_callback)(int *pointer,int amount, int type,const char *file,int line)=NULL; static unsigned long (MS_FAR *id_callback)(void)=NULL; -static struct CRYPTO_dynlock_value *(MS_FAR *dynlock_create_callback) - (const char *file,int line)=NULL; -static void (MS_FAR *dynlock_lock_callback)(int mode, - struct CRYPTO_dynlock_value *l, const char *file,int line)=NULL; -static void (MS_FAR *dynlock_destroy_callback)(struct CRYPTO_dynlock_value *l, - const char *file,int line)=NULL; - -int CRYPTO_get_new_lockid(char *name) - { - char *str; - int i; - -#if defined(OPENSSL_SYS_WIN32) || defined(OPENSSL_SYS_WIN16) - /* A hack to make Visual C++ 5.0 work correctly when linking as - * a DLL using /MT. Without this, the application cannot use - * and floating point printf's. - * It also seems to be needed for Visual C 1.5 (win16) */ - SSLeay_MSVC5_hack=(double)name[0]*(double)name[1]; -#endif - - if ((app_locks == NULL) && ((app_locks=sk_new_null()) == NULL)) - { - CRYPTOerr(CRYPTO_F_CRYPTO_GET_NEW_LOCKID,ERR_R_MALLOC_FAILURE); - return(0); - } - if ((str=BUF_strdup(name)) == NULL) - { - CRYPTOerr(CRYPTO_F_CRYPTO_GET_NEW_LOCKID,ERR_R_MALLOC_FAILURE); - return(0); - } - i=sk_push(app_locks,str); - if (!i) - OPENSSL_free(str); - else - i+=CRYPTO_NUM_LOCKS; /* gap of one :-) */ - return(i); - } int CRYPTO_num_locks(void) { return CRYPTO_NUM_LOCKS; } -int CRYPTO_get_new_dynlockid(void) - { - int i = 0; - CRYPTO_dynlock *pointer = NULL; - - if (dynlock_create_callback == NULL) - { - CRYPTOerr(CRYPTO_F_CRYPTO_GET_NEW_DYNLOCKID,CRYPTO_R_NO_DYNLOCK_CREATE_CALLBACK); - return(0); - } - CRYPTO_w_lock(CRYPTO_LOCK_DYNLOCK); - if ((dyn_locks == NULL) - && ((dyn_locks=sk_CRYPTO_dynlock_new_null()) == NULL)) - { - CRYPTO_w_unlock(CRYPTO_LOCK_DYNLOCK); - CRYPTOerr(CRYPTO_F_CRYPTO_GET_NEW_DYNLOCKID,ERR_R_MALLOC_FAILURE); - return(0); - } - CRYPTO_w_unlock(CRYPTO_LOCK_DYNLOCK); - - pointer = (CRYPTO_dynlock *)OPENSSL_malloc(sizeof(CRYPTO_dynlock)); - if (pointer == NULL) - { - CRYPTOerr(CRYPTO_F_CRYPTO_GET_NEW_DYNLOCKID,ERR_R_MALLOC_FAILURE); - return(0); - } - pointer->references = 1; - pointer->data = dynlock_create_callback(__FILE__,__LINE__); - if (pointer->data == NULL) - { - OPENSSL_free(pointer); - CRYPTOerr(CRYPTO_F_CRYPTO_GET_NEW_DYNLOCKID,ERR_R_MALLOC_FAILURE); - return(0); - } - - CRYPTO_w_lock(CRYPTO_LOCK_DYNLOCK); - /* First, try to find an existing empty slot */ - i=sk_CRYPTO_dynlock_find(dyn_locks,NULL); - /* If there was none, push, thereby creating a new one */ - if (i == -1) - /* Since sk_push() returns the number of items on the - stack, not the location of the pushed item, we need - to transform the returned number into a position, - by decreasing it. */ - i=sk_CRYPTO_dynlock_push(dyn_locks,pointer) - 1; - else - /* If we found a place with a NULL pointer, put our pointer - in it. */ - (void)sk_CRYPTO_dynlock_set(dyn_locks,i,pointer); - CRYPTO_w_unlock(CRYPTO_LOCK_DYNLOCK); - - if (i == -1) - { - dynlock_destroy_callback(pointer->data,__FILE__,__LINE__); - OPENSSL_free(pointer); - } - else - i += 1; /* to avoid 0 */ - return -i; - } - -void CRYPTO_destroy_dynlockid(int i) - { - CRYPTO_dynlock *pointer = NULL; - if (i) - i = -i-1; - if (dynlock_destroy_callback == NULL) - return; - - CRYPTO_w_lock(CRYPTO_LOCK_DYNLOCK); - - if (dyn_locks == NULL || i >= sk_CRYPTO_dynlock_num(dyn_locks)) - { - CRYPTO_w_unlock(CRYPTO_LOCK_DYNLOCK); - return; - } - pointer = sk_CRYPTO_dynlock_value(dyn_locks, i); - if (pointer != NULL) - { - --pointer->references; -#ifdef REF_CHECK - if (pointer->references < 0) - { - fprintf(stderr,"CRYPTO_destroy_dynlockid, bad reference count\n"); - abort(); - } - else -#endif - if (pointer->references <= 0) - { - (void)sk_CRYPTO_dynlock_set(dyn_locks, i, NULL); - } - else - pointer = NULL; - } - CRYPTO_w_unlock(CRYPTO_LOCK_DYNLOCK); - - if (pointer) - { - dynlock_destroy_callback(pointer->data,__FILE__,__LINE__); - OPENSSL_free(pointer); - } - } - -struct CRYPTO_dynlock_value *CRYPTO_get_dynlock_value(int i) - { - CRYPTO_dynlock *pointer = NULL; - if (i) - i = -i-1; - - CRYPTO_w_lock(CRYPTO_LOCK_DYNLOCK); - - if (dyn_locks != NULL && i < sk_CRYPTO_dynlock_num(dyn_locks)) - pointer = sk_CRYPTO_dynlock_value(dyn_locks, i); - if (pointer) - pointer->references++; - - CRYPTO_w_unlock(CRYPTO_LOCK_DYNLOCK); - - if (pointer) - return pointer->data; - return NULL; - } - -struct CRYPTO_dynlock_value *(*CRYPTO_get_dynlock_create_callback(void)) - (const char *file,int line) - { - return(dynlock_create_callback); - } - -void (*CRYPTO_get_dynlock_lock_callback(void))(int mode, - struct CRYPTO_dynlock_value *l, const char *file,int line) - { - return(dynlock_lock_callback); - } - -void (*CRYPTO_get_dynlock_destroy_callback(void)) - (struct CRYPTO_dynlock_value *l, const char *file,int line) - { - return(dynlock_destroy_callback); - } - -void CRYPTO_set_dynlock_create_callback(struct CRYPTO_dynlock_value *(*func) - (const char *file, int line)) - { - dynlock_create_callback=func; - } - -void CRYPTO_set_dynlock_lock_callback(void (*func)(int mode, - struct CRYPTO_dynlock_value *l, const char *file, int line)) - { - dynlock_lock_callback=func; - } - -void CRYPTO_set_dynlock_destroy_callback(void (*func) - (struct CRYPTO_dynlock_value *l, const char *file, int line)) - { - dynlock_destroy_callback=func; - } - - void (*CRYPTO_get_locking_callback(void))(int mode,int type,const char *file, int line) { @@ -445,6 +187,14 @@ unsigned long CRYPTO_thread_id(void) return(ret); } +static void (*do_dynlock_cb)(int mode, int type, const char *file, int line); + +void int_CRYPTO_set_do_dynlock_callback( + void (*dyn_cb)(int mode, int type, const char *file, int line)) + { + do_dynlock_cb = dyn_cb; + } + void CRYPTO_lock(int mode, int type, const char *file, int line) { #ifdef LOCK_DEBUG @@ -472,17 +222,8 @@ void CRYPTO_lock(int mode, int type, const char *file, int line) #endif if (type < 0) { - if (dynlock_lock_callback != NULL) - { - struct CRYPTO_dynlock_value *pointer - = CRYPTO_get_dynlock_value(type); - - OPENSSL_assert(pointer != NULL); - - dynlock_lock_callback(mode, pointer, file, line); - - CRYPTO_destroy_dynlockid(type); - } + if (do_dynlock_cb) + do_dynlock_cb(mode, type, file, line); } else if (locking_callback != NULL) @@ -527,21 +268,9 @@ int CRYPTO_add_lock(int *pointer, int amount, int type, const char *file, return(ret); } -const char *CRYPTO_get_lock_name(int type) - { - if (type < 0) - return("dynamic"); - else if (type < CRYPTO_NUM_LOCKS) - return(lock_names[type]); - else if (type-CRYPTO_NUM_LOCKS > sk_num(app_locks)) - return("ERROR"); - else - return(sk_value(app_locks,type-CRYPTO_NUM_LOCKS)); - } - #if defined(__i386) || defined(__i386__) || defined(_M_IX86) || \ defined(__INTEL__) || \ - defined(__x86_64) || defined(__x86_64__) || defined(_M_AMD64) + defined(__x86_64) || defined(__x86_64__) || defined(_M_AMD64) || defined(_M_X64) unsigned long OPENSSL_ia32cap_P=0; unsigned long *OPENSSL_ia32cap_loc(void) { return &OPENSSL_ia32cap_P; } @@ -577,6 +306,62 @@ void OPENSSL_cpuid_setup(void) {} #endif #if (defined(_WIN32) || defined(__CYGWIN__)) && defined(_WINDLL) + +#ifdef OPENSSL_FIPS + +#include <tlhelp32.h> +#if defined(__GNUC__) && __GNUC__>=2 +static int DllInit(void) __attribute__((constructor)); +#elif defined(_MSC_VER) +static int DllInit(void); +# ifdef _WIN64 +# pragma section(".CRT$XCU",read) + __declspec(allocate(".CRT$XCU")) +# else +# pragma data_seg(".CRT$XCU") +# endif + static int (*p)(void) = DllInit; +# pragma data_seg() +#endif + +static int DllInit(void) +{ +#if defined(_WIN32_WINNT) + union { int(*f)(void); BYTE *p; } t = { DllInit }; + HANDLE hModuleSnap = INVALID_HANDLE_VALUE; + IMAGE_DOS_HEADER *dos_header; + IMAGE_NT_HEADERS *nt_headers; + MODULEENTRY32 me32 = {sizeof(me32)}; + + hModuleSnap = CreateToolhelp32Snapshot(TH32CS_SNAPMODULE,0); + if (hModuleSnap != INVALID_HANDLE_VALUE && + Module32First(hModuleSnap,&me32)) do + { + if (t.p >= me32.modBaseAddr && + t.p < me32.modBaseAddr+me32.modBaseSize) + { + dos_header=(IMAGE_DOS_HEADER *)me32.modBaseAddr; + if (dos_header->e_magic==IMAGE_DOS_SIGNATURE) + { + nt_headers=(IMAGE_NT_HEADERS *) + ((BYTE *)dos_header+dos_header->e_lfanew); + if (nt_headers->Signature==IMAGE_NT_SIGNATURE && + me32.modBaseAddr!=(BYTE*)nt_headers->OptionalHeader.ImageBase) + OPENSSL_NONPIC_relocated=1; + } + break; + } + } while (Module32Next(hModuleSnap,&me32)); + + if (hModuleSnap != INVALID_HANDLE_VALUE) + CloseHandle(hModuleSnap); +#endif + OPENSSL_cpuid_setup(); + return 0; +} + +#else + #ifdef __CYGWIN__ /* pick DLL_[PROCESS|THREAD]_[ATTACH|DETACH] definitions */ #include <windows.h> @@ -620,6 +405,8 @@ BOOL WINAPI DllMain(HINSTANCE hinstDLL, DWORD fdwReason, } #endif +#endif + #if defined(_WIN32) && !defined(__CYGWIN__) #include <tchar.h> diff --git a/lib/libcrypto/crypto-lib.com b/lib/libcrypto/crypto-lib.com index 8898f30c1f7..db9c882fb08 100644 --- a/lib/libcrypto/crypto-lib.com +++ b/lib/libcrypto/crypto-lib.com @@ -83,7 +83,7 @@ $ ENCRYPT_TYPES = "Basic,"+ - "BUFFER,BIO,STACK,LHASH,RAND,ERR,"+ - "EVP,EVP_2,ASN1,ASN1_2,PEM,X509,X509V3,"+ - "CONF,TXT_DB,PKCS7,PKCS12,COMP,OCSP,UI,KRB5,"+ - - "STORE,CMS,PQUEUE" + "STORE,CMS,PQUEUE,JPAKE" $! $! Check To Make Sure We Have Valid Command Line Parameters. $! @@ -161,7 +161,7 @@ $! $ APPS_DES = "DES/DES,CBC3_ENC" $ APPS_PKCS7 = "ENC/ENC;DEC/DEC;SIGN/SIGN;VERIFY/VERIFY,EXAMPLE" $ -$ LIB_ = "cryptlib,mem,mem_clr,mem_dbg,cversion,ex_data,tmdiff,cpt_err,ebcdic,uid,o_time,o_str,o_dir" +$ LIB_ = "cryptlib,dyn_lck,mem,mem_clr,mem_dbg,cversion,ex_data,tmdiff,cpt_err,ebcdic,uid,o_time,o_str,o_dir,o_init,fips_err" $ LIB_MD2 = "md2_dgst,md2_one" $ LIB_MD4 = "md4_dgst,md4_one" $ LIB_MD5 = "md5_dgst,md5_one" @@ -197,9 +197,9 @@ $ LIB_EC = "ec_lib,ecp_smpl,ecp_mont,ecp_nist,ec_cvt,ec_mult,"+ - "ec2_smpl,ec2_mult" $ LIB_RSA = "rsa_eay,rsa_gen,rsa_lib,rsa_sign,rsa_saos,rsa_err,"+ - "rsa_pk1,rsa_ssl,rsa_none,rsa_oaep,rsa_chk,rsa_null,"+ - - "rsa_pss,rsa_x931,rsa_asn1,rsa_depr" + "rsa_pss,rsa_x931,rsa_x931g,rsa_asn1,rsa_depr,rsa_eng" $ LIB_DSA = "dsa_gen,dsa_key,dsa_lib,dsa_asn1,dsa_vrf,dsa_sign,"+ - - "dsa_err,dsa_ossl,dsa_depr" + "dsa_err,dsa_ossl,dsa_depr,dsa_utl" $ LIB_ECDSA = "ecs_lib,ecs_asn1,ecs_ossl,ecs_sign,ecs_vrf,ecs_err" $ LIB_DH = "dh_asn1,dh_gen,dh_key,dh_lib,dh_check,dh_err,dh_depr" $ LIB_ECDH = "ech_lib,ech_ossl,ech_key,ech_err" @@ -211,8 +211,8 @@ $ LIB_ENGINE = "eng_err,eng_lib,eng_list,eng_init,eng_ctrl,"+ - "tb_cipher,tb_digest,"+ - "eng_openssl,eng_dyn,eng_cnf,eng_cryptodev,eng_padlock" $ LIB_AES = "aes_core,aes_misc,aes_ecb,aes_cbc,aes_cfb,aes_ofb,"+ - - "aes_ctr,aes_ige,aes_wrap" -$ LIB_BUFFER = "buffer,buf_err" + "aes_ctr,aes_ige" +$ LIB_BUFFER = "buffer,buf_str,buf_err" $ LIB_BIO = "bio_lib,bio_cb,bio_err,"+ - "bss_mem,bss_null,bss_fd,"+ - "bss_file,bss_sock,bss_conn,"+ - @@ -224,18 +224,19 @@ $ LIB_STACK = "stack" $ LIB_LHASH = "lhash,lh_stats" $ LIB_RAND = "md_rand,randfile,rand_lib,rand_err,rand_egd,"+ - "rand_vms" -$ LIB_ERR = "err,err_all,err_prn" +$ LIB_ERR = "err,err_def,err_all,err_prn,err_str,err_bio" $ LIB_OBJECTS = "o_names,obj_dat,obj_lib,obj_err" -$ LIB_EVP = "encode,digest,evp_enc,evp_key,evp_acnf,"+ - - "e_des,e_bf,e_idea,e_des3,e_camellia,e_seed,"+ - - "e_rc4,e_aes,names,"+ - - "e_xcbc_d,e_rc2,e_cast,e_rc5" +$ LIB_EVP = "encode,digest,dig_eng,evp_enc,evp_key,evp_acnf,evp_cnf,"+ - + "e_des,e_bf,e_idea,e_des3,e_camellia,"+ - + "e_rc4,e_aes,names,e_seed,"+ - + "e_xcbc_d,e_rc2,e_cast,e_rc5,enc_min" $ LIB_EVP_2 = "m_null,m_md2,m_md4,m_md5,m_sha,m_sha1," + - "m_dss,m_dss1,m_mdc2,m_ripemd,m_ecdsa,"+ - "p_open,p_seal,p_sign,p_verify,p_lib,p_enc,p_dec,"+ - "bio_md,bio_b64,bio_enc,evp_err,e_null,"+ - "c_all,c_allc,c_alld,evp_lib,bio_ok,"+- "evp_pkey,evp_pbe,p5_crpt,p5_crpt2" +$ LIB_EVP_3 = "e_old" $ LIB_ASN1 = "a_object,a_bitstr,a_utctm,a_gentm,a_time,a_int,a_octet,"+ - "a_print,a_type,a_set,a_dup,a_d2i_fp,a_i2d_fp,"+ - "a_enum,a_utf8,a_sign,a_digest,a_verify,a_mbstr,a_strex,"+ - @@ -245,7 +246,7 @@ $ LIB_ASN1 = "a_object,a_bitstr,a_utctm,a_gentm,a_time,a_int,a_octet,"+ - $ LIB_ASN1_2 = "t_req,t_x509,t_x509a,t_crl,t_pkey,t_spki,t_bitst,"+ - "tasn_new,tasn_fre,tasn_enc,tasn_dec,tasn_utl,tasn_typ,"+ - "f_int,f_string,n_pkey,"+ - - "f_enum,a_hdr,x_pkey,a_bool,x_exten,asn_mime,"+ - + "f_enum,a_hdr,x_pkey,a_bool,x_exten,"+ - "asn1_gen,asn1_par,asn1_lib,asn1_err,a_meth,a_bytes,a_strnid,"+ - "evp_asn1,asn_pack,p5_pbe,p5_pbev2,p8_pkey,asn_moid" $ LIB_PEM = "pem_sign,pem_seal,pem_info,pem_lib,pem_all,pem_err,"+ - @@ -280,6 +281,7 @@ $ LIB_STORE = "str_err,str_lib,str_meth,str_mem" $ LIB_CMS = "cms_lib,cms_asn1,cms_att,cms_io,cms_smime,cms_err,"+ - "cms_sd,cms_dd,cms_cd,cms_env,cms_enc,cms_ess" $ LIB_PQUEUE = "pqueue" +$ LIB_JPAKE = "jpake,jpake_err" $! $! Setup exceptional compilations $! diff --git a/lib/libcrypto/crypto.h b/lib/libcrypto/crypto.h index fe2c1d64034..0e4fb0723ce 100644 --- a/lib/libcrypto/crypto.h +++ b/lib/libcrypto/crypto.h @@ -219,7 +219,13 @@ typedef struct openssl_item_st #define CRYPTO_LOCK_EC_PRE_COMP 36 #define CRYPTO_LOCK_STORE 37 #define CRYPTO_LOCK_COMP 38 +#ifndef OPENSSL_FIPS #define CRYPTO_NUM_LOCKS 39 +#else +#define CRYPTO_LOCK_FIPS 39 +#define CRYPTO_LOCK_FIPS2 40 +#define CRYPTO_NUM_LOCKS 41 +#endif #define CRYPTO_LOCK 1 #define CRYPTO_UNLOCK 2 @@ -341,14 +347,7 @@ DECLARE_STACK_OF(CRYPTO_EX_DATA_FUNCS) /* Set standard debugging functions (not done by default * unless CRYPTO_MDEBUG is defined) */ -#define CRYPTO_malloc_debug_init() do {\ - CRYPTO_set_mem_debug_functions(\ - CRYPTO_dbg_malloc,\ - CRYPTO_dbg_realloc,\ - CRYPTO_dbg_free,\ - CRYPTO_dbg_set_options,\ - CRYPTO_dbg_get_options);\ - } while(0) +void CRYPTO_malloc_debug_init(void); int CRYPTO_mem_ctrl(int mode); int CRYPTO_is_mem_check_on(void); @@ -363,6 +362,7 @@ int CRYPTO_is_mem_check_on(void); #define is_MemCheck_on() CRYPTO_is_mem_check_on() #define OPENSSL_malloc(num) CRYPTO_malloc((int)num,__FILE__,__LINE__) +#define OPENSSL_strdup(str) CRYPTO_strdup((str),__FILE__,__LINE__) #define OPENSSL_realloc(addr,num) \ CRYPTO_realloc((char *)addr,(int)num,__FILE__,__LINE__) #define OPENSSL_realloc_clean(addr,old_num,num) \ @@ -427,6 +427,9 @@ const char *CRYPTO_get_lock_name(int type); int CRYPTO_add_lock(int *pointer,int amount,int type, const char *file, int line); +void int_CRYPTO_set_do_dynlock_callback( + void (*do_dynlock_cb)(int mode, int type, const char *file, int line)); + int CRYPTO_get_new_dynlockid(void); void CRYPTO_destroy_dynlockid(int i); struct CRYPTO_dynlock_value *CRYPTO_get_dynlock_value(int i); @@ -451,6 +454,10 @@ int CRYPTO_set_mem_debug_functions(void (*m)(void *,int,const char *,int,int), void (*f)(void *,int), void (*so)(long), long (*go)(void)); +void CRYPTO_set_mem_info_functions( + int (*push_info_fn)(const char *info, const char *file, int line), + int (*pop_info_fn)(void), + int (*remove_all_info_fn)(void)); void CRYPTO_get_mem_functions(void *(**m)(size_t),void *(**r)(void *, size_t), void (**f)(void *)); void CRYPTO_get_locked_mem_functions(void *(**m)(size_t), void (**f)(void *)); void CRYPTO_get_mem_ex_functions(void *(**m)(size_t,const char *,int), @@ -467,6 +474,7 @@ void CRYPTO_get_mem_debug_functions(void (**m)(void *,int,const char *,int,int), void *CRYPTO_malloc_locked(int num, const char *file, int line); void CRYPTO_free_locked(void *); void *CRYPTO_malloc(int num, const char *file, int line); +char *CRYPTO_strdup(const char *str, const char *file, int line); void CRYPTO_free(void *); void *CRYPTO_realloc(void *addr,int num, const char *file, int line); void *CRYPTO_realloc_clean(void *addr,int old_num,int num,const char *file, @@ -506,6 +514,9 @@ void CRYPTO_dbg_free(void *addr,int before_p); void CRYPTO_dbg_set_options(long bits); long CRYPTO_dbg_get_options(void); +int CRYPTO_dbg_push_info(const char *info, const char *file, int line); +int CRYPTO_dbg_pop_info(void); +int CRYPTO_dbg_remove_all_info(void); #ifndef OPENSSL_NO_FP_API void CRYPTO_mem_leaks_fp(FILE *); @@ -523,12 +534,69 @@ unsigned long *OPENSSL_ia32cap_loc(void); #define OPENSSL_ia32cap (*(OPENSSL_ia32cap_loc())) int OPENSSL_isservice(void); +#ifdef OPENSSL_FIPS +#define FIPS_ERROR_IGNORED(alg) OpenSSLDie(__FILE__, __LINE__, \ + alg " previous FIPS forbidden algorithm error ignored"); + +#define FIPS_BAD_ABORT(alg) OpenSSLDie(__FILE__, __LINE__, \ + #alg " Algorithm forbidden in FIPS mode"); + +#ifdef OPENSSL_FIPS_STRICT +#define FIPS_BAD_ALGORITHM(alg) FIPS_BAD_ABORT(alg) +#else +#define FIPS_BAD_ALGORITHM(alg) \ + { \ + FIPSerr(FIPS_F_HASH_FINAL,FIPS_R_NON_FIPS_METHOD); \ + ERR_add_error_data(2, "Algorithm=", #alg); \ + return 0; \ + } +#endif + +/* Low level digest API blocking macro */ + +#define FIPS_NON_FIPS_MD_Init(alg) \ + int alg##_Init(alg##_CTX *c) \ + { \ + if (FIPS_mode()) \ + FIPS_BAD_ALGORITHM(alg) \ + return private_##alg##_Init(c); \ + } \ + int private_##alg##_Init(alg##_CTX *c) + +/* For ciphers the API often varies from cipher to cipher and each needs to + * be treated as a special case. Variable key length ciphers (Blowfish, RC4, + * CAST) however are very similar and can use a blocking macro. + */ + +#define FIPS_NON_FIPS_VCIPHER_Init(alg) \ + void alg##_set_key(alg##_KEY *key, int len, const unsigned char *data) \ + { \ + if (FIPS_mode()) \ + FIPS_BAD_ABORT(alg) \ + private_##alg##_set_key(key, len, data); \ + } \ + void private_##alg##_set_key(alg##_KEY *key, int len, \ + const unsigned char *data) + +#else + +#define FIPS_NON_FIPS_VCIPHER_Init(alg) \ + void alg##_set_key(alg##_KEY *key, int len, const unsigned char *data) + +#define FIPS_NON_FIPS_MD_Init(alg) \ + int alg##_Init(alg##_CTX *c) + +#endif /* def OPENSSL_FIPS */ + /* BEGIN ERROR CODES */ /* The following lines are auto generated by the script mkerr.pl. Any changes * made after this point may be overwritten when the script is next run. */ void ERR_load_CRYPTO_strings(void); +#define OPENSSL_HAVE_INIT 1 +void OPENSSL_init(void); + /* Error codes for the CRYPTO functions. */ /* Function codes. */ diff --git a/lib/libcrypto/des/des_enc.c b/lib/libcrypto/des/des_enc.c index 0fe4e0b2adc..22701e06693 100644 --- a/lib/libcrypto/des/des_enc.c +++ b/lib/libcrypto/des/des_enc.c @@ -293,6 +293,8 @@ void DES_decrypt3(DES_LONG *data, DES_key_schedule *ks1, #ifndef DES_DEFAULT_OPTIONS +#if !defined(OPENSSL_FIPS_DES_ASM) + #undef CBC_ENC_C__DONT_UPDATE_IV #include "ncbc_enc.c" /* DES_ncbc_encrypt */ @@ -408,4 +410,6 @@ void DES_ede3_cbc_encrypt(const unsigned char *input, unsigned char *output, tin[0]=tin[1]=0; } +#endif + #endif /* DES_DEFAULT_OPTIONS */ diff --git a/lib/libcrypto/des/ecb_enc.c b/lib/libcrypto/des/ecb_enc.c index 00d5b91e8ca..75ae6cf8bb6 100644 --- a/lib/libcrypto/des/ecb_enc.c +++ b/lib/libcrypto/des/ecb_enc.c @@ -57,54 +57,7 @@ */ #include "des_locl.h" -#include "des_ver.h" #include "spr.h" -#include <openssl/opensslv.h> -#include <openssl/bio.h> - -OPENSSL_GLOBAL const char libdes_version[]="libdes" OPENSSL_VERSION_PTEXT; -OPENSSL_GLOBAL const char DES_version[]="DES" OPENSSL_VERSION_PTEXT; - -const char *DES_options(void) - { - static int init=1; - static char buf[32]; - - if (init) - { - const char *ptr,*unroll,*risc,*size; - -#ifdef DES_PTR - ptr="ptr"; -#else - ptr="idx"; -#endif -#if defined(DES_RISC1) || defined(DES_RISC2) -#ifdef DES_RISC1 - risc="risc1"; -#endif -#ifdef DES_RISC2 - risc="risc2"; -#endif -#else - risc="cisc"; -#endif -#ifdef DES_UNROLL - unroll="16"; -#else - unroll="4"; -#endif - if (sizeof(DES_LONG) != sizeof(long)) - size="int"; - else - size="long"; - BIO_snprintf(buf,sizeof buf,"des(%s,%s,%s,%s)",ptr,risc,unroll, - size); - init=0; - } - return(buf); - } - void DES_ecb_encrypt(const_DES_cblock *input, DES_cblock *output, DES_key_schedule *ks, int enc) diff --git a/lib/libcrypto/des/enc_read.c b/lib/libcrypto/des/enc_read.c index c70fb686b8b..e7da2ec66b0 100644 --- a/lib/libcrypto/des/enc_read.c +++ b/lib/libcrypto/des/enc_read.c @@ -147,7 +147,11 @@ int DES_enc_read(int fd, void *buf, int len, DES_key_schedule *sched, /* first - get the length */ while (net_num < HDRSIZE) { +#ifndef _WIN32 i=read(fd,(void *)&(net[net_num]),HDRSIZE-net_num); +#else + i=_read(fd,(void *)&(net[net_num]),HDRSIZE-net_num); +#endif #ifdef EINTR if ((i == -1) && (errno == EINTR)) continue; #endif diff --git a/lib/libcrypto/des/enc_writ.c b/lib/libcrypto/des/enc_writ.c index af5b8c2349b..c2f032c9a6a 100644 --- a/lib/libcrypto/des/enc_writ.c +++ b/lib/libcrypto/des/enc_writ.c @@ -153,7 +153,11 @@ int DES_enc_write(int fd, const void *_buf, int len, { /* eay 26/08/92 I was not doing writing from where we * got up to. */ +#ifndef _WIN32 i=write(fd,(void *)&(outbuf[j]),outnum-j); +#else + i=_write(fd,(void *)&(outbuf[j]),outnum-j); +#endif if (i == -1) { #ifdef EINTR diff --git a/lib/libcrypto/des/set_key.c b/lib/libcrypto/des/set_key.c index a43ef3c8818..c0806d593c1 100644 --- a/lib/libcrypto/des/set_key.c +++ b/lib/libcrypto/des/set_key.c @@ -64,6 +64,10 @@ * 1.0 First working version */ #include "des_locl.h" +#ifdef OPENSSL_FIPS +#include <openssl/fips.h> +#endif + OPENSSL_IMPLEMENT_GLOBAL(int,DES_check_key); /* defaults to false */ @@ -349,6 +353,10 @@ void DES_set_key_unchecked(const_DES_cblock *key, DES_key_schedule *schedule) k = &schedule->ks->deslong[0]; in = &(*key)[0]; +#ifdef OPENSSL_FIPS + FIPS_selftest_check(); +#endif + c2l(in,c); c2l(in,d); @@ -405,3 +413,4 @@ void des_fixup_key_parity(des_cblock *key) des_set_odd_parity(key); } */ + diff --git a/lib/libcrypto/dh/Makefile b/lib/libcrypto/dh/Makefile index 950cad9c5ba..d01fa960ebc 100644 --- a/lib/libcrypto/dh/Makefile +++ b/lib/libcrypto/dh/Makefile @@ -33,7 +33,7 @@ top: all: lib lib: $(LIBOBJ) - $(AR) $(LIB) $(LIBOBJ) + $(ARX) $(LIB) $(LIBOBJ) $(RANLIB) $(LIB) || echo Never mind. @touch lib @@ -129,11 +129,11 @@ dh_lib.o: ../../include/openssl/crypto.h ../../include/openssl/dh.h dh_lib.o: ../../include/openssl/e_os2.h ../../include/openssl/ec.h dh_lib.o: ../../include/openssl/ecdh.h ../../include/openssl/ecdsa.h dh_lib.o: ../../include/openssl/engine.h ../../include/openssl/err.h -dh_lib.o: ../../include/openssl/evp.h ../../include/openssl/lhash.h -dh_lib.o: ../../include/openssl/obj_mac.h ../../include/openssl/objects.h -dh_lib.o: ../../include/openssl/opensslconf.h ../../include/openssl/opensslv.h -dh_lib.o: ../../include/openssl/ossl_typ.h ../../include/openssl/pkcs7.h -dh_lib.o: ../../include/openssl/safestack.h ../../include/openssl/sha.h -dh_lib.o: ../../include/openssl/stack.h ../../include/openssl/symhacks.h -dh_lib.o: ../../include/openssl/x509.h ../../include/openssl/x509_vfy.h -dh_lib.o: ../cryptlib.h dh_lib.c +dh_lib.o: ../../include/openssl/evp.h ../../include/openssl/fips.h +dh_lib.o: ../../include/openssl/lhash.h ../../include/openssl/obj_mac.h +dh_lib.o: ../../include/openssl/objects.h ../../include/openssl/opensslconf.h +dh_lib.o: ../../include/openssl/opensslv.h ../../include/openssl/ossl_typ.h +dh_lib.o: ../../include/openssl/pkcs7.h ../../include/openssl/safestack.h +dh_lib.o: ../../include/openssl/sha.h ../../include/openssl/stack.h +dh_lib.o: ../../include/openssl/symhacks.h ../../include/openssl/x509.h +dh_lib.o: ../../include/openssl/x509_vfy.h ../cryptlib.h dh_lib.c diff --git a/lib/libcrypto/dh/dh.h b/lib/libcrypto/dh/dh.h index 0afabc7dd32..0a39742773c 100644 --- a/lib/libcrypto/dh/dh.h +++ b/lib/libcrypto/dh/dh.h @@ -77,6 +77,8 @@ # define OPENSSL_DH_MAX_MODULUS_BITS 10000 #endif +#define OPENSSL_DH_FIPS_MIN_MODULUS_BITS 1024 + #define DH_FLAG_CACHE_MONT_P 0x01 #define DH_FLAG_NO_EXP_CONSTTIME 0x02 /* new with 0.9.7h; the built-in DH * implementation now uses constant time @@ -167,6 +169,11 @@ struct dh_st const DH_METHOD *DH_OpenSSL(void); +#ifdef OPENSSL_FIPS +DH * FIPS_dh_new(void); +void FIPS_dh_free(DH *dh); +#endif + void DH_set_default_method(const DH_METHOD *meth); const DH_METHOD *DH_get_default_method(void); int DH_set_method(DH *dh, const DH_METHOD *meth); @@ -218,6 +225,9 @@ void ERR_load_DH_strings(void); #define DH_F_DHPARAMS_PRINT 100 #define DH_F_DHPARAMS_PRINT_FP 101 #define DH_F_DH_BUILTIN_GENPARAMS 106 +#define DH_F_DH_COMPUTE_KEY 107 +#define DH_F_DH_GENERATE_KEY 108 +#define DH_F_DH_GENERATE_PARAMETERS 109 #define DH_F_DH_NEW_METHOD 105 #define DH_F_GENERATE_KEY 103 #define DH_F_GENERATE_PARAMETERS 104 @@ -225,6 +235,7 @@ void ERR_load_DH_strings(void); /* Reason codes. */ #define DH_R_BAD_GENERATOR 101 #define DH_R_INVALID_PUBKEY 102 +#define DH_R_KEY_SIZE_TOO_SMALL 104 #define DH_R_MODULUS_TOO_LARGE 103 #define DH_R_NO_PRIVATE_VALUE 100 #define DH_R_INVALID_PUBKEY 102 diff --git a/lib/libcrypto/dh/dh_asn1.c b/lib/libcrypto/dh/dh_asn1.c index 769b5b68c53..76740af2bd1 100644 --- a/lib/libcrypto/dh/dh_asn1.c +++ b/lib/libcrypto/dh/dh_asn1.c @@ -1,5 +1,5 @@ /* dh_asn1.c */ -/* Written by Dr Stephen N Henson (shenson@bigfoot.com) for the OpenSSL +/* Written by Dr Stephen N Henson (steve@openssl.org) for the OpenSSL * project 2000. */ /* ==================================================================== diff --git a/lib/libcrypto/dh/dh_check.c b/lib/libcrypto/dh/dh_check.c index b8469130045..316cb9221df 100644 --- a/lib/libcrypto/dh/dh_check.c +++ b/lib/libcrypto/dh/dh_check.c @@ -70,6 +70,8 @@ * should hold. */ +#ifndef OPENSSL_FIPS + int DH_check(const DH *dh, int *ret) { int ok=0; @@ -140,3 +142,5 @@ err: if (q != NULL) BN_free(q); return(ok); } + +#endif diff --git a/lib/libcrypto/dh/dh_err.c b/lib/libcrypto/dh/dh_err.c index b2361c73898..b364362fcae 100644 --- a/lib/libcrypto/dh/dh_err.c +++ b/lib/libcrypto/dh/dh_err.c @@ -1,6 +1,6 @@ /* crypto/dh/dh_err.c */ /* ==================================================================== - * Copyright (c) 1999-2005 The OpenSSL Project. All rights reserved. + * Copyright (c) 1999-2007 The OpenSSL Project. All rights reserved. * * Redistribution and use in source and binary forms, with or without * modification, are permitted provided that the following conditions @@ -74,6 +74,9 @@ static ERR_STRING_DATA DH_str_functs[]= {ERR_FUNC(DH_F_DHPARAMS_PRINT), "DHparams_print"}, {ERR_FUNC(DH_F_DHPARAMS_PRINT_FP), "DHparams_print_fp"}, {ERR_FUNC(DH_F_DH_BUILTIN_GENPARAMS), "DH_BUILTIN_GENPARAMS"}, +{ERR_FUNC(DH_F_DH_COMPUTE_KEY), "DH_compute_key"}, +{ERR_FUNC(DH_F_DH_GENERATE_KEY), "DH_generate_key"}, +{ERR_FUNC(DH_F_DH_GENERATE_PARAMETERS), "DH_generate_parameters"}, {ERR_FUNC(DH_F_DH_NEW_METHOD), "DH_new_method"}, {ERR_FUNC(DH_F_GENERATE_KEY), "GENERATE_KEY"}, {ERR_FUNC(DH_F_GENERATE_PARAMETERS), "GENERATE_PARAMETERS"}, @@ -84,6 +87,7 @@ static ERR_STRING_DATA DH_str_reasons[]= { {ERR_REASON(DH_R_BAD_GENERATOR) ,"bad generator"}, {ERR_REASON(DH_R_INVALID_PUBKEY) ,"invalid public key"}, +{ERR_REASON(DH_R_KEY_SIZE_TOO_SMALL) ,"key size too small"}, {ERR_REASON(DH_R_MODULUS_TOO_LARGE) ,"modulus too large"}, {ERR_REASON(DH_R_NO_PRIVATE_VALUE) ,"no private value"}, {ERR_REASON(DH_R_INVALID_PUBKEY) ,"invalid public key"}, diff --git a/lib/libcrypto/dh/dh_gen.c b/lib/libcrypto/dh/dh_gen.c index cfd5b118681..999e1deb409 100644 --- a/lib/libcrypto/dh/dh_gen.c +++ b/lib/libcrypto/dh/dh_gen.c @@ -66,6 +66,8 @@ #include <openssl/bn.h> #include <openssl/dh.h> +#ifndef OPENSSL_FIPS + static int dh_builtin_genparams(DH *ret, int prime_len, int generator, BN_GENCB *cb); int DH_generate_parameters_ex(DH *ret, int prime_len, int generator, BN_GENCB *cb) @@ -173,3 +175,5 @@ err: } return ok; } + +#endif diff --git a/lib/libcrypto/dh/dh_key.c b/lib/libcrypto/dh/dh_key.c index e7db440342f..79dd3318634 100644 --- a/lib/libcrypto/dh/dh_key.c +++ b/lib/libcrypto/dh/dh_key.c @@ -62,6 +62,8 @@ #include <openssl/rand.h> #include <openssl/dh.h> +#ifndef OPENSSL_FIPS + static int generate_key(DH *dh); static int compute_key(unsigned char *key, const BIGNUM *pub_key, DH *dh); static int dh_bn_mod_exp(const DH *dh, BIGNUM *r, @@ -261,3 +263,5 @@ static int dh_finish(DH *dh) BN_MONT_CTX_free(dh->method_mont_p); return(1); } + +#endif diff --git a/lib/libcrypto/dsa/Makefile b/lib/libcrypto/dsa/Makefile index 5493f19e85c..2cc45cdc625 100644 --- a/lib/libcrypto/dsa/Makefile +++ b/lib/libcrypto/dsa/Makefile @@ -18,9 +18,9 @@ APPS= LIB=$(TOP)/libcrypto.a LIBSRC= dsa_gen.c dsa_key.c dsa_lib.c dsa_asn1.c dsa_vrf.c dsa_sign.c \ - dsa_err.c dsa_ossl.c dsa_depr.c + dsa_err.c dsa_ossl.c dsa_depr.c dsa_utl.c LIBOBJ= dsa_gen.o dsa_key.o dsa_lib.o dsa_asn1.o dsa_vrf.o dsa_sign.o \ - dsa_err.o dsa_ossl.o dsa_depr.o + dsa_err.o dsa_ossl.o dsa_depr.o dsa_utl.o SRC= $(LIBSRC) @@ -35,7 +35,7 @@ top: all: lib lib: $(LIBOBJ) - $(AR) $(LIB) $(LIBOBJ) + $(ARX) $(LIB) $(LIBOBJ) $(RANLIB) $(LIB) || echo Never mind. @touch lib @@ -78,9 +78,10 @@ clean: dsa_asn1.o: ../../e_os.h ../../include/openssl/asn1.h dsa_asn1.o: ../../include/openssl/asn1t.h ../../include/openssl/bio.h -dsa_asn1.o: ../../include/openssl/buffer.h ../../include/openssl/crypto.h -dsa_asn1.o: ../../include/openssl/dsa.h ../../include/openssl/e_os2.h -dsa_asn1.o: ../../include/openssl/err.h ../../include/openssl/lhash.h +dsa_asn1.o: ../../include/openssl/bn.h ../../include/openssl/buffer.h +dsa_asn1.o: ../../include/openssl/crypto.h ../../include/openssl/dsa.h +dsa_asn1.o: ../../include/openssl/e_os2.h ../../include/openssl/err.h +dsa_asn1.o: ../../include/openssl/fips.h ../../include/openssl/lhash.h dsa_asn1.o: ../../include/openssl/opensslconf.h dsa_asn1.o: ../../include/openssl/opensslv.h ../../include/openssl/ossl_typ.h dsa_asn1.o: ../../include/openssl/safestack.h ../../include/openssl/stack.h @@ -90,8 +91,9 @@ dsa_depr.o: ../../include/openssl/bio.h ../../include/openssl/bn.h dsa_depr.o: ../../include/openssl/buffer.h ../../include/openssl/crypto.h dsa_depr.o: ../../include/openssl/dsa.h ../../include/openssl/e_os2.h dsa_depr.o: ../../include/openssl/err.h ../../include/openssl/evp.h -dsa_depr.o: ../../include/openssl/lhash.h ../../include/openssl/obj_mac.h -dsa_depr.o: ../../include/openssl/objects.h ../../include/openssl/opensslconf.h +dsa_depr.o: ../../include/openssl/fips.h ../../include/openssl/lhash.h +dsa_depr.o: ../../include/openssl/obj_mac.h ../../include/openssl/objects.h +dsa_depr.o: ../../include/openssl/opensslconf.h dsa_depr.o: ../../include/openssl/opensslv.h ../../include/openssl/ossl_typ.h dsa_depr.o: ../../include/openssl/rand.h ../../include/openssl/safestack.h dsa_depr.o: ../../include/openssl/sha.h ../../include/openssl/stack.h @@ -108,12 +110,13 @@ dsa_gen.o: ../../include/openssl/bio.h ../../include/openssl/bn.h dsa_gen.o: ../../include/openssl/buffer.h ../../include/openssl/crypto.h dsa_gen.o: ../../include/openssl/dsa.h ../../include/openssl/e_os2.h dsa_gen.o: ../../include/openssl/err.h ../../include/openssl/evp.h -dsa_gen.o: ../../include/openssl/lhash.h ../../include/openssl/obj_mac.h -dsa_gen.o: ../../include/openssl/objects.h ../../include/openssl/opensslconf.h -dsa_gen.o: ../../include/openssl/opensslv.h ../../include/openssl/ossl_typ.h -dsa_gen.o: ../../include/openssl/rand.h ../../include/openssl/safestack.h -dsa_gen.o: ../../include/openssl/sha.h ../../include/openssl/stack.h -dsa_gen.o: ../../include/openssl/symhacks.h ../cryptlib.h dsa_gen.c +dsa_gen.o: ../../include/openssl/fips.h ../../include/openssl/lhash.h +dsa_gen.o: ../../include/openssl/obj_mac.h ../../include/openssl/objects.h +dsa_gen.o: ../../include/openssl/opensslconf.h ../../include/openssl/opensslv.h +dsa_gen.o: ../../include/openssl/ossl_typ.h ../../include/openssl/rand.h +dsa_gen.o: ../../include/openssl/safestack.h ../../include/openssl/sha.h +dsa_gen.o: ../../include/openssl/stack.h ../../include/openssl/symhacks.h +dsa_gen.o: ../cryptlib.h dsa_gen.c dsa_key.o: ../../e_os.h ../../include/openssl/bio.h ../../include/openssl/bn.h dsa_key.o: ../../include/openssl/buffer.h ../../include/openssl/crypto.h dsa_key.o: ../../include/openssl/dsa.h ../../include/openssl/e_os2.h @@ -129,14 +132,14 @@ dsa_lib.o: ../../include/openssl/dh.h ../../include/openssl/dsa.h dsa_lib.o: ../../include/openssl/e_os2.h ../../include/openssl/ec.h dsa_lib.o: ../../include/openssl/ecdh.h ../../include/openssl/ecdsa.h dsa_lib.o: ../../include/openssl/engine.h ../../include/openssl/err.h -dsa_lib.o: ../../include/openssl/evp.h ../../include/openssl/lhash.h -dsa_lib.o: ../../include/openssl/obj_mac.h ../../include/openssl/objects.h -dsa_lib.o: ../../include/openssl/opensslconf.h ../../include/openssl/opensslv.h -dsa_lib.o: ../../include/openssl/ossl_typ.h ../../include/openssl/pkcs7.h -dsa_lib.o: ../../include/openssl/safestack.h ../../include/openssl/sha.h -dsa_lib.o: ../../include/openssl/stack.h ../../include/openssl/symhacks.h -dsa_lib.o: ../../include/openssl/x509.h ../../include/openssl/x509_vfy.h -dsa_lib.o: ../cryptlib.h dsa_lib.c +dsa_lib.o: ../../include/openssl/evp.h ../../include/openssl/fips.h +dsa_lib.o: ../../include/openssl/lhash.h ../../include/openssl/obj_mac.h +dsa_lib.o: ../../include/openssl/objects.h ../../include/openssl/opensslconf.h +dsa_lib.o: ../../include/openssl/opensslv.h ../../include/openssl/ossl_typ.h +dsa_lib.o: ../../include/openssl/pkcs7.h ../../include/openssl/safestack.h +dsa_lib.o: ../../include/openssl/sha.h ../../include/openssl/stack.h +dsa_lib.o: ../../include/openssl/symhacks.h ../../include/openssl/x509.h +dsa_lib.o: ../../include/openssl/x509_vfy.h ../cryptlib.h dsa_lib.c dsa_ossl.o: ../../e_os.h ../../include/openssl/asn1.h dsa_ossl.o: ../../include/openssl/bio.h ../../include/openssl/bn.h dsa_ossl.o: ../../include/openssl/buffer.h ../../include/openssl/crypto.h @@ -151,19 +154,34 @@ dsa_sign.o: ../../e_os.h ../../include/openssl/asn1.h dsa_sign.o: ../../include/openssl/bio.h ../../include/openssl/bn.h dsa_sign.o: ../../include/openssl/buffer.h ../../include/openssl/crypto.h dsa_sign.o: ../../include/openssl/dsa.h ../../include/openssl/e_os2.h -dsa_sign.o: ../../include/openssl/err.h ../../include/openssl/lhash.h -dsa_sign.o: ../../include/openssl/opensslconf.h +dsa_sign.o: ../../include/openssl/err.h ../../include/openssl/fips.h +dsa_sign.o: ../../include/openssl/lhash.h ../../include/openssl/opensslconf.h dsa_sign.o: ../../include/openssl/opensslv.h ../../include/openssl/ossl_typ.h dsa_sign.o: ../../include/openssl/rand.h ../../include/openssl/safestack.h dsa_sign.o: ../../include/openssl/stack.h ../../include/openssl/symhacks.h dsa_sign.o: ../cryptlib.h dsa_sign.c +dsa_utl.o: ../../e_os.h ../../include/openssl/asn1.h +dsa_utl.o: ../../include/openssl/bio.h ../../include/openssl/bn.h +dsa_utl.o: ../../include/openssl/buffer.h ../../include/openssl/crypto.h +dsa_utl.o: ../../include/openssl/dh.h ../../include/openssl/dsa.h +dsa_utl.o: ../../include/openssl/e_os2.h ../../include/openssl/ec.h +dsa_utl.o: ../../include/openssl/ecdh.h ../../include/openssl/ecdsa.h +dsa_utl.o: ../../include/openssl/engine.h ../../include/openssl/err.h +dsa_utl.o: ../../include/openssl/evp.h ../../include/openssl/fips.h +dsa_utl.o: ../../include/openssl/lhash.h ../../include/openssl/obj_mac.h +dsa_utl.o: ../../include/openssl/objects.h ../../include/openssl/opensslconf.h +dsa_utl.o: ../../include/openssl/opensslv.h ../../include/openssl/ossl_typ.h +dsa_utl.o: ../../include/openssl/pkcs7.h ../../include/openssl/safestack.h +dsa_utl.o: ../../include/openssl/sha.h ../../include/openssl/stack.h +dsa_utl.o: ../../include/openssl/symhacks.h ../../include/openssl/x509.h +dsa_utl.o: ../../include/openssl/x509_vfy.h ../cryptlib.h dsa_utl.c dsa_vrf.o: ../../e_os.h ../../include/openssl/asn1.h dsa_vrf.o: ../../include/openssl/asn1_mac.h ../../include/openssl/bio.h dsa_vrf.o: ../../include/openssl/bn.h ../../include/openssl/buffer.h dsa_vrf.o: ../../include/openssl/crypto.h ../../include/openssl/dsa.h dsa_vrf.o: ../../include/openssl/e_os2.h ../../include/openssl/err.h -dsa_vrf.o: ../../include/openssl/lhash.h ../../include/openssl/opensslconf.h -dsa_vrf.o: ../../include/openssl/opensslv.h ../../include/openssl/ossl_typ.h -dsa_vrf.o: ../../include/openssl/rand.h ../../include/openssl/safestack.h -dsa_vrf.o: ../../include/openssl/stack.h ../../include/openssl/symhacks.h -dsa_vrf.o: ../cryptlib.h dsa_vrf.c +dsa_vrf.o: ../../include/openssl/fips.h ../../include/openssl/lhash.h +dsa_vrf.o: ../../include/openssl/opensslconf.h ../../include/openssl/opensslv.h +dsa_vrf.o: ../../include/openssl/ossl_typ.h ../../include/openssl/rand.h +dsa_vrf.o: ../../include/openssl/safestack.h ../../include/openssl/stack.h +dsa_vrf.o: ../../include/openssl/symhacks.h ../cryptlib.h dsa_vrf.c diff --git a/lib/libcrypto/dsa/dsa.h b/lib/libcrypto/dsa/dsa.h index 3a8fe5b56bb..702c50d6dc8 100644 --- a/lib/libcrypto/dsa/dsa.h +++ b/lib/libcrypto/dsa/dsa.h @@ -88,6 +88,8 @@ # define OPENSSL_DSA_MAX_MODULUS_BITS 10000 #endif +#define OPENSSL_DSA_FIPS_MIN_MODULUS_BITS 1024 + #define DSA_FLAG_CACHE_MONT_P 0x01 #define DSA_FLAG_NO_EXP_CONSTTIME 0x02 /* new with 0.9.7h; the built-in DSA * implementation now uses constant time @@ -97,6 +99,25 @@ * be used for all exponents. */ +/* If this flag is set the DSA method is FIPS compliant and can be used + * in FIPS mode. This is set in the validated module method. If an + * application sets this flag in its own methods it is its reposibility + * to ensure the result is compliant. + */ + +#define DSA_FLAG_FIPS_METHOD 0x0400 + +/* If this flag is set the operations normally disabled in FIPS mode are + * permitted it is then the applications responsibility to ensure that the + * usage is compliant. + */ + +#define DSA_FLAG_NON_FIPS_ALLOW 0x0400 + +#ifdef OPENSSL_FIPS +#define FIPS_DSA_SIZE_T int +#endif + #ifdef __cplusplus extern "C" { #endif @@ -189,6 +210,11 @@ void DSA_set_default_method(const DSA_METHOD *); const DSA_METHOD *DSA_get_default_method(void); int DSA_set_method(DSA *dsa, const DSA_METHOD *); +#ifdef OPENSSL_FIPS +DSA * FIPS_dsa_new(void); +void FIPS_dsa_free (DSA *r); +#endif + DSA * DSA_new(void); DSA * DSA_new_method(ENGINE *engine); void DSA_free (DSA *r); @@ -249,6 +275,11 @@ int DSA_print_fp(FILE *bp, const DSA *x, int off); DH *DSA_dup_DH(const DSA *r); #endif +#ifdef OPENSSL_FIPS +int FIPS_dsa_sig_encode(unsigned char *out, DSA_SIG *sig); +int FIPS_dsa_sig_decode(DSA_SIG *sig, const unsigned char *in, int inlen); +#endif + /* BEGIN ERROR CODES */ /* The following lines are auto generated by the script mkerr.pl. Any changes * made after this point may be overwritten when the script is next run. @@ -261,11 +292,16 @@ void ERR_load_DSA_strings(void); #define DSA_F_D2I_DSA_SIG 110 #define DSA_F_DSAPARAMS_PRINT 100 #define DSA_F_DSAPARAMS_PRINT_FP 101 +#define DSA_F_DSA_BUILTIN_KEYGEN 119 +#define DSA_F_DSA_BUILTIN_PARAMGEN 118 #define DSA_F_DSA_DO_SIGN 112 #define DSA_F_DSA_DO_VERIFY 113 +#define DSA_F_DSA_GENERATE_PARAMETERS 117 #define DSA_F_DSA_NEW_METHOD 103 #define DSA_F_DSA_PRINT 104 #define DSA_F_DSA_PRINT_FP 105 +#define DSA_F_DSA_SET_DEFAULT_METHOD 115 +#define DSA_F_DSA_SET_METHOD 116 #define DSA_F_DSA_SIGN 106 #define DSA_F_DSA_SIGN_SETUP 107 #define DSA_F_DSA_SIG_NEW 109 @@ -276,8 +312,11 @@ void ERR_load_DSA_strings(void); /* Reason codes. */ #define DSA_R_BAD_Q_VALUE 102 #define DSA_R_DATA_TOO_LARGE_FOR_KEY_SIZE 100 +#define DSA_R_KEY_SIZE_TOO_SMALL 106 #define DSA_R_MISSING_PARAMETERS 101 #define DSA_R_MODULUS_TOO_LARGE 103 +#define DSA_R_NON_FIPS_METHOD 104 +#define DSA_R_OPERATION_NOT_ALLOWED_IN_FIPS_MODE 105 #ifdef __cplusplus } diff --git a/lib/libcrypto/dsa/dsa_asn1.c b/lib/libcrypto/dsa/dsa_asn1.c index 23fce555aa4..0645facb4bf 100644 --- a/lib/libcrypto/dsa/dsa_asn1.c +++ b/lib/libcrypto/dsa/dsa_asn1.c @@ -1,5 +1,5 @@ /* dsa_asn1.c */ -/* Written by Dr Stephen N Henson (shenson@bigfoot.com) for the OpenSSL +/* Written by Dr Stephen N Henson (steve@openssl.org) for the OpenSSL * project 2000. */ /* ==================================================================== @@ -61,6 +61,11 @@ #include <openssl/dsa.h> #include <openssl/asn1.h> #include <openssl/asn1t.h> +#include <openssl/bn.h> +#ifdef OPENSSL_FIPS +#include <openssl/fips.h> +#endif + /* Override the default new methods */ static int sig_cb(int operation, ASN1_VALUE **pval, const ASN1_ITEM *it) @@ -83,7 +88,7 @@ ASN1_SEQUENCE_cb(DSA_SIG, sig_cb) = { ASN1_SIMPLE(DSA_SIG, s, CBIGNUM) } ASN1_SEQUENCE_END_cb(DSA_SIG, DSA_SIG) -IMPLEMENT_ASN1_FUNCTIONS_const(DSA_SIG) +IMPLEMENT_ASN1_ENCODE_FUNCTIONS_const_fname(DSA_SIG,DSA_SIG,DSA_SIG) /* Override the default free and new methods */ static int dsa_cb(int operation, ASN1_VALUE **pval, const ASN1_ITEM *it) @@ -138,3 +143,76 @@ ASN1_CHOICE_cb(DSAPublicKey, dsa_cb) = { } ASN1_CHOICE_END_cb(DSA, DSAPublicKey, write_params) IMPLEMENT_ASN1_ENCODE_FUNCTIONS_const_fname(DSA, DSAPublicKey, DSAPublicKey) + +int DSA_sign(int type, const unsigned char *dgst, int dlen, unsigned char *sig, + unsigned int *siglen, DSA *dsa) + { + DSA_SIG *s; +#ifdef OPENSSL_FIPS + if(FIPS_mode() && !(dsa->flags & DSA_FLAG_NON_FIPS_ALLOW)) + { + DSAerr(DSA_F_DSA_SIGN, DSA_R_OPERATION_NOT_ALLOWED_IN_FIPS_MODE); + return 0; + } +#endif + s=DSA_do_sign(dgst,dlen,dsa); + if (s == NULL) + { + *siglen=0; + return(0); + } + *siglen=i2d_DSA_SIG(s,&sig); + DSA_SIG_free(s); + return(1); + } + +int DSA_size(const DSA *r) + { + int ret,i; + ASN1_INTEGER bs; + unsigned char buf[4]; /* 4 bytes looks really small. + However, i2d_ASN1_INTEGER() will not look + beyond the first byte, as long as the second + parameter is NULL. */ + + i=BN_num_bits(r->q); + bs.length=(i+7)/8; + bs.data=buf; + bs.type=V_ASN1_INTEGER; + /* If the top bit is set the asn1 encoding is 1 larger. */ + buf[0]=0xff; + + i=i2d_ASN1_INTEGER(&bs,NULL); + i+=i; /* r and s */ + ret=ASN1_object_size(1,i,V_ASN1_SEQUENCE); + return(ret); + } + +/* data has already been hashed (probably with SHA or SHA-1). */ +/* returns + * 1: correct signature + * 0: incorrect signature + * -1: error + */ +int DSA_verify(int type, const unsigned char *dgst, int dgst_len, + const unsigned char *sigbuf, int siglen, DSA *dsa) + { + DSA_SIG *s; + int ret=-1; +#ifdef OPENSSL_FIPS + if(FIPS_mode() && !(dsa->flags & DSA_FLAG_NON_FIPS_ALLOW)) + { + DSAerr(DSA_F_DSA_VERIFY, DSA_R_OPERATION_NOT_ALLOWED_IN_FIPS_MODE); + return 0; + } +#endif + + s = DSA_SIG_new(); + if (s == NULL) return(ret); + if (d2i_DSA_SIG(&s,&sigbuf,siglen) == NULL) goto err; + ret=DSA_do_verify(dgst,dgst_len,s,dsa); +err: + DSA_SIG_free(s); + return(ret); + } + diff --git a/lib/libcrypto/dsa/dsa_err.c b/lib/libcrypto/dsa/dsa_err.c index 768711994b9..872839af944 100644 --- a/lib/libcrypto/dsa/dsa_err.c +++ b/lib/libcrypto/dsa/dsa_err.c @@ -1,6 +1,6 @@ /* crypto/dsa/dsa_err.c */ /* ==================================================================== - * Copyright (c) 1999-2005 The OpenSSL Project. All rights reserved. + * Copyright (c) 1999-2007 The OpenSSL Project. All rights reserved. * * Redistribution and use in source and binary forms, with or without * modification, are permitted provided that the following conditions @@ -73,11 +73,16 @@ static ERR_STRING_DATA DSA_str_functs[]= {ERR_FUNC(DSA_F_D2I_DSA_SIG), "d2i_DSA_SIG"}, {ERR_FUNC(DSA_F_DSAPARAMS_PRINT), "DSAparams_print"}, {ERR_FUNC(DSA_F_DSAPARAMS_PRINT_FP), "DSAparams_print_fp"}, +{ERR_FUNC(DSA_F_DSA_BUILTIN_KEYGEN), "DSA_BUILTIN_KEYGEN"}, +{ERR_FUNC(DSA_F_DSA_BUILTIN_PARAMGEN), "DSA_BUILTIN_PARAMGEN"}, {ERR_FUNC(DSA_F_DSA_DO_SIGN), "DSA_do_sign"}, {ERR_FUNC(DSA_F_DSA_DO_VERIFY), "DSA_do_verify"}, +{ERR_FUNC(DSA_F_DSA_GENERATE_PARAMETERS), "DSA_generate_parameters"}, {ERR_FUNC(DSA_F_DSA_NEW_METHOD), "DSA_new_method"}, {ERR_FUNC(DSA_F_DSA_PRINT), "DSA_print"}, {ERR_FUNC(DSA_F_DSA_PRINT_FP), "DSA_print_fp"}, +{ERR_FUNC(DSA_F_DSA_SET_DEFAULT_METHOD), "DSA_set_default_method"}, +{ERR_FUNC(DSA_F_DSA_SET_METHOD), "DSA_set_method"}, {ERR_FUNC(DSA_F_DSA_SIGN), "DSA_sign"}, {ERR_FUNC(DSA_F_DSA_SIGN_SETUP), "DSA_sign_setup"}, {ERR_FUNC(DSA_F_DSA_SIG_NEW), "DSA_SIG_new"}, @@ -91,8 +96,11 @@ static ERR_STRING_DATA DSA_str_reasons[]= { {ERR_REASON(DSA_R_BAD_Q_VALUE) ,"bad q value"}, {ERR_REASON(DSA_R_DATA_TOO_LARGE_FOR_KEY_SIZE),"data too large for key size"}, +{ERR_REASON(DSA_R_KEY_SIZE_TOO_SMALL) ,"key size too small"}, {ERR_REASON(DSA_R_MISSING_PARAMETERS) ,"missing parameters"}, {ERR_REASON(DSA_R_MODULUS_TOO_LARGE) ,"modulus too large"}, +{ERR_REASON(DSA_R_NON_FIPS_METHOD) ,"non fips method"}, +{ERR_REASON(DSA_R_OPERATION_NOT_ALLOWED_IN_FIPS_MODE),"operation not allowed in fips mode"}, {0,NULL} }; diff --git a/lib/libcrypto/dsa/dsa_gen.c b/lib/libcrypto/dsa/dsa_gen.c index ca0b86a6cfc..6f1728e3cf0 100644 --- a/lib/libcrypto/dsa/dsa_gen.c +++ b/lib/libcrypto/dsa/dsa_gen.c @@ -82,6 +82,8 @@ #include <openssl/rand.h> #include <openssl/sha.h> +#ifndef OPENSSL_FIPS + static int dsa_builtin_paramgen(DSA *ret, int bits, unsigned char *seed_in, int seed_len, int *counter_ret, unsigned long *h_ret, BN_GENCB *cb); @@ -320,3 +322,4 @@ err: return ok; } #endif +#endif diff --git a/lib/libcrypto/dsa/dsa_key.c b/lib/libcrypto/dsa/dsa_key.c index c4aa86bc6dc..5e391242301 100644 --- a/lib/libcrypto/dsa/dsa_key.c +++ b/lib/libcrypto/dsa/dsa_key.c @@ -64,6 +64,8 @@ #include <openssl/dsa.h> #include <openssl/rand.h> +#ifndef OPENSSL_FIPS + static int dsa_builtin_keygen(DSA *dsa); int DSA_generate_key(DSA *dsa) @@ -126,3 +128,5 @@ err: return(ok); } #endif + +#endif diff --git a/lib/libcrypto/dsa/dsa_lib.c b/lib/libcrypto/dsa/dsa_lib.c index e9b75902dbc..7ac9dc8c892 100644 --- a/lib/libcrypto/dsa/dsa_lib.c +++ b/lib/libcrypto/dsa/dsa_lib.c @@ -76,6 +76,14 @@ static const DSA_METHOD *default_DSA_method = NULL; void DSA_set_default_method(const DSA_METHOD *meth) { +#ifdef OPENSSL_FIPS + if (FIPS_mode() && !(meth->flags & DSA_FLAG_FIPS_METHOD)) + { + DSAerr(DSA_F_DSA_SET_DEFAULT_METHOD, DSA_R_NON_FIPS_METHOD); + return; + } +#endif + default_DSA_method = meth; } @@ -96,6 +104,13 @@ int DSA_set_method(DSA *dsa, const DSA_METHOD *meth) /* NB: The caller is specifically setting a method, so it's not up to us * to deal with which ENGINE it comes from. */ const DSA_METHOD *mtmp; +#ifdef OPENSSL_FIPS + if (FIPS_mode() && !(meth->flags & DSA_FLAG_FIPS_METHOD)) + { + DSAerr(DSA_F_DSA_SET_METHOD, DSA_R_NON_FIPS_METHOD); + return 0; + } +#endif mtmp = dsa->meth; if (mtmp->finish) mtmp->finish(dsa); #ifndef OPENSSL_NO_ENGINE @@ -147,6 +162,18 @@ DSA *DSA_new_method(ENGINE *engine) } } #endif +#ifdef OPENSSL_FIPS + if (FIPS_mode() && !(ret->meth->flags & DSA_FLAG_FIPS_METHOD)) + { + DSAerr(DSA_F_DSA_NEW_METHOD, DSA_R_NON_FIPS_METHOD); +#ifndef OPENSSL_NO_ENGINE + if (ret->engine) + ENGINE_finish(ret->engine); +#endif + OPENSSL_free(ret); + return NULL; + } +#endif ret->pad=0; ret->version=0; @@ -233,28 +260,6 @@ int DSA_up_ref(DSA *r) return ((i > 1) ? 1 : 0); } -int DSA_size(const DSA *r) - { - int ret,i; - ASN1_INTEGER bs; - unsigned char buf[4]; /* 4 bytes looks really small. - However, i2d_ASN1_INTEGER() will not look - beyond the first byte, as long as the second - parameter is NULL. */ - - i=BN_num_bits(r->q); - bs.length=(i+7)/8; - bs.data=buf; - bs.type=V_ASN1_INTEGER; - /* If the top bit is set the asn1 encoding is 1 larger. */ - buf[0]=0xff; - - i=i2d_ASN1_INTEGER(&bs,NULL); - i+=i; /* r and s */ - ret=ASN1_object_size(1,i,V_ASN1_SEQUENCE); - return(ret); - } - int DSA_get_ex_new_index(long argl, void *argp, CRYPTO_EX_new *new_func, CRYPTO_EX_dup *dup_func, CRYPTO_EX_free *free_func) { diff --git a/lib/libcrypto/dsa/dsa_ossl.c b/lib/libcrypto/dsa/dsa_ossl.c index 75ff7cc4afa..412cf1d88b6 100644 --- a/lib/libcrypto/dsa/dsa_ossl.c +++ b/lib/libcrypto/dsa/dsa_ossl.c @@ -65,6 +65,8 @@ #include <openssl/rand.h> #include <openssl/asn1.h> +#ifndef OPENSSL_FIPS + static DSA_SIG *dsa_do_sign(const unsigned char *dgst, int dlen, DSA *dsa); static int dsa_sign_setup(DSA *dsa, BN_CTX *ctx_in, BIGNUM **kinvp, BIGNUM **rp); static int dsa_do_verify(const unsigned char *dgst, int dgst_len, DSA_SIG *sig, @@ -391,3 +393,4 @@ static int dsa_finish(DSA *dsa) return(1); } +#endif diff --git a/lib/libcrypto/dsa/dsa_sign.c b/lib/libcrypto/dsa/dsa_sign.c index 89205026f01..4cfbbe57a80 100644 --- a/lib/libcrypto/dsa/dsa_sign.c +++ b/lib/libcrypto/dsa/dsa_sign.c @@ -64,29 +64,32 @@ #include <openssl/dsa.h> #include <openssl/rand.h> #include <openssl/asn1.h> +#ifdef OPENSSL_FIPS +#include <openssl/fips.h> +#endif -DSA_SIG * DSA_do_sign(const unsigned char *dgst, int dlen, DSA *dsa) - { - return dsa->meth->dsa_do_sign(dgst, dlen, dsa); - } -int DSA_sign(int type, const unsigned char *dgst, int dlen, unsigned char *sig, - unsigned int *siglen, DSA *dsa) +DSA_SIG * DSA_do_sign(const unsigned char *dgst, int dlen, DSA *dsa) { - DSA_SIG *s; - s=DSA_do_sign(dgst,dlen,dsa); - if (s == NULL) +#ifdef OPENSSL_FIPS + if(FIPS_mode() && !(dsa->flags & DSA_FLAG_NON_FIPS_ALLOW)) { - *siglen=0; - return(0); + DSAerr(DSA_F_DSA_DO_SIGN, DSA_R_OPERATION_NOT_ALLOWED_IN_FIPS_MODE); + return NULL; } - *siglen=i2d_DSA_SIG(s,&sig); - DSA_SIG_free(s); - return(1); +#endif + return dsa->meth->dsa_do_sign(dgst, dlen, dsa); } int DSA_sign_setup(DSA *dsa, BN_CTX *ctx_in, BIGNUM **kinvp, BIGNUM **rp) { +#ifdef OPENSSL_FIPS + if(FIPS_mode() && !(dsa->flags & DSA_FLAG_NON_FIPS_ALLOW)) + { + DSAerr(DSA_F_DSA_SIGN_SETUP, DSA_R_OPERATION_NOT_ALLOWED_IN_FIPS_MODE); + return 0; + } +#endif return dsa->meth->dsa_sign_setup(dsa, ctx_in, kinvp, rp); } diff --git a/lib/libcrypto/dsa/dsa_vrf.c b/lib/libcrypto/dsa/dsa_vrf.c index c4aeddd0560..c75e423048a 100644 --- a/lib/libcrypto/dsa/dsa_vrf.c +++ b/lib/libcrypto/dsa/dsa_vrf.c @@ -64,31 +64,21 @@ #include <openssl/dsa.h> #include <openssl/rand.h> #include <openssl/asn1.h> +#ifdef OPENSSL_FIPS +#include <openssl/fips.h> +#endif + #include <openssl/asn1_mac.h> int DSA_do_verify(const unsigned char *dgst, int dgst_len, DSA_SIG *sig, DSA *dsa) { +#ifdef OPENSSL_FIPS + if(FIPS_mode() && !(dsa->flags & DSA_FLAG_NON_FIPS_ALLOW)) + { + DSAerr(DSA_F_DSA_DO_VERIFY, DSA_R_OPERATION_NOT_ALLOWED_IN_FIPS_MODE); + return 0; + } +#endif return dsa->meth->dsa_do_verify(dgst, dgst_len, sig, dsa); } - -/* data has already been hashed (probably with SHA or SHA-1). */ -/* returns - * 1: correct signature - * 0: incorrect signature - * -1: error - */ -int DSA_verify(int type, const unsigned char *dgst, int dgst_len, - const unsigned char *sigbuf, int siglen, DSA *dsa) - { - DSA_SIG *s; - int ret=-1; - - s = DSA_SIG_new(); - if (s == NULL) return(ret); - if (d2i_DSA_SIG(&s,&sigbuf,siglen) == NULL) goto err; - ret=DSA_do_verify(dgst,dgst_len,s,dsa); -err: - DSA_SIG_free(s); - return(ret); - } diff --git a/lib/libcrypto/ecdh/Makefile b/lib/libcrypto/ecdh/Makefile index 65d8904ee8a..7a7b618eeb8 100644 --- a/lib/libcrypto/ecdh/Makefile +++ b/lib/libcrypto/ecdh/Makefile @@ -34,7 +34,7 @@ top: all: lib lib: $(LIBOBJ) - $(AR) $(LIB) $(LIBOBJ) + $(ARX) $(LIB) $(LIBOBJ) $(RANLIB) $(LIB) || echo Never mind. @touch lib @@ -88,26 +88,27 @@ ech_key.o: ../../include/openssl/buffer.h ../../include/openssl/crypto.h ech_key.o: ../../include/openssl/e_os2.h ../../include/openssl/ec.h ech_key.o: ../../include/openssl/ecdh.h ../../include/openssl/ecdsa.h ech_key.o: ../../include/openssl/engine.h ../../include/openssl/evp.h -ech_key.o: ../../include/openssl/lhash.h ../../include/openssl/obj_mac.h -ech_key.o: ../../include/openssl/objects.h ../../include/openssl/opensslconf.h -ech_key.o: ../../include/openssl/opensslv.h ../../include/openssl/ossl_typ.h -ech_key.o: ../../include/openssl/pkcs7.h ../../include/openssl/safestack.h -ech_key.o: ../../include/openssl/sha.h ../../include/openssl/stack.h -ech_key.o: ../../include/openssl/symhacks.h ../../include/openssl/x509.h -ech_key.o: ../../include/openssl/x509_vfy.h ech_key.c ech_locl.h +ech_key.o: ../../include/openssl/fips.h ../../include/openssl/lhash.h +ech_key.o: ../../include/openssl/obj_mac.h ../../include/openssl/objects.h +ech_key.o: ../../include/openssl/opensslconf.h ../../include/openssl/opensslv.h +ech_key.o: ../../include/openssl/ossl_typ.h ../../include/openssl/pkcs7.h +ech_key.o: ../../include/openssl/safestack.h ../../include/openssl/sha.h +ech_key.o: ../../include/openssl/stack.h ../../include/openssl/symhacks.h +ech_key.o: ../../include/openssl/x509.h ../../include/openssl/x509_vfy.h +ech_key.o: ech_key.c ech_locl.h ech_lib.o: ../../include/openssl/asn1.h ../../include/openssl/bio.h ech_lib.o: ../../include/openssl/buffer.h ../../include/openssl/crypto.h ech_lib.o: ../../include/openssl/e_os2.h ../../include/openssl/ec.h ech_lib.o: ../../include/openssl/ecdh.h ../../include/openssl/ecdsa.h ech_lib.o: ../../include/openssl/engine.h ../../include/openssl/err.h -ech_lib.o: ../../include/openssl/evp.h ../../include/openssl/lhash.h -ech_lib.o: ../../include/openssl/obj_mac.h ../../include/openssl/objects.h -ech_lib.o: ../../include/openssl/opensslconf.h ../../include/openssl/opensslv.h -ech_lib.o: ../../include/openssl/ossl_typ.h ../../include/openssl/pkcs7.h -ech_lib.o: ../../include/openssl/safestack.h ../../include/openssl/sha.h -ech_lib.o: ../../include/openssl/stack.h ../../include/openssl/symhacks.h -ech_lib.o: ../../include/openssl/x509.h ../../include/openssl/x509_vfy.h -ech_lib.o: ech_lib.c ech_locl.h +ech_lib.o: ../../include/openssl/evp.h ../../include/openssl/fips.h +ech_lib.o: ../../include/openssl/lhash.h ../../include/openssl/obj_mac.h +ech_lib.o: ../../include/openssl/objects.h ../../include/openssl/opensslconf.h +ech_lib.o: ../../include/openssl/opensslv.h ../../include/openssl/ossl_typ.h +ech_lib.o: ../../include/openssl/pkcs7.h ../../include/openssl/safestack.h +ech_lib.o: ../../include/openssl/sha.h ../../include/openssl/stack.h +ech_lib.o: ../../include/openssl/symhacks.h ../../include/openssl/x509.h +ech_lib.o: ../../include/openssl/x509_vfy.h ech_lib.c ech_locl.h ech_ossl.o: ../../e_os.h ../../include/openssl/asn1.h ech_ossl.o: ../../include/openssl/bio.h ../../include/openssl/bn.h ech_ossl.o: ../../include/openssl/buffer.h ../../include/openssl/crypto.h diff --git a/lib/libcrypto/ecdsa/Makefile b/lib/libcrypto/ecdsa/Makefile index 9b48d5641f0..4865f3c8d60 100644 --- a/lib/libcrypto/ecdsa/Makefile +++ b/lib/libcrypto/ecdsa/Makefile @@ -34,7 +34,7 @@ top: all: lib lib: $(LIBOBJ) - $(AR) $(LIB) $(LIBOBJ) + $(ARX) $(LIB) $(LIBOBJ) $(RANLIB) $(LIB) || echo Never mind. @touch lib @@ -97,13 +97,14 @@ ecs_lib.o: ../../include/openssl/crypto.h ../../include/openssl/e_os2.h ecs_lib.o: ../../include/openssl/ec.h ../../include/openssl/ecdh.h ecs_lib.o: ../../include/openssl/ecdsa.h ../../include/openssl/engine.h ecs_lib.o: ../../include/openssl/err.h ../../include/openssl/evp.h -ecs_lib.o: ../../include/openssl/lhash.h ../../include/openssl/obj_mac.h -ecs_lib.o: ../../include/openssl/objects.h ../../include/openssl/opensslconf.h -ecs_lib.o: ../../include/openssl/opensslv.h ../../include/openssl/ossl_typ.h -ecs_lib.o: ../../include/openssl/pkcs7.h ../../include/openssl/safestack.h -ecs_lib.o: ../../include/openssl/sha.h ../../include/openssl/stack.h -ecs_lib.o: ../../include/openssl/symhacks.h ../../include/openssl/x509.h -ecs_lib.o: ../../include/openssl/x509_vfy.h ecs_lib.c ecs_locl.h +ecs_lib.o: ../../include/openssl/fips.h ../../include/openssl/lhash.h +ecs_lib.o: ../../include/openssl/obj_mac.h ../../include/openssl/objects.h +ecs_lib.o: ../../include/openssl/opensslconf.h ../../include/openssl/opensslv.h +ecs_lib.o: ../../include/openssl/ossl_typ.h ../../include/openssl/pkcs7.h +ecs_lib.o: ../../include/openssl/safestack.h ../../include/openssl/sha.h +ecs_lib.o: ../../include/openssl/stack.h ../../include/openssl/symhacks.h +ecs_lib.o: ../../include/openssl/x509.h ../../include/openssl/x509_vfy.h +ecs_lib.o: ecs_lib.c ecs_locl.h ecs_ossl.o: ../../include/openssl/asn1.h ../../include/openssl/bio.h ecs_ossl.o: ../../include/openssl/bn.h ../../include/openssl/crypto.h ecs_ossl.o: ../../include/openssl/e_os2.h ../../include/openssl/ec.h @@ -118,8 +119,9 @@ ecs_sign.o: ../../include/openssl/buffer.h ../../include/openssl/crypto.h ecs_sign.o: ../../include/openssl/e_os2.h ../../include/openssl/ec.h ecs_sign.o: ../../include/openssl/ecdh.h ../../include/openssl/ecdsa.h ecs_sign.o: ../../include/openssl/engine.h ../../include/openssl/evp.h -ecs_sign.o: ../../include/openssl/lhash.h ../../include/openssl/obj_mac.h -ecs_sign.o: ../../include/openssl/objects.h ../../include/openssl/opensslconf.h +ecs_sign.o: ../../include/openssl/fips.h ../../include/openssl/lhash.h +ecs_sign.o: ../../include/openssl/obj_mac.h ../../include/openssl/objects.h +ecs_sign.o: ../../include/openssl/opensslconf.h ecs_sign.o: ../../include/openssl/opensslv.h ../../include/openssl/ossl_typ.h ecs_sign.o: ../../include/openssl/pkcs7.h ../../include/openssl/safestack.h ecs_sign.o: ../../include/openssl/sha.h ../../include/openssl/stack.h @@ -130,10 +132,11 @@ ecs_vrf.o: ../../include/openssl/buffer.h ../../include/openssl/crypto.h ecs_vrf.o: ../../include/openssl/e_os2.h ../../include/openssl/ec.h ecs_vrf.o: ../../include/openssl/ecdh.h ../../include/openssl/ecdsa.h ecs_vrf.o: ../../include/openssl/engine.h ../../include/openssl/evp.h -ecs_vrf.o: ../../include/openssl/lhash.h ../../include/openssl/obj_mac.h -ecs_vrf.o: ../../include/openssl/objects.h ../../include/openssl/opensslconf.h -ecs_vrf.o: ../../include/openssl/opensslv.h ../../include/openssl/ossl_typ.h -ecs_vrf.o: ../../include/openssl/pkcs7.h ../../include/openssl/safestack.h -ecs_vrf.o: ../../include/openssl/sha.h ../../include/openssl/stack.h -ecs_vrf.o: ../../include/openssl/symhacks.h ../../include/openssl/x509.h -ecs_vrf.o: ../../include/openssl/x509_vfy.h ecs_locl.h ecs_vrf.c +ecs_vrf.o: ../../include/openssl/fips.h ../../include/openssl/lhash.h +ecs_vrf.o: ../../include/openssl/obj_mac.h ../../include/openssl/objects.h +ecs_vrf.o: ../../include/openssl/opensslconf.h ../../include/openssl/opensslv.h +ecs_vrf.o: ../../include/openssl/ossl_typ.h ../../include/openssl/pkcs7.h +ecs_vrf.o: ../../include/openssl/safestack.h ../../include/openssl/sha.h +ecs_vrf.o: ../../include/openssl/stack.h ../../include/openssl/symhacks.h +ecs_vrf.o: ../../include/openssl/x509.h ../../include/openssl/x509_vfy.h +ecs_vrf.o: ecs_locl.h ecs_vrf.c diff --git a/lib/libcrypto/engine/Makefile b/lib/libcrypto/engine/Makefile index 47cc619b8ab..0cc37220896 100644 --- a/lib/libcrypto/engine/Makefile +++ b/lib/libcrypto/engine/Makefile @@ -41,7 +41,7 @@ top: all: lib lib: $(LIBOBJ) - $(AR) $(LIB) $(LIBOBJ) + $(ARX) $(LIB) $(LIBOBJ) $(RANLIB) $(LIB) || echo Never mind. @touch lib @@ -88,34 +88,35 @@ eng_all.o: ../../include/openssl/crypto.h ../../include/openssl/e_os2.h eng_all.o: ../../include/openssl/ec.h ../../include/openssl/ecdh.h eng_all.o: ../../include/openssl/ecdsa.h ../../include/openssl/engine.h eng_all.o: ../../include/openssl/err.h ../../include/openssl/evp.h -eng_all.o: ../../include/openssl/lhash.h ../../include/openssl/obj_mac.h -eng_all.o: ../../include/openssl/objects.h ../../include/openssl/opensslconf.h -eng_all.o: ../../include/openssl/opensslv.h ../../include/openssl/ossl_typ.h -eng_all.o: ../../include/openssl/pkcs7.h ../../include/openssl/safestack.h -eng_all.o: ../../include/openssl/sha.h ../../include/openssl/stack.h -eng_all.o: ../../include/openssl/symhacks.h ../../include/openssl/x509.h -eng_all.o: ../../include/openssl/x509_vfy.h ../cryptlib.h eng_all.c eng_int.h +eng_all.o: ../../include/openssl/fips.h ../../include/openssl/lhash.h +eng_all.o: ../../include/openssl/obj_mac.h ../../include/openssl/objects.h +eng_all.o: ../../include/openssl/opensslconf.h ../../include/openssl/opensslv.h +eng_all.o: ../../include/openssl/ossl_typ.h ../../include/openssl/pkcs7.h +eng_all.o: ../../include/openssl/safestack.h ../../include/openssl/sha.h +eng_all.o: ../../include/openssl/stack.h ../../include/openssl/symhacks.h +eng_all.o: ../../include/openssl/x509.h ../../include/openssl/x509_vfy.h +eng_all.o: ../cryptlib.h eng_all.c eng_int.h eng_cnf.o: ../../e_os.h ../../include/openssl/asn1.h eng_cnf.o: ../../include/openssl/bio.h ../../include/openssl/buffer.h eng_cnf.o: ../../include/openssl/conf.h ../../include/openssl/crypto.h eng_cnf.o: ../../include/openssl/e_os2.h ../../include/openssl/ec.h eng_cnf.o: ../../include/openssl/ecdh.h ../../include/openssl/ecdsa.h eng_cnf.o: ../../include/openssl/engine.h ../../include/openssl/err.h -eng_cnf.o: ../../include/openssl/evp.h ../../include/openssl/lhash.h -eng_cnf.o: ../../include/openssl/obj_mac.h ../../include/openssl/objects.h -eng_cnf.o: ../../include/openssl/opensslconf.h ../../include/openssl/opensslv.h -eng_cnf.o: ../../include/openssl/ossl_typ.h ../../include/openssl/pkcs7.h -eng_cnf.o: ../../include/openssl/safestack.h ../../include/openssl/sha.h -eng_cnf.o: ../../include/openssl/stack.h ../../include/openssl/symhacks.h -eng_cnf.o: ../../include/openssl/x509.h ../../include/openssl/x509_vfy.h -eng_cnf.o: ../cryptlib.h eng_cnf.c eng_int.h +eng_cnf.o: ../../include/openssl/evp.h ../../include/openssl/fips.h +eng_cnf.o: ../../include/openssl/lhash.h ../../include/openssl/obj_mac.h +eng_cnf.o: ../../include/openssl/objects.h ../../include/openssl/opensslconf.h +eng_cnf.o: ../../include/openssl/opensslv.h ../../include/openssl/ossl_typ.h +eng_cnf.o: ../../include/openssl/pkcs7.h ../../include/openssl/safestack.h +eng_cnf.o: ../../include/openssl/sha.h ../../include/openssl/stack.h +eng_cnf.o: ../../include/openssl/symhacks.h ../../include/openssl/x509.h +eng_cnf.o: ../../include/openssl/x509_vfy.h ../cryptlib.h eng_cnf.c eng_int.h eng_cryptodev.o: ../../include/openssl/asn1.h ../../include/openssl/bio.h eng_cryptodev.o: ../../include/openssl/bn.h ../../include/openssl/buffer.h eng_cryptodev.o: ../../include/openssl/crypto.h ../../include/openssl/e_os2.h eng_cryptodev.o: ../../include/openssl/ec.h ../../include/openssl/ecdh.h eng_cryptodev.o: ../../include/openssl/ecdsa.h ../../include/openssl/engine.h -eng_cryptodev.o: ../../include/openssl/evp.h ../../include/openssl/lhash.h -eng_cryptodev.o: ../../include/openssl/obj_mac.h +eng_cryptodev.o: ../../include/openssl/evp.h ../../include/openssl/fips.h +eng_cryptodev.o: ../../include/openssl/lhash.h ../../include/openssl/obj_mac.h eng_cryptodev.o: ../../include/openssl/objects.h eng_cryptodev.o: ../../include/openssl/opensslconf.h eng_cryptodev.o: ../../include/openssl/opensslv.h @@ -130,8 +131,9 @@ eng_ctrl.o: ../../include/openssl/crypto.h ../../include/openssl/e_os2.h eng_ctrl.o: ../../include/openssl/ec.h ../../include/openssl/ecdh.h eng_ctrl.o: ../../include/openssl/ecdsa.h ../../include/openssl/engine.h eng_ctrl.o: ../../include/openssl/err.h ../../include/openssl/evp.h -eng_ctrl.o: ../../include/openssl/lhash.h ../../include/openssl/obj_mac.h -eng_ctrl.o: ../../include/openssl/objects.h ../../include/openssl/opensslconf.h +eng_ctrl.o: ../../include/openssl/fips.h ../../include/openssl/lhash.h +eng_ctrl.o: ../../include/openssl/obj_mac.h ../../include/openssl/objects.h +eng_ctrl.o: ../../include/openssl/opensslconf.h eng_ctrl.o: ../../include/openssl/opensslv.h ../../include/openssl/ossl_typ.h eng_ctrl.o: ../../include/openssl/pkcs7.h ../../include/openssl/safestack.h eng_ctrl.o: ../../include/openssl/sha.h ../../include/openssl/stack.h @@ -143,49 +145,50 @@ eng_dyn.o: ../../include/openssl/crypto.h ../../include/openssl/dso.h eng_dyn.o: ../../include/openssl/e_os2.h ../../include/openssl/ec.h eng_dyn.o: ../../include/openssl/ecdh.h ../../include/openssl/ecdsa.h eng_dyn.o: ../../include/openssl/engine.h ../../include/openssl/err.h -eng_dyn.o: ../../include/openssl/evp.h ../../include/openssl/lhash.h -eng_dyn.o: ../../include/openssl/obj_mac.h ../../include/openssl/objects.h -eng_dyn.o: ../../include/openssl/opensslconf.h ../../include/openssl/opensslv.h -eng_dyn.o: ../../include/openssl/ossl_typ.h ../../include/openssl/pkcs7.h -eng_dyn.o: ../../include/openssl/safestack.h ../../include/openssl/sha.h -eng_dyn.o: ../../include/openssl/stack.h ../../include/openssl/symhacks.h -eng_dyn.o: ../../include/openssl/x509.h ../../include/openssl/x509_vfy.h -eng_dyn.o: ../cryptlib.h eng_dyn.c eng_int.h +eng_dyn.o: ../../include/openssl/evp.h ../../include/openssl/fips.h +eng_dyn.o: ../../include/openssl/lhash.h ../../include/openssl/obj_mac.h +eng_dyn.o: ../../include/openssl/objects.h ../../include/openssl/opensslconf.h +eng_dyn.o: ../../include/openssl/opensslv.h ../../include/openssl/ossl_typ.h +eng_dyn.o: ../../include/openssl/pkcs7.h ../../include/openssl/safestack.h +eng_dyn.o: ../../include/openssl/sha.h ../../include/openssl/stack.h +eng_dyn.o: ../../include/openssl/symhacks.h ../../include/openssl/x509.h +eng_dyn.o: ../../include/openssl/x509_vfy.h ../cryptlib.h eng_dyn.c eng_int.h eng_err.o: ../../include/openssl/asn1.h ../../include/openssl/bio.h eng_err.o: ../../include/openssl/buffer.h ../../include/openssl/crypto.h eng_err.o: ../../include/openssl/e_os2.h ../../include/openssl/ec.h eng_err.o: ../../include/openssl/ecdh.h ../../include/openssl/ecdsa.h eng_err.o: ../../include/openssl/engine.h ../../include/openssl/err.h -eng_err.o: ../../include/openssl/evp.h ../../include/openssl/lhash.h -eng_err.o: ../../include/openssl/obj_mac.h ../../include/openssl/objects.h -eng_err.o: ../../include/openssl/opensslconf.h ../../include/openssl/opensslv.h -eng_err.o: ../../include/openssl/ossl_typ.h ../../include/openssl/pkcs7.h -eng_err.o: ../../include/openssl/safestack.h ../../include/openssl/sha.h -eng_err.o: ../../include/openssl/stack.h ../../include/openssl/symhacks.h -eng_err.o: ../../include/openssl/x509.h ../../include/openssl/x509_vfy.h -eng_err.o: eng_err.c +eng_err.o: ../../include/openssl/evp.h ../../include/openssl/fips.h +eng_err.o: ../../include/openssl/lhash.h ../../include/openssl/obj_mac.h +eng_err.o: ../../include/openssl/objects.h ../../include/openssl/opensslconf.h +eng_err.o: ../../include/openssl/opensslv.h ../../include/openssl/ossl_typ.h +eng_err.o: ../../include/openssl/pkcs7.h ../../include/openssl/safestack.h +eng_err.o: ../../include/openssl/sha.h ../../include/openssl/stack.h +eng_err.o: ../../include/openssl/symhacks.h ../../include/openssl/x509.h +eng_err.o: ../../include/openssl/x509_vfy.h eng_err.c eng_fat.o: ../../e_os.h ../../include/openssl/asn1.h eng_fat.o: ../../include/openssl/bio.h ../../include/openssl/buffer.h eng_fat.o: ../../include/openssl/conf.h ../../include/openssl/crypto.h eng_fat.o: ../../include/openssl/e_os2.h ../../include/openssl/ec.h eng_fat.o: ../../include/openssl/ecdh.h ../../include/openssl/ecdsa.h eng_fat.o: ../../include/openssl/engine.h ../../include/openssl/err.h -eng_fat.o: ../../include/openssl/evp.h ../../include/openssl/lhash.h -eng_fat.o: ../../include/openssl/obj_mac.h ../../include/openssl/objects.h -eng_fat.o: ../../include/openssl/opensslconf.h ../../include/openssl/opensslv.h -eng_fat.o: ../../include/openssl/ossl_typ.h ../../include/openssl/pkcs7.h -eng_fat.o: ../../include/openssl/safestack.h ../../include/openssl/sha.h -eng_fat.o: ../../include/openssl/stack.h ../../include/openssl/symhacks.h -eng_fat.o: ../../include/openssl/x509.h ../../include/openssl/x509_vfy.h -eng_fat.o: ../cryptlib.h eng_fat.c eng_int.h +eng_fat.o: ../../include/openssl/evp.h ../../include/openssl/fips.h +eng_fat.o: ../../include/openssl/lhash.h ../../include/openssl/obj_mac.h +eng_fat.o: ../../include/openssl/objects.h ../../include/openssl/opensslconf.h +eng_fat.o: ../../include/openssl/opensslv.h ../../include/openssl/ossl_typ.h +eng_fat.o: ../../include/openssl/pkcs7.h ../../include/openssl/safestack.h +eng_fat.o: ../../include/openssl/sha.h ../../include/openssl/stack.h +eng_fat.o: ../../include/openssl/symhacks.h ../../include/openssl/x509.h +eng_fat.o: ../../include/openssl/x509_vfy.h ../cryptlib.h eng_fat.c eng_int.h eng_init.o: ../../e_os.h ../../include/openssl/asn1.h eng_init.o: ../../include/openssl/bio.h ../../include/openssl/buffer.h eng_init.o: ../../include/openssl/crypto.h ../../include/openssl/e_os2.h eng_init.o: ../../include/openssl/ec.h ../../include/openssl/ecdh.h eng_init.o: ../../include/openssl/ecdsa.h ../../include/openssl/engine.h eng_init.o: ../../include/openssl/err.h ../../include/openssl/evp.h -eng_init.o: ../../include/openssl/lhash.h ../../include/openssl/obj_mac.h -eng_init.o: ../../include/openssl/objects.h ../../include/openssl/opensslconf.h +eng_init.o: ../../include/openssl/fips.h ../../include/openssl/lhash.h +eng_init.o: ../../include/openssl/obj_mac.h ../../include/openssl/objects.h +eng_init.o: ../../include/openssl/opensslconf.h eng_init.o: ../../include/openssl/opensslv.h ../../include/openssl/ossl_typ.h eng_init.o: ../../include/openssl/pkcs7.h ../../include/openssl/safestack.h eng_init.o: ../../include/openssl/sha.h ../../include/openssl/stack.h @@ -197,22 +200,23 @@ eng_lib.o: ../../include/openssl/crypto.h ../../include/openssl/e_os2.h eng_lib.o: ../../include/openssl/ec.h ../../include/openssl/ecdh.h eng_lib.o: ../../include/openssl/ecdsa.h ../../include/openssl/engine.h eng_lib.o: ../../include/openssl/err.h ../../include/openssl/evp.h -eng_lib.o: ../../include/openssl/lhash.h ../../include/openssl/obj_mac.h -eng_lib.o: ../../include/openssl/objects.h ../../include/openssl/opensslconf.h -eng_lib.o: ../../include/openssl/opensslv.h ../../include/openssl/ossl_typ.h -eng_lib.o: ../../include/openssl/pkcs7.h ../../include/openssl/rand.h -eng_lib.o: ../../include/openssl/safestack.h ../../include/openssl/sha.h -eng_lib.o: ../../include/openssl/stack.h ../../include/openssl/symhacks.h -eng_lib.o: ../../include/openssl/x509.h ../../include/openssl/x509_vfy.h -eng_lib.o: ../cryptlib.h eng_int.h eng_lib.c +eng_lib.o: ../../include/openssl/fips.h ../../include/openssl/lhash.h +eng_lib.o: ../../include/openssl/obj_mac.h ../../include/openssl/objects.h +eng_lib.o: ../../include/openssl/opensslconf.h ../../include/openssl/opensslv.h +eng_lib.o: ../../include/openssl/ossl_typ.h ../../include/openssl/pkcs7.h +eng_lib.o: ../../include/openssl/rand.h ../../include/openssl/safestack.h +eng_lib.o: ../../include/openssl/sha.h ../../include/openssl/stack.h +eng_lib.o: ../../include/openssl/symhacks.h ../../include/openssl/x509.h +eng_lib.o: ../../include/openssl/x509_vfy.h ../cryptlib.h eng_int.h eng_lib.c eng_list.o: ../../e_os.h ../../include/openssl/asn1.h eng_list.o: ../../include/openssl/bio.h ../../include/openssl/buffer.h eng_list.o: ../../include/openssl/crypto.h ../../include/openssl/e_os2.h eng_list.o: ../../include/openssl/ec.h ../../include/openssl/ecdh.h eng_list.o: ../../include/openssl/ecdsa.h ../../include/openssl/engine.h eng_list.o: ../../include/openssl/err.h ../../include/openssl/evp.h -eng_list.o: ../../include/openssl/lhash.h ../../include/openssl/obj_mac.h -eng_list.o: ../../include/openssl/objects.h ../../include/openssl/opensslconf.h +eng_list.o: ../../include/openssl/fips.h ../../include/openssl/lhash.h +eng_list.o: ../../include/openssl/obj_mac.h ../../include/openssl/objects.h +eng_list.o: ../../include/openssl/opensslconf.h eng_list.o: ../../include/openssl/opensslv.h ../../include/openssl/ossl_typ.h eng_list.o: ../../include/openssl/pkcs7.h ../../include/openssl/safestack.h eng_list.o: ../../include/openssl/sha.h ../../include/openssl/stack.h @@ -225,8 +229,9 @@ eng_openssl.o: ../../include/openssl/dsa.h ../../include/openssl/dso.h eng_openssl.o: ../../include/openssl/e_os2.h ../../include/openssl/ec.h eng_openssl.o: ../../include/openssl/ecdh.h ../../include/openssl/ecdsa.h eng_openssl.o: ../../include/openssl/engine.h ../../include/openssl/err.h -eng_openssl.o: ../../include/openssl/evp.h ../../include/openssl/lhash.h -eng_openssl.o: ../../include/openssl/obj_mac.h ../../include/openssl/objects.h +eng_openssl.o: ../../include/openssl/evp.h ../../include/openssl/fips.h +eng_openssl.o: ../../include/openssl/lhash.h ../../include/openssl/obj_mac.h +eng_openssl.o: ../../include/openssl/objects.h eng_openssl.o: ../../include/openssl/opensslconf.h eng_openssl.o: ../../include/openssl/opensslv.h eng_openssl.o: ../../include/openssl/ossl_typ.h ../../include/openssl/pem.h @@ -242,8 +247,9 @@ eng_padlock.o: ../../include/openssl/crypto.h ../../include/openssl/dso.h eng_padlock.o: ../../include/openssl/e_os2.h ../../include/openssl/ec.h eng_padlock.o: ../../include/openssl/ecdh.h ../../include/openssl/ecdsa.h eng_padlock.o: ../../include/openssl/engine.h ../../include/openssl/err.h -eng_padlock.o: ../../include/openssl/evp.h ../../include/openssl/lhash.h -eng_padlock.o: ../../include/openssl/obj_mac.h ../../include/openssl/objects.h +eng_padlock.o: ../../include/openssl/evp.h ../../include/openssl/fips.h +eng_padlock.o: ../../include/openssl/lhash.h ../../include/openssl/obj_mac.h +eng_padlock.o: ../../include/openssl/objects.h eng_padlock.o: ../../include/openssl/opensslconf.h eng_padlock.o: ../../include/openssl/opensslv.h eng_padlock.o: ../../include/openssl/ossl_typ.h ../../include/openssl/pkcs7.h @@ -257,8 +263,9 @@ eng_pkey.o: ../../include/openssl/crypto.h ../../include/openssl/e_os2.h eng_pkey.o: ../../include/openssl/ec.h ../../include/openssl/ecdh.h eng_pkey.o: ../../include/openssl/ecdsa.h ../../include/openssl/engine.h eng_pkey.o: ../../include/openssl/err.h ../../include/openssl/evp.h -eng_pkey.o: ../../include/openssl/lhash.h ../../include/openssl/obj_mac.h -eng_pkey.o: ../../include/openssl/objects.h ../../include/openssl/opensslconf.h +eng_pkey.o: ../../include/openssl/fips.h ../../include/openssl/lhash.h +eng_pkey.o: ../../include/openssl/obj_mac.h ../../include/openssl/objects.h +eng_pkey.o: ../../include/openssl/opensslconf.h eng_pkey.o: ../../include/openssl/opensslv.h ../../include/openssl/ossl_typ.h eng_pkey.o: ../../include/openssl/pkcs7.h ../../include/openssl/safestack.h eng_pkey.o: ../../include/openssl/sha.h ../../include/openssl/stack.h @@ -270,8 +277,8 @@ eng_table.o: ../../include/openssl/crypto.h ../../include/openssl/e_os2.h eng_table.o: ../../include/openssl/ec.h ../../include/openssl/ecdh.h eng_table.o: ../../include/openssl/ecdsa.h ../../include/openssl/engine.h eng_table.o: ../../include/openssl/err.h ../../include/openssl/evp.h -eng_table.o: ../../include/openssl/lhash.h ../../include/openssl/obj_mac.h -eng_table.o: ../../include/openssl/objects.h +eng_table.o: ../../include/openssl/fips.h ../../include/openssl/lhash.h +eng_table.o: ../../include/openssl/obj_mac.h ../../include/openssl/objects.h eng_table.o: ../../include/openssl/opensslconf.h eng_table.o: ../../include/openssl/opensslv.h ../../include/openssl/ossl_typ.h eng_table.o: ../../include/openssl/pkcs7.h ../../include/openssl/safestack.h @@ -285,8 +292,8 @@ tb_cipher.o: ../../include/openssl/crypto.h ../../include/openssl/e_os2.h tb_cipher.o: ../../include/openssl/ec.h ../../include/openssl/ecdh.h tb_cipher.o: ../../include/openssl/ecdsa.h ../../include/openssl/engine.h tb_cipher.o: ../../include/openssl/err.h ../../include/openssl/evp.h -tb_cipher.o: ../../include/openssl/lhash.h ../../include/openssl/obj_mac.h -tb_cipher.o: ../../include/openssl/objects.h +tb_cipher.o: ../../include/openssl/fips.h ../../include/openssl/lhash.h +tb_cipher.o: ../../include/openssl/obj_mac.h ../../include/openssl/objects.h tb_cipher.o: ../../include/openssl/opensslconf.h tb_cipher.o: ../../include/openssl/opensslv.h ../../include/openssl/ossl_typ.h tb_cipher.o: ../../include/openssl/pkcs7.h ../../include/openssl/safestack.h @@ -299,22 +306,22 @@ tb_dh.o: ../../include/openssl/buffer.h ../../include/openssl/crypto.h tb_dh.o: ../../include/openssl/e_os2.h ../../include/openssl/ec.h tb_dh.o: ../../include/openssl/ecdh.h ../../include/openssl/ecdsa.h tb_dh.o: ../../include/openssl/engine.h ../../include/openssl/err.h -tb_dh.o: ../../include/openssl/evp.h ../../include/openssl/lhash.h -tb_dh.o: ../../include/openssl/obj_mac.h ../../include/openssl/objects.h -tb_dh.o: ../../include/openssl/opensslconf.h ../../include/openssl/opensslv.h -tb_dh.o: ../../include/openssl/ossl_typ.h ../../include/openssl/pkcs7.h -tb_dh.o: ../../include/openssl/safestack.h ../../include/openssl/sha.h -tb_dh.o: ../../include/openssl/stack.h ../../include/openssl/symhacks.h -tb_dh.o: ../../include/openssl/x509.h ../../include/openssl/x509_vfy.h -tb_dh.o: ../cryptlib.h eng_int.h tb_dh.c +tb_dh.o: ../../include/openssl/evp.h ../../include/openssl/fips.h +tb_dh.o: ../../include/openssl/lhash.h ../../include/openssl/obj_mac.h +tb_dh.o: ../../include/openssl/objects.h ../../include/openssl/opensslconf.h +tb_dh.o: ../../include/openssl/opensslv.h ../../include/openssl/ossl_typ.h +tb_dh.o: ../../include/openssl/pkcs7.h ../../include/openssl/safestack.h +tb_dh.o: ../../include/openssl/sha.h ../../include/openssl/stack.h +tb_dh.o: ../../include/openssl/symhacks.h ../../include/openssl/x509.h +tb_dh.o: ../../include/openssl/x509_vfy.h ../cryptlib.h eng_int.h tb_dh.c tb_digest.o: ../../e_os.h ../../include/openssl/asn1.h tb_digest.o: ../../include/openssl/bio.h ../../include/openssl/buffer.h tb_digest.o: ../../include/openssl/crypto.h ../../include/openssl/e_os2.h tb_digest.o: ../../include/openssl/ec.h ../../include/openssl/ecdh.h tb_digest.o: ../../include/openssl/ecdsa.h ../../include/openssl/engine.h tb_digest.o: ../../include/openssl/err.h ../../include/openssl/evp.h -tb_digest.o: ../../include/openssl/lhash.h ../../include/openssl/obj_mac.h -tb_digest.o: ../../include/openssl/objects.h +tb_digest.o: ../../include/openssl/fips.h ../../include/openssl/lhash.h +tb_digest.o: ../../include/openssl/obj_mac.h ../../include/openssl/objects.h tb_digest.o: ../../include/openssl/opensslconf.h tb_digest.o: ../../include/openssl/opensslv.h ../../include/openssl/ossl_typ.h tb_digest.o: ../../include/openssl/pkcs7.h ../../include/openssl/safestack.h @@ -327,35 +334,37 @@ tb_dsa.o: ../../include/openssl/buffer.h ../../include/openssl/crypto.h tb_dsa.o: ../../include/openssl/e_os2.h ../../include/openssl/ec.h tb_dsa.o: ../../include/openssl/ecdh.h ../../include/openssl/ecdsa.h tb_dsa.o: ../../include/openssl/engine.h ../../include/openssl/err.h -tb_dsa.o: ../../include/openssl/evp.h ../../include/openssl/lhash.h -tb_dsa.o: ../../include/openssl/obj_mac.h ../../include/openssl/objects.h -tb_dsa.o: ../../include/openssl/opensslconf.h ../../include/openssl/opensslv.h -tb_dsa.o: ../../include/openssl/ossl_typ.h ../../include/openssl/pkcs7.h -tb_dsa.o: ../../include/openssl/safestack.h ../../include/openssl/sha.h -tb_dsa.o: ../../include/openssl/stack.h ../../include/openssl/symhacks.h -tb_dsa.o: ../../include/openssl/x509.h ../../include/openssl/x509_vfy.h -tb_dsa.o: ../cryptlib.h eng_int.h tb_dsa.c +tb_dsa.o: ../../include/openssl/evp.h ../../include/openssl/fips.h +tb_dsa.o: ../../include/openssl/lhash.h ../../include/openssl/obj_mac.h +tb_dsa.o: ../../include/openssl/objects.h ../../include/openssl/opensslconf.h +tb_dsa.o: ../../include/openssl/opensslv.h ../../include/openssl/ossl_typ.h +tb_dsa.o: ../../include/openssl/pkcs7.h ../../include/openssl/safestack.h +tb_dsa.o: ../../include/openssl/sha.h ../../include/openssl/stack.h +tb_dsa.o: ../../include/openssl/symhacks.h ../../include/openssl/x509.h +tb_dsa.o: ../../include/openssl/x509_vfy.h ../cryptlib.h eng_int.h tb_dsa.c tb_ecdh.o: ../../e_os.h ../../include/openssl/asn1.h tb_ecdh.o: ../../include/openssl/bio.h ../../include/openssl/buffer.h tb_ecdh.o: ../../include/openssl/crypto.h ../../include/openssl/e_os2.h tb_ecdh.o: ../../include/openssl/ec.h ../../include/openssl/ecdh.h tb_ecdh.o: ../../include/openssl/ecdsa.h ../../include/openssl/engine.h tb_ecdh.o: ../../include/openssl/err.h ../../include/openssl/evp.h -tb_ecdh.o: ../../include/openssl/lhash.h ../../include/openssl/obj_mac.h -tb_ecdh.o: ../../include/openssl/objects.h ../../include/openssl/opensslconf.h -tb_ecdh.o: ../../include/openssl/opensslv.h ../../include/openssl/ossl_typ.h -tb_ecdh.o: ../../include/openssl/pkcs7.h ../../include/openssl/safestack.h -tb_ecdh.o: ../../include/openssl/sha.h ../../include/openssl/stack.h -tb_ecdh.o: ../../include/openssl/symhacks.h ../../include/openssl/x509.h -tb_ecdh.o: ../../include/openssl/x509_vfy.h ../cryptlib.h eng_int.h tb_ecdh.c +tb_ecdh.o: ../../include/openssl/fips.h ../../include/openssl/lhash.h +tb_ecdh.o: ../../include/openssl/obj_mac.h ../../include/openssl/objects.h +tb_ecdh.o: ../../include/openssl/opensslconf.h ../../include/openssl/opensslv.h +tb_ecdh.o: ../../include/openssl/ossl_typ.h ../../include/openssl/pkcs7.h +tb_ecdh.o: ../../include/openssl/safestack.h ../../include/openssl/sha.h +tb_ecdh.o: ../../include/openssl/stack.h ../../include/openssl/symhacks.h +tb_ecdh.o: ../../include/openssl/x509.h ../../include/openssl/x509_vfy.h +tb_ecdh.o: ../cryptlib.h eng_int.h tb_ecdh.c tb_ecdsa.o: ../../e_os.h ../../include/openssl/asn1.h tb_ecdsa.o: ../../include/openssl/bio.h ../../include/openssl/buffer.h tb_ecdsa.o: ../../include/openssl/crypto.h ../../include/openssl/e_os2.h tb_ecdsa.o: ../../include/openssl/ec.h ../../include/openssl/ecdh.h tb_ecdsa.o: ../../include/openssl/ecdsa.h ../../include/openssl/engine.h tb_ecdsa.o: ../../include/openssl/err.h ../../include/openssl/evp.h -tb_ecdsa.o: ../../include/openssl/lhash.h ../../include/openssl/obj_mac.h -tb_ecdsa.o: ../../include/openssl/objects.h ../../include/openssl/opensslconf.h +tb_ecdsa.o: ../../include/openssl/fips.h ../../include/openssl/lhash.h +tb_ecdsa.o: ../../include/openssl/obj_mac.h ../../include/openssl/objects.h +tb_ecdsa.o: ../../include/openssl/opensslconf.h tb_ecdsa.o: ../../include/openssl/opensslv.h ../../include/openssl/ossl_typ.h tb_ecdsa.o: ../../include/openssl/pkcs7.h ../../include/openssl/safestack.h tb_ecdsa.o: ../../include/openssl/sha.h ../../include/openssl/stack.h @@ -367,34 +376,36 @@ tb_rand.o: ../../include/openssl/crypto.h ../../include/openssl/e_os2.h tb_rand.o: ../../include/openssl/ec.h ../../include/openssl/ecdh.h tb_rand.o: ../../include/openssl/ecdsa.h ../../include/openssl/engine.h tb_rand.o: ../../include/openssl/err.h ../../include/openssl/evp.h -tb_rand.o: ../../include/openssl/lhash.h ../../include/openssl/obj_mac.h -tb_rand.o: ../../include/openssl/objects.h ../../include/openssl/opensslconf.h -tb_rand.o: ../../include/openssl/opensslv.h ../../include/openssl/ossl_typ.h -tb_rand.o: ../../include/openssl/pkcs7.h ../../include/openssl/safestack.h -tb_rand.o: ../../include/openssl/sha.h ../../include/openssl/stack.h -tb_rand.o: ../../include/openssl/symhacks.h ../../include/openssl/x509.h -tb_rand.o: ../../include/openssl/x509_vfy.h ../cryptlib.h eng_int.h tb_rand.c +tb_rand.o: ../../include/openssl/fips.h ../../include/openssl/lhash.h +tb_rand.o: ../../include/openssl/obj_mac.h ../../include/openssl/objects.h +tb_rand.o: ../../include/openssl/opensslconf.h ../../include/openssl/opensslv.h +tb_rand.o: ../../include/openssl/ossl_typ.h ../../include/openssl/pkcs7.h +tb_rand.o: ../../include/openssl/safestack.h ../../include/openssl/sha.h +tb_rand.o: ../../include/openssl/stack.h ../../include/openssl/symhacks.h +tb_rand.o: ../../include/openssl/x509.h ../../include/openssl/x509_vfy.h +tb_rand.o: ../cryptlib.h eng_int.h tb_rand.c tb_rsa.o: ../../e_os.h ../../include/openssl/asn1.h ../../include/openssl/bio.h tb_rsa.o: ../../include/openssl/buffer.h ../../include/openssl/crypto.h tb_rsa.o: ../../include/openssl/e_os2.h ../../include/openssl/ec.h tb_rsa.o: ../../include/openssl/ecdh.h ../../include/openssl/ecdsa.h tb_rsa.o: ../../include/openssl/engine.h ../../include/openssl/err.h -tb_rsa.o: ../../include/openssl/evp.h ../../include/openssl/lhash.h -tb_rsa.o: ../../include/openssl/obj_mac.h ../../include/openssl/objects.h -tb_rsa.o: ../../include/openssl/opensslconf.h ../../include/openssl/opensslv.h -tb_rsa.o: ../../include/openssl/ossl_typ.h ../../include/openssl/pkcs7.h -tb_rsa.o: ../../include/openssl/safestack.h ../../include/openssl/sha.h -tb_rsa.o: ../../include/openssl/stack.h ../../include/openssl/symhacks.h -tb_rsa.o: ../../include/openssl/x509.h ../../include/openssl/x509_vfy.h -tb_rsa.o: ../cryptlib.h eng_int.h tb_rsa.c +tb_rsa.o: ../../include/openssl/evp.h ../../include/openssl/fips.h +tb_rsa.o: ../../include/openssl/lhash.h ../../include/openssl/obj_mac.h +tb_rsa.o: ../../include/openssl/objects.h ../../include/openssl/opensslconf.h +tb_rsa.o: ../../include/openssl/opensslv.h ../../include/openssl/ossl_typ.h +tb_rsa.o: ../../include/openssl/pkcs7.h ../../include/openssl/safestack.h +tb_rsa.o: ../../include/openssl/sha.h ../../include/openssl/stack.h +tb_rsa.o: ../../include/openssl/symhacks.h ../../include/openssl/x509.h +tb_rsa.o: ../../include/openssl/x509_vfy.h ../cryptlib.h eng_int.h tb_rsa.c tb_store.o: ../../e_os.h ../../include/openssl/asn1.h tb_store.o: ../../include/openssl/bio.h ../../include/openssl/buffer.h tb_store.o: ../../include/openssl/crypto.h ../../include/openssl/e_os2.h tb_store.o: ../../include/openssl/ec.h ../../include/openssl/ecdh.h tb_store.o: ../../include/openssl/ecdsa.h ../../include/openssl/engine.h tb_store.o: ../../include/openssl/err.h ../../include/openssl/evp.h -tb_store.o: ../../include/openssl/lhash.h ../../include/openssl/obj_mac.h -tb_store.o: ../../include/openssl/objects.h ../../include/openssl/opensslconf.h +tb_store.o: ../../include/openssl/fips.h ../../include/openssl/lhash.h +tb_store.o: ../../include/openssl/obj_mac.h ../../include/openssl/objects.h +tb_store.o: ../../include/openssl/opensslconf.h tb_store.o: ../../include/openssl/opensslv.h ../../include/openssl/ossl_typ.h tb_store.o: ../../include/openssl/pkcs7.h ../../include/openssl/safestack.h tb_store.o: ../../include/openssl/sha.h ../../include/openssl/stack.h diff --git a/lib/libcrypto/engine/eng_cnf.c b/lib/libcrypto/engine/eng_cnf.c index 8417ddaaef8..08066cea592 100644 --- a/lib/libcrypto/engine/eng_cnf.c +++ b/lib/libcrypto/engine/eng_cnf.c @@ -1,5 +1,5 @@ /* eng_cnf.c */ -/* Written by Stephen Henson (shenson@bigfoot.com) for the OpenSSL +/* Written by Stephen Henson (steve@openssl.org) for the OpenSSL * project 2001. */ /* ==================================================================== @@ -98,7 +98,7 @@ static int int_engine_configure(char *name, char *value, const CONF *cnf) CONF_VALUE *ecmd; char *ctrlname, *ctrlvalue; ENGINE *e = NULL; - int soft = 0; + int soft = 0; name = skip_dot(name); #ifdef ENGINE_CONF_DEBUG @@ -127,8 +127,8 @@ static int int_engine_configure(char *name, char *value, const CONF *cnf) /* Override engine name to use */ if (!strcmp(ctrlname, "engine_id")) name = ctrlvalue; - else if (!strcmp(ctrlname, "soft_load")) - soft = 1; + else if (!strcmp(ctrlname, "soft_load")) + soft = 1; /* Load a dynamic ENGINE */ else if (!strcmp(ctrlname, "dynamic_path")) { @@ -151,11 +151,11 @@ static int int_engine_configure(char *name, char *value, const CONF *cnf) if (!e) { e = ENGINE_by_id(name); - if (!e && soft) - { - ERR_clear_error(); - return 1; - } + if (!e && soft) + { + ERR_clear_error(); + return 1; + } if (!e) return 0; } diff --git a/lib/libcrypto/engine/enginetest.c b/lib/libcrypto/engine/enginetest.c index cf82f490dbb..e3834611dbd 100644 --- a/lib/libcrypto/engine/enginetest.c +++ b/lib/libcrypto/engine/enginetest.c @@ -58,6 +58,7 @@ #include <stdio.h> #include <string.h> +#include <openssl/e_os2.h> #ifdef OPENSSL_NO_ENGINE int main(int argc, char *argv[]) @@ -66,7 +67,6 @@ int main(int argc, char *argv[]) return(0); } #else -#include <openssl/e_os2.h> #include <openssl/buffer.h> #include <openssl/crypto.h> #include <openssl/engine.h> diff --git a/lib/libcrypto/err/err.c b/lib/libcrypto/err/err.c index 7952e70ab0e..292404a2fb9 100644 --- a/lib/libcrypto/err/err.c +++ b/lib/libcrypto/err/err.c @@ -119,480 +119,9 @@ #include <openssl/bio.h> #include <openssl/err.h> -static void err_load_strings(int lib, ERR_STRING_DATA *str); - -static void ERR_STATE_free(ERR_STATE *s); -#ifndef OPENSSL_NO_ERR -static ERR_STRING_DATA ERR_str_libraries[]= - { -{ERR_PACK(ERR_LIB_NONE,0,0) ,"unknown library"}, -{ERR_PACK(ERR_LIB_SYS,0,0) ,"system library"}, -{ERR_PACK(ERR_LIB_BN,0,0) ,"bignum routines"}, -{ERR_PACK(ERR_LIB_RSA,0,0) ,"rsa routines"}, -{ERR_PACK(ERR_LIB_DH,0,0) ,"Diffie-Hellman routines"}, -{ERR_PACK(ERR_LIB_EVP,0,0) ,"digital envelope routines"}, -{ERR_PACK(ERR_LIB_BUF,0,0) ,"memory buffer routines"}, -{ERR_PACK(ERR_LIB_OBJ,0,0) ,"object identifier routines"}, -{ERR_PACK(ERR_LIB_PEM,0,0) ,"PEM routines"}, -{ERR_PACK(ERR_LIB_DSA,0,0) ,"dsa routines"}, -{ERR_PACK(ERR_LIB_X509,0,0) ,"x509 certificate routines"}, -{ERR_PACK(ERR_LIB_ASN1,0,0) ,"asn1 encoding routines"}, -{ERR_PACK(ERR_LIB_CONF,0,0) ,"configuration file routines"}, -{ERR_PACK(ERR_LIB_CRYPTO,0,0) ,"common libcrypto routines"}, -{ERR_PACK(ERR_LIB_EC,0,0) ,"elliptic curve routines"}, -{ERR_PACK(ERR_LIB_SSL,0,0) ,"SSL routines"}, -{ERR_PACK(ERR_LIB_BIO,0,0) ,"BIO routines"}, -{ERR_PACK(ERR_LIB_PKCS7,0,0) ,"PKCS7 routines"}, -{ERR_PACK(ERR_LIB_X509V3,0,0) ,"X509 V3 routines"}, -{ERR_PACK(ERR_LIB_PKCS12,0,0) ,"PKCS12 routines"}, -{ERR_PACK(ERR_LIB_RAND,0,0) ,"random number generator"}, -{ERR_PACK(ERR_LIB_DSO,0,0) ,"DSO support routines"}, -{ERR_PACK(ERR_LIB_ENGINE,0,0) ,"engine routines"}, -{ERR_PACK(ERR_LIB_OCSP,0,0) ,"OCSP routines"}, -{ERR_PACK(ERR_LIB_FIPS,0,0) ,"FIPS routines"}, -{ERR_PACK(ERR_LIB_CMS,0,0) ,"CMS routines"}, -{0,NULL}, - }; - -static ERR_STRING_DATA ERR_str_functs[]= - { - {ERR_PACK(0,SYS_F_FOPEN,0), "fopen"}, - {ERR_PACK(0,SYS_F_CONNECT,0), "connect"}, - {ERR_PACK(0,SYS_F_GETSERVBYNAME,0), "getservbyname"}, - {ERR_PACK(0,SYS_F_SOCKET,0), "socket"}, - {ERR_PACK(0,SYS_F_IOCTLSOCKET,0), "ioctlsocket"}, - {ERR_PACK(0,SYS_F_BIND,0), "bind"}, - {ERR_PACK(0,SYS_F_LISTEN,0), "listen"}, - {ERR_PACK(0,SYS_F_ACCEPT,0), "accept"}, -#ifdef OPENSSL_SYS_WINDOWS - {ERR_PACK(0,SYS_F_WSASTARTUP,0), "WSAstartup"}, -#endif - {ERR_PACK(0,SYS_F_OPENDIR,0), "opendir"}, - {ERR_PACK(0,SYS_F_FREAD,0), "fread"}, - {0,NULL}, - }; - -static ERR_STRING_DATA ERR_str_reasons[]= - { -{ERR_R_SYS_LIB ,"system lib"}, -{ERR_R_BN_LIB ,"BN lib"}, -{ERR_R_RSA_LIB ,"RSA lib"}, -{ERR_R_DH_LIB ,"DH lib"}, -{ERR_R_EVP_LIB ,"EVP lib"}, -{ERR_R_BUF_LIB ,"BUF lib"}, -{ERR_R_OBJ_LIB ,"OBJ lib"}, -{ERR_R_PEM_LIB ,"PEM lib"}, -{ERR_R_DSA_LIB ,"DSA lib"}, -{ERR_R_X509_LIB ,"X509 lib"}, -{ERR_R_ASN1_LIB ,"ASN1 lib"}, -{ERR_R_CONF_LIB ,"CONF lib"}, -{ERR_R_CRYPTO_LIB ,"CRYPTO lib"}, -{ERR_R_EC_LIB ,"EC lib"}, -{ERR_R_SSL_LIB ,"SSL lib"}, -{ERR_R_BIO_LIB ,"BIO lib"}, -{ERR_R_PKCS7_LIB ,"PKCS7 lib"}, -{ERR_R_X509V3_LIB ,"X509V3 lib"}, -{ERR_R_PKCS12_LIB ,"PKCS12 lib"}, -{ERR_R_RAND_LIB ,"RAND lib"}, -{ERR_R_DSO_LIB ,"DSO lib"}, -{ERR_R_ENGINE_LIB ,"ENGINE lib"}, -{ERR_R_OCSP_LIB ,"OCSP lib"}, - -{ERR_R_NESTED_ASN1_ERROR ,"nested asn1 error"}, -{ERR_R_BAD_ASN1_OBJECT_HEADER ,"bad asn1 object header"}, -{ERR_R_BAD_GET_ASN1_OBJECT_CALL ,"bad get asn1 object call"}, -{ERR_R_EXPECTING_AN_ASN1_SEQUENCE ,"expecting an asn1 sequence"}, -{ERR_R_ASN1_LENGTH_MISMATCH ,"asn1 length mismatch"}, -{ERR_R_MISSING_ASN1_EOS ,"missing asn1 eos"}, - -{ERR_R_FATAL ,"fatal"}, -{ERR_R_MALLOC_FAILURE ,"malloc failure"}, -{ERR_R_SHOULD_NOT_HAVE_BEEN_CALLED ,"called a function you should not call"}, -{ERR_R_PASSED_NULL_PARAMETER ,"passed a null parameter"}, -{ERR_R_INTERNAL_ERROR ,"internal error"}, -{ERR_R_DISABLED ,"called a function that was disabled at compile-time"}, - -{0,NULL}, - }; -#endif - - -/* Define the predeclared (but externally opaque) "ERR_FNS" type */ -struct st_ERR_FNS - { - /* Works on the "error_hash" string table */ - LHASH *(*cb_err_get)(int create); - void (*cb_err_del)(void); - ERR_STRING_DATA *(*cb_err_get_item)(const ERR_STRING_DATA *); - ERR_STRING_DATA *(*cb_err_set_item)(ERR_STRING_DATA *); - ERR_STRING_DATA *(*cb_err_del_item)(ERR_STRING_DATA *); - /* Works on the "thread_hash" error-state table */ - LHASH *(*cb_thread_get)(int create); - void (*cb_thread_release)(LHASH **hash); - ERR_STATE *(*cb_thread_get_item)(const ERR_STATE *); - ERR_STATE *(*cb_thread_set_item)(ERR_STATE *); - void (*cb_thread_del_item)(const ERR_STATE *); - /* Returns the next available error "library" numbers */ - int (*cb_get_next_lib)(void); - }; - -/* Predeclarations of the "err_defaults" functions */ -static LHASH *int_err_get(int create); -static void int_err_del(void); -static ERR_STRING_DATA *int_err_get_item(const ERR_STRING_DATA *); -static ERR_STRING_DATA *int_err_set_item(ERR_STRING_DATA *); -static ERR_STRING_DATA *int_err_del_item(ERR_STRING_DATA *); -static LHASH *int_thread_get(int create); -static void int_thread_release(LHASH **hash); -static ERR_STATE *int_thread_get_item(const ERR_STATE *); -static ERR_STATE *int_thread_set_item(ERR_STATE *); -static void int_thread_del_item(const ERR_STATE *); -static int int_err_get_next_lib(void); -/* The static ERR_FNS table using these defaults functions */ -static const ERR_FNS err_defaults = - { - int_err_get, - int_err_del, - int_err_get_item, - int_err_set_item, - int_err_del_item, - int_thread_get, - int_thread_release, - int_thread_get_item, - int_thread_set_item, - int_thread_del_item, - int_err_get_next_lib - }; - -/* The replacable table of ERR_FNS functions we use at run-time */ -static const ERR_FNS *err_fns = NULL; - -/* Eg. rather than using "err_get()", use "ERRFN(err_get)()". */ -#define ERRFN(a) err_fns->cb_##a - -/* The internal state used by "err_defaults" - as such, the setting, reading, - * creating, and deleting of this data should only be permitted via the - * "err_defaults" functions. This way, a linked module can completely defer all - * ERR state operation (together with requisite locking) to the implementations - * and state in the loading application. */ -static LHASH *int_error_hash = NULL; -static LHASH *int_thread_hash = NULL; -static int int_thread_hash_references = 0; -static int int_err_library_number= ERR_LIB_USER; - -/* Internal function that checks whether "err_fns" is set and if not, sets it to - * the defaults. */ -static void err_fns_check(void) - { - if (err_fns) return; - - CRYPTO_w_lock(CRYPTO_LOCK_ERR); - if (!err_fns) - err_fns = &err_defaults; - CRYPTO_w_unlock(CRYPTO_LOCK_ERR); - } - -/* API functions to get or set the underlying ERR functions. */ - -const ERR_FNS *ERR_get_implementation(void) - { - err_fns_check(); - return err_fns; - } - -int ERR_set_implementation(const ERR_FNS *fns) - { - int ret = 0; - - CRYPTO_w_lock(CRYPTO_LOCK_ERR); - /* It's too late if 'err_fns' is non-NULL. BTW: not much point setting - * an error is there?! */ - if (!err_fns) - { - err_fns = fns; - ret = 1; - } - CRYPTO_w_unlock(CRYPTO_LOCK_ERR); - return ret; - } - -/* These are the callbacks provided to "lh_new()" when creating the LHASH tables - * internal to the "err_defaults" implementation. */ - -/* static unsigned long err_hash(ERR_STRING_DATA *a); */ -static unsigned long err_hash(const void *a_void); -/* static int err_cmp(ERR_STRING_DATA *a, ERR_STRING_DATA *b); */ -static int err_cmp(const void *a_void, const void *b_void); -/* static unsigned long pid_hash(ERR_STATE *pid); */ -static unsigned long pid_hash(const void *pid_void); -/* static int pid_cmp(ERR_STATE *a,ERR_STATE *pid); */ -static int pid_cmp(const void *a_void,const void *pid_void); -static unsigned long get_error_values(int inc,int top,const char **file,int *line, - const char **data,int *flags); - -/* The internal functions used in the "err_defaults" implementation */ - -static LHASH *int_err_get(int create) - { - LHASH *ret = NULL; - - CRYPTO_w_lock(CRYPTO_LOCK_ERR); - if (!int_error_hash && create) - { - CRYPTO_push_info("int_err_get (err.c)"); - int_error_hash = lh_new(err_hash, err_cmp); - CRYPTO_pop_info(); - } - if (int_error_hash) - ret = int_error_hash; - CRYPTO_w_unlock(CRYPTO_LOCK_ERR); - - return ret; - } - -static void int_err_del(void) - { - CRYPTO_w_lock(CRYPTO_LOCK_ERR); - if (int_error_hash) - { - lh_free(int_error_hash); - int_error_hash = NULL; - } - CRYPTO_w_unlock(CRYPTO_LOCK_ERR); - } - -static ERR_STRING_DATA *int_err_get_item(const ERR_STRING_DATA *d) - { - ERR_STRING_DATA *p; - LHASH *hash; - - err_fns_check(); - hash = ERRFN(err_get)(0); - if (!hash) - return NULL; - - CRYPTO_r_lock(CRYPTO_LOCK_ERR); - p = (ERR_STRING_DATA *)lh_retrieve(hash, d); - CRYPTO_r_unlock(CRYPTO_LOCK_ERR); - - return p; - } - -static ERR_STRING_DATA *int_err_set_item(ERR_STRING_DATA *d) - { - ERR_STRING_DATA *p; - LHASH *hash; - - err_fns_check(); - hash = ERRFN(err_get)(1); - if (!hash) - return NULL; - - CRYPTO_w_lock(CRYPTO_LOCK_ERR); - p = (ERR_STRING_DATA *)lh_insert(hash, d); - CRYPTO_w_unlock(CRYPTO_LOCK_ERR); - - return p; - } - -static ERR_STRING_DATA *int_err_del_item(ERR_STRING_DATA *d) - { - ERR_STRING_DATA *p; - LHASH *hash; - - err_fns_check(); - hash = ERRFN(err_get)(0); - if (!hash) - return NULL; - - CRYPTO_w_lock(CRYPTO_LOCK_ERR); - p = (ERR_STRING_DATA *)lh_delete(hash, d); - CRYPTO_w_unlock(CRYPTO_LOCK_ERR); - - return p; - } - -static LHASH *int_thread_get(int create) - { - LHASH *ret = NULL; - - CRYPTO_w_lock(CRYPTO_LOCK_ERR); - if (!int_thread_hash && create) - { - CRYPTO_push_info("int_thread_get (err.c)"); - int_thread_hash = lh_new(pid_hash, pid_cmp); - CRYPTO_pop_info(); - } - if (int_thread_hash) - { - int_thread_hash_references++; - ret = int_thread_hash; - } - CRYPTO_w_unlock(CRYPTO_LOCK_ERR); - return ret; - } - -static void int_thread_release(LHASH **hash) - { - int i; - - if (hash == NULL || *hash == NULL) - return; - - i = CRYPTO_add(&int_thread_hash_references, -1, CRYPTO_LOCK_ERR); - -#ifdef REF_PRINT - fprintf(stderr,"%4d:%s\n",int_thread_hash_references,"ERR"); -#endif - if (i > 0) return; -#ifdef REF_CHECK - if (i < 0) - { - fprintf(stderr,"int_thread_release, bad reference count\n"); - abort(); /* ok */ - } -#endif - *hash = NULL; - } - -static ERR_STATE *int_thread_get_item(const ERR_STATE *d) - { - ERR_STATE *p; - LHASH *hash; - - err_fns_check(); - hash = ERRFN(thread_get)(0); - if (!hash) - return NULL; - - CRYPTO_r_lock(CRYPTO_LOCK_ERR); - p = (ERR_STATE *)lh_retrieve(hash, d); - CRYPTO_r_unlock(CRYPTO_LOCK_ERR); - - ERRFN(thread_release)(&hash); - return p; - } - -static ERR_STATE *int_thread_set_item(ERR_STATE *d) - { - ERR_STATE *p; - LHASH *hash; - - err_fns_check(); - hash = ERRFN(thread_get)(1); - if (!hash) - return NULL; - - CRYPTO_w_lock(CRYPTO_LOCK_ERR); - p = (ERR_STATE *)lh_insert(hash, d); - CRYPTO_w_unlock(CRYPTO_LOCK_ERR); - - ERRFN(thread_release)(&hash); - return p; - } - -static void int_thread_del_item(const ERR_STATE *d) - { - ERR_STATE *p; - LHASH *hash; - - err_fns_check(); - hash = ERRFN(thread_get)(0); - if (!hash) - return; - - CRYPTO_w_lock(CRYPTO_LOCK_ERR); - p = (ERR_STATE *)lh_delete(hash, d); - /* make sure we don't leak memory */ - if (int_thread_hash_references == 1 - && int_thread_hash && (lh_num_items(int_thread_hash) == 0)) - { - lh_free(int_thread_hash); - int_thread_hash = NULL; - } - CRYPTO_w_unlock(CRYPTO_LOCK_ERR); - - ERRFN(thread_release)(&hash); - if (p) - ERR_STATE_free(p); - } - -static int int_err_get_next_lib(void) - { - int ret; - - CRYPTO_w_lock(CRYPTO_LOCK_ERR); - ret = int_err_library_number++; - CRYPTO_w_unlock(CRYPTO_LOCK_ERR); - - return ret; - } - - -#ifndef OPENSSL_NO_ERR -#define NUM_SYS_STR_REASONS 127 -#define LEN_SYS_STR_REASON 32 - -static ERR_STRING_DATA SYS_str_reasons[NUM_SYS_STR_REASONS + 1]; -/* SYS_str_reasons is filled with copies of strerror() results at - * initialization. - * 'errno' values up to 127 should cover all usual errors, - * others will be displayed numerically by ERR_error_string. - * It is crucial that we have something for each reason code - * that occurs in ERR_str_reasons, or bogus reason strings - * will be returned for SYSerr(), which always gets an errno - * value and never one of those 'standard' reason codes. */ - -static void build_SYS_str_reasons(void) - { - /* OPENSSL_malloc cannot be used here, use static storage instead */ - static char strerror_tab[NUM_SYS_STR_REASONS][LEN_SYS_STR_REASON]; - int i; - static int init = 1; - - CRYPTO_r_lock(CRYPTO_LOCK_ERR); - if (!init) - { - CRYPTO_r_unlock(CRYPTO_LOCK_ERR); - return; - } - - CRYPTO_r_unlock(CRYPTO_LOCK_ERR); - CRYPTO_w_lock(CRYPTO_LOCK_ERR); - if (!init) - { - CRYPTO_w_unlock(CRYPTO_LOCK_ERR); - return; - } - - for (i = 1; i <= NUM_SYS_STR_REASONS; i++) - { - ERR_STRING_DATA *str = &SYS_str_reasons[i - 1]; - - str->error = (unsigned long)i; - if (str->string == NULL) - { - char (*dest)[LEN_SYS_STR_REASON] = &(strerror_tab[i - 1]); - char *src = strerror(i); - if (src != NULL) - { - strncpy(*dest, src, sizeof *dest); - (*dest)[sizeof *dest - 1] = '\0'; - str->string = *dest; - } - } - if (str->string == NULL) - str->string = "unknown"; - } - - /* Now we still have SYS_str_reasons[NUM_SYS_STR_REASONS] = {0, NULL}, - * as required by ERR_load_strings. */ - - init = 0; - - CRYPTO_w_unlock(CRYPTO_LOCK_ERR); - } -#endif +static unsigned long get_error_values(int inc,int top, + const char **file,int *line, + const char **data,int *flags); #define err_clear_data(p,i) \ do { \ @@ -614,68 +143,6 @@ static void build_SYS_str_reasons(void) (p)->err_line[i]= -1; \ } while(0) -static void ERR_STATE_free(ERR_STATE *s) - { - int i; - - if (s == NULL) - return; - - for (i=0; i<ERR_NUM_ERRORS; i++) - { - err_clear_data(s,i); - } - OPENSSL_free(s); - } - -void ERR_load_ERR_strings(void) - { - err_fns_check(); -#ifndef OPENSSL_NO_ERR - err_load_strings(0,ERR_str_libraries); - err_load_strings(0,ERR_str_reasons); - err_load_strings(ERR_LIB_SYS,ERR_str_functs); - build_SYS_str_reasons(); - err_load_strings(ERR_LIB_SYS,SYS_str_reasons); -#endif - } - -static void err_load_strings(int lib, ERR_STRING_DATA *str) - { - while (str->error) - { - if (lib) - str->error|=ERR_PACK(lib,0,0); - ERRFN(err_set_item)(str); - str++; - } - } - -void ERR_load_strings(int lib, ERR_STRING_DATA *str) - { - ERR_load_ERR_strings(); - err_load_strings(lib, str); - } - -void ERR_unload_strings(int lib, ERR_STRING_DATA *str) - { - while (str->error) - { - if (lib) - str->error|=ERR_PACK(lib,0,0); - ERRFN(err_del_item)(str); - str++; - } - } - -void ERR_free_strings(void) - { - err_fns_check(); - ERRFN(err_del)(); - } - -/********************************************************/ - void ERR_put_error(int lib, int func, int reason, const char *file, int line) { @@ -830,218 +297,6 @@ static unsigned long get_error_values(int inc, int top, const char **file, int * return ret; } -void ERR_error_string_n(unsigned long e, char *buf, size_t len) - { - char lsbuf[64], fsbuf[64], rsbuf[64]; - const char *ls,*fs,*rs; - unsigned long l,f,r; - - l=ERR_GET_LIB(e); - f=ERR_GET_FUNC(e); - r=ERR_GET_REASON(e); - - ls=ERR_lib_error_string(e); - fs=ERR_func_error_string(e); - rs=ERR_reason_error_string(e); - - if (ls == NULL) - BIO_snprintf(lsbuf, sizeof(lsbuf), "lib(%lu)", l); - if (fs == NULL) - BIO_snprintf(fsbuf, sizeof(fsbuf), "func(%lu)", f); - if (rs == NULL) - BIO_snprintf(rsbuf, sizeof(rsbuf), "reason(%lu)", r); - - BIO_snprintf(buf, len,"error:%08lX:%s:%s:%s", e, ls?ls:lsbuf, - fs?fs:fsbuf, rs?rs:rsbuf); - if (strlen(buf) == len-1) - { - /* output may be truncated; make sure we always have 5 - * colon-separated fields, i.e. 4 colons ... */ -#define NUM_COLONS 4 - if (len > NUM_COLONS) /* ... if possible */ - { - int i; - char *s = buf; - - for (i = 0; i < NUM_COLONS; i++) - { - char *colon = strchr(s, ':'); - if (colon == NULL || colon > &buf[len-1] - NUM_COLONS + i) - { - /* set colon no. i at last possible position - * (buf[len-1] is the terminating 0)*/ - colon = &buf[len-1] - NUM_COLONS + i; - *colon = ':'; - } - s = colon + 1; - } - } - } - } - -/* BAD for multi-threading: uses a local buffer if ret == NULL */ -/* ERR_error_string_n should be used instead for ret != NULL - * as ERR_error_string cannot know how large the buffer is */ -char *ERR_error_string(unsigned long e, char *ret) - { - static char buf[256]; - - if (ret == NULL) ret=buf; - ERR_error_string_n(e, ret, 256); - - return ret; - } - -LHASH *ERR_get_string_table(void) - { - err_fns_check(); - return ERRFN(err_get)(0); - } - -LHASH *ERR_get_err_state_table(void) - { - err_fns_check(); - return ERRFN(thread_get)(0); - } - -void ERR_release_err_state_table(LHASH **hash) - { - err_fns_check(); - ERRFN(thread_release)(hash); - } - -const char *ERR_lib_error_string(unsigned long e) - { - ERR_STRING_DATA d,*p; - unsigned long l; - - err_fns_check(); - l=ERR_GET_LIB(e); - d.error=ERR_PACK(l,0,0); - p=ERRFN(err_get_item)(&d); - return((p == NULL)?NULL:p->string); - } - -const char *ERR_func_error_string(unsigned long e) - { - ERR_STRING_DATA d,*p; - unsigned long l,f; - - err_fns_check(); - l=ERR_GET_LIB(e); - f=ERR_GET_FUNC(e); - d.error=ERR_PACK(l,f,0); - p=ERRFN(err_get_item)(&d); - return((p == NULL)?NULL:p->string); - } - -const char *ERR_reason_error_string(unsigned long e) - { - ERR_STRING_DATA d,*p=NULL; - unsigned long l,r; - - err_fns_check(); - l=ERR_GET_LIB(e); - r=ERR_GET_REASON(e); - d.error=ERR_PACK(l,0,r); - p=ERRFN(err_get_item)(&d); - if (!p) - { - d.error=ERR_PACK(0,0,r); - p=ERRFN(err_get_item)(&d); - } - return((p == NULL)?NULL:p->string); - } - -/* static unsigned long err_hash(ERR_STRING_DATA *a) */ -static unsigned long err_hash(const void *a_void) - { - unsigned long ret,l; - - l=((const ERR_STRING_DATA *)a_void)->error; - ret=l^ERR_GET_LIB(l)^ERR_GET_FUNC(l); - return(ret^ret%19*13); - } - -/* static int err_cmp(ERR_STRING_DATA *a, ERR_STRING_DATA *b) */ -static int err_cmp(const void *a_void, const void *b_void) - { - return((int)(((const ERR_STRING_DATA *)a_void)->error - - ((const ERR_STRING_DATA *)b_void)->error)); - } - -/* static unsigned long pid_hash(ERR_STATE *a) */ -static unsigned long pid_hash(const void *a_void) - { - return(((const ERR_STATE *)a_void)->pid*13); - } - -/* static int pid_cmp(ERR_STATE *a, ERR_STATE *b) */ -static int pid_cmp(const void *a_void, const void *b_void) - { - return((int)((long)((const ERR_STATE *)a_void)->pid - - (long)((const ERR_STATE *)b_void)->pid)); - } - -void ERR_remove_state(unsigned long pid) - { - ERR_STATE tmp; - - err_fns_check(); - if (pid == 0) - pid=(unsigned long)CRYPTO_thread_id(); - tmp.pid=pid; - /* thread_del_item automatically destroys the LHASH if the number of - * items reaches zero. */ - ERRFN(thread_del_item)(&tmp); - } - -ERR_STATE *ERR_get_state(void) - { - static ERR_STATE fallback; - ERR_STATE *ret,tmp,*tmpp=NULL; - int i; - unsigned long pid; - - err_fns_check(); - pid=(unsigned long)CRYPTO_thread_id(); - tmp.pid=pid; - ret=ERRFN(thread_get_item)(&tmp); - - /* ret == the error state, if NULL, make a new one */ - if (ret == NULL) - { - ret=(ERR_STATE *)OPENSSL_malloc(sizeof(ERR_STATE)); - if (ret == NULL) return(&fallback); - ret->pid=pid; - ret->top=0; - ret->bottom=0; - for (i=0; i<ERR_NUM_ERRORS; i++) - { - ret->err_data[i]=NULL; - ret->err_data_flags[i]=0; - } - tmpp = ERRFN(thread_set_item)(ret); - /* To check if insertion failed, do a get. */ - if (ERRFN(thread_get_item)(ret) != ret) - { - ERR_STATE_free(ret); /* could not insert it */ - return(&fallback); - } - /* If a race occured in this function and we came second, tmpp - * is the first one that we just replaced. */ - if (tmpp) - ERR_STATE_free(tmpp); - } - return ret; - } - -int ERR_get_next_error_library(void) - { - err_fns_check(); - return ERRFN(get_next_lib)(); - } - void ERR_set_error_data(char *data, int flags) { ERR_STATE *es; @@ -1128,3 +383,34 @@ int ERR_pop_to_mark(void) es->err_flags[es->top]&=~ERR_FLAG_MARK; return 1; } + +#ifdef OPENSSL_FIPS + +static ERR_STATE *fget_state(void) + { + static ERR_STATE fstate; + return &fstate; + } + +ERR_STATE *(*get_state_func)(void) = fget_state; +void (*remove_state_func)(unsigned long pid); + +ERR_STATE *ERR_get_state(void) + { + return get_state_func(); + } + +void int_ERR_set_state_func(ERR_STATE *(*get_func)(void), + void (*remove_func)(unsigned long pid)) + { + get_state_func = get_func; + remove_state_func = remove_func; + } + +void ERR_remove_state(unsigned long pid) + { + if (remove_state_func) + remove_state_func(pid); + } + +#endif diff --git a/lib/libcrypto/err/err.h b/lib/libcrypto/err/err.h index 8d9f0da172e..dcac4152310 100644 --- a/lib/libcrypto/err/err.h +++ b/lib/libcrypto/err/err.h @@ -142,6 +142,7 @@ typedef struct err_state_st #define ERR_LIB_STORE 44 #define ERR_LIB_FIPS 45 #define ERR_LIB_CMS 46 +#define ERR_LIB_JPAKE 47 #define ERR_LIB_USER 128 @@ -175,6 +176,7 @@ typedef struct err_state_st #define STOREerr(f,r) ERR_PUT_error(ERR_LIB_STORE,(f),(r),__FILE__,__LINE__) #define FIPSerr(f,r) ERR_PUT_error(ERR_LIB_FIPS,(f),(r),__FILE__,__LINE__) #define CMSerr(f,r) ERR_PUT_error(ERR_LIB_CMS,(f),(r),__FILE__,__LINE__) +#define JPAKEerr(f,r) ERR_PUT_error(ERR_LIB_JPAKE,(f),(r),__FILE__,__LINE__) /* Borland C seems too stupid to be able to shift and do longs in * the pre-processor :-( */ @@ -306,6 +308,12 @@ int ERR_get_next_error_library(void); int ERR_set_mark(void); int ERR_pop_to_mark(void); +#ifdef OPENSSL_FIPS +void int_ERR_set_state_func(ERR_STATE *(*get_func)(void), + void (*remove_func)(unsigned long pid)); +void int_ERR_lib_init(void); +#endif + /* Already defined in ossl_typ.h */ /* typedef struct st_ERR_FNS ERR_FNS; */ /* An application can use this function and provide the return value to loaded diff --git a/lib/libcrypto/err/err_all.c b/lib/libcrypto/err/err_all.c index 5813060ce24..f21a5276ed7 100644 --- a/lib/libcrypto/err/err_all.c +++ b/lib/libcrypto/err/err_all.c @@ -94,9 +94,16 @@ #include <openssl/ui.h> #include <openssl/ocsp.h> #include <openssl/err.h> +#ifdef OPENSSL_FIPS +#include <openssl/fips.h> +#endif + #ifndef OPENSSL_NO_CMS #include <openssl/cms.h> #endif +#ifndef OPENSSL_NO_JPAKE +#include <openssl/jpake.h> +#endif void ERR_load_crypto_strings(void) { @@ -141,8 +148,14 @@ void ERR_load_crypto_strings(void) #endif ERR_load_OCSP_strings(); ERR_load_UI_strings(); +#ifdef OPENSSL_FIPS + ERR_load_FIPS_strings(); +#endif #ifndef OPENSSL_NO_CMS ERR_load_CMS_strings(); #endif +#ifndef OPENSSL_NO_JPAKE + ERR_load_JPAKE_strings(); +#endif #endif } diff --git a/lib/libcrypto/err/err_prn.c b/lib/libcrypto/err/err_prn.c index 2224a901e5e..4cdf342fa63 100644 --- a/lib/libcrypto/err/err_prn.c +++ b/lib/libcrypto/err/err_prn.c @@ -86,12 +86,7 @@ void ERR_print_errors_cb(int (*cb)(const char *str, size_t len, void *u), #ifndef OPENSSL_NO_FP_API static int print_fp(const char *str, size_t len, void *fp) { - BIO bio; - - BIO_set(&bio,BIO_s_file()); - BIO_set_fp(&bio,fp,BIO_NOCLOSE); - - return BIO_printf(&bio, "%s", str); + return fwrite(str, 1, len, fp); } void ERR_print_errors_fp(FILE *fp) { @@ -99,13 +94,64 @@ void ERR_print_errors_fp(FILE *fp) } #endif -static int print_bio(const char *str, size_t len, void *bp) +void ERR_error_string_n(unsigned long e, char *buf, size_t len) { - return BIO_write((BIO *)bp, str, len); + char lsbuf[64], fsbuf[64], rsbuf[64]; + const char *ls,*fs,*rs; + unsigned long l,f,r; + + l=ERR_GET_LIB(e); + f=ERR_GET_FUNC(e); + r=ERR_GET_REASON(e); + + ls=ERR_lib_error_string(e); + fs=ERR_func_error_string(e); + rs=ERR_reason_error_string(e); + + if (ls == NULL) + BIO_snprintf(lsbuf, sizeof(lsbuf), "lib(%lu)", l); + if (fs == NULL) + BIO_snprintf(fsbuf, sizeof(fsbuf), "func(%lu)", f); + if (rs == NULL) + BIO_snprintf(rsbuf, sizeof(rsbuf), "reason(%lu)", r); + + BIO_snprintf(buf, len,"error:%08lX:%s:%s:%s", e, ls?ls:lsbuf, + fs?fs:fsbuf, rs?rs:rsbuf); + if (strlen(buf) == len-1) + { + /* output may be truncated; make sure we always have 5 + * colon-separated fields, i.e. 4 colons ... */ +#define NUM_COLONS 4 + if (len > NUM_COLONS) /* ... if possible */ + { + int i; + char *s = buf; + + for (i = 0; i < NUM_COLONS; i++) + { + char *colon = strchr(s, ':'); + if (colon == NULL || colon > &buf[len-1] - NUM_COLONS + i) + { + /* set colon no. i at last possible position + * (buf[len-1] is the terminating 0)*/ + colon = &buf[len-1] - NUM_COLONS + i; + *colon = ':'; + } + s = colon + 1; + } + } + } } -void ERR_print_errors(BIO *bp) + +/* BAD for multi-threading: uses a local buffer if ret == NULL */ +/* ERR_error_string_n should be used instead for ret != NULL + * as ERR_error_string cannot know how large the buffer is */ +char *ERR_error_string(unsigned long e, char *ret) { - ERR_print_errors_cb(print_bio, bp); - } + static char buf[256]; + + if (ret == NULL) ret=buf; + ERR_error_string_n(e, ret, 256); - + return ret; + } diff --git a/lib/libcrypto/err/openssl.ec b/lib/libcrypto/err/openssl.ec index 1938f081ac5..868826624db 100644 --- a/lib/libcrypto/err/openssl.ec +++ b/lib/libcrypto/err/openssl.ec @@ -31,7 +31,9 @@ L COMP crypto/comp/comp.h crypto/comp/comp_err.c L ECDSA crypto/ecdsa/ecdsa.h crypto/ecdsa/ecs_err.c L ECDH crypto/ecdh/ecdh.h crypto/ecdh/ech_err.c L STORE crypto/store/store.h crypto/store/str_err.c +L FIPS fips/fips.h crypto/fips_err.h L CMS crypto/cms/cms.h crypto/cms/cms_err.c +L JPAKE crypto/jpake/jpake.h crypto/jpake/jpake_err.c # additional header files to be scanned for function names L NONE crypto/x509/x509_vfy.h NONE diff --git a/lib/libcrypto/evp/Makefile b/lib/libcrypto/evp/Makefile index 9de56dc03d7..c204f84c1d6 100644 --- a/lib/libcrypto/evp/Makefile +++ b/lib/libcrypto/evp/Makefile @@ -18,10 +18,10 @@ TESTDATA=evptests.txt APPS= LIB=$(TOP)/libcrypto.a -LIBSRC= encode.c digest.c evp_enc.c evp_key.c evp_acnf.c \ +LIBSRC= encode.c digest.c dig_eng.c evp_enc.c evp_key.c evp_acnf.c evp_cnf.c \ e_des.c e_bf.c e_idea.c e_des3.c e_camellia.c\ e_rc4.c e_aes.c names.c e_seed.c \ - e_xcbc_d.c e_rc2.c e_cast.c e_rc5.c \ + e_xcbc_d.c e_rc2.c e_cast.c e_rc5.c enc_min.c \ m_null.c m_md2.c m_md4.c m_md5.c m_sha.c m_sha1.c \ m_dss.c m_dss1.c m_mdc2.c m_ripemd.c m_ecdsa.c\ p_open.c p_seal.c p_sign.c p_verify.c p_lib.c p_enc.c p_dec.c \ @@ -30,10 +30,10 @@ LIBSRC= encode.c digest.c evp_enc.c evp_key.c evp_acnf.c \ evp_pkey.c evp_pbe.c p5_crpt.c p5_crpt2.c \ e_old.c -LIBOBJ= encode.o digest.o evp_enc.o evp_key.o evp_acnf.o \ +LIBOBJ= encode.o digest.o dig_eng.o evp_enc.o evp_key.o evp_acnf.o evp_cnf.o \ e_des.o e_bf.o e_idea.o e_des3.o e_camellia.o\ e_rc4.o e_aes.o names.o e_seed.o \ - e_xcbc_d.o e_rc2.o e_cast.o e_rc5.o \ + e_xcbc_d.o e_rc2.o e_cast.o e_rc5.o enc_min.o \ m_null.o m_md2.o m_md4.o m_md5.o m_sha.o m_sha1.o \ m_dss.o m_dss1.o m_mdc2.o m_ripemd.o m_ecdsa.o\ p_open.o p_seal.o p_sign.o p_verify.o p_lib.o p_enc.o p_dec.o \ @@ -55,7 +55,7 @@ top: all: lib lib: $(LIBOBJ) - $(AR) $(LIB) $(LIBOBJ) + $(ARX) $(LIB) $(LIBOBJ) $(RANLIB) $(LIB) || echo Never mind. @touch lib @@ -101,177 +101,201 @@ bio_b64.o: ../../e_os.h ../../include/openssl/asn1.h bio_b64.o: ../../include/openssl/bio.h ../../include/openssl/buffer.h bio_b64.o: ../../include/openssl/crypto.h ../../include/openssl/e_os2.h bio_b64.o: ../../include/openssl/err.h ../../include/openssl/evp.h -bio_b64.o: ../../include/openssl/lhash.h ../../include/openssl/obj_mac.h -bio_b64.o: ../../include/openssl/objects.h ../../include/openssl/opensslconf.h -bio_b64.o: ../../include/openssl/opensslv.h ../../include/openssl/ossl_typ.h -bio_b64.o: ../../include/openssl/safestack.h ../../include/openssl/stack.h -bio_b64.o: ../../include/openssl/symhacks.h ../cryptlib.h bio_b64.c +bio_b64.o: ../../include/openssl/fips.h ../../include/openssl/lhash.h +bio_b64.o: ../../include/openssl/obj_mac.h ../../include/openssl/objects.h +bio_b64.o: ../../include/openssl/opensslconf.h ../../include/openssl/opensslv.h +bio_b64.o: ../../include/openssl/ossl_typ.h ../../include/openssl/safestack.h +bio_b64.o: ../../include/openssl/stack.h ../../include/openssl/symhacks.h +bio_b64.o: ../cryptlib.h bio_b64.c bio_enc.o: ../../e_os.h ../../include/openssl/asn1.h bio_enc.o: ../../include/openssl/bio.h ../../include/openssl/buffer.h bio_enc.o: ../../include/openssl/crypto.h ../../include/openssl/e_os2.h bio_enc.o: ../../include/openssl/err.h ../../include/openssl/evp.h -bio_enc.o: ../../include/openssl/lhash.h ../../include/openssl/obj_mac.h -bio_enc.o: ../../include/openssl/objects.h ../../include/openssl/opensslconf.h -bio_enc.o: ../../include/openssl/opensslv.h ../../include/openssl/ossl_typ.h -bio_enc.o: ../../include/openssl/safestack.h ../../include/openssl/stack.h -bio_enc.o: ../../include/openssl/symhacks.h ../cryptlib.h bio_enc.c +bio_enc.o: ../../include/openssl/fips.h ../../include/openssl/lhash.h +bio_enc.o: ../../include/openssl/obj_mac.h ../../include/openssl/objects.h +bio_enc.o: ../../include/openssl/opensslconf.h ../../include/openssl/opensslv.h +bio_enc.o: ../../include/openssl/ossl_typ.h ../../include/openssl/safestack.h +bio_enc.o: ../../include/openssl/stack.h ../../include/openssl/symhacks.h +bio_enc.o: ../cryptlib.h bio_enc.c bio_md.o: ../../e_os.h ../../include/openssl/asn1.h ../../include/openssl/bio.h bio_md.o: ../../include/openssl/buffer.h ../../include/openssl/crypto.h bio_md.o: ../../include/openssl/e_os2.h ../../include/openssl/err.h -bio_md.o: ../../include/openssl/evp.h ../../include/openssl/lhash.h -bio_md.o: ../../include/openssl/obj_mac.h ../../include/openssl/objects.h -bio_md.o: ../../include/openssl/opensslconf.h ../../include/openssl/opensslv.h -bio_md.o: ../../include/openssl/ossl_typ.h ../../include/openssl/safestack.h -bio_md.o: ../../include/openssl/stack.h ../../include/openssl/symhacks.h -bio_md.o: ../cryptlib.h bio_md.c +bio_md.o: ../../include/openssl/evp.h ../../include/openssl/fips.h +bio_md.o: ../../include/openssl/lhash.h ../../include/openssl/obj_mac.h +bio_md.o: ../../include/openssl/objects.h ../../include/openssl/opensslconf.h +bio_md.o: ../../include/openssl/opensslv.h ../../include/openssl/ossl_typ.h +bio_md.o: ../../include/openssl/safestack.h ../../include/openssl/stack.h +bio_md.o: ../../include/openssl/symhacks.h ../cryptlib.h bio_md.c bio_ok.o: ../../e_os.h ../../include/openssl/asn1.h ../../include/openssl/bio.h bio_ok.o: ../../include/openssl/buffer.h ../../include/openssl/crypto.h bio_ok.o: ../../include/openssl/e_os2.h ../../include/openssl/err.h -bio_ok.o: ../../include/openssl/evp.h ../../include/openssl/lhash.h -bio_ok.o: ../../include/openssl/obj_mac.h ../../include/openssl/objects.h -bio_ok.o: ../../include/openssl/opensslconf.h ../../include/openssl/opensslv.h -bio_ok.o: ../../include/openssl/ossl_typ.h ../../include/openssl/rand.h -bio_ok.o: ../../include/openssl/safestack.h ../../include/openssl/stack.h -bio_ok.o: ../../include/openssl/symhacks.h ../cryptlib.h bio_ok.c +bio_ok.o: ../../include/openssl/evp.h ../../include/openssl/fips.h +bio_ok.o: ../../include/openssl/lhash.h ../../include/openssl/obj_mac.h +bio_ok.o: ../../include/openssl/objects.h ../../include/openssl/opensslconf.h +bio_ok.o: ../../include/openssl/opensslv.h ../../include/openssl/ossl_typ.h +bio_ok.o: ../../include/openssl/rand.h ../../include/openssl/safestack.h +bio_ok.o: ../../include/openssl/stack.h ../../include/openssl/symhacks.h +bio_ok.o: ../cryptlib.h bio_ok.c c_all.o: ../../e_os.h ../../include/openssl/asn1.h ../../include/openssl/bio.h c_all.o: ../../include/openssl/buffer.h ../../include/openssl/crypto.h c_all.o: ../../include/openssl/e_os2.h ../../include/openssl/ec.h c_all.o: ../../include/openssl/ecdh.h ../../include/openssl/ecdsa.h c_all.o: ../../include/openssl/engine.h ../../include/openssl/err.h -c_all.o: ../../include/openssl/evp.h ../../include/openssl/lhash.h -c_all.o: ../../include/openssl/obj_mac.h ../../include/openssl/objects.h -c_all.o: ../../include/openssl/opensslconf.h ../../include/openssl/opensslv.h -c_all.o: ../../include/openssl/ossl_typ.h ../../include/openssl/pkcs7.h -c_all.o: ../../include/openssl/safestack.h ../../include/openssl/sha.h -c_all.o: ../../include/openssl/stack.h ../../include/openssl/symhacks.h -c_all.o: ../../include/openssl/x509.h ../../include/openssl/x509_vfy.h -c_all.o: ../cryptlib.h c_all.c +c_all.o: ../../include/openssl/evp.h ../../include/openssl/fips.h +c_all.o: ../../include/openssl/lhash.h ../../include/openssl/obj_mac.h +c_all.o: ../../include/openssl/objects.h ../../include/openssl/opensslconf.h +c_all.o: ../../include/openssl/opensslv.h ../../include/openssl/ossl_typ.h +c_all.o: ../../include/openssl/pkcs7.h ../../include/openssl/safestack.h +c_all.o: ../../include/openssl/sha.h ../../include/openssl/stack.h +c_all.o: ../../include/openssl/symhacks.h ../../include/openssl/x509.h +c_all.o: ../../include/openssl/x509_vfy.h ../cryptlib.h c_all.c c_allc.o: ../../e_os.h ../../include/openssl/asn1.h ../../include/openssl/bio.h c_allc.o: ../../include/openssl/buffer.h ../../include/openssl/crypto.h c_allc.o: ../../include/openssl/e_os2.h ../../include/openssl/ec.h c_allc.o: ../../include/openssl/ecdh.h ../../include/openssl/ecdsa.h c_allc.o: ../../include/openssl/err.h ../../include/openssl/evp.h -c_allc.o: ../../include/openssl/lhash.h ../../include/openssl/obj_mac.h -c_allc.o: ../../include/openssl/objects.h ../../include/openssl/opensslconf.h -c_allc.o: ../../include/openssl/opensslv.h ../../include/openssl/ossl_typ.h -c_allc.o: ../../include/openssl/pkcs12.h ../../include/openssl/pkcs7.h -c_allc.o: ../../include/openssl/safestack.h ../../include/openssl/sha.h -c_allc.o: ../../include/openssl/stack.h ../../include/openssl/symhacks.h -c_allc.o: ../../include/openssl/x509.h ../../include/openssl/x509_vfy.h -c_allc.o: ../cryptlib.h c_allc.c +c_allc.o: ../../include/openssl/fips.h ../../include/openssl/lhash.h +c_allc.o: ../../include/openssl/obj_mac.h ../../include/openssl/objects.h +c_allc.o: ../../include/openssl/opensslconf.h ../../include/openssl/opensslv.h +c_allc.o: ../../include/openssl/ossl_typ.h ../../include/openssl/pkcs12.h +c_allc.o: ../../include/openssl/pkcs7.h ../../include/openssl/safestack.h +c_allc.o: ../../include/openssl/sha.h ../../include/openssl/stack.h +c_allc.o: ../../include/openssl/symhacks.h ../../include/openssl/x509.h +c_allc.o: ../../include/openssl/x509_vfy.h ../cryptlib.h c_allc.c c_alld.o: ../../e_os.h ../../include/openssl/asn1.h ../../include/openssl/bio.h c_alld.o: ../../include/openssl/buffer.h ../../include/openssl/crypto.h c_alld.o: ../../include/openssl/e_os2.h ../../include/openssl/ec.h c_alld.o: ../../include/openssl/ecdh.h ../../include/openssl/ecdsa.h c_alld.o: ../../include/openssl/err.h ../../include/openssl/evp.h -c_alld.o: ../../include/openssl/lhash.h ../../include/openssl/obj_mac.h -c_alld.o: ../../include/openssl/objects.h ../../include/openssl/opensslconf.h -c_alld.o: ../../include/openssl/opensslv.h ../../include/openssl/ossl_typ.h -c_alld.o: ../../include/openssl/pkcs12.h ../../include/openssl/pkcs7.h -c_alld.o: ../../include/openssl/safestack.h ../../include/openssl/sha.h -c_alld.o: ../../include/openssl/stack.h ../../include/openssl/symhacks.h -c_alld.o: ../../include/openssl/x509.h ../../include/openssl/x509_vfy.h -c_alld.o: ../cryptlib.h c_alld.c +c_alld.o: ../../include/openssl/fips.h ../../include/openssl/lhash.h +c_alld.o: ../../include/openssl/obj_mac.h ../../include/openssl/objects.h +c_alld.o: ../../include/openssl/opensslconf.h ../../include/openssl/opensslv.h +c_alld.o: ../../include/openssl/ossl_typ.h ../../include/openssl/pkcs12.h +c_alld.o: ../../include/openssl/pkcs7.h ../../include/openssl/safestack.h +c_alld.o: ../../include/openssl/sha.h ../../include/openssl/stack.h +c_alld.o: ../../include/openssl/symhacks.h ../../include/openssl/x509.h +c_alld.o: ../../include/openssl/x509_vfy.h ../cryptlib.h c_alld.c +dig_eng.o: ../../e_os.h ../../include/openssl/asn1.h +dig_eng.o: ../../include/openssl/bio.h ../../include/openssl/buffer.h +dig_eng.o: ../../include/openssl/crypto.h ../../include/openssl/e_os2.h +dig_eng.o: ../../include/openssl/ec.h ../../include/openssl/ecdh.h +dig_eng.o: ../../include/openssl/ecdsa.h ../../include/openssl/engine.h +dig_eng.o: ../../include/openssl/err.h ../../include/openssl/evp.h +dig_eng.o: ../../include/openssl/fips.h ../../include/openssl/lhash.h +dig_eng.o: ../../include/openssl/obj_mac.h ../../include/openssl/objects.h +dig_eng.o: ../../include/openssl/opensslconf.h ../../include/openssl/opensslv.h +dig_eng.o: ../../include/openssl/ossl_typ.h ../../include/openssl/pkcs7.h +dig_eng.o: ../../include/openssl/safestack.h ../../include/openssl/sha.h +dig_eng.o: ../../include/openssl/stack.h ../../include/openssl/symhacks.h +dig_eng.o: ../../include/openssl/x509.h ../../include/openssl/x509_vfy.h +dig_eng.o: ../cryptlib.h dig_eng.c evp_locl.h digest.o: ../../e_os.h ../../include/openssl/asn1.h ../../include/openssl/bio.h digest.o: ../../include/openssl/buffer.h ../../include/openssl/crypto.h digest.o: ../../include/openssl/e_os2.h ../../include/openssl/ec.h digest.o: ../../include/openssl/ecdh.h ../../include/openssl/ecdsa.h digest.o: ../../include/openssl/engine.h ../../include/openssl/err.h -digest.o: ../../include/openssl/evp.h ../../include/openssl/lhash.h -digest.o: ../../include/openssl/obj_mac.h ../../include/openssl/objects.h -digest.o: ../../include/openssl/opensslconf.h ../../include/openssl/opensslv.h -digest.o: ../../include/openssl/ossl_typ.h ../../include/openssl/pkcs7.h -digest.o: ../../include/openssl/safestack.h ../../include/openssl/sha.h -digest.o: ../../include/openssl/stack.h ../../include/openssl/symhacks.h -digest.o: ../../include/openssl/x509.h ../../include/openssl/x509_vfy.h -digest.o: ../cryptlib.h digest.c +digest.o: ../../include/openssl/evp.h ../../include/openssl/fips.h +digest.o: ../../include/openssl/lhash.h ../../include/openssl/obj_mac.h +digest.o: ../../include/openssl/objects.h ../../include/openssl/opensslconf.h +digest.o: ../../include/openssl/opensslv.h ../../include/openssl/ossl_typ.h +digest.o: ../../include/openssl/pkcs7.h ../../include/openssl/safestack.h +digest.o: ../../include/openssl/sha.h ../../include/openssl/stack.h +digest.o: ../../include/openssl/symhacks.h ../../include/openssl/x509.h +digest.o: ../../include/openssl/x509_vfy.h ../cryptlib.h digest.c evp_locl.h e_aes.o: ../../include/openssl/aes.h ../../include/openssl/asn1.h e_aes.o: ../../include/openssl/bio.h ../../include/openssl/crypto.h e_aes.o: ../../include/openssl/e_os2.h ../../include/openssl/err.h -e_aes.o: ../../include/openssl/evp.h ../../include/openssl/lhash.h -e_aes.o: ../../include/openssl/obj_mac.h ../../include/openssl/objects.h -e_aes.o: ../../include/openssl/opensslconf.h ../../include/openssl/opensslv.h -e_aes.o: ../../include/openssl/ossl_typ.h ../../include/openssl/safestack.h -e_aes.o: ../../include/openssl/stack.h ../../include/openssl/symhacks.h e_aes.c -e_aes.o: evp_locl.h +e_aes.o: ../../include/openssl/evp.h ../../include/openssl/fips.h +e_aes.o: ../../include/openssl/lhash.h ../../include/openssl/obj_mac.h +e_aes.o: ../../include/openssl/objects.h ../../include/openssl/opensslconf.h +e_aes.o: ../../include/openssl/opensslv.h ../../include/openssl/ossl_typ.h +e_aes.o: ../../include/openssl/safestack.h ../../include/openssl/stack.h +e_aes.o: ../../include/openssl/symhacks.h e_aes.c evp_locl.h e_bf.o: ../../e_os.h ../../include/openssl/asn1.h ../../include/openssl/bio.h e_bf.o: ../../include/openssl/blowfish.h ../../include/openssl/buffer.h e_bf.o: ../../include/openssl/crypto.h ../../include/openssl/e_os2.h e_bf.o: ../../include/openssl/err.h ../../include/openssl/evp.h -e_bf.o: ../../include/openssl/lhash.h ../../include/openssl/obj_mac.h -e_bf.o: ../../include/openssl/objects.h ../../include/openssl/opensslconf.h -e_bf.o: ../../include/openssl/opensslv.h ../../include/openssl/ossl_typ.h -e_bf.o: ../../include/openssl/safestack.h ../../include/openssl/stack.h -e_bf.o: ../../include/openssl/symhacks.h ../cryptlib.h e_bf.c evp_locl.h +e_bf.o: ../../include/openssl/fips.h ../../include/openssl/lhash.h +e_bf.o: ../../include/openssl/obj_mac.h ../../include/openssl/objects.h +e_bf.o: ../../include/openssl/opensslconf.h ../../include/openssl/opensslv.h +e_bf.o: ../../include/openssl/ossl_typ.h ../../include/openssl/safestack.h +e_bf.o: ../../include/openssl/stack.h ../../include/openssl/symhacks.h +e_bf.o: ../cryptlib.h e_bf.c evp_locl.h e_camellia.o: ../../include/openssl/opensslconf.h e_camellia.c e_cast.o: ../../e_os.h ../../include/openssl/asn1.h ../../include/openssl/bio.h e_cast.o: ../../include/openssl/buffer.h ../../include/openssl/cast.h e_cast.o: ../../include/openssl/crypto.h ../../include/openssl/e_os2.h e_cast.o: ../../include/openssl/err.h ../../include/openssl/evp.h -e_cast.o: ../../include/openssl/lhash.h ../../include/openssl/obj_mac.h -e_cast.o: ../../include/openssl/objects.h ../../include/openssl/opensslconf.h -e_cast.o: ../../include/openssl/opensslv.h ../../include/openssl/ossl_typ.h -e_cast.o: ../../include/openssl/safestack.h ../../include/openssl/stack.h -e_cast.o: ../../include/openssl/symhacks.h ../cryptlib.h e_cast.c evp_locl.h +e_cast.o: ../../include/openssl/fips.h ../../include/openssl/lhash.h +e_cast.o: ../../include/openssl/obj_mac.h ../../include/openssl/objects.h +e_cast.o: ../../include/openssl/opensslconf.h ../../include/openssl/opensslv.h +e_cast.o: ../../include/openssl/ossl_typ.h ../../include/openssl/safestack.h +e_cast.o: ../../include/openssl/stack.h ../../include/openssl/symhacks.h +e_cast.o: ../cryptlib.h e_cast.c evp_locl.h e_des.o: ../../e_os.h ../../include/openssl/asn1.h ../../include/openssl/bio.h e_des.o: ../../include/openssl/buffer.h ../../include/openssl/crypto.h e_des.o: ../../include/openssl/des.h ../../include/openssl/des_old.h e_des.o: ../../include/openssl/e_os2.h ../../include/openssl/err.h -e_des.o: ../../include/openssl/evp.h ../../include/openssl/lhash.h -e_des.o: ../../include/openssl/obj_mac.h ../../include/openssl/objects.h -e_des.o: ../../include/openssl/opensslconf.h ../../include/openssl/opensslv.h -e_des.o: ../../include/openssl/ossl_typ.h ../../include/openssl/rand.h -e_des.o: ../../include/openssl/safestack.h ../../include/openssl/stack.h -e_des.o: ../../include/openssl/symhacks.h ../../include/openssl/ui.h -e_des.o: ../../include/openssl/ui_compat.h ../cryptlib.h e_des.c evp_locl.h +e_des.o: ../../include/openssl/evp.h ../../include/openssl/fips.h +e_des.o: ../../include/openssl/lhash.h ../../include/openssl/obj_mac.h +e_des.o: ../../include/openssl/objects.h ../../include/openssl/opensslconf.h +e_des.o: ../../include/openssl/opensslv.h ../../include/openssl/ossl_typ.h +e_des.o: ../../include/openssl/rand.h ../../include/openssl/safestack.h +e_des.o: ../../include/openssl/stack.h ../../include/openssl/symhacks.h +e_des.o: ../../include/openssl/ui.h ../../include/openssl/ui_compat.h +e_des.o: ../cryptlib.h e_des.c evp_locl.h e_des3.o: ../../e_os.h ../../include/openssl/asn1.h ../../include/openssl/bio.h e_des3.o: ../../include/openssl/buffer.h ../../include/openssl/crypto.h e_des3.o: ../../include/openssl/des.h ../../include/openssl/des_old.h e_des3.o: ../../include/openssl/e_os2.h ../../include/openssl/err.h -e_des3.o: ../../include/openssl/evp.h ../../include/openssl/lhash.h -e_des3.o: ../../include/openssl/obj_mac.h ../../include/openssl/objects.h -e_des3.o: ../../include/openssl/opensslconf.h ../../include/openssl/opensslv.h -e_des3.o: ../../include/openssl/ossl_typ.h ../../include/openssl/rand.h -e_des3.o: ../../include/openssl/safestack.h ../../include/openssl/stack.h -e_des3.o: ../../include/openssl/symhacks.h ../../include/openssl/ui.h -e_des3.o: ../../include/openssl/ui_compat.h ../cryptlib.h e_des3.c evp_locl.h +e_des3.o: ../../include/openssl/evp.h ../../include/openssl/fips.h +e_des3.o: ../../include/openssl/lhash.h ../../include/openssl/obj_mac.h +e_des3.o: ../../include/openssl/objects.h ../../include/openssl/opensslconf.h +e_des3.o: ../../include/openssl/opensslv.h ../../include/openssl/ossl_typ.h +e_des3.o: ../../include/openssl/rand.h ../../include/openssl/safestack.h +e_des3.o: ../../include/openssl/stack.h ../../include/openssl/symhacks.h +e_des3.o: ../../include/openssl/ui.h ../../include/openssl/ui_compat.h +e_des3.o: ../cryptlib.h e_des3.c evp_locl.h e_idea.o: ../../e_os.h ../../include/openssl/asn1.h ../../include/openssl/bio.h e_idea.o: ../../include/openssl/buffer.h ../../include/openssl/crypto.h e_idea.o: ../../include/openssl/e_os2.h ../../include/openssl/err.h -e_idea.o: ../../include/openssl/evp.h ../../include/openssl/idea.h -e_idea.o: ../../include/openssl/lhash.h ../../include/openssl/obj_mac.h -e_idea.o: ../../include/openssl/objects.h ../../include/openssl/opensslconf.h -e_idea.o: ../../include/openssl/opensslv.h ../../include/openssl/ossl_typ.h -e_idea.o: ../../include/openssl/safestack.h ../../include/openssl/stack.h -e_idea.o: ../../include/openssl/symhacks.h ../cryptlib.h e_idea.c evp_locl.h +e_idea.o: ../../include/openssl/evp.h ../../include/openssl/fips.h +e_idea.o: ../../include/openssl/idea.h ../../include/openssl/lhash.h +e_idea.o: ../../include/openssl/obj_mac.h ../../include/openssl/objects.h +e_idea.o: ../../include/openssl/opensslconf.h ../../include/openssl/opensslv.h +e_idea.o: ../../include/openssl/ossl_typ.h ../../include/openssl/safestack.h +e_idea.o: ../../include/openssl/stack.h ../../include/openssl/symhacks.h +e_idea.o: ../cryptlib.h e_idea.c evp_locl.h e_null.o: ../../e_os.h ../../include/openssl/asn1.h ../../include/openssl/bio.h e_null.o: ../../include/openssl/buffer.h ../../include/openssl/crypto.h e_null.o: ../../include/openssl/e_os2.h ../../include/openssl/err.h -e_null.o: ../../include/openssl/evp.h ../../include/openssl/lhash.h -e_null.o: ../../include/openssl/obj_mac.h ../../include/openssl/objects.h -e_null.o: ../../include/openssl/opensslconf.h ../../include/openssl/opensslv.h -e_null.o: ../../include/openssl/ossl_typ.h ../../include/openssl/safestack.h -e_null.o: ../../include/openssl/stack.h ../../include/openssl/symhacks.h -e_null.o: ../cryptlib.h e_null.c +e_null.o: ../../include/openssl/evp.h ../../include/openssl/fips.h +e_null.o: ../../include/openssl/lhash.h ../../include/openssl/obj_mac.h +e_null.o: ../../include/openssl/objects.h ../../include/openssl/opensslconf.h +e_null.o: ../../include/openssl/opensslv.h ../../include/openssl/ossl_typ.h +e_null.o: ../../include/openssl/safestack.h ../../include/openssl/stack.h +e_null.o: ../../include/openssl/symhacks.h ../cryptlib.h e_null.c e_old.o: e_old.c e_rc2.o: ../../e_os.h ../../include/openssl/asn1.h ../../include/openssl/bio.h e_rc2.o: ../../include/openssl/buffer.h ../../include/openssl/crypto.h e_rc2.o: ../../include/openssl/e_os2.h ../../include/openssl/err.h -e_rc2.o: ../../include/openssl/evp.h ../../include/openssl/lhash.h -e_rc2.o: ../../include/openssl/obj_mac.h ../../include/openssl/objects.h -e_rc2.o: ../../include/openssl/opensslconf.h ../../include/openssl/opensslv.h -e_rc2.o: ../../include/openssl/ossl_typ.h ../../include/openssl/rc2.h -e_rc2.o: ../../include/openssl/safestack.h ../../include/openssl/stack.h -e_rc2.o: ../../include/openssl/symhacks.h ../cryptlib.h e_rc2.c evp_locl.h +e_rc2.o: ../../include/openssl/evp.h ../../include/openssl/fips.h +e_rc2.o: ../../include/openssl/lhash.h ../../include/openssl/obj_mac.h +e_rc2.o: ../../include/openssl/objects.h ../../include/openssl/opensslconf.h +e_rc2.o: ../../include/openssl/opensslv.h ../../include/openssl/ossl_typ.h +e_rc2.o: ../../include/openssl/rc2.h ../../include/openssl/safestack.h +e_rc2.o: ../../include/openssl/stack.h ../../include/openssl/symhacks.h +e_rc2.o: ../cryptlib.h e_rc2.c evp_locl.h e_rc4.o: ../../e_os.h ../../include/openssl/asn1.h ../../include/openssl/bio.h e_rc4.o: ../../include/openssl/buffer.h ../../include/openssl/crypto.h e_rc4.o: ../../include/openssl/e_os2.h ../../include/openssl/err.h -e_rc4.o: ../../include/openssl/evp.h ../../include/openssl/lhash.h -e_rc4.o: ../../include/openssl/obj_mac.h ../../include/openssl/objects.h -e_rc4.o: ../../include/openssl/opensslconf.h ../../include/openssl/opensslv.h -e_rc4.o: ../../include/openssl/ossl_typ.h ../../include/openssl/rc4.h -e_rc4.o: ../../include/openssl/safestack.h ../../include/openssl/stack.h -e_rc4.o: ../../include/openssl/symhacks.h ../cryptlib.h e_rc4.c +e_rc4.o: ../../include/openssl/evp.h ../../include/openssl/fips.h +e_rc4.o: ../../include/openssl/lhash.h ../../include/openssl/obj_mac.h +e_rc4.o: ../../include/openssl/objects.h ../../include/openssl/opensslconf.h +e_rc4.o: ../../include/openssl/opensslv.h ../../include/openssl/ossl_typ.h +e_rc4.o: ../../include/openssl/rc4.h ../../include/openssl/safestack.h +e_rc4.o: ../../include/openssl/stack.h ../../include/openssl/symhacks.h +e_rc4.o: ../cryptlib.h e_rc4.c evp_locl.h e_rc5.o: ../../e_os.h ../../include/openssl/bio.h e_rc5.o: ../../include/openssl/buffer.h ../../include/openssl/crypto.h e_rc5.o: ../../include/openssl/e_os2.h ../../include/openssl/err.h @@ -282,107 +306,141 @@ e_rc5.o: ../../include/openssl/symhacks.h ../cryptlib.h e_rc5.c e_seed.o: ../../include/openssl/asn1.h ../../include/openssl/bio.h e_seed.o: ../../include/openssl/crypto.h ../../include/openssl/e_os2.h e_seed.o: ../../include/openssl/err.h ../../include/openssl/evp.h -e_seed.o: ../../include/openssl/lhash.h ../../include/openssl/obj_mac.h -e_seed.o: ../../include/openssl/objects.h ../../include/openssl/opensslconf.h -e_seed.o: ../../include/openssl/opensslv.h ../../include/openssl/ossl_typ.h -e_seed.o: ../../include/openssl/safestack.h ../../include/openssl/stack.h -e_seed.o: ../../include/openssl/symhacks.h e_seed.c +e_seed.o: ../../include/openssl/fips.h ../../include/openssl/lhash.h +e_seed.o: ../../include/openssl/obj_mac.h ../../include/openssl/objects.h +e_seed.o: ../../include/openssl/opensslconf.h ../../include/openssl/opensslv.h +e_seed.o: ../../include/openssl/ossl_typ.h ../../include/openssl/safestack.h +e_seed.o: ../../include/openssl/stack.h ../../include/openssl/symhacks.h +e_seed.o: e_seed.c e_xcbc_d.o: ../../e_os.h ../../include/openssl/asn1.h e_xcbc_d.o: ../../include/openssl/bio.h ../../include/openssl/buffer.h e_xcbc_d.o: ../../include/openssl/crypto.h ../../include/openssl/des.h e_xcbc_d.o: ../../include/openssl/des_old.h ../../include/openssl/e_os2.h e_xcbc_d.o: ../../include/openssl/err.h ../../include/openssl/evp.h -e_xcbc_d.o: ../../include/openssl/lhash.h ../../include/openssl/obj_mac.h -e_xcbc_d.o: ../../include/openssl/objects.h ../../include/openssl/opensslconf.h +e_xcbc_d.o: ../../include/openssl/fips.h ../../include/openssl/lhash.h +e_xcbc_d.o: ../../include/openssl/obj_mac.h ../../include/openssl/objects.h +e_xcbc_d.o: ../../include/openssl/opensslconf.h e_xcbc_d.o: ../../include/openssl/opensslv.h ../../include/openssl/ossl_typ.h e_xcbc_d.o: ../../include/openssl/safestack.h ../../include/openssl/stack.h e_xcbc_d.o: ../../include/openssl/symhacks.h ../../include/openssl/ui.h e_xcbc_d.o: ../../include/openssl/ui_compat.h ../cryptlib.h e_xcbc_d.c +enc_min.o: ../../e_os.h ../../include/openssl/asn1.h +enc_min.o: ../../include/openssl/bio.h ../../include/openssl/buffer.h +enc_min.o: ../../include/openssl/crypto.h ../../include/openssl/e_os2.h +enc_min.o: ../../include/openssl/ec.h ../../include/openssl/ecdh.h +enc_min.o: ../../include/openssl/ecdsa.h ../../include/openssl/engine.h +enc_min.o: ../../include/openssl/err.h ../../include/openssl/evp.h +enc_min.o: ../../include/openssl/fips.h ../../include/openssl/lhash.h +enc_min.o: ../../include/openssl/obj_mac.h ../../include/openssl/objects.h +enc_min.o: ../../include/openssl/opensslconf.h ../../include/openssl/opensslv.h +enc_min.o: ../../include/openssl/ossl_typ.h ../../include/openssl/pkcs7.h +enc_min.o: ../../include/openssl/rand.h ../../include/openssl/safestack.h +enc_min.o: ../../include/openssl/sha.h ../../include/openssl/stack.h +enc_min.o: ../../include/openssl/symhacks.h ../../include/openssl/x509.h +enc_min.o: ../../include/openssl/x509_vfy.h ../cryptlib.h enc_min.c evp_locl.h encode.o: ../../e_os.h ../../include/openssl/asn1.h ../../include/openssl/bio.h encode.o: ../../include/openssl/buffer.h ../../include/openssl/crypto.h encode.o: ../../include/openssl/e_os2.h ../../include/openssl/err.h -encode.o: ../../include/openssl/evp.h ../../include/openssl/lhash.h -encode.o: ../../include/openssl/obj_mac.h ../../include/openssl/objects.h -encode.o: ../../include/openssl/opensslconf.h ../../include/openssl/opensslv.h -encode.o: ../../include/openssl/ossl_typ.h ../../include/openssl/safestack.h -encode.o: ../../include/openssl/stack.h ../../include/openssl/symhacks.h -encode.o: ../cryptlib.h encode.c +encode.o: ../../include/openssl/evp.h ../../include/openssl/fips.h +encode.o: ../../include/openssl/lhash.h ../../include/openssl/obj_mac.h +encode.o: ../../include/openssl/objects.h ../../include/openssl/opensslconf.h +encode.o: ../../include/openssl/opensslv.h ../../include/openssl/ossl_typ.h +encode.o: ../../include/openssl/safestack.h ../../include/openssl/stack.h +encode.o: ../../include/openssl/symhacks.h ../cryptlib.h encode.c evp_acnf.o: ../../e_os.h ../../include/openssl/asn1.h evp_acnf.o: ../../include/openssl/bio.h ../../include/openssl/buffer.h evp_acnf.o: ../../include/openssl/conf.h ../../include/openssl/crypto.h evp_acnf.o: ../../include/openssl/e_os2.h ../../include/openssl/err.h -evp_acnf.o: ../../include/openssl/evp.h ../../include/openssl/lhash.h -evp_acnf.o: ../../include/openssl/obj_mac.h ../../include/openssl/objects.h -evp_acnf.o: ../../include/openssl/opensslconf.h +evp_acnf.o: ../../include/openssl/evp.h ../../include/openssl/fips.h +evp_acnf.o: ../../include/openssl/lhash.h ../../include/openssl/obj_mac.h +evp_acnf.o: ../../include/openssl/objects.h ../../include/openssl/opensslconf.h evp_acnf.o: ../../include/openssl/opensslv.h ../../include/openssl/ossl_typ.h evp_acnf.o: ../../include/openssl/safestack.h ../../include/openssl/stack.h evp_acnf.o: ../../include/openssl/symhacks.h ../cryptlib.h evp_acnf.c +evp_cnf.o: ../../e_os.h ../../include/openssl/asn1.h +evp_cnf.o: ../../include/openssl/bio.h ../../include/openssl/buffer.h +evp_cnf.o: ../../include/openssl/conf.h ../../include/openssl/crypto.h +evp_cnf.o: ../../include/openssl/dso.h ../../include/openssl/e_os2.h +evp_cnf.o: ../../include/openssl/ec.h ../../include/openssl/ecdh.h +evp_cnf.o: ../../include/openssl/ecdsa.h ../../include/openssl/err.h +evp_cnf.o: ../../include/openssl/evp.h ../../include/openssl/fips.h +evp_cnf.o: ../../include/openssl/lhash.h ../../include/openssl/obj_mac.h +evp_cnf.o: ../../include/openssl/objects.h ../../include/openssl/opensslconf.h +evp_cnf.o: ../../include/openssl/opensslv.h ../../include/openssl/ossl_typ.h +evp_cnf.o: ../../include/openssl/pkcs7.h ../../include/openssl/safestack.h +evp_cnf.o: ../../include/openssl/sha.h ../../include/openssl/stack.h +evp_cnf.o: ../../include/openssl/symhacks.h ../../include/openssl/x509.h +evp_cnf.o: ../../include/openssl/x509_vfy.h ../../include/openssl/x509v3.h +evp_cnf.o: ../cryptlib.h evp_cnf.c evp_enc.o: ../../e_os.h ../../include/openssl/asn1.h evp_enc.o: ../../include/openssl/bio.h ../../include/openssl/buffer.h evp_enc.o: ../../include/openssl/crypto.h ../../include/openssl/e_os2.h evp_enc.o: ../../include/openssl/ec.h ../../include/openssl/ecdh.h evp_enc.o: ../../include/openssl/ecdsa.h ../../include/openssl/engine.h evp_enc.o: ../../include/openssl/err.h ../../include/openssl/evp.h -evp_enc.o: ../../include/openssl/lhash.h ../../include/openssl/obj_mac.h -evp_enc.o: ../../include/openssl/objects.h ../../include/openssl/opensslconf.h -evp_enc.o: ../../include/openssl/opensslv.h ../../include/openssl/ossl_typ.h -evp_enc.o: ../../include/openssl/pkcs7.h ../../include/openssl/rand.h -evp_enc.o: ../../include/openssl/safestack.h ../../include/openssl/sha.h -evp_enc.o: ../../include/openssl/stack.h ../../include/openssl/symhacks.h -evp_enc.o: ../../include/openssl/x509.h ../../include/openssl/x509_vfy.h -evp_enc.o: ../cryptlib.h evp_enc.c evp_locl.h +evp_enc.o: ../../include/openssl/fips.h ../../include/openssl/lhash.h +evp_enc.o: ../../include/openssl/obj_mac.h ../../include/openssl/objects.h +evp_enc.o: ../../include/openssl/opensslconf.h ../../include/openssl/opensslv.h +evp_enc.o: ../../include/openssl/ossl_typ.h ../../include/openssl/pkcs7.h +evp_enc.o: ../../include/openssl/rand.h ../../include/openssl/safestack.h +evp_enc.o: ../../include/openssl/sha.h ../../include/openssl/stack.h +evp_enc.o: ../../include/openssl/symhacks.h ../../include/openssl/x509.h +evp_enc.o: ../../include/openssl/x509_vfy.h ../cryptlib.h evp_enc.c evp_locl.h evp_err.o: ../../include/openssl/asn1.h ../../include/openssl/bio.h evp_err.o: ../../include/openssl/crypto.h ../../include/openssl/e_os2.h evp_err.o: ../../include/openssl/err.h ../../include/openssl/evp.h -evp_err.o: ../../include/openssl/lhash.h ../../include/openssl/obj_mac.h -evp_err.o: ../../include/openssl/objects.h ../../include/openssl/opensslconf.h -evp_err.o: ../../include/openssl/opensslv.h ../../include/openssl/ossl_typ.h -evp_err.o: ../../include/openssl/safestack.h ../../include/openssl/stack.h -evp_err.o: ../../include/openssl/symhacks.h evp_err.c +evp_err.o: ../../include/openssl/fips.h ../../include/openssl/lhash.h +evp_err.o: ../../include/openssl/obj_mac.h ../../include/openssl/objects.h +evp_err.o: ../../include/openssl/opensslconf.h ../../include/openssl/opensslv.h +evp_err.o: ../../include/openssl/ossl_typ.h ../../include/openssl/safestack.h +evp_err.o: ../../include/openssl/stack.h ../../include/openssl/symhacks.h +evp_err.o: evp_err.c evp_key.o: ../../e_os.h ../../include/openssl/asn1.h evp_key.o: ../../include/openssl/bio.h ../../include/openssl/buffer.h evp_key.o: ../../include/openssl/crypto.h ../../include/openssl/e_os2.h evp_key.o: ../../include/openssl/ec.h ../../include/openssl/ecdh.h evp_key.o: ../../include/openssl/ecdsa.h ../../include/openssl/err.h -evp_key.o: ../../include/openssl/evp.h ../../include/openssl/lhash.h -evp_key.o: ../../include/openssl/obj_mac.h ../../include/openssl/objects.h -evp_key.o: ../../include/openssl/opensslconf.h ../../include/openssl/opensslv.h -evp_key.o: ../../include/openssl/ossl_typ.h ../../include/openssl/pkcs7.h -evp_key.o: ../../include/openssl/safestack.h ../../include/openssl/sha.h -evp_key.o: ../../include/openssl/stack.h ../../include/openssl/symhacks.h -evp_key.o: ../../include/openssl/ui.h ../../include/openssl/x509.h -evp_key.o: ../../include/openssl/x509_vfy.h ../cryptlib.h evp_key.c +evp_key.o: ../../include/openssl/evp.h ../../include/openssl/fips.h +evp_key.o: ../../include/openssl/lhash.h ../../include/openssl/obj_mac.h +evp_key.o: ../../include/openssl/objects.h ../../include/openssl/opensslconf.h +evp_key.o: ../../include/openssl/opensslv.h ../../include/openssl/ossl_typ.h +evp_key.o: ../../include/openssl/pkcs7.h ../../include/openssl/safestack.h +evp_key.o: ../../include/openssl/sha.h ../../include/openssl/stack.h +evp_key.o: ../../include/openssl/symhacks.h ../../include/openssl/ui.h +evp_key.o: ../../include/openssl/x509.h ../../include/openssl/x509_vfy.h +evp_key.o: ../cryptlib.h evp_key.c evp_lib.o: ../../e_os.h ../../include/openssl/asn1.h evp_lib.o: ../../include/openssl/bio.h ../../include/openssl/buffer.h evp_lib.o: ../../include/openssl/crypto.h ../../include/openssl/e_os2.h evp_lib.o: ../../include/openssl/err.h ../../include/openssl/evp.h -evp_lib.o: ../../include/openssl/lhash.h ../../include/openssl/obj_mac.h -evp_lib.o: ../../include/openssl/objects.h ../../include/openssl/opensslconf.h -evp_lib.o: ../../include/openssl/opensslv.h ../../include/openssl/ossl_typ.h -evp_lib.o: ../../include/openssl/safestack.h ../../include/openssl/stack.h -evp_lib.o: ../../include/openssl/symhacks.h ../cryptlib.h evp_lib.c +evp_lib.o: ../../include/openssl/fips.h ../../include/openssl/lhash.h +evp_lib.o: ../../include/openssl/obj_mac.h ../../include/openssl/objects.h +evp_lib.o: ../../include/openssl/opensslconf.h ../../include/openssl/opensslv.h +evp_lib.o: ../../include/openssl/ossl_typ.h ../../include/openssl/safestack.h +evp_lib.o: ../../include/openssl/stack.h ../../include/openssl/symhacks.h +evp_lib.o: ../cryptlib.h evp_lib.c evp_pbe.o: ../../e_os.h ../../include/openssl/asn1.h evp_pbe.o: ../../include/openssl/bio.h ../../include/openssl/buffer.h evp_pbe.o: ../../include/openssl/crypto.h ../../include/openssl/e_os2.h evp_pbe.o: ../../include/openssl/ec.h ../../include/openssl/ecdh.h evp_pbe.o: ../../include/openssl/ecdsa.h ../../include/openssl/err.h -evp_pbe.o: ../../include/openssl/evp.h ../../include/openssl/lhash.h -evp_pbe.o: ../../include/openssl/obj_mac.h ../../include/openssl/objects.h -evp_pbe.o: ../../include/openssl/opensslconf.h ../../include/openssl/opensslv.h -evp_pbe.o: ../../include/openssl/ossl_typ.h ../../include/openssl/pkcs7.h -evp_pbe.o: ../../include/openssl/safestack.h ../../include/openssl/sha.h -evp_pbe.o: ../../include/openssl/stack.h ../../include/openssl/symhacks.h -evp_pbe.o: ../../include/openssl/x509.h ../../include/openssl/x509_vfy.h -evp_pbe.o: ../cryptlib.h evp_pbe.c +evp_pbe.o: ../../include/openssl/evp.h ../../include/openssl/fips.h +evp_pbe.o: ../../include/openssl/lhash.h ../../include/openssl/obj_mac.h +evp_pbe.o: ../../include/openssl/objects.h ../../include/openssl/opensslconf.h +evp_pbe.o: ../../include/openssl/opensslv.h ../../include/openssl/ossl_typ.h +evp_pbe.o: ../../include/openssl/pkcs7.h ../../include/openssl/safestack.h +evp_pbe.o: ../../include/openssl/sha.h ../../include/openssl/stack.h +evp_pbe.o: ../../include/openssl/symhacks.h ../../include/openssl/x509.h +evp_pbe.o: ../../include/openssl/x509_vfy.h ../cryptlib.h evp_pbe.c evp_pkey.o: ../../e_os.h ../../include/openssl/asn1.h evp_pkey.o: ../../include/openssl/bio.h ../../include/openssl/bn.h evp_pkey.o: ../../include/openssl/buffer.h ../../include/openssl/crypto.h evp_pkey.o: ../../include/openssl/dsa.h ../../include/openssl/e_os2.h evp_pkey.o: ../../include/openssl/ec.h ../../include/openssl/ecdh.h evp_pkey.o: ../../include/openssl/ecdsa.h ../../include/openssl/err.h -evp_pkey.o: ../../include/openssl/evp.h ../../include/openssl/lhash.h -evp_pkey.o: ../../include/openssl/obj_mac.h ../../include/openssl/objects.h -evp_pkey.o: ../../include/openssl/opensslconf.h +evp_pkey.o: ../../include/openssl/evp.h ../../include/openssl/fips.h +evp_pkey.o: ../../include/openssl/lhash.h ../../include/openssl/obj_mac.h +evp_pkey.o: ../../include/openssl/objects.h ../../include/openssl/opensslconf.h evp_pkey.o: ../../include/openssl/opensslv.h ../../include/openssl/ossl_typ.h evp_pkey.o: ../../include/openssl/pkcs7.h ../../include/openssl/rand.h evp_pkey.o: ../../include/openssl/rsa.h ../../include/openssl/safestack.h @@ -394,106 +452,110 @@ m_dss.o: ../../include/openssl/buffer.h ../../include/openssl/crypto.h m_dss.o: ../../include/openssl/dsa.h ../../include/openssl/e_os2.h m_dss.o: ../../include/openssl/ec.h ../../include/openssl/ecdh.h m_dss.o: ../../include/openssl/ecdsa.h ../../include/openssl/err.h -m_dss.o: ../../include/openssl/evp.h ../../include/openssl/lhash.h -m_dss.o: ../../include/openssl/obj_mac.h ../../include/openssl/objects.h -m_dss.o: ../../include/openssl/opensslconf.h ../../include/openssl/opensslv.h -m_dss.o: ../../include/openssl/ossl_typ.h ../../include/openssl/pkcs7.h -m_dss.o: ../../include/openssl/safestack.h ../../include/openssl/sha.h -m_dss.o: ../../include/openssl/stack.h ../../include/openssl/symhacks.h -m_dss.o: ../../include/openssl/x509.h ../../include/openssl/x509_vfy.h -m_dss.o: ../cryptlib.h m_dss.c +m_dss.o: ../../include/openssl/evp.h ../../include/openssl/fips.h +m_dss.o: ../../include/openssl/lhash.h ../../include/openssl/obj_mac.h +m_dss.o: ../../include/openssl/objects.h ../../include/openssl/opensslconf.h +m_dss.o: ../../include/openssl/opensslv.h ../../include/openssl/ossl_typ.h +m_dss.o: ../../include/openssl/pkcs7.h ../../include/openssl/safestack.h +m_dss.o: ../../include/openssl/sha.h ../../include/openssl/stack.h +m_dss.o: ../../include/openssl/symhacks.h ../../include/openssl/x509.h +m_dss.o: ../../include/openssl/x509_vfy.h ../cryptlib.h m_dss.c m_dss1.o: ../../e_os.h ../../include/openssl/asn1.h ../../include/openssl/bio.h m_dss1.o: ../../include/openssl/buffer.h ../../include/openssl/crypto.h m_dss1.o: ../../include/openssl/dsa.h ../../include/openssl/e_os2.h m_dss1.o: ../../include/openssl/ec.h ../../include/openssl/ecdh.h m_dss1.o: ../../include/openssl/ecdsa.h ../../include/openssl/err.h -m_dss1.o: ../../include/openssl/evp.h ../../include/openssl/lhash.h -m_dss1.o: ../../include/openssl/obj_mac.h ../../include/openssl/objects.h -m_dss1.o: ../../include/openssl/opensslconf.h ../../include/openssl/opensslv.h -m_dss1.o: ../../include/openssl/ossl_typ.h ../../include/openssl/pkcs7.h -m_dss1.o: ../../include/openssl/safestack.h ../../include/openssl/sha.h -m_dss1.o: ../../include/openssl/stack.h ../../include/openssl/symhacks.h -m_dss1.o: ../../include/openssl/x509.h ../../include/openssl/x509_vfy.h -m_dss1.o: ../cryptlib.h m_dss1.c +m_dss1.o: ../../include/openssl/evp.h ../../include/openssl/fips.h +m_dss1.o: ../../include/openssl/lhash.h ../../include/openssl/obj_mac.h +m_dss1.o: ../../include/openssl/objects.h ../../include/openssl/opensslconf.h +m_dss1.o: ../../include/openssl/opensslv.h ../../include/openssl/ossl_typ.h +m_dss1.o: ../../include/openssl/pkcs7.h ../../include/openssl/safestack.h +m_dss1.o: ../../include/openssl/sha.h ../../include/openssl/stack.h +m_dss1.o: ../../include/openssl/symhacks.h ../../include/openssl/x509.h +m_dss1.o: ../../include/openssl/x509_vfy.h ../cryptlib.h m_dss1.c m_ecdsa.o: ../../e_os.h ../../include/openssl/asn1.h m_ecdsa.o: ../../include/openssl/bio.h ../../include/openssl/buffer.h m_ecdsa.o: ../../include/openssl/crypto.h ../../include/openssl/e_os2.h m_ecdsa.o: ../../include/openssl/ec.h ../../include/openssl/ecdh.h m_ecdsa.o: ../../include/openssl/ecdsa.h ../../include/openssl/err.h -m_ecdsa.o: ../../include/openssl/evp.h ../../include/openssl/lhash.h -m_ecdsa.o: ../../include/openssl/obj_mac.h ../../include/openssl/objects.h -m_ecdsa.o: ../../include/openssl/opensslconf.h ../../include/openssl/opensslv.h -m_ecdsa.o: ../../include/openssl/ossl_typ.h ../../include/openssl/pkcs7.h -m_ecdsa.o: ../../include/openssl/safestack.h ../../include/openssl/sha.h -m_ecdsa.o: ../../include/openssl/stack.h ../../include/openssl/symhacks.h -m_ecdsa.o: ../../include/openssl/x509.h ../../include/openssl/x509_vfy.h -m_ecdsa.o: ../cryptlib.h m_ecdsa.c +m_ecdsa.o: ../../include/openssl/evp.h ../../include/openssl/fips.h +m_ecdsa.o: ../../include/openssl/lhash.h ../../include/openssl/obj_mac.h +m_ecdsa.o: ../../include/openssl/objects.h ../../include/openssl/opensslconf.h +m_ecdsa.o: ../../include/openssl/opensslv.h ../../include/openssl/ossl_typ.h +m_ecdsa.o: ../../include/openssl/pkcs7.h ../../include/openssl/safestack.h +m_ecdsa.o: ../../include/openssl/sha.h ../../include/openssl/stack.h +m_ecdsa.o: ../../include/openssl/symhacks.h ../../include/openssl/x509.h +m_ecdsa.o: ../../include/openssl/x509_vfy.h ../cryptlib.h m_ecdsa.c m_md2.o: ../../e_os.h ../../include/openssl/asn1.h ../../include/openssl/bio.h m_md2.o: ../../include/openssl/buffer.h ../../include/openssl/crypto.h m_md2.o: ../../include/openssl/e_os2.h ../../include/openssl/ec.h m_md2.o: ../../include/openssl/ecdh.h ../../include/openssl/ecdsa.h m_md2.o: ../../include/openssl/err.h ../../include/openssl/evp.h -m_md2.o: ../../include/openssl/lhash.h ../../include/openssl/md2.h -m_md2.o: ../../include/openssl/obj_mac.h ../../include/openssl/objects.h -m_md2.o: ../../include/openssl/opensslconf.h ../../include/openssl/opensslv.h -m_md2.o: ../../include/openssl/ossl_typ.h ../../include/openssl/pkcs7.h -m_md2.o: ../../include/openssl/rsa.h ../../include/openssl/safestack.h -m_md2.o: ../../include/openssl/sha.h ../../include/openssl/stack.h -m_md2.o: ../../include/openssl/symhacks.h ../../include/openssl/x509.h -m_md2.o: ../../include/openssl/x509_vfy.h ../cryptlib.h m_md2.c +m_md2.o: ../../include/openssl/fips.h ../../include/openssl/lhash.h +m_md2.o: ../../include/openssl/md2.h ../../include/openssl/obj_mac.h +m_md2.o: ../../include/openssl/objects.h ../../include/openssl/opensslconf.h +m_md2.o: ../../include/openssl/opensslv.h ../../include/openssl/ossl_typ.h +m_md2.o: ../../include/openssl/pkcs7.h ../../include/openssl/rsa.h +m_md2.o: ../../include/openssl/safestack.h ../../include/openssl/sha.h +m_md2.o: ../../include/openssl/stack.h ../../include/openssl/symhacks.h +m_md2.o: ../../include/openssl/x509.h ../../include/openssl/x509_vfy.h +m_md2.o: ../cryptlib.h evp_locl.h m_md2.c m_md4.o: ../../e_os.h ../../include/openssl/asn1.h ../../include/openssl/bio.h m_md4.o: ../../include/openssl/buffer.h ../../include/openssl/crypto.h m_md4.o: ../../include/openssl/e_os2.h ../../include/openssl/ec.h m_md4.o: ../../include/openssl/ecdh.h ../../include/openssl/ecdsa.h m_md4.o: ../../include/openssl/err.h ../../include/openssl/evp.h -m_md4.o: ../../include/openssl/lhash.h ../../include/openssl/md4.h -m_md4.o: ../../include/openssl/obj_mac.h ../../include/openssl/objects.h -m_md4.o: ../../include/openssl/opensslconf.h ../../include/openssl/opensslv.h -m_md4.o: ../../include/openssl/ossl_typ.h ../../include/openssl/pkcs7.h -m_md4.o: ../../include/openssl/rsa.h ../../include/openssl/safestack.h -m_md4.o: ../../include/openssl/sha.h ../../include/openssl/stack.h -m_md4.o: ../../include/openssl/symhacks.h ../../include/openssl/x509.h -m_md4.o: ../../include/openssl/x509_vfy.h ../cryptlib.h m_md4.c +m_md4.o: ../../include/openssl/fips.h ../../include/openssl/lhash.h +m_md4.o: ../../include/openssl/md4.h ../../include/openssl/obj_mac.h +m_md4.o: ../../include/openssl/objects.h ../../include/openssl/opensslconf.h +m_md4.o: ../../include/openssl/opensslv.h ../../include/openssl/ossl_typ.h +m_md4.o: ../../include/openssl/pkcs7.h ../../include/openssl/rsa.h +m_md4.o: ../../include/openssl/safestack.h ../../include/openssl/sha.h +m_md4.o: ../../include/openssl/stack.h ../../include/openssl/symhacks.h +m_md4.o: ../../include/openssl/x509.h ../../include/openssl/x509_vfy.h +m_md4.o: ../cryptlib.h evp_locl.h m_md4.c m_md5.o: ../../e_os.h ../../include/openssl/asn1.h ../../include/openssl/bio.h m_md5.o: ../../include/openssl/buffer.h ../../include/openssl/crypto.h m_md5.o: ../../include/openssl/e_os2.h ../../include/openssl/ec.h m_md5.o: ../../include/openssl/ecdh.h ../../include/openssl/ecdsa.h m_md5.o: ../../include/openssl/err.h ../../include/openssl/evp.h -m_md5.o: ../../include/openssl/lhash.h ../../include/openssl/md5.h -m_md5.o: ../../include/openssl/obj_mac.h ../../include/openssl/objects.h -m_md5.o: ../../include/openssl/opensslconf.h ../../include/openssl/opensslv.h -m_md5.o: ../../include/openssl/ossl_typ.h ../../include/openssl/pkcs7.h -m_md5.o: ../../include/openssl/rsa.h ../../include/openssl/safestack.h -m_md5.o: ../../include/openssl/sha.h ../../include/openssl/stack.h -m_md5.o: ../../include/openssl/symhacks.h ../../include/openssl/x509.h -m_md5.o: ../../include/openssl/x509_vfy.h ../cryptlib.h m_md5.c +m_md5.o: ../../include/openssl/fips.h ../../include/openssl/lhash.h +m_md5.o: ../../include/openssl/md5.h ../../include/openssl/obj_mac.h +m_md5.o: ../../include/openssl/objects.h ../../include/openssl/opensslconf.h +m_md5.o: ../../include/openssl/opensslv.h ../../include/openssl/ossl_typ.h +m_md5.o: ../../include/openssl/pkcs7.h ../../include/openssl/rsa.h +m_md5.o: ../../include/openssl/safestack.h ../../include/openssl/sha.h +m_md5.o: ../../include/openssl/stack.h ../../include/openssl/symhacks.h +m_md5.o: ../../include/openssl/x509.h ../../include/openssl/x509_vfy.h +m_md5.o: ../cryptlib.h evp_locl.h m_md5.c m_mdc2.o: ../../e_os.h ../../include/openssl/bio.h m_mdc2.o: ../../include/openssl/buffer.h ../../include/openssl/crypto.h m_mdc2.o: ../../include/openssl/e_os2.h ../../include/openssl/err.h m_mdc2.o: ../../include/openssl/lhash.h ../../include/openssl/opensslconf.h m_mdc2.o: ../../include/openssl/opensslv.h ../../include/openssl/ossl_typ.h m_mdc2.o: ../../include/openssl/safestack.h ../../include/openssl/stack.h -m_mdc2.o: ../../include/openssl/symhacks.h ../cryptlib.h m_mdc2.c +m_mdc2.o: ../../include/openssl/symhacks.h ../cryptlib.h evp_locl.h m_mdc2.c m_null.o: ../../e_os.h ../../include/openssl/asn1.h ../../include/openssl/bio.h m_null.o: ../../include/openssl/buffer.h ../../include/openssl/crypto.h m_null.o: ../../include/openssl/e_os2.h ../../include/openssl/ec.h m_null.o: ../../include/openssl/ecdh.h ../../include/openssl/ecdsa.h m_null.o: ../../include/openssl/err.h ../../include/openssl/evp.h -m_null.o: ../../include/openssl/lhash.h ../../include/openssl/obj_mac.h -m_null.o: ../../include/openssl/objects.h ../../include/openssl/opensslconf.h -m_null.o: ../../include/openssl/opensslv.h ../../include/openssl/ossl_typ.h -m_null.o: ../../include/openssl/pkcs7.h ../../include/openssl/safestack.h -m_null.o: ../../include/openssl/sha.h ../../include/openssl/stack.h -m_null.o: ../../include/openssl/symhacks.h ../../include/openssl/x509.h -m_null.o: ../../include/openssl/x509_vfy.h ../cryptlib.h m_null.c +m_null.o: ../../include/openssl/fips.h ../../include/openssl/lhash.h +m_null.o: ../../include/openssl/obj_mac.h ../../include/openssl/objects.h +m_null.o: ../../include/openssl/opensslconf.h ../../include/openssl/opensslv.h +m_null.o: ../../include/openssl/ossl_typ.h ../../include/openssl/pkcs7.h +m_null.o: ../../include/openssl/safestack.h ../../include/openssl/sha.h +m_null.o: ../../include/openssl/stack.h ../../include/openssl/symhacks.h +m_null.o: ../../include/openssl/x509.h ../../include/openssl/x509_vfy.h +m_null.o: ../cryptlib.h m_null.c m_ripemd.o: ../../e_os.h ../../include/openssl/asn1.h m_ripemd.o: ../../include/openssl/bio.h ../../include/openssl/buffer.h m_ripemd.o: ../../include/openssl/crypto.h ../../include/openssl/e_os2.h m_ripemd.o: ../../include/openssl/ec.h ../../include/openssl/ecdh.h m_ripemd.o: ../../include/openssl/ecdsa.h ../../include/openssl/err.h -m_ripemd.o: ../../include/openssl/evp.h ../../include/openssl/lhash.h -m_ripemd.o: ../../include/openssl/obj_mac.h ../../include/openssl/objects.h -m_ripemd.o: ../../include/openssl/opensslconf.h +m_ripemd.o: ../../include/openssl/evp.h ../../include/openssl/fips.h +m_ripemd.o: ../../include/openssl/lhash.h ../../include/openssl/obj_mac.h +m_ripemd.o: ../../include/openssl/objects.h ../../include/openssl/opensslconf.h m_ripemd.o: ../../include/openssl/opensslv.h ../../include/openssl/ossl_typ.h m_ripemd.o: ../../include/openssl/pkcs7.h ../../include/openssl/ripemd.h m_ripemd.o: ../../include/openssl/rsa.h ../../include/openssl/safestack.h @@ -505,60 +567,62 @@ m_sha.o: ../../include/openssl/buffer.h ../../include/openssl/crypto.h m_sha.o: ../../include/openssl/e_os2.h ../../include/openssl/ec.h m_sha.o: ../../include/openssl/ecdh.h ../../include/openssl/ecdsa.h m_sha.o: ../../include/openssl/err.h ../../include/openssl/evp.h -m_sha.o: ../../include/openssl/lhash.h ../../include/openssl/obj_mac.h -m_sha.o: ../../include/openssl/objects.h ../../include/openssl/opensslconf.h -m_sha.o: ../../include/openssl/opensslv.h ../../include/openssl/ossl_typ.h -m_sha.o: ../../include/openssl/pkcs7.h ../../include/openssl/rsa.h -m_sha.o: ../../include/openssl/safestack.h ../../include/openssl/sha.h -m_sha.o: ../../include/openssl/stack.h ../../include/openssl/symhacks.h -m_sha.o: ../../include/openssl/x509.h ../../include/openssl/x509_vfy.h -m_sha.o: ../cryptlib.h m_sha.c +m_sha.o: ../../include/openssl/fips.h ../../include/openssl/lhash.h +m_sha.o: ../../include/openssl/obj_mac.h ../../include/openssl/objects.h +m_sha.o: ../../include/openssl/opensslconf.h ../../include/openssl/opensslv.h +m_sha.o: ../../include/openssl/ossl_typ.h ../../include/openssl/pkcs7.h +m_sha.o: ../../include/openssl/rsa.h ../../include/openssl/safestack.h +m_sha.o: ../../include/openssl/sha.h ../../include/openssl/stack.h +m_sha.o: ../../include/openssl/symhacks.h ../../include/openssl/x509.h +m_sha.o: ../../include/openssl/x509_vfy.h ../cryptlib.h evp_locl.h m_sha.c m_sha1.o: ../../e_os.h ../../include/openssl/asn1.h ../../include/openssl/bio.h m_sha1.o: ../../include/openssl/buffer.h ../../include/openssl/crypto.h m_sha1.o: ../../include/openssl/e_os2.h ../../include/openssl/ec.h m_sha1.o: ../../include/openssl/ecdh.h ../../include/openssl/ecdsa.h m_sha1.o: ../../include/openssl/err.h ../../include/openssl/evp.h -m_sha1.o: ../../include/openssl/lhash.h ../../include/openssl/obj_mac.h -m_sha1.o: ../../include/openssl/objects.h ../../include/openssl/opensslconf.h -m_sha1.o: ../../include/openssl/opensslv.h ../../include/openssl/ossl_typ.h -m_sha1.o: ../../include/openssl/pkcs7.h ../../include/openssl/rsa.h -m_sha1.o: ../../include/openssl/safestack.h ../../include/openssl/sha.h -m_sha1.o: ../../include/openssl/stack.h ../../include/openssl/symhacks.h -m_sha1.o: ../../include/openssl/x509.h ../../include/openssl/x509_vfy.h -m_sha1.o: ../cryptlib.h m_sha1.c +m_sha1.o: ../../include/openssl/fips.h ../../include/openssl/lhash.h +m_sha1.o: ../../include/openssl/obj_mac.h ../../include/openssl/objects.h +m_sha1.o: ../../include/openssl/opensslconf.h ../../include/openssl/opensslv.h +m_sha1.o: ../../include/openssl/ossl_typ.h ../../include/openssl/pkcs7.h +m_sha1.o: ../../include/openssl/rsa.h ../../include/openssl/safestack.h +m_sha1.o: ../../include/openssl/sha.h ../../include/openssl/stack.h +m_sha1.o: ../../include/openssl/symhacks.h ../../include/openssl/x509.h +m_sha1.o: ../../include/openssl/x509_vfy.h ../cryptlib.h m_sha1.c names.o: ../../e_os.h ../../include/openssl/asn1.h ../../include/openssl/bio.h names.o: ../../include/openssl/buffer.h ../../include/openssl/crypto.h names.o: ../../include/openssl/e_os2.h ../../include/openssl/ec.h names.o: ../../include/openssl/ecdh.h ../../include/openssl/ecdsa.h names.o: ../../include/openssl/err.h ../../include/openssl/evp.h -names.o: ../../include/openssl/lhash.h ../../include/openssl/obj_mac.h -names.o: ../../include/openssl/objects.h ../../include/openssl/opensslconf.h -names.o: ../../include/openssl/opensslv.h ../../include/openssl/ossl_typ.h -names.o: ../../include/openssl/pkcs7.h ../../include/openssl/safestack.h -names.o: ../../include/openssl/sha.h ../../include/openssl/stack.h -names.o: ../../include/openssl/symhacks.h ../../include/openssl/x509.h -names.o: ../../include/openssl/x509_vfy.h ../cryptlib.h names.c +names.o: ../../include/openssl/fips.h ../../include/openssl/lhash.h +names.o: ../../include/openssl/obj_mac.h ../../include/openssl/objects.h +names.o: ../../include/openssl/opensslconf.h ../../include/openssl/opensslv.h +names.o: ../../include/openssl/ossl_typ.h ../../include/openssl/pkcs7.h +names.o: ../../include/openssl/safestack.h ../../include/openssl/sha.h +names.o: ../../include/openssl/stack.h ../../include/openssl/symhacks.h +names.o: ../../include/openssl/x509.h ../../include/openssl/x509_vfy.h +names.o: ../cryptlib.h names.c p5_crpt.o: ../../e_os.h ../../include/openssl/asn1.h p5_crpt.o: ../../include/openssl/bio.h ../../include/openssl/buffer.h p5_crpt.o: ../../include/openssl/crypto.h ../../include/openssl/e_os2.h p5_crpt.o: ../../include/openssl/ec.h ../../include/openssl/ecdh.h p5_crpt.o: ../../include/openssl/ecdsa.h ../../include/openssl/err.h -p5_crpt.o: ../../include/openssl/evp.h ../../include/openssl/lhash.h -p5_crpt.o: ../../include/openssl/obj_mac.h ../../include/openssl/objects.h -p5_crpt.o: ../../include/openssl/opensslconf.h ../../include/openssl/opensslv.h -p5_crpt.o: ../../include/openssl/ossl_typ.h ../../include/openssl/pkcs7.h -p5_crpt.o: ../../include/openssl/safestack.h ../../include/openssl/sha.h -p5_crpt.o: ../../include/openssl/stack.h ../../include/openssl/symhacks.h -p5_crpt.o: ../../include/openssl/x509.h ../../include/openssl/x509_vfy.h -p5_crpt.o: ../cryptlib.h p5_crpt.c +p5_crpt.o: ../../include/openssl/evp.h ../../include/openssl/fips.h +p5_crpt.o: ../../include/openssl/lhash.h ../../include/openssl/obj_mac.h +p5_crpt.o: ../../include/openssl/objects.h ../../include/openssl/opensslconf.h +p5_crpt.o: ../../include/openssl/opensslv.h ../../include/openssl/ossl_typ.h +p5_crpt.o: ../../include/openssl/pkcs7.h ../../include/openssl/safestack.h +p5_crpt.o: ../../include/openssl/sha.h ../../include/openssl/stack.h +p5_crpt.o: ../../include/openssl/symhacks.h ../../include/openssl/x509.h +p5_crpt.o: ../../include/openssl/x509_vfy.h ../cryptlib.h p5_crpt.c p5_crpt2.o: ../../e_os.h ../../include/openssl/asn1.h p5_crpt2.o: ../../include/openssl/bio.h ../../include/openssl/buffer.h p5_crpt2.o: ../../include/openssl/crypto.h ../../include/openssl/e_os2.h p5_crpt2.o: ../../include/openssl/ec.h ../../include/openssl/ecdh.h p5_crpt2.o: ../../include/openssl/ecdsa.h ../../include/openssl/err.h -p5_crpt2.o: ../../include/openssl/evp.h ../../include/openssl/hmac.h -p5_crpt2.o: ../../include/openssl/lhash.h ../../include/openssl/obj_mac.h -p5_crpt2.o: ../../include/openssl/objects.h ../../include/openssl/opensslconf.h +p5_crpt2.o: ../../include/openssl/evp.h ../../include/openssl/fips.h +p5_crpt2.o: ../../include/openssl/hmac.h ../../include/openssl/lhash.h +p5_crpt2.o: ../../include/openssl/obj_mac.h ../../include/openssl/objects.h +p5_crpt2.o: ../../include/openssl/opensslconf.h p5_crpt2.o: ../../include/openssl/opensslv.h ../../include/openssl/ossl_typ.h p5_crpt2.o: ../../include/openssl/pkcs7.h ../../include/openssl/safestack.h p5_crpt2.o: ../../include/openssl/sha.h ../../include/openssl/stack.h @@ -569,27 +633,29 @@ p_dec.o: ../../include/openssl/buffer.h ../../include/openssl/crypto.h p_dec.o: ../../include/openssl/e_os2.h ../../include/openssl/ec.h p_dec.o: ../../include/openssl/ecdh.h ../../include/openssl/ecdsa.h p_dec.o: ../../include/openssl/err.h ../../include/openssl/evp.h -p_dec.o: ../../include/openssl/lhash.h ../../include/openssl/obj_mac.h -p_dec.o: ../../include/openssl/objects.h ../../include/openssl/opensslconf.h -p_dec.o: ../../include/openssl/opensslv.h ../../include/openssl/ossl_typ.h -p_dec.o: ../../include/openssl/pkcs7.h ../../include/openssl/rand.h -p_dec.o: ../../include/openssl/rsa.h ../../include/openssl/safestack.h -p_dec.o: ../../include/openssl/sha.h ../../include/openssl/stack.h -p_dec.o: ../../include/openssl/symhacks.h ../../include/openssl/x509.h -p_dec.o: ../../include/openssl/x509_vfy.h ../cryptlib.h p_dec.c +p_dec.o: ../../include/openssl/fips.h ../../include/openssl/lhash.h +p_dec.o: ../../include/openssl/obj_mac.h ../../include/openssl/objects.h +p_dec.o: ../../include/openssl/opensslconf.h ../../include/openssl/opensslv.h +p_dec.o: ../../include/openssl/ossl_typ.h ../../include/openssl/pkcs7.h +p_dec.o: ../../include/openssl/rand.h ../../include/openssl/rsa.h +p_dec.o: ../../include/openssl/safestack.h ../../include/openssl/sha.h +p_dec.o: ../../include/openssl/stack.h ../../include/openssl/symhacks.h +p_dec.o: ../../include/openssl/x509.h ../../include/openssl/x509_vfy.h +p_dec.o: ../cryptlib.h p_dec.c p_enc.o: ../../e_os.h ../../include/openssl/asn1.h ../../include/openssl/bio.h p_enc.o: ../../include/openssl/buffer.h ../../include/openssl/crypto.h p_enc.o: ../../include/openssl/e_os2.h ../../include/openssl/ec.h p_enc.o: ../../include/openssl/ecdh.h ../../include/openssl/ecdsa.h p_enc.o: ../../include/openssl/err.h ../../include/openssl/evp.h -p_enc.o: ../../include/openssl/lhash.h ../../include/openssl/obj_mac.h -p_enc.o: ../../include/openssl/objects.h ../../include/openssl/opensslconf.h -p_enc.o: ../../include/openssl/opensslv.h ../../include/openssl/ossl_typ.h -p_enc.o: ../../include/openssl/pkcs7.h ../../include/openssl/rand.h -p_enc.o: ../../include/openssl/rsa.h ../../include/openssl/safestack.h -p_enc.o: ../../include/openssl/sha.h ../../include/openssl/stack.h -p_enc.o: ../../include/openssl/symhacks.h ../../include/openssl/x509.h -p_enc.o: ../../include/openssl/x509_vfy.h ../cryptlib.h p_enc.c +p_enc.o: ../../include/openssl/fips.h ../../include/openssl/lhash.h +p_enc.o: ../../include/openssl/obj_mac.h ../../include/openssl/objects.h +p_enc.o: ../../include/openssl/opensslconf.h ../../include/openssl/opensslv.h +p_enc.o: ../../include/openssl/ossl_typ.h ../../include/openssl/pkcs7.h +p_enc.o: ../../include/openssl/rand.h ../../include/openssl/rsa.h +p_enc.o: ../../include/openssl/safestack.h ../../include/openssl/sha.h +p_enc.o: ../../include/openssl/stack.h ../../include/openssl/symhacks.h +p_enc.o: ../../include/openssl/x509.h ../../include/openssl/x509_vfy.h +p_enc.o: ../cryptlib.h p_enc.c p_lib.o: ../../e_os.h ../../include/openssl/asn1.h p_lib.o: ../../include/openssl/asn1_mac.h ../../include/openssl/bio.h p_lib.o: ../../include/openssl/bn.h ../../include/openssl/buffer.h @@ -597,60 +663,63 @@ p_lib.o: ../../include/openssl/crypto.h ../../include/openssl/dh.h p_lib.o: ../../include/openssl/dsa.h ../../include/openssl/e_os2.h p_lib.o: ../../include/openssl/ec.h ../../include/openssl/ecdh.h p_lib.o: ../../include/openssl/ecdsa.h ../../include/openssl/err.h -p_lib.o: ../../include/openssl/evp.h ../../include/openssl/lhash.h -p_lib.o: ../../include/openssl/obj_mac.h ../../include/openssl/objects.h -p_lib.o: ../../include/openssl/opensslconf.h ../../include/openssl/opensslv.h -p_lib.o: ../../include/openssl/ossl_typ.h ../../include/openssl/pkcs7.h -p_lib.o: ../../include/openssl/rsa.h ../../include/openssl/safestack.h -p_lib.o: ../../include/openssl/sha.h ../../include/openssl/stack.h -p_lib.o: ../../include/openssl/symhacks.h ../../include/openssl/x509.h -p_lib.o: ../../include/openssl/x509_vfy.h ../cryptlib.h p_lib.c +p_lib.o: ../../include/openssl/evp.h ../../include/openssl/fips.h +p_lib.o: ../../include/openssl/lhash.h ../../include/openssl/obj_mac.h +p_lib.o: ../../include/openssl/objects.h ../../include/openssl/opensslconf.h +p_lib.o: ../../include/openssl/opensslv.h ../../include/openssl/ossl_typ.h +p_lib.o: ../../include/openssl/pkcs7.h ../../include/openssl/rsa.h +p_lib.o: ../../include/openssl/safestack.h ../../include/openssl/sha.h +p_lib.o: ../../include/openssl/stack.h ../../include/openssl/symhacks.h +p_lib.o: ../../include/openssl/x509.h ../../include/openssl/x509_vfy.h +p_lib.o: ../cryptlib.h p_lib.c p_open.o: ../../e_os.h ../../include/openssl/asn1.h ../../include/openssl/bio.h p_open.o: ../../include/openssl/buffer.h ../../include/openssl/crypto.h p_open.o: ../../include/openssl/e_os2.h ../../include/openssl/ec.h p_open.o: ../../include/openssl/ecdh.h ../../include/openssl/ecdsa.h p_open.o: ../../include/openssl/err.h ../../include/openssl/evp.h -p_open.o: ../../include/openssl/lhash.h ../../include/openssl/obj_mac.h -p_open.o: ../../include/openssl/objects.h ../../include/openssl/opensslconf.h -p_open.o: ../../include/openssl/opensslv.h ../../include/openssl/ossl_typ.h -p_open.o: ../../include/openssl/pkcs7.h ../../include/openssl/rsa.h -p_open.o: ../../include/openssl/safestack.h ../../include/openssl/sha.h -p_open.o: ../../include/openssl/stack.h ../../include/openssl/symhacks.h -p_open.o: ../../include/openssl/x509.h ../../include/openssl/x509_vfy.h -p_open.o: ../cryptlib.h p_open.c +p_open.o: ../../include/openssl/fips.h ../../include/openssl/lhash.h +p_open.o: ../../include/openssl/obj_mac.h ../../include/openssl/objects.h +p_open.o: ../../include/openssl/opensslconf.h ../../include/openssl/opensslv.h +p_open.o: ../../include/openssl/ossl_typ.h ../../include/openssl/pkcs7.h +p_open.o: ../../include/openssl/rsa.h ../../include/openssl/safestack.h +p_open.o: ../../include/openssl/sha.h ../../include/openssl/stack.h +p_open.o: ../../include/openssl/symhacks.h ../../include/openssl/x509.h +p_open.o: ../../include/openssl/x509_vfy.h ../cryptlib.h p_open.c p_seal.o: ../../e_os.h ../../include/openssl/asn1.h ../../include/openssl/bio.h p_seal.o: ../../include/openssl/buffer.h ../../include/openssl/crypto.h p_seal.o: ../../include/openssl/e_os2.h ../../include/openssl/ec.h p_seal.o: ../../include/openssl/ecdh.h ../../include/openssl/ecdsa.h p_seal.o: ../../include/openssl/err.h ../../include/openssl/evp.h -p_seal.o: ../../include/openssl/lhash.h ../../include/openssl/obj_mac.h -p_seal.o: ../../include/openssl/objects.h ../../include/openssl/opensslconf.h -p_seal.o: ../../include/openssl/opensslv.h ../../include/openssl/ossl_typ.h -p_seal.o: ../../include/openssl/pkcs7.h ../../include/openssl/rand.h -p_seal.o: ../../include/openssl/rsa.h ../../include/openssl/safestack.h -p_seal.o: ../../include/openssl/sha.h ../../include/openssl/stack.h -p_seal.o: ../../include/openssl/symhacks.h ../../include/openssl/x509.h -p_seal.o: ../../include/openssl/x509_vfy.h ../cryptlib.h p_seal.c +p_seal.o: ../../include/openssl/fips.h ../../include/openssl/lhash.h +p_seal.o: ../../include/openssl/obj_mac.h ../../include/openssl/objects.h +p_seal.o: ../../include/openssl/opensslconf.h ../../include/openssl/opensslv.h +p_seal.o: ../../include/openssl/ossl_typ.h ../../include/openssl/pkcs7.h +p_seal.o: ../../include/openssl/rand.h ../../include/openssl/rsa.h +p_seal.o: ../../include/openssl/safestack.h ../../include/openssl/sha.h +p_seal.o: ../../include/openssl/stack.h ../../include/openssl/symhacks.h +p_seal.o: ../../include/openssl/x509.h ../../include/openssl/x509_vfy.h +p_seal.o: ../cryptlib.h p_seal.c p_sign.o: ../../e_os.h ../../include/openssl/asn1.h ../../include/openssl/bio.h p_sign.o: ../../include/openssl/buffer.h ../../include/openssl/crypto.h p_sign.o: ../../include/openssl/e_os2.h ../../include/openssl/ec.h p_sign.o: ../../include/openssl/ecdh.h ../../include/openssl/ecdsa.h p_sign.o: ../../include/openssl/err.h ../../include/openssl/evp.h -p_sign.o: ../../include/openssl/lhash.h ../../include/openssl/obj_mac.h -p_sign.o: ../../include/openssl/objects.h ../../include/openssl/opensslconf.h -p_sign.o: ../../include/openssl/opensslv.h ../../include/openssl/ossl_typ.h -p_sign.o: ../../include/openssl/pkcs7.h ../../include/openssl/safestack.h -p_sign.o: ../../include/openssl/sha.h ../../include/openssl/stack.h -p_sign.o: ../../include/openssl/symhacks.h ../../include/openssl/x509.h -p_sign.o: ../../include/openssl/x509_vfy.h ../cryptlib.h p_sign.c +p_sign.o: ../../include/openssl/fips.h ../../include/openssl/lhash.h +p_sign.o: ../../include/openssl/obj_mac.h ../../include/openssl/objects.h +p_sign.o: ../../include/openssl/opensslconf.h ../../include/openssl/opensslv.h +p_sign.o: ../../include/openssl/ossl_typ.h ../../include/openssl/pkcs7.h +p_sign.o: ../../include/openssl/safestack.h ../../include/openssl/sha.h +p_sign.o: ../../include/openssl/stack.h ../../include/openssl/symhacks.h +p_sign.o: ../../include/openssl/x509.h ../../include/openssl/x509_vfy.h +p_sign.o: ../cryptlib.h p_sign.c p_verify.o: ../../e_os.h ../../include/openssl/asn1.h p_verify.o: ../../include/openssl/bio.h ../../include/openssl/buffer.h p_verify.o: ../../include/openssl/crypto.h ../../include/openssl/e_os2.h p_verify.o: ../../include/openssl/ec.h ../../include/openssl/ecdh.h p_verify.o: ../../include/openssl/ecdsa.h ../../include/openssl/err.h -p_verify.o: ../../include/openssl/evp.h ../../include/openssl/lhash.h -p_verify.o: ../../include/openssl/obj_mac.h ../../include/openssl/objects.h -p_verify.o: ../../include/openssl/opensslconf.h +p_verify.o: ../../include/openssl/evp.h ../../include/openssl/fips.h +p_verify.o: ../../include/openssl/lhash.h ../../include/openssl/obj_mac.h +p_verify.o: ../../include/openssl/objects.h ../../include/openssl/opensslconf.h p_verify.o: ../../include/openssl/opensslv.h ../../include/openssl/ossl_typ.h p_verify.o: ../../include/openssl/pkcs7.h ../../include/openssl/safestack.h p_verify.o: ../../include/openssl/sha.h ../../include/openssl/stack.h diff --git a/lib/libcrypto/evp/bio_md.c b/lib/libcrypto/evp/bio_md.c index d648ac6da6b..ed5c1135fd4 100644 --- a/lib/libcrypto/evp/bio_md.c +++ b/lib/libcrypto/evp/bio_md.c @@ -192,13 +192,8 @@ static long md_ctrl(BIO *b, int cmd, long num, void *ptr) ret=0; break; case BIO_C_GET_MD_CTX: - if (b->init) - { - pctx=ptr; - *pctx=ctx; - } - else - ret=0; + pctx=ptr; + *pctx=ctx; break; case BIO_C_SET_MD_CTX: if (b->init) diff --git a/lib/libcrypto/evp/digest.c b/lib/libcrypto/evp/digest.c index 762e6d3450d..3bc2d1295c6 100644 --- a/lib/libcrypto/evp/digest.c +++ b/lib/libcrypto/evp/digest.c @@ -116,6 +116,7 @@ #ifndef OPENSSL_NO_ENGINE #include <openssl/engine.h> #endif +#include "evp_locl.h" void EVP_MD_CTX_init(EVP_MD_CTX *ctx) { @@ -137,18 +138,77 @@ int EVP_DigestInit(EVP_MD_CTX *ctx, const EVP_MD *type) return EVP_DigestInit_ex(ctx, type, NULL); } -int EVP_DigestInit_ex(EVP_MD_CTX *ctx, const EVP_MD *type, ENGINE *impl) +#ifdef OPENSSL_FIPS + +/* The purpose of these is to trap programs that attempt to use non FIPS + * algorithms in FIPS mode and ignore the errors. + */ + +static int bad_init(EVP_MD_CTX *ctx) + { FIPS_ERROR_IGNORED("Digest init"); return 0;} + +static int bad_update(EVP_MD_CTX *ctx,const void *data,size_t count) + { FIPS_ERROR_IGNORED("Digest update"); return 0;} + +static int bad_final(EVP_MD_CTX *ctx,unsigned char *md) + { FIPS_ERROR_IGNORED("Digest Final"); return 0;} + +static const EVP_MD bad_md = { - EVP_MD_CTX_clear_flags(ctx,EVP_MD_CTX_FLAG_CLEANED); + 0, + 0, + 0, + 0, + bad_init, + bad_update, + bad_final, + NULL, + NULL, + NULL, + 0, + {0,0,0,0}, + }; + +#endif + #ifndef OPENSSL_NO_ENGINE - /* Whether it's nice or not, "Inits" can be used on "Final"'d contexts - * so this context may already have an ENGINE! Try to avoid releasing - * the previous handle, re-querying for an ENGINE, and having a - * reinitialisation, when it may all be unecessary. */ - if (ctx->engine && ctx->digest && (!type || - (type && (type->type == ctx->digest->type)))) - goto skip_to_init; - if (type) + +#ifdef OPENSSL_FIPS + +static int do_engine_null(ENGINE *impl) { return 0;} +static int do_evp_md_engine_null(EVP_MD_CTX *ctx, + const EVP_MD **ptype, ENGINE *impl) + { return 1; } + +static int (*do_engine_init)(ENGINE *impl) + = do_engine_null; + +static int (*do_engine_finish)(ENGINE *impl) + = do_engine_null; + +static int (*do_evp_md_engine) + (EVP_MD_CTX *ctx, const EVP_MD **ptype, ENGINE *impl) + = do_evp_md_engine_null; + +void int_EVP_MD_set_engine_callbacks( + int (*eng_md_init)(ENGINE *impl), + int (*eng_md_fin)(ENGINE *impl), + int (*eng_md_evp) + (EVP_MD_CTX *ctx, const EVP_MD **ptype, ENGINE *impl)) + { + do_engine_init = eng_md_init; + do_engine_finish = eng_md_fin; + do_evp_md_engine = eng_md_evp; + } + +#else + +#define do_engine_init ENGINE_init +#define do_engine_finish ENGINE_finish + +static int do_evp_md_engine(EVP_MD_CTX *ctx, const EVP_MD **ptype, ENGINE *impl) + { + if (*ptype) { /* Ensure an ENGINE left lying around from last time is cleared * (the previous check attempted to avoid this if the same @@ -159,25 +219,25 @@ int EVP_DigestInit_ex(EVP_MD_CTX *ctx, const EVP_MD *type, ENGINE *impl) { if (!ENGINE_init(impl)) { - EVPerr(EVP_F_EVP_DIGESTINIT_EX,EVP_R_INITIALIZATION_ERROR); + EVPerr(EVP_F_DO_EVP_MD_ENGINE,EVP_R_INITIALIZATION_ERROR); return 0; } } else /* Ask if an ENGINE is reserved for this job */ - impl = ENGINE_get_digest_engine(type->type); + impl = ENGINE_get_digest_engine((*ptype)->type); if(impl) { /* There's an ENGINE for this job ... (apparently) */ - const EVP_MD *d = ENGINE_get_digest(impl, type->type); + const EVP_MD *d = ENGINE_get_digest(impl, (*ptype)->type); if(!d) { /* Same comment from evp_enc.c */ - EVPerr(EVP_F_EVP_DIGESTINIT_EX,EVP_R_INITIALIZATION_ERROR); + EVPerr(EVP_F_DO_EVP_MD_ENGINE,EVP_R_INITIALIZATION_ERROR); return 0; } /* We'll use the ENGINE's private digest definition */ - type = d; + *ptype = d; /* Store the ENGINE functional reference so we know * 'type' came from an ENGINE and we need to release * it when done. */ @@ -189,12 +249,52 @@ int EVP_DigestInit_ex(EVP_MD_CTX *ctx, const EVP_MD *type, ENGINE *impl) else if(!ctx->digest) { - EVPerr(EVP_F_EVP_DIGESTINIT_EX,EVP_R_NO_DIGEST_SET); + EVPerr(EVP_F_DO_EVP_MD_ENGINE,EVP_R_NO_DIGEST_SET); return 0; } + return 1; + } + +#endif + +#endif + +int EVP_DigestInit_ex(EVP_MD_CTX *ctx, const EVP_MD *type, ENGINE *impl) + { + M_EVP_MD_CTX_clear_flags(ctx,EVP_MD_CTX_FLAG_CLEANED); +#ifdef OPENSSL_FIPS + if(FIPS_selftest_failed()) + { + FIPSerr(FIPS_F_EVP_DIGESTINIT_EX,FIPS_R_FIPS_SELFTEST_FAILED); + ctx->digest = &bad_md; + return 0; + } +#endif +#ifndef OPENSSL_NO_ENGINE + /* Whether it's nice or not, "Inits" can be used on "Final"'d contexts + * so this context may already have an ENGINE! Try to avoid releasing + * the previous handle, re-querying for an ENGINE, and having a + * reinitialisation, when it may all be unecessary. */ + if (ctx->engine && ctx->digest && (!type || + (type && (type->type == ctx->digest->type)))) + goto skip_to_init; + if (!do_evp_md_engine(ctx, &type, impl)) + return 0; #endif if (ctx->digest != type) { +#ifdef OPENSSL_FIPS + if (FIPS_mode()) + { + if (!(type->flags & EVP_MD_FLAG_FIPS) + && !(ctx->flags & EVP_MD_CTX_FLAG_NON_FIPS_ALLOW)) + { + EVPerr(EVP_F_EVP_DIGESTINIT_EX, EVP_R_DISABLED_FOR_FIPS); + ctx->digest = &bad_md; + return 0; + } + } +#endif if (ctx->digest && ctx->digest->ctx_size) OPENSSL_free(ctx->md_data); ctx->digest=type; @@ -202,7 +302,7 @@ int EVP_DigestInit_ex(EVP_MD_CTX *ctx, const EVP_MD *type, ENGINE *impl) ctx->md_data=OPENSSL_malloc(type->ctx_size); } #ifndef OPENSSL_NO_ENGINE -skip_to_init: + skip_to_init: #endif return ctx->digest->init(ctx); } @@ -210,6 +310,9 @@ skip_to_init: int EVP_DigestUpdate(EVP_MD_CTX *ctx, const void *data, size_t count) { +#ifdef OPENSSL_FIPS + FIPS_selftest_check(); +#endif return ctx->digest->update(ctx,data,count); } @@ -226,6 +329,9 @@ int EVP_DigestFinal(EVP_MD_CTX *ctx, unsigned char *md, unsigned int *size) int EVP_DigestFinal_ex(EVP_MD_CTX *ctx, unsigned char *md, unsigned int *size) { int ret; +#ifdef OPENSSL_FIPS + FIPS_selftest_check(); +#endif OPENSSL_assert(ctx->digest->md_size <= EVP_MAX_MD_SIZE); ret=ctx->digest->final(ctx,md); @@ -234,7 +340,7 @@ int EVP_DigestFinal_ex(EVP_MD_CTX *ctx, unsigned char *md, unsigned int *size) if (ctx->digest->cleanup) { ctx->digest->cleanup(ctx); - EVP_MD_CTX_set_flags(ctx,EVP_MD_CTX_FLAG_CLEANED); + M_EVP_MD_CTX_set_flags(ctx,EVP_MD_CTX_FLAG_CLEANED); } memset(ctx->md_data,0,ctx->digest->ctx_size); return ret; @@ -256,7 +362,7 @@ int EVP_MD_CTX_copy_ex(EVP_MD_CTX *out, const EVP_MD_CTX *in) } #ifndef OPENSSL_NO_ENGINE /* Make sure it's safe to copy a digest context using an ENGINE */ - if (in->engine && !ENGINE_init(in->engine)) + if (in->engine && !do_engine_init(in->engine)) { EVPerr(EVP_F_EVP_MD_CTX_COPY_EX,ERR_R_ENGINE_LIB); return 0; @@ -266,7 +372,7 @@ int EVP_MD_CTX_copy_ex(EVP_MD_CTX *out, const EVP_MD_CTX *in) if (out->digest == in->digest) { tmp_buf = out->md_data; - EVP_MD_CTX_set_flags(out,EVP_MD_CTX_FLAG_REUSE); + M_EVP_MD_CTX_set_flags(out,EVP_MD_CTX_FLAG_REUSE); } else tmp_buf = NULL; EVP_MD_CTX_cleanup(out); @@ -292,7 +398,7 @@ int EVP_Digest(const void *data, size_t count, int ret; EVP_MD_CTX_init(&ctx); - EVP_MD_CTX_set_flags(&ctx,EVP_MD_CTX_FLAG_ONESHOT); + M_EVP_MD_CTX_set_flags(&ctx,EVP_MD_CTX_FLAG_ONESHOT); ret=EVP_DigestInit_ex(&ctx, type, impl) && EVP_DigestUpdate(&ctx, data, count) && EVP_DigestFinal_ex(&ctx, md, size); @@ -314,10 +420,10 @@ int EVP_MD_CTX_cleanup(EVP_MD_CTX *ctx) * because sometimes only copies of the context are ever finalised. */ if (ctx->digest && ctx->digest->cleanup - && !EVP_MD_CTX_test_flags(ctx,EVP_MD_CTX_FLAG_CLEANED)) + && !M_EVP_MD_CTX_test_flags(ctx,EVP_MD_CTX_FLAG_CLEANED)) ctx->digest->cleanup(ctx); if (ctx->digest && ctx->digest->ctx_size && ctx->md_data - && !EVP_MD_CTX_test_flags(ctx, EVP_MD_CTX_FLAG_REUSE)) + && !M_EVP_MD_CTX_test_flags(ctx, EVP_MD_CTX_FLAG_REUSE)) { OPENSSL_cleanse(ctx->md_data,ctx->digest->ctx_size); OPENSSL_free(ctx->md_data); @@ -326,7 +432,7 @@ int EVP_MD_CTX_cleanup(EVP_MD_CTX *ctx) if(ctx->engine) /* The EVP_MD we used belongs to an ENGINE, release the * functional reference we held for this reason. */ - ENGINE_finish(ctx->engine); + do_engine_finish(ctx->engine); #endif memset(ctx,'\0',sizeof *ctx); diff --git a/lib/libcrypto/evp/e_aes.c b/lib/libcrypto/evp/e_aes.c index bd6c0a3a62a..c9a5ee8d75a 100644 --- a/lib/libcrypto/evp/e_aes.c +++ b/lib/libcrypto/evp/e_aes.c @@ -69,32 +69,29 @@ typedef struct IMPLEMENT_BLOCK_CIPHER(aes_128, ks, AES, EVP_AES_KEY, NID_aes_128, 16, 16, 16, 128, - 0, aes_init_key, NULL, - EVP_CIPHER_set_asn1_iv, - EVP_CIPHER_get_asn1_iv, - NULL) + EVP_CIPH_FLAG_FIPS|EVP_CIPH_FLAG_DEFAULT_ASN1, + aes_init_key, + NULL, NULL, NULL, NULL) IMPLEMENT_BLOCK_CIPHER(aes_192, ks, AES, EVP_AES_KEY, NID_aes_192, 16, 24, 16, 128, - 0, aes_init_key, NULL, - EVP_CIPHER_set_asn1_iv, - EVP_CIPHER_get_asn1_iv, - NULL) + EVP_CIPH_FLAG_FIPS|EVP_CIPH_FLAG_DEFAULT_ASN1, + aes_init_key, + NULL, NULL, NULL, NULL) IMPLEMENT_BLOCK_CIPHER(aes_256, ks, AES, EVP_AES_KEY, NID_aes_256, 16, 32, 16, 128, - 0, aes_init_key, NULL, - EVP_CIPHER_set_asn1_iv, - EVP_CIPHER_get_asn1_iv, - NULL) + EVP_CIPH_FLAG_FIPS|EVP_CIPH_FLAG_DEFAULT_ASN1, + aes_init_key, + NULL, NULL, NULL, NULL) -#define IMPLEMENT_AES_CFBR(ksize,cbits) IMPLEMENT_CFBR(aes,AES,EVP_AES_KEY,ks,ksize,cbits,16) +#define IMPLEMENT_AES_CFBR(ksize,cbits,flags) IMPLEMENT_CFBR(aes,AES,EVP_AES_KEY,ks,ksize,cbits,16,flags) -IMPLEMENT_AES_CFBR(128,1) -IMPLEMENT_AES_CFBR(192,1) -IMPLEMENT_AES_CFBR(256,1) +IMPLEMENT_AES_CFBR(128,1,EVP_CIPH_FLAG_FIPS) +IMPLEMENT_AES_CFBR(192,1,EVP_CIPH_FLAG_FIPS) +IMPLEMENT_AES_CFBR(256,1,EVP_CIPH_FLAG_FIPS) -IMPLEMENT_AES_CFBR(128,8) -IMPLEMENT_AES_CFBR(192,8) -IMPLEMENT_AES_CFBR(256,8) +IMPLEMENT_AES_CFBR(128,8,EVP_CIPH_FLAG_FIPS) +IMPLEMENT_AES_CFBR(192,8,EVP_CIPH_FLAG_FIPS) +IMPLEMENT_AES_CFBR(256,8,EVP_CIPH_FLAG_FIPS) static int aes_init_key(EVP_CIPHER_CTX *ctx, const unsigned char *key, const unsigned char *iv, int enc) diff --git a/lib/libcrypto/evp/e_des.c b/lib/libcrypto/evp/e_des.c index 856323648cd..04376df2324 100644 --- a/lib/libcrypto/evp/e_des.c +++ b/lib/libcrypto/evp/e_des.c @@ -129,18 +129,21 @@ static int des_cfb8_cipher(EVP_CIPHER_CTX *ctx, unsigned char *out, } BLOCK_CIPHER_defs(des, DES_key_schedule, NID_des, 8, 8, 8, 64, - EVP_CIPH_RAND_KEY, des_init_key, NULL, + EVP_CIPH_RAND_KEY, + des_init_key, NULL, EVP_CIPHER_set_asn1_iv, EVP_CIPHER_get_asn1_iv, des_ctrl) BLOCK_CIPHER_def_cfb(des,DES_key_schedule,NID_des,8,8,1, - EVP_CIPH_RAND_KEY, des_init_key,NULL, + EVP_CIPH_RAND_KEY, + des_init_key, NULL, EVP_CIPHER_set_asn1_iv, EVP_CIPHER_get_asn1_iv,des_ctrl) BLOCK_CIPHER_def_cfb(des,DES_key_schedule,NID_des,8,8,8, - EVP_CIPH_RAND_KEY,des_init_key,NULL, + EVP_CIPH_RAND_KEY, + des_init_key,NULL, EVP_CIPHER_set_asn1_iv, EVP_CIPHER_get_asn1_iv,des_ctrl) diff --git a/lib/libcrypto/evp/e_des3.c b/lib/libcrypto/evp/e_des3.c index ac148efab23..f910af19b11 100644 --- a/lib/libcrypto/evp/e_des3.c +++ b/lib/libcrypto/evp/e_des3.c @@ -111,8 +111,7 @@ static int des_ede_cbc_cipher(EVP_CIPHER_CTX *ctx, unsigned char *out, #ifdef KSSL_DEBUG { int i; - char *cp; - printf("des_ede_cbc_cipher(ctx=%lx, buflen=%d)\n", ctx, ctx->buf_len); + printf("des_ede_cbc_cipher(ctx=%lx, buflen=%d)\n", (unsigned long)ctx, ctx->buf_len); printf("\t iv= "); for(i=0;i<8;i++) printf("%02X",ctx->iv[i]); @@ -164,9 +163,9 @@ static int des_ede3_cfb8_cipher(EVP_CIPHER_CTX *ctx, unsigned char *out, } BLOCK_CIPHER_defs(des_ede, DES_EDE_KEY, NID_des_ede, 8, 16, 8, 64, - EVP_CIPH_RAND_KEY, des_ede_init_key, NULL, - EVP_CIPHER_set_asn1_iv, - EVP_CIPHER_get_asn1_iv, + EVP_CIPH_RAND_KEY|EVP_CIPH_FLAG_FIPS|EVP_CIPH_FLAG_DEFAULT_ASN1, + des_ede_init_key, + NULL, NULL, NULL, des3_ctrl) #define des_ede3_cfb64_cipher des_ede_cfb64_cipher @@ -175,21 +174,21 @@ BLOCK_CIPHER_defs(des_ede, DES_EDE_KEY, NID_des_ede, 8, 16, 8, 64, #define des_ede3_ecb_cipher des_ede_ecb_cipher BLOCK_CIPHER_defs(des_ede3, DES_EDE_KEY, NID_des_ede3, 8, 24, 8, 64, - EVP_CIPH_RAND_KEY, des_ede3_init_key, NULL, - EVP_CIPHER_set_asn1_iv, - EVP_CIPHER_get_asn1_iv, + EVP_CIPH_RAND_KEY|EVP_CIPH_FLAG_FIPS|EVP_CIPH_FLAG_DEFAULT_ASN1, + des_ede3_init_key, + NULL, NULL, NULL, des3_ctrl) BLOCK_CIPHER_def_cfb(des_ede3,DES_EDE_KEY,NID_des_ede3,24,8,1, - EVP_CIPH_RAND_KEY, des_ede3_init_key,NULL, - EVP_CIPHER_set_asn1_iv, - EVP_CIPHER_get_asn1_iv, + EVP_CIPH_RAND_KEY|EVP_CIPH_FLAG_FIPS|EVP_CIPH_FLAG_DEFAULT_ASN1, + des_ede3_init_key, + NULL, NULL, NULL, des3_ctrl) BLOCK_CIPHER_def_cfb(des_ede3,DES_EDE_KEY,NID_des_ede3,24,8,8, - EVP_CIPH_RAND_KEY, des_ede3_init_key,NULL, - EVP_CIPHER_set_asn1_iv, - EVP_CIPHER_get_asn1_iv, + EVP_CIPH_RAND_KEY|EVP_CIPH_FLAG_FIPS|EVP_CIPH_FLAG_DEFAULT_ASN1, + des_ede3_init_key, + NULL, NULL, NULL, des3_ctrl) static int des_ede_init_key(EVP_CIPHER_CTX *ctx, const unsigned char *key, @@ -216,7 +215,7 @@ static int des_ede3_init_key(EVP_CIPHER_CTX *ctx, const unsigned char *key, #ifdef KSSL_DEBUG { int i; - printf("des_ede3_init_key(ctx=%lx)\n", ctx); + printf("des_ede3_init_key(ctx=%lx)\n", (unsigned long)ctx); printf("\tKEY= "); for(i=0;i<24;i++) printf("%02X",key[i]); printf("\n"); printf("\t IV= "); diff --git a/lib/libcrypto/evp/e_null.c b/lib/libcrypto/evp/e_null.c index 5205259f18c..0872d733e47 100644 --- a/lib/libcrypto/evp/e_null.c +++ b/lib/libcrypto/evp/e_null.c @@ -69,7 +69,7 @@ static const EVP_CIPHER n_cipher= { NID_undef, 1,0,0, - 0, + EVP_CIPH_FLAG_FIPS, null_init_key, null_cipher, NULL, diff --git a/lib/libcrypto/evp/e_rc4.c b/lib/libcrypto/evp/e_rc4.c index 67af850bea1..55baad7446d 100644 --- a/lib/libcrypto/evp/e_rc4.c +++ b/lib/libcrypto/evp/e_rc4.c @@ -64,6 +64,7 @@ #include <openssl/evp.h> #include <openssl/objects.h> #include <openssl/rc4.h> +#include "evp_locl.h" /* FIXME: surely this is available elsewhere? */ #define EVP_RC4_KEY_SIZE 16 diff --git a/lib/libcrypto/evp/evp.h b/lib/libcrypto/evp/evp.h index 1aa2d6fb35b..51011f2b148 100644 --- a/lib/libcrypto/evp/evp.h +++ b/lib/libcrypto/evp/evp.h @@ -75,6 +75,10 @@ #include <openssl/bio.h> #endif +#ifdef OPENSSL_FIPS +#include <openssl/fips.h> +#endif + /* #define EVP_RC2_KEY_SIZE 16 #define EVP_RC4_KEY_SIZE 16 @@ -250,9 +254,19 @@ typedef int evp_verify_method(int type,const unsigned char *m, unsigned int m_length,const unsigned char *sigbuf, unsigned int siglen, void *key); +typedef struct + { + EVP_MD_CTX *mctx; + void *key; + } EVP_MD_SVCTX; + #define EVP_MD_FLAG_ONESHOT 0x0001 /* digest can only handle a single * block */ +#define EVP_MD_FLAG_FIPS 0x0400 /* Note if suitable for use in FIPS mode */ + +#define EVP_MD_FLAG_SVCTX 0x0800 /* pass EVP_MD_SVCTX to sign/verify */ + #define EVP_PKEY_NULL_method NULL,NULL,{0,0,0,0} #ifndef OPENSSL_NO_DSA @@ -306,6 +320,15 @@ struct env_md_ctx_st #define EVP_MD_CTX_FLAG_NON_FIPS_ALLOW 0x0008 /* Allow use of non FIPS digest * in FIPS mode */ +#define EVP_MD_CTX_FLAG_PAD_MASK 0xF0 /* RSA mode to use */ +#define EVP_MD_CTX_FLAG_PAD_PKCS1 0x00 /* PKCS#1 v1.5 mode */ +#define EVP_MD_CTX_FLAG_PAD_X931 0x10 /* X9.31 mode */ +#define EVP_MD_CTX_FLAG_PAD_PSS 0x20 /* PSS mode */ +#define M_EVP_MD_CTX_FLAG_PSS_SALT(ctx) \ + ((ctx->flags>>16) &0xFFFF) /* seed length */ +#define EVP_MD_CTX_FLAG_PSS_MDLEN 0xFFFF /* salt len same as digest */ +#define EVP_MD_CTX_FLAG_PSS_MREC 0xFFFE /* salt max or auto recovered */ + struct evp_cipher_st { int nid; @@ -349,6 +372,14 @@ struct evp_cipher_st #define EVP_CIPH_NO_PADDING 0x100 /* cipher handles random key generation */ #define EVP_CIPH_RAND_KEY 0x200 +/* Note if suitable for use in FIPS mode */ +#define EVP_CIPH_FLAG_FIPS 0x400 +/* Allow non FIPS cipher in FIPS mode */ +#define EVP_CIPH_FLAG_NON_FIPS_ALLOW 0x800 +/* Allow use default ASN1 get/set iv */ +#define EVP_CIPH_FLAG_DEFAULT_ASN1 0x1000 +/* Buffer length in bits not bytes: CFB1 mode only */ +#define EVP_CIPH_FLAG_LENGTH_BITS 0x2000 /* ctrl() values */ @@ -432,6 +463,18 @@ typedef int (EVP_PBE_KEYGEN)(EVP_CIPHER_CTX *ctx, const char *pass, int passlen, #define EVP_get_cipherbynid(a) EVP_get_cipherbyname(OBJ_nid2sn(a)) #define EVP_get_cipherbyobj(a) EVP_get_cipherbynid(OBJ_obj2nid(a)) +/* Macros to reduce FIPS dependencies: do NOT use in applications */ +#define M_EVP_MD_size(e) ((e)->md_size) +#define M_EVP_MD_block_size(e) ((e)->block_size) +#define M_EVP_MD_CTX_set_flags(ctx,flgs) ((ctx)->flags|=(flgs)) +#define M_EVP_MD_CTX_clear_flags(ctx,flgs) ((ctx)->flags&=~(flgs)) +#define M_EVP_MD_CTX_test_flags(ctx,flgs) ((ctx)->flags&(flgs)) +#define M_EVP_MD_type(e) ((e)->type) +#define M_EVP_MD_CTX_type(e) M_EVP_MD_type(M_EVP_MD_CTX_md(e)) +#define M_EVP_MD_CTX_md(e) ((e)->digest) + +#define M_EVP_CIPHER_CTX_set_flags(ctx,flgs) ((ctx)->flags|=(flgs)) + int EVP_MD_type(const EVP_MD *md); #define EVP_MD_nid(e) EVP_MD_type(e) #define EVP_MD_name(e) OBJ_nid2sn(EVP_MD_nid(e)) @@ -527,6 +570,10 @@ int EVP_BytesToKey(const EVP_CIPHER *type,const EVP_MD *md, const unsigned char *salt, const unsigned char *data, int datal, int count, unsigned char *key,unsigned char *iv); +void EVP_CIPHER_CTX_set_flags(EVP_CIPHER_CTX *ctx, int flags); +void EVP_CIPHER_CTX_clear_flags(EVP_CIPHER_CTX *ctx, int flags); +int EVP_CIPHER_CTX_test_flags(const EVP_CIPHER_CTX *ctx,int flags); + int EVP_EncryptInit(EVP_CIPHER_CTX *ctx,const EVP_CIPHER *cipher, const unsigned char *key, const unsigned char *iv); int EVP_EncryptInit_ex(EVP_CIPHER_CTX *ctx,const EVP_CIPHER *cipher, ENGINE *impl, @@ -885,6 +932,24 @@ int EVP_PBE_alg_add(int nid, const EVP_CIPHER *cipher, const EVP_MD *md, EVP_PBE_KEYGEN *keygen); void EVP_PBE_cleanup(void); +#ifdef OPENSSL_FIPS +#ifndef OPENSSL_NO_ENGINE +void int_EVP_MD_set_engine_callbacks( + int (*eng_md_init)(ENGINE *impl), + int (*eng_md_fin)(ENGINE *impl), + int (*eng_md_evp) + (EVP_MD_CTX *ctx, const EVP_MD **ptype, ENGINE *impl)); +void int_EVP_MD_init_engine_callbacks(void); +void int_EVP_CIPHER_set_engine_callbacks( + int (*eng_ciph_fin)(ENGINE *impl), + int (*eng_ciph_evp) + (EVP_CIPHER_CTX *ctx, const EVP_CIPHER **pciph, ENGINE *impl)); +void int_EVP_CIPHER_init_engine_callbacks(void); +#endif +#endif + +void EVP_add_alg_module(void); + /* BEGIN ERROR CODES */ /* The following lines are auto generated by the script mkerr.pl. Any changes * made after this point may be overwritten when the script is next run. @@ -895,16 +960,23 @@ void ERR_load_EVP_strings(void); /* Function codes. */ #define EVP_F_AES_INIT_KEY 133 +#define EVP_F_ALG_MODULE_INIT 138 #define EVP_F_CAMELLIA_INIT_KEY 159 #define EVP_F_D2I_PKEY 100 +#define EVP_F_DO_EVP_ENC_ENGINE 140 +#define EVP_F_DO_EVP_ENC_ENGINE_FULL 141 +#define EVP_F_DO_EVP_MD_ENGINE 139 +#define EVP_F_DO_EVP_MD_ENGINE_FULL 142 #define EVP_F_DSAPKEY2PKCS8 134 #define EVP_F_DSA_PKEY2PKCS8 135 #define EVP_F_ECDSA_PKEY2PKCS8 129 #define EVP_F_ECKEY_PKEY2PKCS8 132 +#define EVP_F_EVP_CIPHERINIT 137 #define EVP_F_EVP_CIPHERINIT_EX 123 #define EVP_F_EVP_CIPHER_CTX_CTRL 124 #define EVP_F_EVP_CIPHER_CTX_SET_KEY_LENGTH 122 #define EVP_F_EVP_DECRYPTFINAL_EX 101 +#define EVP_F_EVP_DIGESTINIT 136 #define EVP_F_EVP_DIGESTINIT_EX 128 #define EVP_F_EVP_ENCRYPTFINAL_EX 127 #define EVP_F_EVP_MD_CTX_COPY_EX 110 @@ -946,15 +1018,20 @@ void ERR_load_EVP_strings(void); #define EVP_R_DATA_NOT_MULTIPLE_OF_BLOCK_LENGTH 138 #define EVP_R_DECODE_ERROR 114 #define EVP_R_DIFFERENT_KEY_TYPES 101 +#define EVP_R_DISABLED_FOR_FIPS 144 #define EVP_R_ENCODE_ERROR 115 +#define EVP_R_ERROR_LOADING_SECTION 145 +#define EVP_R_ERROR_SETTING_FIPS_MODE 146 #define EVP_R_EVP_PBE_CIPHERINIT_ERROR 119 #define EVP_R_EXPECTING_AN_RSA_KEY 127 #define EVP_R_EXPECTING_A_DH_KEY 128 #define EVP_R_EXPECTING_A_DSA_KEY 129 #define EVP_R_EXPECTING_A_ECDSA_KEY 141 #define EVP_R_EXPECTING_A_EC_KEY 142 +#define EVP_R_FIPS_MODE_NOT_SUPPORTED 147 #define EVP_R_INITIALIZATION_ERROR 134 #define EVP_R_INPUT_NOT_INITIALIZED 111 +#define EVP_R_INVALID_FIPS_MODE 148 #define EVP_R_INVALID_KEY_LENGTH 130 #define EVP_R_IV_TOO_LARGE 102 #define EVP_R_KEYGEN_FAILURE 120 @@ -966,6 +1043,7 @@ void ERR_load_EVP_strings(void); #define EVP_R_NO_VERIFY_FUNCTION_CONFIGURED 105 #define EVP_R_PKCS8_UNKNOWN_BROKEN_TYPE 117 #define EVP_R_PUBLIC_KEY_NOT_RSA 106 +#define EVP_R_UNKNOWN_OPTION 149 #define EVP_R_UNKNOWN_PBE_ALGORITHM 121 #define EVP_R_UNSUPORTED_NUMBER_OF_ROUNDS 135 #define EVP_R_UNSUPPORTED_CIPHER 107 diff --git a/lib/libcrypto/evp/evp_acnf.c b/lib/libcrypto/evp/evp_acnf.c index ff3e311cc52..643a1864e83 100644 --- a/lib/libcrypto/evp/evp_acnf.c +++ b/lib/libcrypto/evp/evp_acnf.c @@ -1,5 +1,5 @@ /* evp_acnf.c */ -/* Written by Stephen Henson (shenson@bigfoot.com) for the OpenSSL +/* Written by Stephen Henson (steve@openssl.org) for the OpenSSL * project 2001. */ /* ==================================================================== diff --git a/lib/libcrypto/evp/evp_enc.c b/lib/libcrypto/evp/evp_enc.c index 6e582c458de..30e0ca4d9fa 100644 --- a/lib/libcrypto/evp/evp_enc.c +++ b/lib/libcrypto/evp/evp_enc.c @@ -66,13 +66,15 @@ #endif #include "evp_locl.h" -const char EVP_version[]="EVP" OPENSSL_VERSION_PTEXT; +#ifdef OPENSSL_FIPS + #define M_do_cipher(ctx, out, in, inl) \ + EVP_Cipher(ctx,out,in,inl) +#else + #define M_do_cipher(ctx, out, in, inl) \ + ctx->cipher->do_cipher(ctx,out,in,inl) +#endif -void EVP_CIPHER_CTX_init(EVP_CIPHER_CTX *ctx) - { - memset(ctx,0,sizeof(EVP_CIPHER_CTX)); - /* ctx->cipher=NULL; */ - } +const char EVP_version[]="EVP" OPENSSL_VERSION_PTEXT; EVP_CIPHER_CTX *EVP_CIPHER_CTX_new(void) { @@ -90,144 +92,6 @@ int EVP_CipherInit(EVP_CIPHER_CTX *ctx, const EVP_CIPHER *cipher, return EVP_CipherInit_ex(ctx,cipher,NULL,key,iv,enc); } -int EVP_CipherInit_ex(EVP_CIPHER_CTX *ctx, const EVP_CIPHER *cipher, ENGINE *impl, - const unsigned char *key, const unsigned char *iv, int enc) - { - if (enc == -1) - enc = ctx->encrypt; - else - { - if (enc) - enc = 1; - ctx->encrypt = enc; - } -#ifndef OPENSSL_NO_ENGINE - /* Whether it's nice or not, "Inits" can be used on "Final"'d contexts - * so this context may already have an ENGINE! Try to avoid releasing - * the previous handle, re-querying for an ENGINE, and having a - * reinitialisation, when it may all be unecessary. */ - if (ctx->engine && ctx->cipher && (!cipher || - (cipher && (cipher->nid == ctx->cipher->nid)))) - goto skip_to_init; -#endif - if (cipher) - { - /* Ensure a context left lying around from last time is cleared - * (the previous check attempted to avoid this if the same - * ENGINE and EVP_CIPHER could be used). */ - EVP_CIPHER_CTX_cleanup(ctx); - - /* Restore encrypt field: it is zeroed by cleanup */ - ctx->encrypt = enc; -#ifndef OPENSSL_NO_ENGINE - if(impl) - { - if (!ENGINE_init(impl)) - { - EVPerr(EVP_F_EVP_CIPHERINIT_EX, EVP_R_INITIALIZATION_ERROR); - return 0; - } - } - else - /* Ask if an ENGINE is reserved for this job */ - impl = ENGINE_get_cipher_engine(cipher->nid); - if(impl) - { - /* There's an ENGINE for this job ... (apparently) */ - const EVP_CIPHER *c = ENGINE_get_cipher(impl, cipher->nid); - if(!c) - { - /* One positive side-effect of US's export - * control history, is that we should at least - * be able to avoid using US mispellings of - * "initialisation"? */ - EVPerr(EVP_F_EVP_CIPHERINIT_EX, EVP_R_INITIALIZATION_ERROR); - return 0; - } - /* We'll use the ENGINE's private cipher definition */ - cipher = c; - /* Store the ENGINE functional reference so we know - * 'cipher' came from an ENGINE and we need to release - * it when done. */ - ctx->engine = impl; - } - else - ctx->engine = NULL; -#endif - - ctx->cipher=cipher; - if (ctx->cipher->ctx_size) - { - ctx->cipher_data=OPENSSL_malloc(ctx->cipher->ctx_size); - if (!ctx->cipher_data) - { - EVPerr(EVP_F_EVP_CIPHERINIT_EX, ERR_R_MALLOC_FAILURE); - return 0; - } - } - else - { - ctx->cipher_data = NULL; - } - ctx->key_len = cipher->key_len; - ctx->flags = 0; - if(ctx->cipher->flags & EVP_CIPH_CTRL_INIT) - { - if(!EVP_CIPHER_CTX_ctrl(ctx, EVP_CTRL_INIT, 0, NULL)) - { - EVPerr(EVP_F_EVP_CIPHERINIT_EX, EVP_R_INITIALIZATION_ERROR); - return 0; - } - } - } - else if(!ctx->cipher) - { - EVPerr(EVP_F_EVP_CIPHERINIT_EX, EVP_R_NO_CIPHER_SET); - return 0; - } -#ifndef OPENSSL_NO_ENGINE -skip_to_init: -#endif - /* we assume block size is a power of 2 in *cryptUpdate */ - OPENSSL_assert(ctx->cipher->block_size == 1 - || ctx->cipher->block_size == 8 - || ctx->cipher->block_size == 16); - - if(!(EVP_CIPHER_CTX_flags(ctx) & EVP_CIPH_CUSTOM_IV)) { - switch(EVP_CIPHER_CTX_mode(ctx)) { - - case EVP_CIPH_STREAM_CIPHER: - case EVP_CIPH_ECB_MODE: - break; - - case EVP_CIPH_CFB_MODE: - case EVP_CIPH_OFB_MODE: - - ctx->num = 0; - - case EVP_CIPH_CBC_MODE: - - OPENSSL_assert(EVP_CIPHER_CTX_iv_length(ctx) <= - (int)sizeof(ctx->iv)); - if(iv) memcpy(ctx->oiv, iv, EVP_CIPHER_CTX_iv_length(ctx)); - memcpy(ctx->iv, ctx->oiv, EVP_CIPHER_CTX_iv_length(ctx)); - break; - - default: - return 0; - break; - } - } - - if(key || (ctx->cipher->flags & EVP_CIPH_ALWAYS_CALL_INIT)) { - if(!ctx->cipher->init(ctx,key,iv,enc)) return 0; - } - ctx->buf_len=0; - ctx->final_used=0; - ctx->block_mask=ctx->cipher->block_size-1; - return 1; - } - int EVP_CipherUpdate(EVP_CIPHER_CTX *ctx, unsigned char *out, int *outl, const unsigned char *in, int inl) { @@ -287,7 +151,7 @@ int EVP_EncryptUpdate(EVP_CIPHER_CTX *ctx, unsigned char *out, int *outl, if(ctx->buf_len == 0 && (inl&(ctx->block_mask)) == 0) { - if(ctx->cipher->do_cipher(ctx,out,in,inl)) + if(M_do_cipher(ctx,out,in,inl)) { *outl=inl; return 1; @@ -314,7 +178,7 @@ int EVP_EncryptUpdate(EVP_CIPHER_CTX *ctx, unsigned char *out, int *outl, { j=bl-i; memcpy(&(ctx->buf[i]),in,j); - if(!ctx->cipher->do_cipher(ctx,out,ctx->buf,bl)) return 0; + if(!M_do_cipher(ctx,out,ctx->buf,bl)) return 0; inl-=j; in+=j; out+=bl; @@ -327,7 +191,7 @@ int EVP_EncryptUpdate(EVP_CIPHER_CTX *ctx, unsigned char *out, int *outl, inl-=i; if (inl > 0) { - if(!ctx->cipher->do_cipher(ctx,out,in,inl)) return 0; + if(!M_do_cipher(ctx,out,in,inl)) return 0; *outl+=inl; } @@ -371,7 +235,7 @@ int EVP_EncryptFinal_ex(EVP_CIPHER_CTX *ctx, unsigned char *out, int *outl) n=b-bl; for (i=bl; i<b; i++) ctx->buf[i]=n; - ret=ctx->cipher->do_cipher(ctx,out,ctx->buf,b); + ret=M_do_cipher(ctx,out,ctx->buf,b); if(ret) @@ -493,28 +357,6 @@ void EVP_CIPHER_CTX_free(EVP_CIPHER_CTX *ctx) } } -int EVP_CIPHER_CTX_cleanup(EVP_CIPHER_CTX *c) - { - if (c->cipher != NULL) - { - if(c->cipher->cleanup && !c->cipher->cleanup(c)) - return 0; - /* Cleanse cipher context data */ - if (c->cipher_data) - OPENSSL_cleanse(c->cipher_data, c->cipher->ctx_size); - } - if (c->cipher_data) - OPENSSL_free(c->cipher_data); -#ifndef OPENSSL_NO_ENGINE - if (c->engine) - /* The EVP_CIPHER we used belongs to an ENGINE, release the - * functional reference we held for this reason. */ - ENGINE_finish(c->engine); -#endif - memset(c,0,sizeof(EVP_CIPHER_CTX)); - return 1; - } - int EVP_CIPHER_CTX_set_key_length(EVP_CIPHER_CTX *c, int keylen) { if(c->cipher->flags & EVP_CIPH_CUSTOM_KEY_LENGTH) @@ -536,27 +378,6 @@ int EVP_CIPHER_CTX_set_padding(EVP_CIPHER_CTX *ctx, int pad) return 1; } -int EVP_CIPHER_CTX_ctrl(EVP_CIPHER_CTX *ctx, int type, int arg, void *ptr) -{ - int ret; - if(!ctx->cipher) { - EVPerr(EVP_F_EVP_CIPHER_CTX_CTRL, EVP_R_NO_CIPHER_SET); - return 0; - } - - if(!ctx->cipher->ctrl) { - EVPerr(EVP_F_EVP_CIPHER_CTX_CTRL, EVP_R_CTRL_NOT_IMPLEMENTED); - return 0; - } - - ret = ctx->cipher->ctrl(ctx, type, arg, ptr); - if(ret == -1) { - EVPerr(EVP_F_EVP_CIPHER_CTX_CTRL, EVP_R_CTRL_OPERATION_NOT_IMPLEMENTED); - return 0; - } - return ret; -} - int EVP_CIPHER_CTX_rand_key(EVP_CIPHER_CTX *ctx, unsigned char *key) { if (ctx->cipher->flags & EVP_CIPH_RAND_KEY) @@ -566,3 +387,54 @@ int EVP_CIPHER_CTX_rand_key(EVP_CIPHER_CTX *ctx, unsigned char *key) return 1; } +#ifndef OPENSSL_NO_ENGINE + +#ifdef OPENSSL_FIPS + +static int do_evp_enc_engine_full(EVP_CIPHER_CTX *ctx, const EVP_CIPHER **pcipher, ENGINE *impl) + { + if(impl) + { + if (!ENGINE_init(impl)) + { + EVPerr(EVP_F_DO_EVP_ENC_ENGINE_FULL, EVP_R_INITIALIZATION_ERROR); + return 0; + } + } + else + /* Ask if an ENGINE is reserved for this job */ + impl = ENGINE_get_cipher_engine((*pcipher)->nid); + if(impl) + { + /* There's an ENGINE for this job ... (apparently) */ + const EVP_CIPHER *c = ENGINE_get_cipher(impl, (*pcipher)->nid); + if(!c) + { + /* One positive side-effect of US's export + * control history, is that we should at least + * be able to avoid using US mispellings of + * "initialisation"? */ + EVPerr(EVP_F_DO_EVP_ENC_ENGINE_FULL, EVP_R_INITIALIZATION_ERROR); + return 0; + } + /* We'll use the ENGINE's private cipher definition */ + *pcipher = c; + /* Store the ENGINE functional reference so we know + * 'cipher' came from an ENGINE and we need to release + * it when done. */ + ctx->engine = impl; + } + else + ctx->engine = NULL; + return 1; + } + +void int_EVP_CIPHER_init_engine_callbacks(void) + { + int_EVP_CIPHER_set_engine_callbacks( + ENGINE_finish, do_evp_enc_engine_full); + } + +#endif + +#endif diff --git a/lib/libcrypto/evp/evp_err.c b/lib/libcrypto/evp/evp_err.c index e8c9e8de9ca..b5b900d4fe4 100644 --- a/lib/libcrypto/evp/evp_err.c +++ b/lib/libcrypto/evp/evp_err.c @@ -1,6 +1,6 @@ /* crypto/evp/evp_err.c */ /* ==================================================================== - * Copyright (c) 1999-2005 The OpenSSL Project. All rights reserved. + * Copyright (c) 1999-2007 The OpenSSL Project. All rights reserved. * * Redistribution and use in source and binary forms, with or without * modification, are permitted provided that the following conditions @@ -71,16 +71,23 @@ static ERR_STRING_DATA EVP_str_functs[]= { {ERR_FUNC(EVP_F_AES_INIT_KEY), "AES_INIT_KEY"}, +{ERR_FUNC(EVP_F_ALG_MODULE_INIT), "ALG_MODULE_INIT"}, {ERR_FUNC(EVP_F_CAMELLIA_INIT_KEY), "CAMELLIA_INIT_KEY"}, {ERR_FUNC(EVP_F_D2I_PKEY), "D2I_PKEY"}, +{ERR_FUNC(EVP_F_DO_EVP_ENC_ENGINE), "DO_EVP_ENC_ENGINE"}, +{ERR_FUNC(EVP_F_DO_EVP_ENC_ENGINE_FULL), "DO_EVP_ENC_ENGINE_FULL"}, +{ERR_FUNC(EVP_F_DO_EVP_MD_ENGINE), "DO_EVP_MD_ENGINE"}, +{ERR_FUNC(EVP_F_DO_EVP_MD_ENGINE_FULL), "DO_EVP_MD_ENGINE_FULL"}, {ERR_FUNC(EVP_F_DSAPKEY2PKCS8), "DSAPKEY2PKCS8"}, {ERR_FUNC(EVP_F_DSA_PKEY2PKCS8), "DSA_PKEY2PKCS8"}, {ERR_FUNC(EVP_F_ECDSA_PKEY2PKCS8), "ECDSA_PKEY2PKCS8"}, {ERR_FUNC(EVP_F_ECKEY_PKEY2PKCS8), "ECKEY_PKEY2PKCS8"}, +{ERR_FUNC(EVP_F_EVP_CIPHERINIT), "EVP_CipherInit"}, {ERR_FUNC(EVP_F_EVP_CIPHERINIT_EX), "EVP_CipherInit_ex"}, {ERR_FUNC(EVP_F_EVP_CIPHER_CTX_CTRL), "EVP_CIPHER_CTX_ctrl"}, {ERR_FUNC(EVP_F_EVP_CIPHER_CTX_SET_KEY_LENGTH), "EVP_CIPHER_CTX_set_key_length"}, {ERR_FUNC(EVP_F_EVP_DECRYPTFINAL_EX), "EVP_DecryptFinal_ex"}, +{ERR_FUNC(EVP_F_EVP_DIGESTINIT), "EVP_DigestInit"}, {ERR_FUNC(EVP_F_EVP_DIGESTINIT_EX), "EVP_DigestInit_ex"}, {ERR_FUNC(EVP_F_EVP_ENCRYPTFINAL_EX), "EVP_EncryptFinal_ex"}, {ERR_FUNC(EVP_F_EVP_MD_CTX_COPY_EX), "EVP_MD_CTX_copy_ex"}, @@ -125,15 +132,20 @@ static ERR_STRING_DATA EVP_str_reasons[]= {ERR_REASON(EVP_R_DATA_NOT_MULTIPLE_OF_BLOCK_LENGTH),"data not multiple of block length"}, {ERR_REASON(EVP_R_DECODE_ERROR) ,"decode error"}, {ERR_REASON(EVP_R_DIFFERENT_KEY_TYPES) ,"different key types"}, +{ERR_REASON(EVP_R_DISABLED_FOR_FIPS) ,"disabled for fips"}, {ERR_REASON(EVP_R_ENCODE_ERROR) ,"encode error"}, +{ERR_REASON(EVP_R_ERROR_LOADING_SECTION) ,"error loading section"}, +{ERR_REASON(EVP_R_ERROR_SETTING_FIPS_MODE),"error setting fips mode"}, {ERR_REASON(EVP_R_EVP_PBE_CIPHERINIT_ERROR),"evp pbe cipherinit error"}, {ERR_REASON(EVP_R_EXPECTING_AN_RSA_KEY) ,"expecting an rsa key"}, {ERR_REASON(EVP_R_EXPECTING_A_DH_KEY) ,"expecting a dh key"}, {ERR_REASON(EVP_R_EXPECTING_A_DSA_KEY) ,"expecting a dsa key"}, {ERR_REASON(EVP_R_EXPECTING_A_ECDSA_KEY) ,"expecting a ecdsa key"}, {ERR_REASON(EVP_R_EXPECTING_A_EC_KEY) ,"expecting a ec key"}, +{ERR_REASON(EVP_R_FIPS_MODE_NOT_SUPPORTED),"fips mode not supported"}, {ERR_REASON(EVP_R_INITIALIZATION_ERROR) ,"initialization error"}, {ERR_REASON(EVP_R_INPUT_NOT_INITIALIZED) ,"input not initialized"}, +{ERR_REASON(EVP_R_INVALID_FIPS_MODE) ,"invalid fips mode"}, {ERR_REASON(EVP_R_INVALID_KEY_LENGTH) ,"invalid key length"}, {ERR_REASON(EVP_R_IV_TOO_LARGE) ,"iv too large"}, {ERR_REASON(EVP_R_KEYGEN_FAILURE) ,"keygen failure"}, @@ -145,6 +157,8 @@ static ERR_STRING_DATA EVP_str_reasons[]= {ERR_REASON(EVP_R_NO_VERIFY_FUNCTION_CONFIGURED),"no verify function configured"}, {ERR_REASON(EVP_R_PKCS8_UNKNOWN_BROKEN_TYPE),"pkcs8 unknown broken type"}, {ERR_REASON(EVP_R_PUBLIC_KEY_NOT_RSA) ,"public key not rsa"}, +{ERR_REASON(EVP_R_SEED_KEY_SETUP_FAILED) ,"seed key setup failed"}, +{ERR_REASON(EVP_R_UNKNOWN_OPTION) ,"unknown option"}, {ERR_REASON(EVP_R_UNKNOWN_PBE_ALGORITHM) ,"unknown pbe algorithm"}, {ERR_REASON(EVP_R_UNSUPORTED_NUMBER_OF_ROUNDS),"unsuported number of rounds"}, {ERR_REASON(EVP_R_UNSUPPORTED_CIPHER) ,"unsupported cipher"}, diff --git a/lib/libcrypto/evp/evp_lib.c b/lib/libcrypto/evp/evp_lib.c index edb28ef38ed..174cf6c5942 100644 --- a/lib/libcrypto/evp/evp_lib.c +++ b/lib/libcrypto/evp/evp_lib.c @@ -67,6 +67,8 @@ int EVP_CIPHER_param_to_asn1(EVP_CIPHER_CTX *c, ASN1_TYPE *type) if (c->cipher->set_asn1_parameters != NULL) ret=c->cipher->set_asn1_parameters(c,type); + else if (c->cipher->flags & EVP_CIPH_FLAG_DEFAULT_ASN1) + ret=EVP_CIPHER_set_asn1_iv(c, type); else ret=-1; return(ret); @@ -78,6 +80,8 @@ int EVP_CIPHER_asn1_to_param(EVP_CIPHER_CTX *c, ASN1_TYPE *type) if (c->cipher->get_asn1_parameters != NULL) ret=c->cipher->get_asn1_parameters(c,type); + else if (c->cipher->flags & EVP_CIPH_FLAG_DEFAULT_ASN1) + ret=EVP_CIPHER_get_asn1_iv(c, type); else ret=-1; return(ret); @@ -178,11 +182,6 @@ int EVP_CIPHER_CTX_block_size(const EVP_CIPHER_CTX *ctx) return ctx->cipher->block_size; } -int EVP_Cipher(EVP_CIPHER_CTX *ctx, unsigned char *out, const unsigned char *in, unsigned int inl) - { - return ctx->cipher->do_cipher(ctx,out,in,inl); - } - const EVP_CIPHER *EVP_CIPHER_CTX_cipher(const EVP_CIPHER_CTX *ctx) { return ctx->cipher; @@ -193,11 +192,6 @@ unsigned long EVP_CIPHER_flags(const EVP_CIPHER *cipher) return cipher->flags; } -unsigned long EVP_CIPHER_CTX_flags(const EVP_CIPHER_CTX *ctx) - { - return ctx->cipher->flags; - } - void *EVP_CIPHER_CTX_get_app_data(const EVP_CIPHER_CTX *ctx) { return ctx->app_data; @@ -213,11 +207,6 @@ int EVP_CIPHER_iv_length(const EVP_CIPHER *cipher) return cipher->iv_len; } -int EVP_CIPHER_CTX_iv_length(const EVP_CIPHER_CTX *ctx) - { - return ctx->cipher->iv_len; - } - int EVP_CIPHER_key_length(const EVP_CIPHER *cipher) { return cipher->key_len; @@ -228,11 +217,6 @@ int EVP_CIPHER_CTX_key_length(const EVP_CIPHER_CTX *ctx) return ctx->key_len; } -int EVP_CIPHER_nid(const EVP_CIPHER *cipher) - { - return cipher->nid; - } - int EVP_CIPHER_CTX_nid(const EVP_CIPHER_CTX *ctx) { return ctx->cipher->nid; @@ -277,3 +261,18 @@ int EVP_MD_CTX_test_flags(const EVP_MD_CTX *ctx, int flags) { return (ctx->flags & flags); } + +void EVP_CIPHER_CTX_set_flags(EVP_CIPHER_CTX *ctx, int flags) + { + ctx->flags |= flags; + } + +void EVP_CIPHER_CTX_clear_flags(EVP_CIPHER_CTX *ctx, int flags) + { + ctx->flags &= ~flags; + } + +int EVP_CIPHER_CTX_test_flags(const EVP_CIPHER_CTX *ctx, int flags) + { + return (ctx->flags & flags); + } diff --git a/lib/libcrypto/evp/evp_locl.h b/lib/libcrypto/evp/evp_locl.h index 073b0adcffe..eabcc96f30d 100644 --- a/lib/libcrypto/evp/evp_locl.h +++ b/lib/libcrypto/evp/evp_locl.h @@ -1,5 +1,5 @@ /* evp_locl.h */ -/* Written by Dr Stephen N Henson (shenson@bigfoot.com) for the OpenSSL +/* Written by Dr Stephen N Henson (steve@openssl.org) for the OpenSSL * project 2000. */ /* ==================================================================== @@ -92,7 +92,7 @@ static int cname##_cbc_cipher(EVP_CIPHER_CTX *ctx, unsigned char *out, const uns #define BLOCK_CIPHER_func_cfb(cname, cprefix, cbits, kstruct, ksched) \ static int cname##_cfb##cbits##_cipher(EVP_CIPHER_CTX *ctx, unsigned char *out, const unsigned char *in, unsigned int inl) \ {\ - cprefix##_cfb##cbits##_encrypt(in, out, (long)(cbits==1?inl*8:inl), &((kstruct *)ctx->cipher_data)->ksched, ctx->iv, &ctx->num, ctx->encrypt);\ + cprefix##_cfb##cbits##_encrypt(in, out, (long)((cbits==1) && !(ctx->flags & EVP_CIPH_FLAG_LENGTH_BITS) ?inl*8:inl), &((kstruct *)ctx->cipher_data)->ksched, ctx->iv, &ctx->num, ctx->encrypt);\ return 1;\ } @@ -226,11 +226,27 @@ const EVP_CIPHER *EVP_##cname##_ecb(void) { return &cname##_ecb; } #define EVP_C_DATA(kstruct, ctx) ((kstruct *)(ctx)->cipher_data) -#define IMPLEMENT_CFBR(cipher,cprefix,kstruct,ksched,keysize,cbits,iv_len) \ +#define IMPLEMENT_CFBR(cipher,cprefix,kstruct,ksched,keysize,cbits,iv_len,fl) \ BLOCK_CIPHER_func_cfb(cipher##_##keysize,cprefix,cbits,kstruct,ksched) \ BLOCK_CIPHER_def_cfb(cipher##_##keysize,kstruct, \ NID_##cipher##_##keysize, keysize/8, iv_len, cbits, \ - 0, cipher##_init_key, NULL, \ - EVP_CIPHER_set_asn1_iv, \ - EVP_CIPHER_get_asn1_iv, \ - NULL) + (fl)|EVP_CIPH_FLAG_DEFAULT_ASN1, \ + cipher##_init_key, NULL, NULL, NULL, NULL) + +#ifdef OPENSSL_FIPS +#define RC2_set_key private_RC2_set_key +#define RC4_set_key private_RC4_set_key +#define CAST_set_key private_CAST_set_key +#define RC5_32_set_key private_RC5_32_set_key +#define BF_set_key private_BF_set_key +#define Camellia_set_key private_Camellia_set_key +#define idea_set_encrypt_key private_idea_set_encrypt_key + +#define MD5_Init private_MD5_Init +#define MD4_Init private_MD4_Init +#define MD2_Init private_MD2_Init +#define MDC2_Init private_MDC2_Init +#define SHA_Init private_SHA_Init + +#endif + diff --git a/lib/libcrypto/evp/evp_pbe.c b/lib/libcrypto/evp/evp_pbe.c index c26d2de0f38..5e830be65ff 100644 --- a/lib/libcrypto/evp/evp_pbe.c +++ b/lib/libcrypto/evp/evp_pbe.c @@ -1,5 +1,5 @@ /* evp_pbe.c */ -/* Written by Dr Stephen N Henson (shenson@bigfoot.com) for the OpenSSL +/* Written by Dr Stephen N Henson (steve@openssl.org) for the OpenSSL * project 1999. */ /* ==================================================================== diff --git a/lib/libcrypto/evp/evp_pkey.c b/lib/libcrypto/evp/evp_pkey.c index 0147f3e02a6..10d9e9e772b 100644 --- a/lib/libcrypto/evp/evp_pkey.c +++ b/lib/libcrypto/evp/evp_pkey.c @@ -1,5 +1,5 @@ /* evp_pkey.c */ -/* Written by Dr Stephen N Henson (shenson@bigfoot.com) for the OpenSSL +/* Written by Dr Stephen N Henson (steve@openssl.org) for the OpenSSL * project 1999. */ /* ==================================================================== diff --git a/lib/libcrypto/evp/m_dss.c b/lib/libcrypto/evp/m_dss.c index a948c77fa49..6b0c0aa7a3f 100644 --- a/lib/libcrypto/evp/m_dss.c +++ b/lib/libcrypto/evp/m_dss.c @@ -81,7 +81,7 @@ static const EVP_MD dsa_md= NID_dsaWithSHA, NID_dsaWithSHA, SHA_DIGEST_LENGTH, - 0, + EVP_MD_FLAG_FIPS, init, update, final, diff --git a/lib/libcrypto/evp/m_dss1.c b/lib/libcrypto/evp/m_dss1.c index c12e13972b5..da8babc147d 100644 --- a/lib/libcrypto/evp/m_dss1.c +++ b/lib/libcrypto/evp/m_dss1.c @@ -68,6 +68,8 @@ #include <openssl/dsa.h> #endif +#ifndef OPENSSL_FIPS + static int init(EVP_MD_CTX *ctx) { return SHA1_Init(ctx->md_data); } @@ -98,3 +100,4 @@ const EVP_MD *EVP_dss1(void) return(&dss1_md); } #endif +#endif diff --git a/lib/libcrypto/evp/m_md2.c b/lib/libcrypto/evp/m_md2.c index 5ce849f161d..8eee6236ba2 100644 --- a/lib/libcrypto/evp/m_md2.c +++ b/lib/libcrypto/evp/m_md2.c @@ -58,6 +58,7 @@ #include <stdio.h> #include "cryptlib.h" +#include "evp_locl.h" #ifndef OPENSSL_NO_MD2 diff --git a/lib/libcrypto/evp/m_md4.c b/lib/libcrypto/evp/m_md4.c index 1e0b7c5b424..5cd2ab5adee 100644 --- a/lib/libcrypto/evp/m_md4.c +++ b/lib/libcrypto/evp/m_md4.c @@ -58,6 +58,7 @@ #include <stdio.h> #include "cryptlib.h" +#include "evp_locl.h" #ifndef OPENSSL_NO_MD4 diff --git a/lib/libcrypto/evp/m_md5.c b/lib/libcrypto/evp/m_md5.c index 63c142119eb..6455829671e 100644 --- a/lib/libcrypto/evp/m_md5.c +++ b/lib/libcrypto/evp/m_md5.c @@ -62,6 +62,7 @@ #ifndef OPENSSL_NO_MD5 #include <openssl/evp.h> +#include "evp_locl.h" #include <openssl/objects.h> #include <openssl/x509.h> #include <openssl/md5.h> diff --git a/lib/libcrypto/evp/m_mdc2.c b/lib/libcrypto/evp/m_mdc2.c index 36c4e9b1343..9f9bcf06ed2 100644 --- a/lib/libcrypto/evp/m_mdc2.c +++ b/lib/libcrypto/evp/m_mdc2.c @@ -58,6 +58,7 @@ #include <stdio.h> #include "cryptlib.h" +#include "evp_locl.h" #ifndef OPENSSL_NO_MDC2 diff --git a/lib/libcrypto/evp/m_sha.c b/lib/libcrypto/evp/m_sha.c index acccc8f92d8..3f30dfc579c 100644 --- a/lib/libcrypto/evp/m_sha.c +++ b/lib/libcrypto/evp/m_sha.c @@ -58,6 +58,7 @@ #include <stdio.h> #include "cryptlib.h" +#include "evp_locl.h" #if !defined(OPENSSL_NO_SHA) && !defined(OPENSSL_NO_SHA0) diff --git a/lib/libcrypto/evp/m_sha1.c b/lib/libcrypto/evp/m_sha1.c index 4679b1c4638..471ec30be01 100644 --- a/lib/libcrypto/evp/m_sha1.c +++ b/lib/libcrypto/evp/m_sha1.c @@ -68,6 +68,8 @@ #include <openssl/rsa.h> #endif +#ifndef OPENSSL_FIPS + static int init(EVP_MD_CTX *ctx) { return SHA1_Init(ctx->md_data); } @@ -97,7 +99,6 @@ const EVP_MD *EVP_sha1(void) { return(&sha1_md); } -#endif #ifndef OPENSSL_NO_SHA256 static int init224(EVP_MD_CTX *ctx) @@ -202,3 +203,7 @@ static const EVP_MD sha512_md= const EVP_MD *EVP_sha512(void) { return(&sha512_md); } #endif /* ifndef OPENSSL_NO_SHA512 */ + +#endif + +#endif diff --git a/lib/libcrypto/evp/names.c b/lib/libcrypto/evp/names.c index 88c1e780dd7..e2e04c3570f 100644 --- a/lib/libcrypto/evp/names.c +++ b/lib/libcrypto/evp/names.c @@ -66,6 +66,10 @@ int EVP_add_cipher(const EVP_CIPHER *c) { int r; +#ifdef OPENSSL_FIPS + OPENSSL_init(); +#endif + r=OBJ_NAME_add(OBJ_nid2sn(c->nid),OBJ_NAME_TYPE_CIPHER_METH,(const char *)c); if (r == 0) return(0); r=OBJ_NAME_add(OBJ_nid2ln(c->nid),OBJ_NAME_TYPE_CIPHER_METH,(const char *)c); @@ -77,6 +81,9 @@ int EVP_add_digest(const EVP_MD *md) int r; const char *name; +#ifdef OPENSSL_FIPS + OPENSSL_init(); +#endif name=OBJ_nid2sn(md->type); r=OBJ_NAME_add(name,OBJ_NAME_TYPE_MD_METH,(const char *)md); if (r == 0) return(0); diff --git a/lib/libcrypto/evp/p5_crpt.c b/lib/libcrypto/evp/p5_crpt.c index 48d50014a04..2a265fdee27 100644 --- a/lib/libcrypto/evp/p5_crpt.c +++ b/lib/libcrypto/evp/p5_crpt.c @@ -1,5 +1,5 @@ /* p5_crpt.c */ -/* Written by Dr Stephen N Henson (shenson@bigfoot.com) for the OpenSSL +/* Written by Dr Stephen N Henson (steve@openssl.org) for the OpenSSL * project 1999. */ /* ==================================================================== diff --git a/lib/libcrypto/evp/p5_crpt2.c b/lib/libcrypto/evp/p5_crpt2.c index c969d5a2062..6bec77baf96 100644 --- a/lib/libcrypto/evp/p5_crpt2.c +++ b/lib/libcrypto/evp/p5_crpt2.c @@ -1,5 +1,5 @@ /* p5_crpt2.c */ -/* Written by Dr Stephen N Henson (shenson@bigfoot.com) for the OpenSSL +/* Written by Dr Stephen N Henson (steve@openssl.org) for the OpenSSL * project 1999. */ /* ==================================================================== diff --git a/lib/libcrypto/evp/p_sign.c b/lib/libcrypto/evp/p_sign.c index e4ae5906f55..bf41a0db68a 100644 --- a/lib/libcrypto/evp/p_sign.c +++ b/lib/libcrypto/evp/p_sign.c @@ -84,10 +84,6 @@ int EVP_SignFinal(EVP_MD_CTX *ctx, unsigned char *sigret, unsigned int *siglen, MS_STATIC EVP_MD_CTX tmp_ctx; *siglen=0; - EVP_MD_CTX_init(&tmp_ctx); - EVP_MD_CTX_copy_ex(&tmp_ctx,ctx); - EVP_DigestFinal_ex(&tmp_ctx,&(m[0]),&m_len); - EVP_MD_CTX_cleanup(&tmp_ctx); for (i=0; i<4; i++) { v=ctx->digest->required_pkey_type[i]; @@ -108,7 +104,23 @@ int EVP_SignFinal(EVP_MD_CTX *ctx, unsigned char *sigret, unsigned int *siglen, EVPerr(EVP_F_EVP_SIGNFINAL,EVP_R_NO_SIGN_FUNCTION_CONFIGURED); return(0); } - return(ctx->digest->sign(ctx->digest->type,m,m_len,sigret,siglen, - pkey->pkey.ptr)); + EVP_MD_CTX_init(&tmp_ctx); + EVP_MD_CTX_copy_ex(&tmp_ctx,ctx); + if (ctx->digest->flags & EVP_MD_FLAG_SVCTX) + { + EVP_MD_SVCTX sctmp; + sctmp.mctx = &tmp_ctx; + sctmp.key = pkey->pkey.ptr; + i = ctx->digest->sign(ctx->digest->type, + NULL, -1, sigret, siglen, &sctmp); + } + else + { + EVP_DigestFinal_ex(&tmp_ctx,&(m[0]),&m_len); + i = ctx->digest->sign(ctx->digest->type,m,m_len,sigret,siglen, + pkey->pkey.ptr); + } + EVP_MD_CTX_cleanup(&tmp_ctx); + return i; } diff --git a/lib/libcrypto/evp/p_verify.c b/lib/libcrypto/evp/p_verify.c index 21a40a375e1..2d46dffe7e1 100644 --- a/lib/libcrypto/evp/p_verify.c +++ b/lib/libcrypto/evp/p_verify.c @@ -85,17 +85,29 @@ int EVP_VerifyFinal(EVP_MD_CTX *ctx, const unsigned char *sigbuf, EVPerr(EVP_F_EVP_VERIFYFINAL,EVP_R_WRONG_PUBLIC_KEY_TYPE); return(-1); } - EVP_MD_CTX_init(&tmp_ctx); - EVP_MD_CTX_copy_ex(&tmp_ctx,ctx); - EVP_DigestFinal_ex(&tmp_ctx,&(m[0]),&m_len); - EVP_MD_CTX_cleanup(&tmp_ctx); - if (ctx->digest->verify == NULL) + if (ctx->digest->verify == NULL) { EVPerr(EVP_F_EVP_VERIFYFINAL,EVP_R_NO_VERIFY_FUNCTION_CONFIGURED); return(0); } - return(ctx->digest->verify(ctx->digest->type,m,m_len, - sigbuf,siglen,pkey->pkey.ptr)); + EVP_MD_CTX_init(&tmp_ctx); + EVP_MD_CTX_copy_ex(&tmp_ctx,ctx); + if (ctx->digest->flags & EVP_MD_FLAG_SVCTX) + { + EVP_MD_SVCTX sctmp; + sctmp.mctx = &tmp_ctx; + sctmp.key = pkey->pkey.ptr; + i = ctx->digest->verify(ctx->digest->type, + NULL, -1, sigbuf, siglen, &sctmp); + } + else + { + EVP_DigestFinal_ex(&tmp_ctx,&(m[0]),&m_len); + i = ctx->digest->verify(ctx->digest->type,m,m_len, + sigbuf,siglen,pkey->pkey.ptr); + } + EVP_MD_CTX_cleanup(&tmp_ctx); + return i; } diff --git a/lib/libcrypto/hmac/hmac.c b/lib/libcrypto/hmac/hmac.c index 1d140f7adb4..cbc1c76a57b 100644 --- a/lib/libcrypto/hmac/hmac.c +++ b/lib/libcrypto/hmac/hmac.c @@ -61,6 +61,8 @@ #include "cryptlib.h" #include <openssl/hmac.h> +#ifndef OPENSSL_FIPS + void HMAC_Init_ex(HMAC_CTX *ctx, const void *key, int len, const EVP_MD *md, ENGINE *impl) { @@ -178,3 +180,4 @@ void HMAC_CTX_set_flags(HMAC_CTX *ctx, unsigned long flags) EVP_MD_CTX_set_flags(&ctx->md_ctx, flags); } +#endif diff --git a/lib/libcrypto/idea/idea.h b/lib/libcrypto/idea/idea.h index bf97a37e39b..a137d4cbce2 100644 --- a/lib/libcrypto/idea/idea.h +++ b/lib/libcrypto/idea/idea.h @@ -83,6 +83,9 @@ typedef struct idea_key_st const char *idea_options(void); void idea_ecb_encrypt(const unsigned char *in, unsigned char *out, IDEA_KEY_SCHEDULE *ks); +#ifdef OPENSSL_FIPS +void private_idea_set_encrypt_key(const unsigned char *key, IDEA_KEY_SCHEDULE *ks); +#endif void idea_set_encrypt_key(const unsigned char *key, IDEA_KEY_SCHEDULE *ks); void idea_set_decrypt_key(const IDEA_KEY_SCHEDULE *ek, IDEA_KEY_SCHEDULE *dk); void idea_cbc_encrypt(const unsigned char *in, unsigned char *out, diff --git a/lib/libcrypto/install.com b/lib/libcrypto/install.com index 58a4fecdaa4..ffad1f97a72 100644 --- a/lib/libcrypto/install.com +++ b/lib/libcrypto/install.com @@ -35,12 +35,12 @@ $ $ SDIRS := ,- OBJECTS,- MD2,MD4,MD5,SHA,MDC2,HMAC,RIPEMD,- - DES,RC2,RC4,RC5,IDEA,BF,CAST,CAMELLIA,SEED,- - BN,EC,RSA,DSA,ECDSA,DH,ECDH,DSO,ENGINE,AES,- + DES,AES,RC2,RC4,RC5,IDEA,BF,CAST,CAMELLIA,SEED,- + BN,EC,RSA,DSA,ECDSA,DH,ECDH,DSO,ENGINE,- BUFFER,BIO,STACK,LHASH,RAND,ERR,- EVP,ASN1,PEM,X509,X509V3,CONF,TXT_DB,PKCS7,PKCS12,COMP,OCSP,- UI,KRB5,- - STORE,CMS,PQUEUE + STORE,PQUEUE,JPAKE $ EXHEADER_ := crypto.h,tmdiff.h,opensslv.h,opensslconf.h,ebcdic.h,- symhacks.h,ossl_typ.h $ EXHEADER_OBJECTS := objects.h,obj_mac.h @@ -52,6 +52,7 @@ $ EXHEADER_MDC2 := mdc2.h $ EXHEADER_HMAC := hmac.h $ EXHEADER_RIPEMD := ripemd.h $ EXHEADER_DES := des.h,des_old.h +$ EXHEADER_AES := aes.h $ EXHEADER_RC2 := rc2.h $ EXHEADER_RC4 := rc4.h $ EXHEADER_RC5 := rc5.h @@ -69,7 +70,6 @@ $ EXHEADER_DH := dh.h $ EXHEADER_ECDH := ecdh.h $ EXHEADER_DSO := dso.h $ EXHEADER_ENGINE := engine.h -$ EXHEADER_AES := aes.h $ EXHEADER_BUFFER := buffer.h $ EXHEADER_BIO := bio.h $ EXHEADER_STACK := stack.h,safestack.h @@ -92,7 +92,7 @@ $ EXHEADER_KRB5 := krb5_asn.h $! EXHEADER_STORE := store.h,str_compat.h $ EXHEADER_STORE := store.h $ EXHEADER_PQUEUE := pqueue.h,pq_compat.h -$ EXHEADER_CMS := cms.h +$ EXHEADER_JPAKE := jpake.h $ LIBS := LIBCRYPTO $ $ VEXE_DIR := [-.VAX.EXE.CRYPTO] diff --git a/lib/libcrypto/md2/md2.h b/lib/libcrypto/md2/md2.h index a46120e7d41..d59c9f25931 100644 --- a/lib/libcrypto/md2/md2.h +++ b/lib/libcrypto/md2/md2.h @@ -81,6 +81,9 @@ typedef struct MD2state_st } MD2_CTX; const char *MD2_options(void); +#ifdef OPENSSL_FIPS +int private_MD2_Init(MD2_CTX *c); +#endif int MD2_Init(MD2_CTX *c); int MD2_Update(MD2_CTX *c, const unsigned char *data, size_t len); int MD2_Final(unsigned char *md, MD2_CTX *c); diff --git a/lib/libcrypto/md2/md2_dgst.c b/lib/libcrypto/md2/md2_dgst.c index 6f68b25c6a8..cc4eeaf7a7a 100644 --- a/lib/libcrypto/md2/md2_dgst.c +++ b/lib/libcrypto/md2/md2_dgst.c @@ -62,6 +62,11 @@ #include <openssl/md2.h> #include <openssl/opensslv.h> #include <openssl/crypto.h> +#ifdef OPENSSL_FIPS +#include <openssl/fips.h> +#endif + +#include <openssl/err.h> const char MD2_version[]="MD2" OPENSSL_VERSION_PTEXT; @@ -116,7 +121,7 @@ const char *MD2_options(void) return("md2(int)"); } -int MD2_Init(MD2_CTX *c) +FIPS_NON_FIPS_MD_Init(MD2) { c->num=0; memset(c->state,0,sizeof c->state); diff --git a/lib/libcrypto/md4/md4.h b/lib/libcrypto/md4/md4.h index 5598c93a4fe..ba1fe4a6ee8 100644 --- a/lib/libcrypto/md4/md4.h +++ b/lib/libcrypto/md4/md4.h @@ -105,6 +105,9 @@ typedef struct MD4state_st unsigned int num; } MD4_CTX; +#ifdef OPENSSL_FIPS +int private_MD4_Init(MD4_CTX *c); +#endif int MD4_Init(MD4_CTX *c); int MD4_Update(MD4_CTX *c, const void *data, size_t len); int MD4_Final(unsigned char *md, MD4_CTX *c); diff --git a/lib/libcrypto/md4/md4_dgst.c b/lib/libcrypto/md4/md4_dgst.c index cfef94af39a..0f5448601d8 100644 --- a/lib/libcrypto/md4/md4_dgst.c +++ b/lib/libcrypto/md4/md4_dgst.c @@ -59,6 +59,11 @@ #include <stdio.h> #include "md4_locl.h" #include <openssl/opensslv.h> +#include <openssl/err.h> +#ifdef OPENSSL_FIPS +#include <openssl/fips.h> +#endif + const char MD4_version[]="MD4" OPENSSL_VERSION_PTEXT; @@ -70,7 +75,7 @@ const char MD4_version[]="MD4" OPENSSL_VERSION_PTEXT; #define INIT_DATA_C (unsigned long)0x98badcfeL #define INIT_DATA_D (unsigned long)0x10325476L -int MD4_Init(MD4_CTX *c) +FIPS_NON_FIPS_MD_Init(MD4) { c->A=INIT_DATA_A; c->B=INIT_DATA_B; diff --git a/lib/libcrypto/md5/md5.h b/lib/libcrypto/md5/md5.h index dbdc0e1abc7..0761f84a27b 100644 --- a/lib/libcrypto/md5/md5.h +++ b/lib/libcrypto/md5/md5.h @@ -105,6 +105,9 @@ typedef struct MD5state_st unsigned int num; } MD5_CTX; +#ifdef OPENSSL_FIPS +int private_MD5_Init(MD5_CTX *c); +#endif int MD5_Init(MD5_CTX *c); int MD5_Update(MD5_CTX *c, const void *data, size_t len); int MD5_Final(unsigned char *md, MD5_CTX *c); diff --git a/lib/libcrypto/md5/md5_dgst.c b/lib/libcrypto/md5/md5_dgst.c index b96e332ba41..47bb9020ee1 100644 --- a/lib/libcrypto/md5/md5_dgst.c +++ b/lib/libcrypto/md5/md5_dgst.c @@ -59,6 +59,11 @@ #include <stdio.h> #include "md5_locl.h" #include <openssl/opensslv.h> +#include <openssl/err.h> +#ifdef OPENSSL_FIPS +#include <openssl/fips.h> +#endif + const char MD5_version[]="MD5" OPENSSL_VERSION_PTEXT; @@ -70,7 +75,7 @@ const char MD5_version[]="MD5" OPENSSL_VERSION_PTEXT; #define INIT_DATA_C (unsigned long)0x98badcfeL #define INIT_DATA_D (unsigned long)0x10325476L -int MD5_Init(MD5_CTX *c) +FIPS_NON_FIPS_MD_Init(MD5) { c->A=INIT_DATA_A; c->B=INIT_DATA_B; diff --git a/lib/libcrypto/mdc2/Makefile b/lib/libcrypto/mdc2/Makefile index 1d064f17a62..ea25688d888 100644 --- a/lib/libcrypto/mdc2/Makefile +++ b/lib/libcrypto/mdc2/Makefile @@ -33,7 +33,7 @@ top: all: lib lib: $(LIBOBJ) - $(AR) $(LIB) $(LIBOBJ) + $(ARX) $(LIB) $(LIBOBJ) $(RANLIB) $(LIB) || echo Never mind. @touch lib diff --git a/lib/libcrypto/mdc2/mdc2.h b/lib/libcrypto/mdc2/mdc2.h index 72778a52123..7e1354116ad 100644 --- a/lib/libcrypto/mdc2/mdc2.h +++ b/lib/libcrypto/mdc2/mdc2.h @@ -80,7 +80,9 @@ typedef struct mdc2_ctx_st int pad_type; /* either 1 or 2, default 1 */ } MDC2_CTX; - +#ifdef OPENSSL_FIPS +int private_MDC2_Init(MDC2_CTX *c); +#endif int MDC2_Init(MDC2_CTX *c); int MDC2_Update(MDC2_CTX *c, const unsigned char *data, size_t len); int MDC2_Final(unsigned char *md, MDC2_CTX *c); diff --git a/lib/libcrypto/mem.c b/lib/libcrypto/mem.c index 6635167228d..00ebaf0b9b5 100644 --- a/lib/libcrypto/mem.c +++ b/lib/libcrypto/mem.c @@ -101,7 +101,7 @@ static void (*free_locked_func)(void *) = free; /* may be changed as long as 'allow_customize_debug' is set */ /* XXX use correct function pointer types */ -#ifdef CRYPTO_MDEBUG +#if defined(CRYPTO_MDEBUG) && !defined(OPENSSL_FIPS) /* use default functions from mem_dbg.c */ static void (*malloc_debug_func)(void *,int,const char *,int,int) = CRYPTO_dbg_malloc; @@ -110,6 +110,14 @@ static void (*realloc_debug_func)(void *,void *,int,const char *,int,int) static void (*free_debug_func)(void *,int) = CRYPTO_dbg_free; static void (*set_debug_options_func)(long) = CRYPTO_dbg_set_options; static long (*get_debug_options_func)(void) = CRYPTO_dbg_get_options; + +static int (*push_info_func)(const char *info, const char *file, int line) + = CRYPTO_dbg_push_info; +static int (*pop_info_func)(void) + = CRYPTO_dbg_pop_info; +static int (*remove_all_info_func)(void) + = CRYPTO_dbg_remove_all_info; + #else /* applications can use CRYPTO_malloc_debug_init() to select above case * at run-time */ @@ -119,6 +127,13 @@ static void (*realloc_debug_func)(void *,void *,int,const char *,int,int) static void (*free_debug_func)(void *,int) = NULL; static void (*set_debug_options_func)(long) = NULL; static long (*get_debug_options_func)(void) = NULL; + + +static int (*push_info_func)(const char *info, const char *file, int line) + = NULL; +static int (*pop_info_func)(void) = NULL; +static int (*remove_all_info_func)(void) = NULL; + #endif @@ -194,6 +209,15 @@ int CRYPTO_set_mem_debug_functions(void (*m)(void *,int,const char *,int,int), return 1; } +void CRYPTO_set_mem_info_functions( + int (*push_info_fn)(const char *info, const char *file, int line), + int (*pop_info_fn)(void), + int (*remove_all_info_fn)(void)) + { + push_info_func = push_info_fn; + pop_info_func = pop_info_fn; + remove_all_info_func = remove_all_info_fn; + } void CRYPTO_get_mem_functions(void *(**m)(size_t), void *(**r)(void *, size_t), void (**f)(void *)) @@ -399,3 +423,24 @@ long CRYPTO_get_mem_debug_options(void) return get_debug_options_func(); return 0; } + +int CRYPTO_push_info_(const char *info, const char *file, int line) + { + if (push_info_func) + return push_info_func(info, file, line); + return 1; + } + +int CRYPTO_pop_info(void) + { + if (pop_info_func) + return pop_info_func(); + return 1; + } + +int CRYPTO_remove_all_info(void) + { + if (remove_all_info_func) + return remove_all_info_func(); + return 1; + } diff --git a/lib/libcrypto/mem_dbg.c b/lib/libcrypto/mem_dbg.c index 8316485217a..dfeb0847993 100644 --- a/lib/libcrypto/mem_dbg.c +++ b/lib/libcrypto/mem_dbg.c @@ -330,7 +330,7 @@ static APP_INFO *pop_info(void) return(ret); } -int CRYPTO_push_info_(const char *info, const char *file, int line) +int CRYPTO_dbg_push_info(const char *info, const char *file, int line) { APP_INFO *ami, *amim; int ret=0; @@ -380,7 +380,7 @@ int CRYPTO_push_info_(const char *info, const char *file, int line) return(ret); } -int CRYPTO_pop_info(void) +int CRYPTO_dbg_pop_info(void) { int ret=0; @@ -395,7 +395,7 @@ int CRYPTO_pop_info(void) return(ret); } -int CRYPTO_remove_all_info(void) +int CRYPTO_dbg_remove_all_info(void) { int ret=0; @@ -793,3 +793,25 @@ void CRYPTO_mem_leaks_cb(CRYPTO_MEM_LEAK_CB *cb) lh_doall_arg(mh, LHASH_DOALL_ARG_FN(cb_leak), &cb); CRYPTO_w_unlock(CRYPTO_LOCK_MALLOC2); } + +void CRYPTO_malloc_debug_init(void) + { + CRYPTO_set_mem_debug_functions( + CRYPTO_dbg_malloc, + CRYPTO_dbg_realloc, + CRYPTO_dbg_free, + CRYPTO_dbg_set_options, + CRYPTO_dbg_get_options); + CRYPTO_set_mem_info_functions( + CRYPTO_dbg_push_info, + CRYPTO_dbg_pop_info, + CRYPTO_dbg_remove_all_info); + } + +char *CRYPTO_strdup(const char *str, const char *file, int line) + { + char *ret = CRYPTO_malloc(strlen(str)+1, file, line); + + strcpy(ret, str); + return ret; + } diff --git a/lib/libcrypto/objects/obj_dat.pl b/lib/libcrypto/objects/obj_dat.pl index 8a09a46ee65..7de2f77afda 100644 --- a/lib/libcrypto/objects/obj_dat.pl +++ b/lib/libcrypto/objects/obj_dat.pl @@ -2,7 +2,9 @@ # fixes bug in floating point emulation on sparc64 when # this script produces off-by-one output on sparc64 -use integer; +eval 'use integer;'; + +print STDERR "Warning: perl module integer not found.\n" if ($@); sub obj_cmp { diff --git a/lib/libcrypto/objects/obj_mac.num b/lib/libcrypto/objects/obj_mac.num index 53c9cb0d6ae..e3f56bc52ca 100644 --- a/lib/libcrypto/objects/obj_mac.num +++ b/lib/libcrypto/objects/obj_mac.num @@ -854,3 +854,5 @@ id_GostR3411_94_with_GostR3410_2001_cc 853 id_GostR3410_2001_ParamSet_cc 854 hmac 855 LocalKeySet 856 +freshest_crl 857 +id_on_permanentIdentifier 858 diff --git a/lib/libcrypto/objects/objects.txt b/lib/libcrypto/objects/objects.txt index e009702e553..a6a811b8e7c 100644 --- a/lib/libcrypto/objects/objects.txt +++ b/lib/libcrypto/objects/objects.txt @@ -557,6 +557,7 @@ id-cmc 24 : id-cmc-confirmCertAcceptance # other names id-on 1 : id-on-personalData +id-on 3 : id-on-permanentIdentifier : Permanent Identifier # personal data attributes id-pda 1 : id-pda-dateOfBirth @@ -726,6 +727,8 @@ id-ce 35 : authorityKeyIdentifier : X509v3 Authority Key Identifier id-ce 36 : policyConstraints : X509v3 Policy Constraints !Cname ext-key-usage id-ce 37 : extendedKeyUsage : X509v3 Extended Key Usage +!Cname freshest-crl +id-ce 46 : freshestCRL : X509v3 Freshest CRL !Cname inhibit-any-policy id-ce 54 : inhibitAnyPolicy : X509v3 Inhibit Any Policy !Cname target-information diff --git a/lib/libcrypto/ocsp/ocsp_asn.c b/lib/libcrypto/ocsp/ocsp_asn.c index 39b7a1c5687..bfe892ac705 100644 --- a/lib/libcrypto/ocsp/ocsp_asn.c +++ b/lib/libcrypto/ocsp/ocsp_asn.c @@ -1,5 +1,5 @@ /* ocsp_asn.c */ -/* Written by Dr Stephen N Henson (shenson@bigfoot.com) for the OpenSSL +/* Written by Dr Stephen N Henson (steve@openssl.org) for the OpenSSL * project 2000. */ /* ==================================================================== diff --git a/lib/libcrypto/ocsp/ocsp_ht.c b/lib/libcrypto/ocsp/ocsp_ht.c index a8e569b74a0..6abb30b2c07 100644 --- a/lib/libcrypto/ocsp/ocsp_ht.c +++ b/lib/libcrypto/ocsp/ocsp_ht.c @@ -1,5 +1,5 @@ /* ocsp_ht.c */ -/* Written by Dr Stephen N Henson (shenson@bigfoot.com) for the OpenSSL +/* Written by Dr Stephen N Henson (steve@openssl.org) for the OpenSSL * project 2006. */ /* ==================================================================== @@ -56,11 +56,12 @@ * */ -#include <openssl/asn1.h> #include <stdio.h> #include <stdlib.h> #include <ctype.h> #include <string.h> +#include "e_os.h" +#include <openssl/asn1.h> #include <openssl/ocsp.h> #include <openssl/err.h> #include <openssl/buffer.h> diff --git a/lib/libcrypto/ocsp/ocsp_srv.c b/lib/libcrypto/ocsp/ocsp_srv.c index fffa134e754..1c606dd0b61 100644 --- a/lib/libcrypto/ocsp/ocsp_srv.c +++ b/lib/libcrypto/ocsp/ocsp_srv.c @@ -1,5 +1,5 @@ /* ocsp_srv.c */ -/* Written by Dr Stephen N Henson (shenson@bigfoot.com) for the OpenSSL +/* Written by Dr Stephen N Henson (steve@openssl.org) for the OpenSSL * project 2001. */ /* ==================================================================== diff --git a/lib/libcrypto/ocsp/ocsp_vfy.c b/lib/libcrypto/ocsp/ocsp_vfy.c index 23ea41c847b..4a0c3870d83 100644 --- a/lib/libcrypto/ocsp/ocsp_vfy.c +++ b/lib/libcrypto/ocsp/ocsp_vfy.c @@ -1,5 +1,5 @@ /* ocsp_vfy.c */ -/* Written by Dr Stephen N Henson (shenson@bigfoot.com) for the OpenSSL +/* Written by Dr Stephen N Henson (steve@openssl.org) for the OpenSSL * project 2000. */ /* ==================================================================== diff --git a/lib/libcrypto/opensslconf.h.in b/lib/libcrypto/opensslconf.h.in index cee83acf989..1c77f03c3dc 100644 --- a/lib/libcrypto/opensslconf.h.in +++ b/lib/libcrypto/opensslconf.h.in @@ -1,5 +1,20 @@ /* crypto/opensslconf.h.in */ +#ifdef OPENSSL_DOING_MAKEDEPEND + +/* Include any symbols here that have to be explicitly set to enable a feature + * that should be visible to makedepend. + * + * [Our "make depend" doesn't actually look at this, we use actual build settings + * instead; we want to make it easy to remove subdirectories with disabled algorithms.] + */ + +#ifndef OPENSSL_FIPS +#define OPENSSL_FIPS +#endif + +#endif + /* Generate 80386 code? */ #undef I386_ONLY diff --git a/lib/libcrypto/opensslv.h b/lib/libcrypto/opensslv.h index 5bdd370ac91..09687b5136a 100644 --- a/lib/libcrypto/opensslv.h +++ b/lib/libcrypto/opensslv.h @@ -25,11 +25,11 @@ * (Prior to 0.9.5a beta1, a different scheme was used: MMNNFFRBB for * major minor fix final patch/beta) */ -#define OPENSSL_VERSION_NUMBER 0x0090809fL +#define OPENSSL_VERSION_NUMBER 0x009080afL #ifdef OPENSSL_FIPS -#define OPENSSL_VERSION_TEXT "OpenSSL 0.9.8i-fips 15 Sep 2008" +#define OPENSSL_VERSION_TEXT "OpenSSL 0.9.8j-fips 07 Jan 2009" #else -#define OPENSSL_VERSION_TEXT "OpenSSL 0.9.8i 15 Sep 2008" +#define OPENSSL_VERSION_TEXT "OpenSSL 0.9.8j 07 Jan 2009" #endif #define OPENSSL_VERSION_PTEXT " part of " OPENSSL_VERSION_TEXT diff --git a/lib/libcrypto/ossl_typ.h b/lib/libcrypto/ossl_typ.h index 734200428f6..0e7a3808803 100644 --- a/lib/libcrypto/ossl_typ.h +++ b/lib/libcrypto/ossl_typ.h @@ -100,6 +100,8 @@ typedef int ASN1_NULL; #undef X509_EXTENSIONS #undef X509_CERT_PAIR #undef PKCS7_ISSUER_AND_SERIAL +#undef OCSP_REQUEST +#undef OCSP_RESPONSE #endif #ifdef BIGNUM diff --git a/lib/libcrypto/pem/pem.h b/lib/libcrypto/pem/pem.h index 670afa670ba..6f8e01544bb 100644 --- a/lib/libcrypto/pem/pem.h +++ b/lib/libcrypto/pem/pem.h @@ -125,6 +125,7 @@ extern "C" { #define PEM_STRING_DSA "DSA PRIVATE KEY" #define PEM_STRING_DSA_PUBLIC "DSA PUBLIC KEY" #define PEM_STRING_PKCS7 "PKCS7" +#define PEM_STRING_PKCS7_SIGNED "PKCS #7 SIGNED DATA" #define PEM_STRING_PKCS8 "ENCRYPTED PRIVATE KEY" #define PEM_STRING_PKCS8INF "PRIVATE KEY" #define PEM_STRING_DHPARAMS "DH PARAMETERS" diff --git a/lib/libcrypto/pem/pem_all.c b/lib/libcrypto/pem/pem_all.c index 66cbc7eb82c..69dd19bf2e7 100644 --- a/lib/libcrypto/pem/pem_all.c +++ b/lib/libcrypto/pem/pem_all.c @@ -194,7 +194,49 @@ RSA *PEM_read_RSAPrivateKey(FILE *fp, RSA **rsa, pem_password_cb *cb, #endif +#ifdef OPENSSL_FIPS + +int PEM_write_bio_RSAPrivateKey(BIO *bp, RSA *x, const EVP_CIPHER *enc, + unsigned char *kstr, int klen, + pem_password_cb *cb, void *u) +{ + EVP_PKEY *k; + int ret; + k = EVP_PKEY_new(); + if (!k) + return 0; + EVP_PKEY_set1_RSA(k, x); + + ret = PEM_write_bio_PrivateKey(bp, k, enc, kstr, klen, cb, u); + EVP_PKEY_free(k); + return ret; +} + +#ifndef OPENSSL_NO_FP_API +int PEM_write_RSAPrivateKey(FILE *fp, RSA *x, const EVP_CIPHER *enc, + unsigned char *kstr, int klen, + pem_password_cb *cb, void *u) +{ + EVP_PKEY *k; + int ret; + k = EVP_PKEY_new(); + if (!k) + return 0; + + EVP_PKEY_set1_RSA(k, x); + + ret = PEM_write_PrivateKey(fp, k, enc, kstr, klen, cb, u); + EVP_PKEY_free(k); + return ret; +} +#endif + +#else + IMPLEMENT_PEM_write_cb_const(RSAPrivateKey, RSA, PEM_STRING_RSA, RSAPrivateKey) + +#endif + IMPLEMENT_PEM_rw_const(RSAPublicKey, RSA, PEM_STRING_RSA_PUBLIC, RSAPublicKey) IMPLEMENT_PEM_rw(RSA_PUBKEY, RSA, PEM_STRING_PUBLIC, RSA_PUBKEY) @@ -224,7 +266,47 @@ DSA *PEM_read_bio_DSAPrivateKey(BIO *bp, DSA **dsa, pem_password_cb *cb, return pkey_get_dsa(pktmp, dsa); } +#ifdef OPENSSL_FIPS + +int PEM_write_bio_DSAPrivateKey(BIO *bp, DSA *x, const EVP_CIPHER *enc, + unsigned char *kstr, int klen, + pem_password_cb *cb, void *u) +{ + EVP_PKEY *k; + int ret; + k = EVP_PKEY_new(); + if (!k) + return 0; + EVP_PKEY_set1_DSA(k, x); + + ret = PEM_write_bio_PrivateKey(bp, k, enc, kstr, klen, cb, u); + EVP_PKEY_free(k); + return ret; +} + +#ifndef OPENSSL_NO_FP_API +int PEM_write_DSAPrivateKey(FILE *fp, DSA *x, const EVP_CIPHER *enc, + unsigned char *kstr, int klen, + pem_password_cb *cb, void *u) +{ + EVP_PKEY *k; + int ret; + k = EVP_PKEY_new(); + if (!k) + return 0; + EVP_PKEY_set1_DSA(k, x); + ret = PEM_write_PrivateKey(fp, k, enc, kstr, klen, cb, u); + EVP_PKEY_free(k); + return ret; +} +#endif + +#else + IMPLEMENT_PEM_write_cb_const(DSAPrivateKey, DSA, PEM_STRING_DSA, DSAPrivateKey) + +#endif + IMPLEMENT_PEM_rw(DSA_PUBKEY, DSA, PEM_STRING_PUBLIC, DSA_PUBKEY) #ifndef OPENSSL_NO_FP_API @@ -270,8 +352,49 @@ EC_KEY *PEM_read_bio_ECPrivateKey(BIO *bp, EC_KEY **key, pem_password_cb *cb, IMPLEMENT_PEM_rw_const(ECPKParameters, EC_GROUP, PEM_STRING_ECPARAMETERS, ECPKParameters) + + +#ifdef OPENSSL_FIPS + +int PEM_write_bio_ECPrivateKey(BIO *bp, EC_KEY *x, const EVP_CIPHER *enc, + unsigned char *kstr, int klen, + pem_password_cb *cb, void *u) +{ + EVP_PKEY *k; + int ret; + k = EVP_PKEY_new(); + if (!k) + return 0; + EVP_PKEY_set1_EC_KEY(k, x); + + ret = PEM_write_bio_PrivateKey(bp, k, enc, kstr, klen, cb, u); + EVP_PKEY_free(k); + return ret; +} + +#ifndef OPENSSL_NO_FP_API +int PEM_write_ECPrivateKey(FILE *fp, EC_KEY *x, const EVP_CIPHER *enc, + unsigned char *kstr, int klen, + pem_password_cb *cb, void *u) +{ + EVP_PKEY *k; + int ret; + k = EVP_PKEY_new(); + if (!k) + return 0; + EVP_PKEY_set1_EC_KEY(k, x); + ret = PEM_write_PrivateKey(fp, k, enc, kstr, klen, cb, u); + EVP_PKEY_free(k); + return ret; +} +#endif + +#else + IMPLEMENT_PEM_write_cb(ECPrivateKey, EC_KEY, PEM_STRING_ECPRIVATEKEY, ECPrivateKey) +#endif + IMPLEMENT_PEM_rw(EC_PUBKEY, EC_KEY, PEM_STRING_PUBLIC, EC_PUBKEY) #ifndef OPENSSL_NO_FP_API @@ -301,8 +424,59 @@ IMPLEMENT_PEM_rw_const(DHparams, DH, PEM_STRING_DHPARAMS, DHparams) * (When reading, parameter PEM_STRING_EVP_PKEY is a wildcard for anything * appropriate.) */ + +#ifdef OPENSSL_FIPS + +static const char *pkey_str(EVP_PKEY *x) + { + switch (x->type) + { + case EVP_PKEY_RSA: + return PEM_STRING_RSA; + + case EVP_PKEY_DSA: + return PEM_STRING_DSA; + + case EVP_PKEY_EC: + return PEM_STRING_ECPRIVATEKEY; + + default: + return NULL; + } + } + + +int PEM_write_bio_PrivateKey(BIO *bp, EVP_PKEY *x, const EVP_CIPHER *enc, + unsigned char *kstr, int klen, + pem_password_cb *cb, void *u) + { + if (FIPS_mode()) + return PEM_write_bio_PKCS8PrivateKey(bp, x, enc, + (char *)kstr, klen, cb, u); + else + return PEM_ASN1_write_bio((i2d_of_void *)i2d_PrivateKey, + pkey_str(x), bp,(char *)x,enc,kstr,klen,cb,u); + } + +#ifndef OPENSSL_NO_FP_API +int PEM_write_PrivateKey(FILE *fp, EVP_PKEY *x, const EVP_CIPHER *enc, + unsigned char *kstr, int klen, + pem_password_cb *cb, void *u) + { + if (FIPS_mode()) + return PEM_write_PKCS8PrivateKey(fp, x, enc, + (char *)kstr, klen, cb, u); + else + return PEM_ASN1_write((i2d_of_void *)i2d_PrivateKey, + pkey_str(x), fp,(char *)x,enc,kstr,klen,cb,u); + } +#endif + +#else IMPLEMENT_PEM_write_cb(PrivateKey, EVP_PKEY, ((x->type == EVP_PKEY_DSA)?PEM_STRING_DSA:\ (x->type == EVP_PKEY_RSA)?PEM_STRING_RSA:PEM_STRING_ECPRIVATEKEY), PrivateKey) +#endif + IMPLEMENT_PEM_rw(PUBKEY, EVP_PKEY, PEM_STRING_PUBLIC, PUBKEY) diff --git a/lib/libcrypto/pem/pem_lib.c b/lib/libcrypto/pem/pem_lib.c index 9bae4c8850c..cbafefe416e 100644 --- a/lib/libcrypto/pem/pem_lib.c +++ b/lib/libcrypto/pem/pem_lib.c @@ -216,6 +216,9 @@ static int check_pem(const char *nm, const char *name) if(!strcmp(nm, PEM_STRING_X509) && !strcmp(name, PEM_STRING_PKCS7)) return 1; + if(!strcmp(nm, PEM_STRING_PKCS7_SIGNED) && + !strcmp(name, PEM_STRING_PKCS7)) return 1; + return 0; } diff --git a/lib/libcrypto/pem/pem_x509.c b/lib/libcrypto/pem/pem_x509.c index 19f88d8d3a6..3f709f13e65 100644 --- a/lib/libcrypto/pem/pem_x509.c +++ b/lib/libcrypto/pem/pem_x509.c @@ -1,5 +1,5 @@ /* pem_x509.c */ -/* Written by Dr Stephen N Henson (shenson@bigfoot.com) for the OpenSSL +/* Written by Dr Stephen N Henson (steve@openssl.org) for the OpenSSL * project 2001. */ /* ==================================================================== diff --git a/lib/libcrypto/pem/pem_xaux.c b/lib/libcrypto/pem/pem_xaux.c index 63ce660cf1a..7cc74910095 100644 --- a/lib/libcrypto/pem/pem_xaux.c +++ b/lib/libcrypto/pem/pem_xaux.c @@ -1,5 +1,5 @@ /* pem_xaux.c */ -/* Written by Dr Stephen N Henson (shenson@bigfoot.com) for the OpenSSL +/* Written by Dr Stephen N Henson (steve@openssl.org) for the OpenSSL * project 2001. */ /* ==================================================================== diff --git a/lib/libcrypto/pkcs12/p12_add.c b/lib/libcrypto/pkcs12/p12_add.c index 41bdc005510..1f3e378f5cb 100644 --- a/lib/libcrypto/pkcs12/p12_add.c +++ b/lib/libcrypto/pkcs12/p12_add.c @@ -1,5 +1,5 @@ /* p12_add.c */ -/* Written by Dr Stephen N Henson (shenson@bigfoot.com) for the OpenSSL +/* Written by Dr Stephen N Henson (steve@openssl.org) for the OpenSSL * project 1999. */ /* ==================================================================== diff --git a/lib/libcrypto/pkcs12/p12_asn.c b/lib/libcrypto/pkcs12/p12_asn.c index a3739fee1a6..6e276338175 100644 --- a/lib/libcrypto/pkcs12/p12_asn.c +++ b/lib/libcrypto/pkcs12/p12_asn.c @@ -1,5 +1,5 @@ /* p12_asn.c */ -/* Written by Dr Stephen N Henson (shenson@bigfoot.com) for the OpenSSL +/* Written by Dr Stephen N Henson (steve@openssl.org) for the OpenSSL * project 1999. */ /* ==================================================================== diff --git a/lib/libcrypto/pkcs12/p12_attr.c b/lib/libcrypto/pkcs12/p12_attr.c index 026cf3826a7..68d6c5ad159 100644 --- a/lib/libcrypto/pkcs12/p12_attr.c +++ b/lib/libcrypto/pkcs12/p12_attr.c @@ -1,5 +1,5 @@ /* p12_attr.c */ -/* Written by Dr Stephen N Henson (shenson@bigfoot.com) for the OpenSSL +/* Written by Dr Stephen N Henson (steve@openssl.org) for the OpenSSL * project 1999. */ /* ==================================================================== diff --git a/lib/libcrypto/pkcs12/p12_crpt.c b/lib/libcrypto/pkcs12/p12_crpt.c index 3ad33c49d82..f8b952e27ee 100644 --- a/lib/libcrypto/pkcs12/p12_crpt.c +++ b/lib/libcrypto/pkcs12/p12_crpt.c @@ -1,5 +1,5 @@ /* p12_crpt.c */ -/* Written by Dr Stephen N Henson (shenson@bigfoot.com) for the OpenSSL +/* Written by Dr Stephen N Henson (steve@openssl.org) for the OpenSSL * project 1999. */ /* ==================================================================== diff --git a/lib/libcrypto/pkcs12/p12_crt.c b/lib/libcrypto/pkcs12/p12_crt.c index 9748256b6fe..e863de52cef 100644 --- a/lib/libcrypto/pkcs12/p12_crt.c +++ b/lib/libcrypto/pkcs12/p12_crt.c @@ -1,5 +1,5 @@ /* p12_crt.c */ -/* Written by Dr Stephen N Henson (shenson@bigfoot.com) for the OpenSSL +/* Written by Dr Stephen N Henson (steve@openssl.org) for the OpenSSL * project. */ /* ==================================================================== @@ -59,6 +59,10 @@ #include <stdio.h> #include "cryptlib.h" #include <openssl/pkcs12.h> +#ifdef OPENSSL_FIPS +#include <openssl/fips.h> +#endif + static int pkcs12_add_bag(STACK_OF(PKCS12_SAFEBAG) **pbags, PKCS12_SAFEBAG *bag); @@ -90,7 +94,14 @@ PKCS12 *PKCS12_create(char *pass, char *name, EVP_PKEY *pkey, X509 *cert, /* Set defaults */ if (!nid_cert) + { +#ifdef OPENSSL_FIPS + if (FIPS_mode()) + nid_cert = NID_pbe_WithSHA1And3_Key_TripleDES_CBC; + else +#endif nid_cert = NID_pbe_WithSHA1And40BitRC2_CBC; + } if (!nid_key) nid_key = NID_pbe_WithSHA1And3_Key_TripleDES_CBC; if (!iter) diff --git a/lib/libcrypto/pkcs12/p12_decr.c b/lib/libcrypto/pkcs12/p12_decr.c index 74c961a92b8..ba77dbbe32c 100644 --- a/lib/libcrypto/pkcs12/p12_decr.c +++ b/lib/libcrypto/pkcs12/p12_decr.c @@ -1,5 +1,5 @@ /* p12_decr.c */ -/* Written by Dr Stephen N Henson (shenson@bigfoot.com) for the OpenSSL +/* Written by Dr Stephen N Henson (steve@openssl.org) for the OpenSSL * project 1999. */ /* ==================================================================== diff --git a/lib/libcrypto/pkcs12/p12_init.c b/lib/libcrypto/pkcs12/p12_init.c index 6bdc1326317..d4d84b056a2 100644 --- a/lib/libcrypto/pkcs12/p12_init.c +++ b/lib/libcrypto/pkcs12/p12_init.c @@ -1,5 +1,5 @@ /* p12_init.c */ -/* Written by Dr Stephen N Henson (shenson@bigfoot.com) for the OpenSSL +/* Written by Dr Stephen N Henson (steve@openssl.org) for the OpenSSL * project 1999. */ /* ==================================================================== diff --git a/lib/libcrypto/pkcs12/p12_key.c b/lib/libcrypto/pkcs12/p12_key.c index 18e72d0a1b8..9e57eee4a4d 100644 --- a/lib/libcrypto/pkcs12/p12_key.c +++ b/lib/libcrypto/pkcs12/p12_key.c @@ -1,5 +1,5 @@ /* p12_key.c */ -/* Written by Dr Stephen N Henson (shenson@bigfoot.com) for the OpenSSL +/* Written by Dr Stephen N Henson (steve@openssl.org) for the OpenSSL * project 1999. */ /* ==================================================================== diff --git a/lib/libcrypto/pkcs12/p12_kiss.c b/lib/libcrypto/pkcs12/p12_kiss.c index c2ee2cc6f3a..5c4c6ec9888 100644 --- a/lib/libcrypto/pkcs12/p12_kiss.c +++ b/lib/libcrypto/pkcs12/p12_kiss.c @@ -1,5 +1,5 @@ /* p12_kiss.c */ -/* Written by Dr Stephen N Henson (shenson@bigfoot.com) for the OpenSSL +/* Written by Dr Stephen N Henson (steve@openssl.org) for the OpenSSL * project 1999. */ /* ==================================================================== diff --git a/lib/libcrypto/pkcs12/p12_mutl.c b/lib/libcrypto/pkcs12/p12_mutl.c index c408cc8ab8d..70bfef6e5d1 100644 --- a/lib/libcrypto/pkcs12/p12_mutl.c +++ b/lib/libcrypto/pkcs12/p12_mutl.c @@ -1,5 +1,5 @@ /* p12_mutl.c */ -/* Written by Dr Stephen N Henson (shenson@bigfoot.com) for the OpenSSL +/* Written by Dr Stephen N Henson (steve@openssl.org) for the OpenSSL * project 1999. */ /* ==================================================================== diff --git a/lib/libcrypto/pkcs12/p12_npas.c b/lib/libcrypto/pkcs12/p12_npas.c index 48eacc5c49c..47e5e9c3775 100644 --- a/lib/libcrypto/pkcs12/p12_npas.c +++ b/lib/libcrypto/pkcs12/p12_npas.c @@ -1,5 +1,5 @@ /* p12_npas.c */ -/* Written by Dr Stephen N Henson (shenson@bigfoot.com) for the OpenSSL +/* Written by Dr Stephen N Henson (steve@openssl.org) for the OpenSSL * project 1999. */ /* ==================================================================== diff --git a/lib/libcrypto/pkcs12/p12_p8d.c b/lib/libcrypto/pkcs12/p12_p8d.c index 3c6f377933c..deba81e4a97 100644 --- a/lib/libcrypto/pkcs12/p12_p8d.c +++ b/lib/libcrypto/pkcs12/p12_p8d.c @@ -1,5 +1,5 @@ /* p12_p8d.c */ -/* Written by Dr Stephen N Henson (shenson@bigfoot.com) for the OpenSSL +/* Written by Dr Stephen N Henson (steve@openssl.org) for the OpenSSL * project 2001. */ /* ==================================================================== diff --git a/lib/libcrypto/pkcs12/p12_p8e.c b/lib/libcrypto/pkcs12/p12_p8e.c index 3d47956652a..bf20a77b4c7 100644 --- a/lib/libcrypto/pkcs12/p12_p8e.c +++ b/lib/libcrypto/pkcs12/p12_p8e.c @@ -1,5 +1,5 @@ /* p12_p8e.c */ -/* Written by Dr Stephen N Henson (shenson@bigfoot.com) for the OpenSSL +/* Written by Dr Stephen N Henson (steve@openssl.org) for the OpenSSL * project 2001. */ /* ==================================================================== diff --git a/lib/libcrypto/pkcs12/p12_utl.c b/lib/libcrypto/pkcs12/p12_utl.c index 243ec76be95..ca30ac4f6d5 100644 --- a/lib/libcrypto/pkcs12/p12_utl.c +++ b/lib/libcrypto/pkcs12/p12_utl.c @@ -1,5 +1,5 @@ /* p12_utl.c */ -/* Written by Dr Stephen N Henson (shenson@bigfoot.com) for the OpenSSL +/* Written by Dr Stephen N Henson (steve@openssl.org) for the OpenSSL * project 1999. */ /* ==================================================================== diff --git a/lib/libcrypto/pkcs12/pkcs12.h b/lib/libcrypto/pkcs12/pkcs12.h index a2d7e359a0f..4bee605dc0d 100644 --- a/lib/libcrypto/pkcs12/pkcs12.h +++ b/lib/libcrypto/pkcs12/pkcs12.h @@ -1,5 +1,5 @@ /* pkcs12.h */ -/* Written by Dr Stephen N Henson (shenson@bigfoot.com) for the OpenSSL +/* Written by Dr Stephen N Henson (steve@openssl.org) for the OpenSSL * project 1999. */ /* ==================================================================== diff --git a/lib/libcrypto/pkcs7/pk7_asn1.c b/lib/libcrypto/pkcs7/pk7_asn1.c index 77931feeb41..1f70d313867 100644 --- a/lib/libcrypto/pkcs7/pk7_asn1.c +++ b/lib/libcrypto/pkcs7/pk7_asn1.c @@ -1,5 +1,5 @@ /* pk7_asn.c */ -/* Written by Dr Stephen N Henson (shenson@bigfoot.com) for the OpenSSL +/* Written by Dr Stephen N Henson (steve@openssl.org) for the OpenSSL * project 2000. */ /* ==================================================================== diff --git a/lib/libcrypto/pkcs7/pk7_attr.c b/lib/libcrypto/pkcs7/pk7_attr.c index 735c8800e10..d5497171691 100644 --- a/lib/libcrypto/pkcs7/pk7_attr.c +++ b/lib/libcrypto/pkcs7/pk7_attr.c @@ -1,5 +1,5 @@ /* pk7_attr.c */ -/* Written by Dr Stephen N Henson (shenson@bigfoot.com) for the OpenSSL +/* Written by Dr Stephen N Henson (steve@openssl.org) for the OpenSSL * project 2001. */ /* ==================================================================== diff --git a/lib/libcrypto/pkcs7/pk7_mime.c b/lib/libcrypto/pkcs7/pk7_mime.c index 17b68992f7d..bf190360d75 100644 --- a/lib/libcrypto/pkcs7/pk7_mime.c +++ b/lib/libcrypto/pkcs7/pk7_mime.c @@ -1,5 +1,5 @@ /* pk7_mime.c */ -/* Written by Dr Stephen N Henson (shenson@bigfoot.com) for the OpenSSL +/* Written by Dr Stephen N Henson (steve@openssl.org) for the OpenSSL * project. */ /* ==================================================================== diff --git a/lib/libcrypto/pkcs7/pk7_smime.c b/lib/libcrypto/pkcs7/pk7_smime.c index 5c6b0fe24bc..c34db1d6fed 100644 --- a/lib/libcrypto/pkcs7/pk7_smime.c +++ b/lib/libcrypto/pkcs7/pk7_smime.c @@ -1,5 +1,5 @@ /* pk7_smime.c */ -/* Written by Dr Stephen N Henson (shenson@bigfoot.com) for the OpenSSL +/* Written by Dr Stephen N Henson (steve@openssl.org) for the OpenSSL * project. */ /* ==================================================================== @@ -282,6 +282,7 @@ int PKCS7_verify(PKCS7 *p7, STACK_OF(X509) *certs, X509_STORE *store, PKCS7err(PKCS7_F_PKCS7_VERIFY,ERR_R_MALLOC_FAILURE); goto err; } + BIO_set_mem_eof_return(tmpout, 0); } else tmpout = out; /* We now have to 'read' from p7bio to calculate digests etc. */ diff --git a/lib/libcrypto/rand/Makefile b/lib/libcrypto/rand/Makefile index 27694aa6649..30794305cb3 100644 --- a/lib/libcrypto/rand/Makefile +++ b/lib/libcrypto/rand/Makefile @@ -17,9 +17,9 @@ TEST= randtest.c APPS= LIB=$(TOP)/libcrypto.a -LIBSRC=md_rand.c randfile.c rand_lib.c rand_err.c rand_egd.c \ +LIBSRC=md_rand.c randfile.c rand_lib.c rand_eng.c rand_err.c rand_egd.c \ rand_win.c rand_unix.c rand_os2.c rand_nw.c -LIBOBJ=md_rand.o randfile.o rand_lib.o rand_err.o rand_egd.o \ +LIBOBJ=md_rand.o randfile.o rand_lib.o rand_eng.o rand_err.o rand_egd.o \ rand_win.o rand_unix.o rand_os2.o rand_nw.o SRC= $(LIBSRC) @@ -35,7 +35,7 @@ top: all: lib lib: $(LIBOBJ) - $(AR) $(LIB) $(LIBOBJ) + $(ARX) $(LIB) $(LIBOBJ) $(RANLIB) $(LIB) || echo Never mind. @touch lib @@ -79,17 +79,34 @@ clean: md_rand.o: ../../e_os.h ../../include/openssl/asn1.h md_rand.o: ../../include/openssl/bio.h ../../include/openssl/crypto.h md_rand.o: ../../include/openssl/e_os2.h ../../include/openssl/err.h -md_rand.o: ../../include/openssl/evp.h ../../include/openssl/lhash.h -md_rand.o: ../../include/openssl/obj_mac.h ../../include/openssl/objects.h -md_rand.o: ../../include/openssl/opensslconf.h ../../include/openssl/opensslv.h -md_rand.o: ../../include/openssl/ossl_typ.h ../../include/openssl/rand.h -md_rand.o: ../../include/openssl/safestack.h ../../include/openssl/sha.h -md_rand.o: ../../include/openssl/stack.h ../../include/openssl/symhacks.h -md_rand.o: md_rand.c rand_lcl.h +md_rand.o: ../../include/openssl/evp.h ../../include/openssl/fips.h +md_rand.o: ../../include/openssl/lhash.h ../../include/openssl/obj_mac.h +md_rand.o: ../../include/openssl/objects.h ../../include/openssl/opensslconf.h +md_rand.o: ../../include/openssl/opensslv.h ../../include/openssl/ossl_typ.h +md_rand.o: ../../include/openssl/rand.h ../../include/openssl/safestack.h +md_rand.o: ../../include/openssl/sha.h ../../include/openssl/stack.h +md_rand.o: ../../include/openssl/symhacks.h md_rand.c rand_lcl.h rand_egd.o: ../../include/openssl/buffer.h ../../include/openssl/e_os2.h rand_egd.o: ../../include/openssl/opensslconf.h rand_egd.o: ../../include/openssl/ossl_typ.h ../../include/openssl/rand.h rand_egd.o: rand_egd.c +rand_eng.o: ../../e_os.h ../../include/openssl/asn1.h +rand_eng.o: ../../include/openssl/bio.h ../../include/openssl/buffer.h +rand_eng.o: ../../include/openssl/crypto.h ../../include/openssl/des.h +rand_eng.o: ../../include/openssl/des_old.h ../../include/openssl/e_os2.h +rand_eng.o: ../../include/openssl/ec.h ../../include/openssl/ecdh.h +rand_eng.o: ../../include/openssl/ecdsa.h ../../include/openssl/engine.h +rand_eng.o: ../../include/openssl/err.h ../../include/openssl/evp.h +rand_eng.o: ../../include/openssl/fips.h ../../include/openssl/fips_rand.h +rand_eng.o: ../../include/openssl/lhash.h ../../include/openssl/obj_mac.h +rand_eng.o: ../../include/openssl/objects.h ../../include/openssl/opensslconf.h +rand_eng.o: ../../include/openssl/opensslv.h ../../include/openssl/ossl_typ.h +rand_eng.o: ../../include/openssl/pkcs7.h ../../include/openssl/rand.h +rand_eng.o: ../../include/openssl/safestack.h ../../include/openssl/sha.h +rand_eng.o: ../../include/openssl/stack.h ../../include/openssl/symhacks.h +rand_eng.o: ../../include/openssl/ui.h ../../include/openssl/ui_compat.h +rand_eng.o: ../../include/openssl/x509.h ../../include/openssl/x509_vfy.h +rand_eng.o: ../cryptlib.h rand_eng.c rand_lcl.h rand_err.o: ../../include/openssl/bio.h ../../include/openssl/crypto.h rand_err.o: ../../include/openssl/e_os2.h ../../include/openssl/err.h rand_err.o: ../../include/openssl/lhash.h ../../include/openssl/opensslconf.h @@ -99,34 +116,39 @@ rand_err.o: ../../include/openssl/stack.h ../../include/openssl/symhacks.h rand_err.o: rand_err.c rand_lib.o: ../../e_os.h ../../include/openssl/asn1.h rand_lib.o: ../../include/openssl/bio.h ../../include/openssl/buffer.h -rand_lib.o: ../../include/openssl/crypto.h ../../include/openssl/e_os2.h +rand_lib.o: ../../include/openssl/crypto.h ../../include/openssl/des.h +rand_lib.o: ../../include/openssl/des_old.h ../../include/openssl/e_os2.h rand_lib.o: ../../include/openssl/ec.h ../../include/openssl/ecdh.h rand_lib.o: ../../include/openssl/ecdsa.h ../../include/openssl/engine.h rand_lib.o: ../../include/openssl/err.h ../../include/openssl/evp.h +rand_lib.o: ../../include/openssl/fips.h ../../include/openssl/fips_rand.h rand_lib.o: ../../include/openssl/lhash.h ../../include/openssl/obj_mac.h rand_lib.o: ../../include/openssl/objects.h ../../include/openssl/opensslconf.h rand_lib.o: ../../include/openssl/opensslv.h ../../include/openssl/ossl_typ.h rand_lib.o: ../../include/openssl/pkcs7.h ../../include/openssl/rand.h rand_lib.o: ../../include/openssl/safestack.h ../../include/openssl/sha.h rand_lib.o: ../../include/openssl/stack.h ../../include/openssl/symhacks.h +rand_lib.o: ../../include/openssl/ui.h ../../include/openssl/ui_compat.h rand_lib.o: ../../include/openssl/x509.h ../../include/openssl/x509_vfy.h -rand_lib.o: ../cryptlib.h rand_lib.c +rand_lib.o: ../cryptlib.h rand_lcl.h rand_lib.c rand_nw.o: ../../e_os.h ../../include/openssl/asn1.h rand_nw.o: ../../include/openssl/bio.h ../../include/openssl/buffer.h rand_nw.o: ../../include/openssl/crypto.h ../../include/openssl/e_os2.h rand_nw.o: ../../include/openssl/err.h ../../include/openssl/evp.h -rand_nw.o: ../../include/openssl/lhash.h ../../include/openssl/obj_mac.h -rand_nw.o: ../../include/openssl/objects.h ../../include/openssl/opensslconf.h -rand_nw.o: ../../include/openssl/opensslv.h ../../include/openssl/ossl_typ.h -rand_nw.o: ../../include/openssl/rand.h ../../include/openssl/safestack.h -rand_nw.o: ../../include/openssl/sha.h ../../include/openssl/stack.h -rand_nw.o: ../../include/openssl/symhacks.h ../cryptlib.h rand_lcl.h rand_nw.c +rand_nw.o: ../../include/openssl/fips.h ../../include/openssl/lhash.h +rand_nw.o: ../../include/openssl/obj_mac.h ../../include/openssl/objects.h +rand_nw.o: ../../include/openssl/opensslconf.h ../../include/openssl/opensslv.h +rand_nw.o: ../../include/openssl/ossl_typ.h ../../include/openssl/rand.h +rand_nw.o: ../../include/openssl/safestack.h ../../include/openssl/sha.h +rand_nw.o: ../../include/openssl/stack.h ../../include/openssl/symhacks.h +rand_nw.o: ../cryptlib.h rand_lcl.h rand_nw.c rand_os2.o: ../../e_os.h ../../include/openssl/asn1.h rand_os2.o: ../../include/openssl/bio.h ../../include/openssl/buffer.h rand_os2.o: ../../include/openssl/crypto.h ../../include/openssl/e_os2.h rand_os2.o: ../../include/openssl/err.h ../../include/openssl/evp.h -rand_os2.o: ../../include/openssl/lhash.h ../../include/openssl/obj_mac.h -rand_os2.o: ../../include/openssl/objects.h ../../include/openssl/opensslconf.h +rand_os2.o: ../../include/openssl/fips.h ../../include/openssl/lhash.h +rand_os2.o: ../../include/openssl/obj_mac.h ../../include/openssl/objects.h +rand_os2.o: ../../include/openssl/opensslconf.h rand_os2.o: ../../include/openssl/opensslv.h ../../include/openssl/ossl_typ.h rand_os2.o: ../../include/openssl/rand.h ../../include/openssl/safestack.h rand_os2.o: ../../include/openssl/sha.h ../../include/openssl/stack.h @@ -136,8 +158,8 @@ rand_unix.o: ../../e_os.h ../../include/openssl/asn1.h rand_unix.o: ../../include/openssl/bio.h ../../include/openssl/buffer.h rand_unix.o: ../../include/openssl/crypto.h ../../include/openssl/e_os2.h rand_unix.o: ../../include/openssl/err.h ../../include/openssl/evp.h -rand_unix.o: ../../include/openssl/lhash.h ../../include/openssl/obj_mac.h -rand_unix.o: ../../include/openssl/objects.h +rand_unix.o: ../../include/openssl/fips.h ../../include/openssl/lhash.h +rand_unix.o: ../../include/openssl/obj_mac.h ../../include/openssl/objects.h rand_unix.o: ../../include/openssl/opensslconf.h rand_unix.o: ../../include/openssl/opensslv.h ../../include/openssl/ossl_typ.h rand_unix.o: ../../include/openssl/rand.h ../../include/openssl/safestack.h @@ -148,8 +170,9 @@ rand_win.o: ../../e_os.h ../../include/openssl/asn1.h rand_win.o: ../../include/openssl/bio.h ../../include/openssl/buffer.h rand_win.o: ../../include/openssl/crypto.h ../../include/openssl/e_os2.h rand_win.o: ../../include/openssl/err.h ../../include/openssl/evp.h -rand_win.o: ../../include/openssl/lhash.h ../../include/openssl/obj_mac.h -rand_win.o: ../../include/openssl/objects.h ../../include/openssl/opensslconf.h +rand_win.o: ../../include/openssl/fips.h ../../include/openssl/lhash.h +rand_win.o: ../../include/openssl/obj_mac.h ../../include/openssl/objects.h +rand_win.o: ../../include/openssl/opensslconf.h rand_win.o: ../../include/openssl/opensslv.h ../../include/openssl/ossl_typ.h rand_win.o: ../../include/openssl/rand.h ../../include/openssl/safestack.h rand_win.o: ../../include/openssl/sha.h ../../include/openssl/stack.h diff --git a/lib/libcrypto/rand/md_rand.c b/lib/libcrypto/rand/md_rand.c index 9783d0c23e9..0f8dd3e00fa 100644 --- a/lib/libcrypto/rand/md_rand.c +++ b/lib/libcrypto/rand/md_rand.c @@ -126,6 +126,10 @@ #include <openssl/crypto.h> #include <openssl/err.h> +#ifdef OPENSSL_FIPS +#include <openssl/fips.h> +#endif + #ifdef BN_DEBUG # define PREDICT @@ -332,6 +336,14 @@ static int ssleay_rand_bytes(unsigned char *buf, int num) #endif int do_stir_pool = 0; +#ifdef OPENSSL_FIPS + if(FIPS_mode()) + { + FIPSerr(FIPS_F_SSLEAY_RAND_BYTES,FIPS_R_NON_FIPS_METHOD); + return 0; + } +#endif + #ifdef PREDICT if (rand_predictable) { diff --git a/lib/libcrypto/rand/rand.h b/lib/libcrypto/rand/rand.h index ac6c0217636..ea89153cba3 100644 --- a/lib/libcrypto/rand/rand.h +++ b/lib/libcrypto/rand/rand.h @@ -72,7 +72,7 @@ extern "C" { #endif #if defined(OPENSSL_FIPS) -#define FIPS_RAND_SIZE_T size_t +#define FIPS_RAND_SIZE_T int #endif /* Already defined in ossl_typ.h */ @@ -111,6 +111,15 @@ int RAND_query_egd_bytes(const char *path, unsigned char *buf, int bytes); int RAND_egd(const char *path); int RAND_egd_bytes(const char *path,int bytes); int RAND_poll(void); +#ifndef OPENSSL_NO_ENGINE +#ifdef OPENSSL_FIPS +void int_RAND_init_engine_callbacks(void); +void int_RAND_set_callbacks( + int (*set_rand_func)(const RAND_METHOD *meth, + const RAND_METHOD **pmeth), + const RAND_METHOD *(*get_rand_func)(const RAND_METHOD **pmeth)); +#endif +#endif #if defined(OPENSSL_SYS_WINDOWS) || defined(OPENSSL_SYS_WIN32) @@ -128,11 +137,29 @@ void ERR_load_RAND_strings(void); /* Error codes for the RAND functions. */ /* Function codes. */ +#define RAND_F_ENG_RAND_GET_RAND_METHOD 108 +#define RAND_F_FIPS_RAND 103 +#define RAND_F_FIPS_RAND_BYTES 102 +#define RAND_F_FIPS_RAND_GET_RAND_METHOD 109 +#define RAND_F_FIPS_RAND_SET_DT 106 +#define RAND_F_FIPS_SET_DT 104 +#define RAND_F_FIPS_SET_PRNG_SEED 107 +#define RAND_F_FIPS_SET_TEST_MODE 105 #define RAND_F_RAND_GET_RAND_METHOD 101 #define RAND_F_SSLEAY_RAND_BYTES 100 /* Reason codes. */ +#define RAND_R_NON_FIPS_METHOD 105 +#define RAND_R_NOT_IN_TEST_MODE 106 +#define RAND_R_NO_KEY_SET 107 +#define RAND_R_PRNG_ASKING_FOR_TOO_MUCH 101 +#define RAND_R_PRNG_ERROR 108 +#define RAND_R_PRNG_KEYED 109 +#define RAND_R_PRNG_NOT_REKEYED 102 +#define RAND_R_PRNG_NOT_RESEEDED 103 #define RAND_R_PRNG_NOT_SEEDED 100 +#define RAND_R_PRNG_SEED_MUST_NOT_MATCH_KEY 110 +#define RAND_R_PRNG_STUCK 104 #ifdef __cplusplus } diff --git a/lib/libcrypto/rand/rand_err.c b/lib/libcrypto/rand/rand_err.c index 386934dcd18..829fb44d77e 100644 --- a/lib/libcrypto/rand/rand_err.c +++ b/lib/libcrypto/rand/rand_err.c @@ -1,6 +1,6 @@ /* crypto/rand/rand_err.c */ /* ==================================================================== - * Copyright (c) 1999-2005 The OpenSSL Project. All rights reserved. + * Copyright (c) 1999-2007 The OpenSSL Project. All rights reserved. * * Redistribution and use in source and binary forms, with or without * modification, are permitted provided that the following conditions @@ -70,6 +70,14 @@ static ERR_STRING_DATA RAND_str_functs[]= { +{ERR_FUNC(RAND_F_ENG_RAND_GET_RAND_METHOD), "ENG_RAND_GET_RAND_METHOD"}, +{ERR_FUNC(RAND_F_FIPS_RAND), "FIPS_RAND"}, +{ERR_FUNC(RAND_F_FIPS_RAND_BYTES), "FIPS_RAND_BYTES"}, +{ERR_FUNC(RAND_F_FIPS_RAND_GET_RAND_METHOD), "FIPS_RAND_GET_RAND_METHOD"}, +{ERR_FUNC(RAND_F_FIPS_RAND_SET_DT), "FIPS_RAND_SET_DT"}, +{ERR_FUNC(RAND_F_FIPS_SET_DT), "FIPS_SET_DT"}, +{ERR_FUNC(RAND_F_FIPS_SET_PRNG_SEED), "FIPS_SET_PRNG_SEED"}, +{ERR_FUNC(RAND_F_FIPS_SET_TEST_MODE), "FIPS_SET_TEST_MODE"}, {ERR_FUNC(RAND_F_RAND_GET_RAND_METHOD), "RAND_get_rand_method"}, {ERR_FUNC(RAND_F_SSLEAY_RAND_BYTES), "SSLEAY_RAND_BYTES"}, {0,NULL} @@ -77,7 +85,17 @@ static ERR_STRING_DATA RAND_str_functs[]= static ERR_STRING_DATA RAND_str_reasons[]= { +{ERR_REASON(RAND_R_NON_FIPS_METHOD) ,"non fips method"}, +{ERR_REASON(RAND_R_NOT_IN_TEST_MODE) ,"not in test mode"}, +{ERR_REASON(RAND_R_NO_KEY_SET) ,"no key set"}, +{ERR_REASON(RAND_R_PRNG_ASKING_FOR_TOO_MUCH),"prng asking for too much"}, +{ERR_REASON(RAND_R_PRNG_ERROR) ,"prng error"}, +{ERR_REASON(RAND_R_PRNG_KEYED) ,"prng keyed"}, +{ERR_REASON(RAND_R_PRNG_NOT_REKEYED) ,"prng not rekeyed"}, +{ERR_REASON(RAND_R_PRNG_NOT_RESEEDED) ,"prng not reseeded"}, {ERR_REASON(RAND_R_PRNG_NOT_SEEDED) ,"PRNG not seeded"}, +{ERR_REASON(RAND_R_PRNG_SEED_MUST_NOT_MATCH_KEY),"prng seed must not match key"}, +{ERR_REASON(RAND_R_PRNG_STUCK) ,"prng stuck"}, {0,NULL} }; diff --git a/lib/libcrypto/rand/rand_lcl.h b/lib/libcrypto/rand/rand_lcl.h index 618a8ec899c..18cc9b1e4af 100644 --- a/lib/libcrypto/rand/rand_lcl.h +++ b/lib/libcrypto/rand/rand_lcl.h @@ -154,5 +154,16 @@ #define MD(a,b,c) EVP_Digest(a,b,c,NULL,EVP_md2(), NULL) #endif +#ifndef OPENSSL_NO_ENGINE +void int_RAND_set_callbacks( + int (*set_rand_func)(const RAND_METHOD *meth, + const RAND_METHOD **pmeth), + const RAND_METHOD *(*get_rand_func) + (const RAND_METHOD **pmeth)); +int eng_RAND_set_rand_method(const RAND_METHOD *meth, + const RAND_METHOD **pmeth); +const RAND_METHOD *eng_RAND_get_rand_method(const RAND_METHOD **pmeth); +#endif + #endif diff --git a/lib/libcrypto/rand/rand_lib.c b/lib/libcrypto/rand/rand_lib.c index 513e3389859..da6b4e0e862 100644 --- a/lib/libcrypto/rand/rand_lib.c +++ b/lib/libcrypto/rand/rand_lib.c @@ -60,15 +60,82 @@ #include <time.h> #include "cryptlib.h" #include <openssl/rand.h> +#include "rand_lcl.h" +#ifdef OPENSSL_FIPS +#include <openssl/fips.h> +#include <openssl/fips_rand.h> +#endif + #ifndef OPENSSL_NO_ENGINE #include <openssl/engine.h> #endif +static const RAND_METHOD *default_RAND_meth = NULL; + +#ifdef OPENSSL_FIPS + +static int fips_RAND_set_rand_method(const RAND_METHOD *meth, + const RAND_METHOD **pmeth) + { + *pmeth = meth; + return 1; + } + +static const RAND_METHOD *fips_RAND_get_rand_method(const RAND_METHOD **pmeth) + { + if (!*pmeth) + { + if(FIPS_mode()) + *pmeth=FIPS_rand_method(); + else + *pmeth = RAND_SSLeay(); + } + + if(FIPS_mode() + && *pmeth != FIPS_rand_check()) + { + RANDerr(RAND_F_FIPS_RAND_GET_RAND_METHOD,RAND_R_NON_FIPS_METHOD); + return 0; + } + + return *pmeth; + } + +static int (*RAND_set_rand_method_func)(const RAND_METHOD *meth, + const RAND_METHOD **pmeth) + = fips_RAND_set_rand_method; +static const RAND_METHOD *(*RAND_get_rand_method_func) + (const RAND_METHOD **pmeth) + = fips_RAND_get_rand_method; + +#ifndef OPENSSL_NO_ENGINE +void int_RAND_set_callbacks( + int (*set_rand_func)(const RAND_METHOD *meth, + const RAND_METHOD **pmeth), + const RAND_METHOD *(*get_rand_func) + (const RAND_METHOD **pmeth)) + { + RAND_set_rand_method_func = set_rand_func; + RAND_get_rand_method_func = get_rand_func; + } +#endif + +int RAND_set_rand_method(const RAND_METHOD *meth) + { + return RAND_set_rand_method_func(meth, &default_RAND_meth); + } + +const RAND_METHOD *RAND_get_rand_method(void) + { + return RAND_get_rand_method_func(&default_RAND_meth); + } + +#else + #ifndef OPENSSL_NO_ENGINE /* non-NULL if default_RAND_meth is ENGINE-provided */ static ENGINE *funct_ref =NULL; #endif -static const RAND_METHOD *default_RAND_meth = NULL; int RAND_set_rand_method(const RAND_METHOD *meth) { @@ -129,6 +196,8 @@ int RAND_set_rand_engine(ENGINE *engine) } #endif +#endif + void RAND_cleanup(void) { const RAND_METHOD *meth = RAND_get_rand_method(); diff --git a/lib/libcrypto/rand/randfile.c b/lib/libcrypto/rand/randfile.c index 005cb38cb0c..f63fbc17319 100644 --- a/lib/libcrypto/rand/randfile.c +++ b/lib/libcrypto/rand/randfile.c @@ -81,10 +81,25 @@ # include <sys/stat.h> #endif +#ifdef _WIN32 +#define stat _stat +#define chmod _chmod +#define open _open +#define fdopen _fdopen +#endif + #undef BUFSIZE #define BUFSIZE 1024 #define RAND_DATA 1024 +#ifdef OPENSSL_SYS_VMS +/* This declaration is a nasty hack to get around vms' extension to fopen + * for passing in sharing options being disabled by our /STANDARD=ANSI89 */ +static FILE *(*const vms_fopen)(const char *, const char *, ...) = + (FILE *(*)(const char *, const char *, ...))fopen; +#define VMS_OPEN_ATTRS "shr=get,put,upd,del","ctx=bin,stm","rfm=stm","rat=none","mrs=0" +#endif + /* #define RFILE ".rnd" - defined in ../../e_os.h */ /* Note that these functions are intended for seed files only. @@ -106,7 +121,11 @@ int RAND_load_file(const char *file, long bytes) RAND_add(&sb,sizeof(sb),0.0); if (bytes == 0) return(ret); +#ifdef OPENSSL_SYS_VMS + in=vms_fopen(file,"rb",VMS_OPEN_ATTRS); +#else in=fopen(file,"rb"); +#endif if (in == NULL) goto err; #if defined(S_IFBLK) && defined(S_IFCHR) if (sb.st_mode & (S_IFBLK | S_IFCHR)) { @@ -167,7 +186,7 @@ int RAND_write_file(const char *file) #endif } -#if defined(O_CREAT) && !defined(OPENSSL_SYS_WIN32) +#if defined(O_CREAT) && !defined(OPENSSL_SYS_WIN32) && !defined(OPENSSL_SYS_VMS) { /* For some reason Win32 can't write to files created this way */ @@ -178,8 +197,34 @@ int RAND_write_file(const char *file) out = fdopen(fd, "wb"); } #endif + +#ifdef OPENSSL_SYS_VMS + /* VMS NOTE: Prior versions of this routine created a _new_ + * version of the rand file for each call into this routine, then + * deleted all existing versions named ;-1, and finally renamed + * the current version as ';1'. Under concurrent usage, this + * resulted in an RMS race condition in rename() which could + * orphan files (see vms message help for RMS$_REENT). With the + * fopen() calls below, openssl/VMS now shares the top-level + * version of the rand file. Note that there may still be + * conditions where the top-level rand file is locked. If so, this + * code will then create a new version of the rand file. Without + * the delete and rename code, this can result in ascending file + * versions that stop at version 32767, and this routine will then + * return an error. The remedy for this is to recode the calling + * application to avoid concurrent use of the rand file, or + * synchronize usage at the application level. Also consider + * whether or not you NEED a persistent rand file in a concurrent + * use situation. + */ + + out = vms_fopen(file,"rb+",VMS_OPEN_ATTRS); + if (out == NULL) + out = vms_fopen(file,"wb",VMS_OPEN_ATTRS); +#else if (out == NULL) out = fopen(file,"wb"); +#endif if (out == NULL) goto err; #ifndef NO_CHMOD @@ -201,25 +246,6 @@ int RAND_write_file(const char *file) ret+=i; if (n <= 0) break; } -#ifdef OPENSSL_SYS_VMS - /* Try to delete older versions of the file, until there aren't - any */ - { - char *tmpf; - - tmpf = OPENSSL_malloc(strlen(file) + 4); /* to add ";-1" and a nul */ - if (tmpf) - { - strcpy(tmpf, file); - strcat(tmpf, ";-1"); - while(delete(tmpf) == 0) - ; - rename(file,";1"); /* Make sure it's version 1, or we - will reach the limit (32767) at - some point... */ - } - } -#endif /* OPENSSL_SYS_VMS */ fclose(out); OPENSSL_cleanse(buf,BUFSIZE); diff --git a/lib/libcrypto/rc2/rc2.h b/lib/libcrypto/rc2/rc2.h index 34c83623172..e542ec94ffb 100644 --- a/lib/libcrypto/rc2/rc2.h +++ b/lib/libcrypto/rc2/rc2.h @@ -79,7 +79,9 @@ typedef struct rc2_key_st RC2_INT data[64]; } RC2_KEY; - +#ifdef OPENSSL_FIPS +void private_RC2_set_key(RC2_KEY *key, int len, const unsigned char *data,int bits); +#endif void RC2_set_key(RC2_KEY *key, int len, const unsigned char *data,int bits); void RC2_ecb_encrypt(const unsigned char *in,unsigned char *out,RC2_KEY *key, int enc); diff --git a/lib/libcrypto/rc2/rc2_skey.c b/lib/libcrypto/rc2/rc2_skey.c index 49536420566..4e000e5b992 100644 --- a/lib/libcrypto/rc2/rc2_skey.c +++ b/lib/libcrypto/rc2/rc2_skey.c @@ -57,6 +57,11 @@ */ #include <openssl/rc2.h> +#include <openssl/crypto.h> +#ifdef OPENSSL_FIPS +#include <openssl/fips.h> +#endif + #include "rc2_locl.h" static unsigned char key_table[256]={ @@ -94,8 +99,20 @@ static unsigned char key_table[256]={ * BSAFE uses the 'retarded' version. What I previously shipped is * the same as specifying 1024 for the 'bits' parameter. Bsafe uses * a version where the bits parameter is the same as len*8 */ + +#ifdef OPENSSL_FIPS void RC2_set_key(RC2_KEY *key, int len, const unsigned char *data, int bits) { + if (FIPS_mode()) + FIPS_BAD_ABORT(RC2) + private_RC2_set_key(key, len, data, bits); + } +void private_RC2_set_key(RC2_KEY *key, int len, const unsigned char *data, + int bits) +#else +void RC2_set_key(RC2_KEY *key, int len, const unsigned char *data, int bits) +#endif + { int i,j; unsigned char *k; RC2_INT *ki; diff --git a/lib/libcrypto/rc4/asm/rc4-x86_64.pl b/lib/libcrypto/rc4/asm/rc4-x86_64.pl index 92c52f34333..3a546234955 100755 --- a/lib/libcrypto/rc4/asm/rc4-x86_64.pl +++ b/lib/libcrypto/rc4/asm/rc4-x86_64.pl @@ -358,6 +358,8 @@ ___ $code =~ s/#([bwd])/$1/gm; +$code =~ s/RC4_set_key/private_RC4_set_key/g if ($ENV{FIPSCANLIB} ne ""); + print $code; close STDOUT; diff --git a/lib/libcrypto/rc4/rc4.h b/lib/libcrypto/rc4/rc4.h index 7aec04fe93a..2d8620d33b9 100644 --- a/lib/libcrypto/rc4/rc4.h +++ b/lib/libcrypto/rc4/rc4.h @@ -76,6 +76,9 @@ typedef struct rc4_key_st const char *RC4_options(void); +#ifdef OPENSSL_FIPS +void private_RC4_set_key(RC4_KEY *key, int len, const unsigned char *data); +#endif void RC4_set_key(RC4_KEY *key, int len, const unsigned char *data); void RC4(RC4_KEY *key, unsigned long len, const unsigned char *indata, unsigned char *outdata); diff --git a/lib/libcrypto/rc4/rc4_skey.c b/lib/libcrypto/rc4/rc4_skey.c index 46b77ec3216..4478d1a4b3b 100644 --- a/lib/libcrypto/rc4/rc4_skey.c +++ b/lib/libcrypto/rc4/rc4_skey.c @@ -59,6 +59,11 @@ #include <openssl/rc4.h> #include "rc4_locl.h" #include <openssl/opensslv.h> +#include <openssl/crypto.h> +#ifdef OPENSSL_FIPS +#include <openssl/fips.h> +#endif + const char RC4_version[]="RC4" OPENSSL_VERSION_PTEXT; @@ -85,7 +90,11 @@ const char *RC4_options(void) * Date: Wed, 14 Sep 1994 06:35:31 GMT */ +#ifdef OPENSSL_FIPS +void private_RC4_set_key(RC4_KEY *key, int len, const unsigned char *data) +#else void RC4_set_key(RC4_KEY *key, int len, const unsigned char *data) +#endif { register RC4_INT tmp; register int id1,id2; @@ -127,7 +136,12 @@ void RC4_set_key(RC4_KEY *key, int len, const unsigned char *data) * * <appro@fy.chalmers.se> */ - if (OPENSSL_ia32cap_P & (1<<20)) { +#ifdef OPENSSL_FIPS + unsigned long *ia32cap_ptr = OPENSSL_ia32cap_loc(); + if (ia32cap_ptr && (*ia32cap_ptr & (1<<28))) { +#else + if (OPENSSL_ia32cap_P & (1<<28)) { +#endif unsigned char *cp=(unsigned char *)d; for (i=0;i<256;i++) cp[i]=i; diff --git a/lib/libcrypto/rc5/rc5.h b/lib/libcrypto/rc5/rc5.h index 4b3c153b503..f73a2a02a45 100644 --- a/lib/libcrypto/rc5/rc5.h +++ b/lib/libcrypto/rc5/rc5.h @@ -94,7 +94,10 @@ typedef struct rc5_key_st RC5_32_INT data[2*(RC5_16_ROUNDS+1)]; } RC5_32_KEY; - +#ifdef OPENSSL_FIPS +void private_RC5_32_set_key(RC5_32_KEY *key, int len, const unsigned char *data, + int rounds); +#endif void RC5_32_set_key(RC5_32_KEY *key, int len, const unsigned char *data, int rounds); void RC5_32_ecb_encrypt(const unsigned char *in,unsigned char *out,RC5_32_KEY *key, diff --git a/lib/libcrypto/ripemd/ripemd.h b/lib/libcrypto/ripemd/ripemd.h index 033a5965b58..3b6d04386d4 100644 --- a/lib/libcrypto/ripemd/ripemd.h +++ b/lib/libcrypto/ripemd/ripemd.h @@ -90,7 +90,9 @@ typedef struct RIPEMD160state_st RIPEMD160_LONG data[RIPEMD160_LBLOCK]; unsigned int num; } RIPEMD160_CTX; - +#ifdef OPENSSL_FIPS +int private_RIPEMD160_Init(RIPEMD160_CTX *c); +#endif int RIPEMD160_Init(RIPEMD160_CTX *c); int RIPEMD160_Update(RIPEMD160_CTX *c, const void *data, size_t len); int RIPEMD160_Final(unsigned char *md, RIPEMD160_CTX *c); diff --git a/lib/libcrypto/ripemd/rmd_dgst.c b/lib/libcrypto/ripemd/rmd_dgst.c index 1f2401aa7ec..a845e17ed86 100644 --- a/lib/libcrypto/ripemd/rmd_dgst.c +++ b/lib/libcrypto/ripemd/rmd_dgst.c @@ -59,6 +59,11 @@ #include <stdio.h> #include "rmd_locl.h" #include <openssl/opensslv.h> +#include <openssl/err.h> +#ifdef OPENSSL_FIPS +#include <openssl/fips.h> +#endif + const char RMD160_version[]="RIPE-MD160" OPENSSL_VERSION_PTEXT; @@ -69,7 +74,7 @@ const char RMD160_version[]="RIPE-MD160" OPENSSL_VERSION_PTEXT; void ripemd160_block(RIPEMD160_CTX *c, unsigned long *p,size_t num); # endif -int RIPEMD160_Init(RIPEMD160_CTX *c) +FIPS_NON_FIPS_MD_Init(RIPEMD160) { c->A=RIPEMD160_A; c->B=RIPEMD160_B; diff --git a/lib/libcrypto/ripemd/rmd_locl.h b/lib/libcrypto/ripemd/rmd_locl.h index f14b346e662..ce12a8000ea 100644 --- a/lib/libcrypto/ripemd/rmd_locl.h +++ b/lib/libcrypto/ripemd/rmd_locl.h @@ -72,7 +72,7 @@ */ #ifdef RMD160_ASM # if defined(__i386) || defined(__i386__) || defined(_M_IX86) || defined(__INTEL__) -# define ripemd160_block_data_order ripemd160_block_asm_data_order +# define ripemd160_block_host_order ripemd160_block_asm_data_order # endif #endif diff --git a/lib/libcrypto/rsa/Makefile b/lib/libcrypto/rsa/Makefile index 8f1c611800c..7b1fd6428c9 100644 --- a/lib/libcrypto/rsa/Makefile +++ b/lib/libcrypto/rsa/Makefile @@ -19,10 +19,10 @@ APPS= LIB=$(TOP)/libcrypto.a LIBSRC= rsa_eay.c rsa_gen.c rsa_lib.c rsa_sign.c rsa_saos.c rsa_err.c \ rsa_pk1.c rsa_ssl.c rsa_none.c rsa_oaep.c rsa_chk.c rsa_null.c \ - rsa_pss.c rsa_x931.c rsa_asn1.c rsa_depr.c + rsa_pss.c rsa_x931.c rsa_x931g.c rsa_asn1.c rsa_depr.c rsa_eng.c LIBOBJ= rsa_eay.o rsa_gen.o rsa_lib.o rsa_sign.o rsa_saos.o rsa_err.o \ rsa_pk1.o rsa_ssl.o rsa_none.o rsa_oaep.o rsa_chk.o rsa_null.o \ - rsa_pss.o rsa_x931.o rsa_asn1.o rsa_depr.o + rsa_pss.o rsa_x931.o rsa_x931g.o rsa_asn1.o rsa_depr.o rsa_eng.o SRC= $(LIBSRC) @@ -37,7 +37,7 @@ top: all: lib lib: $(LIBOBJ) - $(AR) $(LIB) $(LIBOBJ) + $(ARX) $(LIB) $(LIBOBJ) $(RANLIB) $(LIB) || echo Never mind. @touch lib @@ -114,6 +114,21 @@ rsa_eay.o: ../../include/openssl/opensslv.h ../../include/openssl/ossl_typ.h rsa_eay.o: ../../include/openssl/rand.h ../../include/openssl/rsa.h rsa_eay.o: ../../include/openssl/safestack.h ../../include/openssl/stack.h rsa_eay.o: ../../include/openssl/symhacks.h ../cryptlib.h rsa_eay.c +rsa_eng.o: ../../e_os.h ../../include/openssl/asn1.h +rsa_eng.o: ../../include/openssl/bio.h ../../include/openssl/bn.h +rsa_eng.o: ../../include/openssl/buffer.h ../../include/openssl/crypto.h +rsa_eng.o: ../../include/openssl/e_os2.h ../../include/openssl/ec.h +rsa_eng.o: ../../include/openssl/ecdh.h ../../include/openssl/ecdsa.h +rsa_eng.o: ../../include/openssl/engine.h ../../include/openssl/err.h +rsa_eng.o: ../../include/openssl/evp.h ../../include/openssl/fips.h +rsa_eng.o: ../../include/openssl/lhash.h ../../include/openssl/obj_mac.h +rsa_eng.o: ../../include/openssl/objects.h ../../include/openssl/opensslconf.h +rsa_eng.o: ../../include/openssl/opensslv.h ../../include/openssl/ossl_typ.h +rsa_eng.o: ../../include/openssl/pkcs7.h ../../include/openssl/rand.h +rsa_eng.o: ../../include/openssl/rsa.h ../../include/openssl/safestack.h +rsa_eng.o: ../../include/openssl/sha.h ../../include/openssl/stack.h +rsa_eng.o: ../../include/openssl/symhacks.h ../../include/openssl/x509.h +rsa_eng.o: ../../include/openssl/x509_vfy.h ../cryptlib.h rsa_eng.c rsa_err.o: ../../include/openssl/asn1.h ../../include/openssl/bio.h rsa_err.o: ../../include/openssl/crypto.h ../../include/openssl/e_os2.h rsa_err.o: ../../include/openssl/err.h ../../include/openssl/lhash.h @@ -136,15 +151,15 @@ rsa_lib.o: ../../include/openssl/buffer.h ../../include/openssl/crypto.h rsa_lib.o: ../../include/openssl/e_os2.h ../../include/openssl/ec.h rsa_lib.o: ../../include/openssl/ecdh.h ../../include/openssl/ecdsa.h rsa_lib.o: ../../include/openssl/engine.h ../../include/openssl/err.h -rsa_lib.o: ../../include/openssl/evp.h ../../include/openssl/lhash.h -rsa_lib.o: ../../include/openssl/obj_mac.h ../../include/openssl/objects.h -rsa_lib.o: ../../include/openssl/opensslconf.h ../../include/openssl/opensslv.h -rsa_lib.o: ../../include/openssl/ossl_typ.h ../../include/openssl/pkcs7.h -rsa_lib.o: ../../include/openssl/rand.h ../../include/openssl/rsa.h -rsa_lib.o: ../../include/openssl/safestack.h ../../include/openssl/sha.h -rsa_lib.o: ../../include/openssl/stack.h ../../include/openssl/symhacks.h -rsa_lib.o: ../../include/openssl/x509.h ../../include/openssl/x509_vfy.h -rsa_lib.o: ../cryptlib.h rsa_lib.c +rsa_lib.o: ../../include/openssl/evp.h ../../include/openssl/fips.h +rsa_lib.o: ../../include/openssl/lhash.h ../../include/openssl/obj_mac.h +rsa_lib.o: ../../include/openssl/objects.h ../../include/openssl/opensslconf.h +rsa_lib.o: ../../include/openssl/opensslv.h ../../include/openssl/ossl_typ.h +rsa_lib.o: ../../include/openssl/pkcs7.h ../../include/openssl/rand.h +rsa_lib.o: ../../include/openssl/rsa.h ../../include/openssl/safestack.h +rsa_lib.o: ../../include/openssl/sha.h ../../include/openssl/stack.h +rsa_lib.o: ../../include/openssl/symhacks.h ../../include/openssl/x509.h +rsa_lib.o: ../../include/openssl/x509_vfy.h ../cryptlib.h rsa_lib.c rsa_none.o: ../../e_os.h ../../include/openssl/asn1.h rsa_none.o: ../../include/openssl/bio.h ../../include/openssl/bn.h rsa_none.o: ../../include/openssl/buffer.h ../../include/openssl/crypto.h @@ -167,9 +182,9 @@ rsa_oaep.o: ../../e_os.h ../../include/openssl/asn1.h rsa_oaep.o: ../../include/openssl/bio.h ../../include/openssl/bn.h rsa_oaep.o: ../../include/openssl/buffer.h ../../include/openssl/crypto.h rsa_oaep.o: ../../include/openssl/e_os2.h ../../include/openssl/err.h -rsa_oaep.o: ../../include/openssl/evp.h ../../include/openssl/lhash.h -rsa_oaep.o: ../../include/openssl/obj_mac.h ../../include/openssl/objects.h -rsa_oaep.o: ../../include/openssl/opensslconf.h +rsa_oaep.o: ../../include/openssl/evp.h ../../include/openssl/fips.h +rsa_oaep.o: ../../include/openssl/lhash.h ../../include/openssl/obj_mac.h +rsa_oaep.o: ../../include/openssl/objects.h ../../include/openssl/opensslconf.h rsa_oaep.o: ../../include/openssl/opensslv.h ../../include/openssl/ossl_typ.h rsa_oaep.o: ../../include/openssl/rand.h ../../include/openssl/rsa.h rsa_oaep.o: ../../include/openssl/safestack.h ../../include/openssl/sha.h @@ -188,21 +203,23 @@ rsa_pss.o: ../../e_os.h ../../include/openssl/asn1.h rsa_pss.o: ../../include/openssl/bio.h ../../include/openssl/bn.h rsa_pss.o: ../../include/openssl/buffer.h ../../include/openssl/crypto.h rsa_pss.o: ../../include/openssl/e_os2.h ../../include/openssl/err.h -rsa_pss.o: ../../include/openssl/evp.h ../../include/openssl/lhash.h -rsa_pss.o: ../../include/openssl/obj_mac.h ../../include/openssl/objects.h -rsa_pss.o: ../../include/openssl/opensslconf.h ../../include/openssl/opensslv.h -rsa_pss.o: ../../include/openssl/ossl_typ.h ../../include/openssl/rand.h -rsa_pss.o: ../../include/openssl/rsa.h ../../include/openssl/safestack.h -rsa_pss.o: ../../include/openssl/sha.h ../../include/openssl/stack.h -rsa_pss.o: ../../include/openssl/symhacks.h ../cryptlib.h rsa_pss.c +rsa_pss.o: ../../include/openssl/evp.h ../../include/openssl/fips.h +rsa_pss.o: ../../include/openssl/lhash.h ../../include/openssl/obj_mac.h +rsa_pss.o: ../../include/openssl/objects.h ../../include/openssl/opensslconf.h +rsa_pss.o: ../../include/openssl/opensslv.h ../../include/openssl/ossl_typ.h +rsa_pss.o: ../../include/openssl/rand.h ../../include/openssl/rsa.h +rsa_pss.o: ../../include/openssl/safestack.h ../../include/openssl/sha.h +rsa_pss.o: ../../include/openssl/stack.h ../../include/openssl/symhacks.h +rsa_pss.o: ../cryptlib.h rsa_pss.c rsa_saos.o: ../../e_os.h ../../include/openssl/asn1.h rsa_saos.o: ../../include/openssl/bio.h ../../include/openssl/bn.h rsa_saos.o: ../../include/openssl/buffer.h ../../include/openssl/crypto.h rsa_saos.o: ../../include/openssl/e_os2.h ../../include/openssl/ec.h rsa_saos.o: ../../include/openssl/ecdh.h ../../include/openssl/ecdsa.h rsa_saos.o: ../../include/openssl/err.h ../../include/openssl/evp.h -rsa_saos.o: ../../include/openssl/lhash.h ../../include/openssl/obj_mac.h -rsa_saos.o: ../../include/openssl/objects.h ../../include/openssl/opensslconf.h +rsa_saos.o: ../../include/openssl/fips.h ../../include/openssl/lhash.h +rsa_saos.o: ../../include/openssl/obj_mac.h ../../include/openssl/objects.h +rsa_saos.o: ../../include/openssl/opensslconf.h rsa_saos.o: ../../include/openssl/opensslv.h ../../include/openssl/ossl_typ.h rsa_saos.o: ../../include/openssl/pkcs7.h ../../include/openssl/rsa.h rsa_saos.o: ../../include/openssl/safestack.h ../../include/openssl/sha.h @@ -215,8 +232,9 @@ rsa_sign.o: ../../include/openssl/buffer.h ../../include/openssl/crypto.h rsa_sign.o: ../../include/openssl/e_os2.h ../../include/openssl/ec.h rsa_sign.o: ../../include/openssl/ecdh.h ../../include/openssl/ecdsa.h rsa_sign.o: ../../include/openssl/err.h ../../include/openssl/evp.h -rsa_sign.o: ../../include/openssl/lhash.h ../../include/openssl/obj_mac.h -rsa_sign.o: ../../include/openssl/objects.h ../../include/openssl/opensslconf.h +rsa_sign.o: ../../include/openssl/fips.h ../../include/openssl/lhash.h +rsa_sign.o: ../../include/openssl/obj_mac.h ../../include/openssl/objects.h +rsa_sign.o: ../../include/openssl/opensslconf.h rsa_sign.o: ../../include/openssl/opensslv.h ../../include/openssl/ossl_typ.h rsa_sign.o: ../../include/openssl/pkcs7.h ../../include/openssl/rsa.h rsa_sign.o: ../../include/openssl/safestack.h ../../include/openssl/sha.h @@ -242,3 +260,11 @@ rsa_x931.o: ../../include/openssl/opensslv.h ../../include/openssl/ossl_typ.h rsa_x931.o: ../../include/openssl/rand.h ../../include/openssl/rsa.h rsa_x931.o: ../../include/openssl/safestack.h ../../include/openssl/stack.h rsa_x931.o: ../../include/openssl/symhacks.h ../cryptlib.h rsa_x931.c +rsa_x931g.o: ../../include/openssl/asn1.h ../../include/openssl/bio.h +rsa_x931g.o: ../../include/openssl/bn.h ../../include/openssl/crypto.h +rsa_x931g.o: ../../include/openssl/e_os2.h ../../include/openssl/err.h +rsa_x931g.o: ../../include/openssl/lhash.h ../../include/openssl/opensslconf.h +rsa_x931g.o: ../../include/openssl/opensslv.h ../../include/openssl/ossl_typ.h +rsa_x931g.o: ../../include/openssl/rsa.h ../../include/openssl/safestack.h +rsa_x931g.o: ../../include/openssl/stack.h ../../include/openssl/symhacks.h +rsa_x931g.o: rsa_x931g.c diff --git a/lib/libcrypto/rsa/rsa.h b/lib/libcrypto/rsa/rsa.h index 3699afaaaf9..5bb932ae15f 100644 --- a/lib/libcrypto/rsa/rsa.h +++ b/lib/libcrypto/rsa/rsa.h @@ -74,6 +74,25 @@ #error RSA is disabled. #endif +/* If this flag is set the RSA method is FIPS compliant and can be used + * in FIPS mode. This is set in the validated module method. If an + * application sets this flag in its own methods it is its reposibility + * to ensure the result is compliant. + */ + +#define RSA_FLAG_FIPS_METHOD 0x0400 + +/* If this flag is set the operations normally disabled in FIPS mode are + * permitted it is then the applications responsibility to ensure that the + * usage is compliant. + */ + +#define RSA_FLAG_NON_FIPS_ALLOW 0x0400 + +#ifdef OPENSSL_FIPS +#define FIPS_RSA_SIZE_T int +#endif + #ifdef __cplusplus extern "C" { #endif @@ -163,6 +182,8 @@ struct rsa_st # define OPENSSL_RSA_MAX_MODULUS_BITS 16384 #endif +#define OPENSSL_RSA_FIPS_MIN_MODULUS_BITS 1024 + #ifndef OPENSSL_RSA_SMALL_MODULUS_BITS # define OPENSSL_RSA_SMALL_MODULUS_BITS 3072 #endif @@ -240,6 +261,11 @@ RSA * RSA_generate_key(int bits, unsigned long e,void /* New version */ int RSA_generate_key_ex(RSA *rsa, int bits, BIGNUM *e, BN_GENCB *cb); +int RSA_X931_derive_ex(RSA *rsa, BIGNUM *p1, BIGNUM *p2, BIGNUM *q1, BIGNUM *q2, + const BIGNUM *Xp1, const BIGNUM *Xp2, const BIGNUM *Xp, + const BIGNUM *Xq1, const BIGNUM *Xq2, const BIGNUM *Xq, + const BIGNUM *e, BN_GENCB *cb); +int RSA_X931_generate_key_ex(RSA *rsa, int bits, const BIGNUM *e, BN_GENCB *cb); int RSA_check_key(const RSA *); /* next 4 return -1 on error */ @@ -257,6 +283,11 @@ int RSA_up_ref(RSA *r); int RSA_flags(const RSA *r); +#ifdef OPENSSL_FIPS +RSA *FIPS_rsa_new(void); +void FIPS_rsa_free(RSA *r); +#endif + void RSA_set_default_method(const RSA_METHOD *meth); const RSA_METHOD *RSA_get_default_method(void); const RSA_METHOD *RSA_get_method(const RSA *rsa); @@ -370,6 +401,8 @@ void ERR_load_RSA_strings(void); /* Error codes for the RSA functions. */ /* Function codes. */ +#define RSA_F_FIPS_RSA_SIGN 140 +#define RSA_F_FIPS_RSA_VERIFY 141 #define RSA_F_MEMORY_LOCK 100 #define RSA_F_RSA_BUILTIN_KEYGEN 129 #define RSA_F_RSA_CHECK_KEY 123 @@ -401,7 +434,11 @@ void ERR_load_RSA_strings(void); #define RSA_F_RSA_PADDING_CHECK_X931 128 #define RSA_F_RSA_PRINT 115 #define RSA_F_RSA_PRINT_FP 116 +#define RSA_F_RSA_PRIVATE_ENCRYPT 137 +#define RSA_F_RSA_PUBLIC_DECRYPT 138 #define RSA_F_RSA_SETUP_BLINDING 136 +#define RSA_F_RSA_SET_DEFAULT_METHOD 139 +#define RSA_F_RSA_SET_METHOD 142 #define RSA_F_RSA_SIGN 117 #define RSA_F_RSA_SIGN_ASN1_OCTET_STRING 118 #define RSA_F_RSA_VERIFY 119 @@ -435,10 +472,12 @@ void ERR_load_RSA_strings(void); #define RSA_R_KEY_SIZE_TOO_SMALL 120 #define RSA_R_LAST_OCTET_INVALID 134 #define RSA_R_MODULUS_TOO_LARGE 105 +#define RSA_R_NON_FIPS_METHOD 141 #define RSA_R_NO_PUBLIC_EXPONENT 140 #define RSA_R_NULL_BEFORE_BLOCK_MISSING 113 #define RSA_R_N_DOES_NOT_EQUAL_P_Q 127 #define RSA_R_OAEP_DECODING_ERROR 121 +#define RSA_R_OPERATION_NOT_ALLOWED_IN_FIPS_MODE 142 #define RSA_R_PADDING_CHECK_FAILED 114 #define RSA_R_P_NOT_PRIME 128 #define RSA_R_Q_NOT_PRIME 129 diff --git a/lib/libcrypto/rsa/rsa_asn1.c b/lib/libcrypto/rsa/rsa_asn1.c index bbbf26d50ed..6e8a803e814 100644 --- a/lib/libcrypto/rsa/rsa_asn1.c +++ b/lib/libcrypto/rsa/rsa_asn1.c @@ -1,5 +1,5 @@ /* rsa_asn1.c */ -/* Written by Dr Stephen N Henson (shenson@bigfoot.com) for the OpenSSL +/* Written by Dr Stephen N Henson (steve@openssl.org) for the OpenSSL * project 2000. */ /* ==================================================================== diff --git a/lib/libcrypto/rsa/rsa_eay.c b/lib/libcrypto/rsa/rsa_eay.c index 5a6eda79617..04ec789ee9c 100644 --- a/lib/libcrypto/rsa/rsa_eay.c +++ b/lib/libcrypto/rsa/rsa_eay.c @@ -115,7 +115,7 @@ #include <openssl/rsa.h> #include <openssl/rand.h> -#ifndef RSA_NULL +#if !defined(RSA_NULL) && !defined(OPENSSL_FIPS) static int RSA_eay_public_encrypt(int flen, const unsigned char *from, unsigned char *to, RSA *rsa,int padding); diff --git a/lib/libcrypto/rsa/rsa_err.c b/lib/libcrypto/rsa/rsa_err.c index fe3ba1b44bb..501f5ea3894 100644 --- a/lib/libcrypto/rsa/rsa_err.c +++ b/lib/libcrypto/rsa/rsa_err.c @@ -1,6 +1,6 @@ /* crypto/rsa/rsa_err.c */ /* ==================================================================== - * Copyright (c) 1999-2005 The OpenSSL Project. All rights reserved. + * Copyright (c) 1999-2007 The OpenSSL Project. All rights reserved. * * Redistribution and use in source and binary forms, with or without * modification, are permitted provided that the following conditions @@ -70,6 +70,8 @@ static ERR_STRING_DATA RSA_str_functs[]= { +{ERR_FUNC(RSA_F_FIPS_RSA_SIGN), "FIPS_RSA_SIGN"}, +{ERR_FUNC(RSA_F_FIPS_RSA_VERIFY), "FIPS_RSA_VERIFY"}, {ERR_FUNC(RSA_F_MEMORY_LOCK), "MEMORY_LOCK"}, {ERR_FUNC(RSA_F_RSA_BUILTIN_KEYGEN), "RSA_BUILTIN_KEYGEN"}, {ERR_FUNC(RSA_F_RSA_CHECK_KEY), "RSA_check_key"}, @@ -101,7 +103,11 @@ static ERR_STRING_DATA RSA_str_functs[]= {ERR_FUNC(RSA_F_RSA_PADDING_CHECK_X931), "RSA_padding_check_X931"}, {ERR_FUNC(RSA_F_RSA_PRINT), "RSA_print"}, {ERR_FUNC(RSA_F_RSA_PRINT_FP), "RSA_print_fp"}, +{ERR_FUNC(RSA_F_RSA_PRIVATE_ENCRYPT), "RSA_private_encrypt"}, +{ERR_FUNC(RSA_F_RSA_PUBLIC_DECRYPT), "RSA_public_decrypt"}, {ERR_FUNC(RSA_F_RSA_SETUP_BLINDING), "RSA_setup_blinding"}, +{ERR_FUNC(RSA_F_RSA_SET_DEFAULT_METHOD), "RSA_set_default_method"}, +{ERR_FUNC(RSA_F_RSA_SET_METHOD), "RSA_set_method"}, {ERR_FUNC(RSA_F_RSA_SIGN), "RSA_sign"}, {ERR_FUNC(RSA_F_RSA_SIGN_ASN1_OCTET_STRING), "RSA_sign_ASN1_OCTET_STRING"}, {ERR_FUNC(RSA_F_RSA_VERIFY), "RSA_verify"}, @@ -138,10 +144,12 @@ static ERR_STRING_DATA RSA_str_reasons[]= {ERR_REASON(RSA_R_KEY_SIZE_TOO_SMALL) ,"key size too small"}, {ERR_REASON(RSA_R_LAST_OCTET_INVALID) ,"last octet invalid"}, {ERR_REASON(RSA_R_MODULUS_TOO_LARGE) ,"modulus too large"}, +{ERR_REASON(RSA_R_NON_FIPS_METHOD) ,"non fips method"}, {ERR_REASON(RSA_R_NO_PUBLIC_EXPONENT) ,"no public exponent"}, {ERR_REASON(RSA_R_NULL_BEFORE_BLOCK_MISSING),"null before block missing"}, {ERR_REASON(RSA_R_N_DOES_NOT_EQUAL_P_Q) ,"n does not equal p q"}, {ERR_REASON(RSA_R_OAEP_DECODING_ERROR) ,"oaep decoding error"}, +{ERR_REASON(RSA_R_OPERATION_NOT_ALLOWED_IN_FIPS_MODE),"operation not allowed in fips mode"}, {ERR_REASON(RSA_R_PADDING_CHECK_FAILED) ,"padding check failed"}, {ERR_REASON(RSA_R_P_NOT_PRIME) ,"p not prime"}, {ERR_REASON(RSA_R_Q_NOT_PRIME) ,"q not prime"}, diff --git a/lib/libcrypto/rsa/rsa_gen.c b/lib/libcrypto/rsa/rsa_gen.c index 767f7ab682a..41278f83c68 100644 --- a/lib/libcrypto/rsa/rsa_gen.c +++ b/lib/libcrypto/rsa/rsa_gen.c @@ -68,6 +68,8 @@ #include <openssl/bn.h> #include <openssl/rsa.h> +#ifndef OPENSSL_FIPS + static int rsa_builtin_keygen(RSA *rsa, int bits, BIGNUM *e_value, BN_GENCB *cb); /* NB: this wrapper would normally be placed in rsa_lib.c and the static @@ -217,3 +219,4 @@ err: return ok; } +#endif diff --git a/lib/libcrypto/rsa/rsa_lib.c b/lib/libcrypto/rsa/rsa_lib.c index 104aa4c1f2d..5714841f4ca 100644 --- a/lib/libcrypto/rsa/rsa_lib.c +++ b/lib/libcrypto/rsa/rsa_lib.c @@ -67,215 +67,6 @@ #include <openssl/engine.h> #endif -const char RSA_version[]="RSA" OPENSSL_VERSION_PTEXT; - -static const RSA_METHOD *default_RSA_meth=NULL; - -RSA *RSA_new(void) - { - RSA *r=RSA_new_method(NULL); - - return r; - } - -void RSA_set_default_method(const RSA_METHOD *meth) - { - default_RSA_meth = meth; - } - -const RSA_METHOD *RSA_get_default_method(void) - { - if (default_RSA_meth == NULL) - { -#ifdef RSA_NULL - default_RSA_meth=RSA_null_method(); -#else -#if 0 /* was: #ifdef RSAref */ - default_RSA_meth=RSA_PKCS1_RSAref(); -#else - default_RSA_meth=RSA_PKCS1_SSLeay(); -#endif -#endif - } - - return default_RSA_meth; - } - -const RSA_METHOD *RSA_get_method(const RSA *rsa) - { - return rsa->meth; - } - -int RSA_set_method(RSA *rsa, const RSA_METHOD *meth) - { - /* NB: The caller is specifically setting a method, so it's not up to us - * to deal with which ENGINE it comes from. */ - const RSA_METHOD *mtmp; - mtmp = rsa->meth; - if (mtmp->finish) mtmp->finish(rsa); -#ifndef OPENSSL_NO_ENGINE - if (rsa->engine) - { - ENGINE_finish(rsa->engine); - rsa->engine = NULL; - } -#endif - rsa->meth = meth; - if (meth->init) meth->init(rsa); - return 1; - } - -RSA *RSA_new_method(ENGINE *engine) - { - RSA *ret; - - ret=(RSA *)OPENSSL_malloc(sizeof(RSA)); - if (ret == NULL) - { - RSAerr(RSA_F_RSA_NEW_METHOD,ERR_R_MALLOC_FAILURE); - return NULL; - } - - ret->meth = RSA_get_default_method(); -#ifndef OPENSSL_NO_ENGINE - if (engine) - { - if (!ENGINE_init(engine)) - { - RSAerr(RSA_F_RSA_NEW_METHOD, ERR_R_ENGINE_LIB); - OPENSSL_free(ret); - return NULL; - } - ret->engine = engine; - } - else - ret->engine = ENGINE_get_default_RSA(); - if(ret->engine) - { - ret->meth = ENGINE_get_RSA(ret->engine); - if(!ret->meth) - { - RSAerr(RSA_F_RSA_NEW_METHOD, - ERR_R_ENGINE_LIB); - ENGINE_finish(ret->engine); - OPENSSL_free(ret); - return NULL; - } - } -#endif - - ret->pad=0; - ret->version=0; - ret->n=NULL; - ret->e=NULL; - ret->d=NULL; - ret->p=NULL; - ret->q=NULL; - ret->dmp1=NULL; - ret->dmq1=NULL; - ret->iqmp=NULL; - ret->references=1; - ret->_method_mod_n=NULL; - ret->_method_mod_p=NULL; - ret->_method_mod_q=NULL; - ret->blinding=NULL; - ret->mt_blinding=NULL; - ret->bignum_data=NULL; - ret->flags=ret->meth->flags; - CRYPTO_new_ex_data(CRYPTO_EX_INDEX_RSA, ret, &ret->ex_data); - if ((ret->meth->init != NULL) && !ret->meth->init(ret)) - { -#ifndef OPENSSL_NO_ENGINE - if (ret->engine) - ENGINE_finish(ret->engine); -#endif - CRYPTO_free_ex_data(CRYPTO_EX_INDEX_RSA, ret, &ret->ex_data); - OPENSSL_free(ret); - ret=NULL; - } - return(ret); - } - -void RSA_free(RSA *r) - { - int i; - - if (r == NULL) return; - - i=CRYPTO_add(&r->references,-1,CRYPTO_LOCK_RSA); -#ifdef REF_PRINT - REF_PRINT("RSA",r); -#endif - if (i > 0) return; -#ifdef REF_CHECK - if (i < 0) - { - fprintf(stderr,"RSA_free, bad reference count\n"); - abort(); - } -#endif - - if (r->meth->finish) - r->meth->finish(r); -#ifndef OPENSSL_NO_ENGINE - if (r->engine) - ENGINE_finish(r->engine); -#endif - - CRYPTO_free_ex_data(CRYPTO_EX_INDEX_RSA, r, &r->ex_data); - - if (r->n != NULL) BN_clear_free(r->n); - if (r->e != NULL) BN_clear_free(r->e); - if (r->d != NULL) BN_clear_free(r->d); - if (r->p != NULL) BN_clear_free(r->p); - if (r->q != NULL) BN_clear_free(r->q); - if (r->dmp1 != NULL) BN_clear_free(r->dmp1); - if (r->dmq1 != NULL) BN_clear_free(r->dmq1); - if (r->iqmp != NULL) BN_clear_free(r->iqmp); - if (r->blinding != NULL) BN_BLINDING_free(r->blinding); - if (r->mt_blinding != NULL) BN_BLINDING_free(r->mt_blinding); - if (r->bignum_data != NULL) OPENSSL_free_locked(r->bignum_data); - OPENSSL_free(r); - } - -int RSA_up_ref(RSA *r) - { - int i = CRYPTO_add(&r->references, 1, CRYPTO_LOCK_RSA); -#ifdef REF_PRINT - REF_PRINT("RSA",r); -#endif -#ifdef REF_CHECK - if (i < 2) - { - fprintf(stderr, "RSA_up_ref, bad reference count\n"); - abort(); - } -#endif - return ((i > 1) ? 1 : 0); - } - -int RSA_get_ex_new_index(long argl, void *argp, CRYPTO_EX_new *new_func, - CRYPTO_EX_dup *dup_func, CRYPTO_EX_free *free_func) - { - return CRYPTO_get_ex_new_index(CRYPTO_EX_INDEX_RSA, argl, argp, - new_func, dup_func, free_func); - } - -int RSA_set_ex_data(RSA *r, int idx, void *arg) - { - return(CRYPTO_set_ex_data(&r->ex_data,idx,arg)); - } - -void *RSA_get_ex_data(const RSA *r, int idx) - { - return(CRYPTO_get_ex_data(&r->ex_data,idx)); - } - -int RSA_size(const RSA *r) - { - return(BN_num_bytes(r->n)); - } - int RSA_public_encrypt(int flen, const unsigned char *from, unsigned char *to, RSA *rsa, int padding) { @@ -285,6 +76,13 @@ int RSA_public_encrypt(int flen, const unsigned char *from, unsigned char *to, int RSA_private_encrypt(int flen, const unsigned char *from, unsigned char *to, RSA *rsa, int padding) { +#ifdef OPENSSL_FIPS + if(FIPS_mode() && !(rsa->flags & RSA_FLAG_NON_FIPS_ALLOW)) + { + RSAerr(RSA_F_RSA_PRIVATE_ENCRYPT, RSA_R_OPERATION_NOT_ALLOWED_IN_FIPS_MODE); + return 0; + } +#endif return(rsa->meth->rsa_priv_enc(flen, from, to, rsa, padding)); } @@ -297,12 +95,19 @@ int RSA_private_decrypt(int flen, const unsigned char *from, unsigned char *to, int RSA_public_decrypt(int flen, const unsigned char *from, unsigned char *to, RSA *rsa, int padding) { +#ifdef OPENSSL_FIPS + if(FIPS_mode() && !(rsa->flags & RSA_FLAG_NON_FIPS_ALLOW)) + { + RSAerr(RSA_F_RSA_PUBLIC_DECRYPT, RSA_R_OPERATION_NOT_ALLOWED_IN_FIPS_MODE); + return 0; + } +#endif return(rsa->meth->rsa_pub_dec(flen, from, to, rsa, padding)); } -int RSA_flags(const RSA *r) +int RSA_size(const RSA *r) { - return((r == NULL)?0:r->meth->flags); + return(BN_num_bytes(r->n)); } void RSA_blinding_off(RSA *rsa) @@ -427,48 +232,3 @@ err: return ret; } - -int RSA_memory_lock(RSA *r) - { - int i,j,k,off; - char *p; - BIGNUM *bn,**t[6],*b; - BN_ULONG *ul; - - if (r->d == NULL) return(1); - t[0]= &r->d; - t[1]= &r->p; - t[2]= &r->q; - t[3]= &r->dmp1; - t[4]= &r->dmq1; - t[5]= &r->iqmp; - k=sizeof(BIGNUM)*6; - off=k/sizeof(BN_ULONG)+1; - j=1; - for (i=0; i<6; i++) - j+= (*t[i])->top; - if ((p=OPENSSL_malloc_locked((off+j)*sizeof(BN_ULONG))) == NULL) - { - RSAerr(RSA_F_RSA_MEMORY_LOCK,ERR_R_MALLOC_FAILURE); - return(0); - } - bn=(BIGNUM *)p; - ul=(BN_ULONG *)&(p[off]); - for (i=0; i<6; i++) - { - b= *(t[i]); - *(t[i])= &(bn[i]); - memcpy((char *)&(bn[i]),(char *)b,sizeof(BIGNUM)); - bn[i].flags=BN_FLG_STATIC_DATA; - bn[i].d=ul; - memcpy((char *)ul,b->d,sizeof(BN_ULONG)*b->top); - ul+=b->top; - BN_clear_free(b); - } - - /* I should fix this so it can still be done */ - r->flags&= ~(RSA_FLAG_CACHE_PRIVATE|RSA_FLAG_CACHE_PUBLIC); - - r->bignum_data=p; - return(1); - } diff --git a/lib/libcrypto/rsa/rsa_null.c b/lib/libcrypto/rsa/rsa_null.c index 491572c82bd..2f2202f142f 100644 --- a/lib/libcrypto/rsa/rsa_null.c +++ b/lib/libcrypto/rsa/rsa_null.c @@ -1,5 +1,5 @@ /* rsa_null.c */ -/* Written by Dr Stephen N Henson (shenson@bigfoot.com) for the OpenSSL +/* Written by Dr Stephen N Henson (steve@openssl.org) for the OpenSSL * project 1999. */ /* ==================================================================== diff --git a/lib/libcrypto/rsa/rsa_oaep.c b/lib/libcrypto/rsa/rsa_oaep.c index 3652677a998..4d30c9d2d35 100644 --- a/lib/libcrypto/rsa/rsa_oaep.c +++ b/lib/libcrypto/rsa/rsa_oaep.c @@ -187,7 +187,7 @@ int PKCS1_MGF1(unsigned char *mask, long len, int mdlen; EVP_MD_CTX_init(&c); - mdlen = EVP_MD_size(dgst); + mdlen = M_EVP_MD_size(dgst); for (i = 0; outlen < len; i++) { cnt[0] = (unsigned char)((i >> 24) & 255); diff --git a/lib/libcrypto/rsa/rsa_sign.c b/lib/libcrypto/rsa/rsa_sign.c index 71aabeea1bd..5488c06f6d8 100644 --- a/lib/libcrypto/rsa/rsa_sign.c +++ b/lib/libcrypto/rsa/rsa_sign.c @@ -90,6 +90,14 @@ int RSA_sign(int type, const unsigned char *m, unsigned int m_len, i = SSL_SIG_LENGTH; s = m; } else { + /* NB: in FIPS mode block anything that isn't a TLS signature */ +#ifdef OPENSSL_FIPS + if(FIPS_mode() && !(rsa->flags & RSA_FLAG_NON_FIPS_ALLOW)) + { + RSAerr(RSA_F_RSA_SIGN, RSA_R_OPERATION_NOT_ALLOWED_IN_FIPS_MODE); + return 0; + } +#endif sig.algor= &algor; sig.algor->algorithm=OBJ_nid2obj(type); if (sig.algor->algorithm == NULL) @@ -167,10 +175,22 @@ int RSA_verify(int dtype, const unsigned char *m, unsigned int m_len, RSAerr(RSA_F_RSA_VERIFY,ERR_R_MALLOC_FAILURE); goto err; } - if((dtype == NID_md5_sha1) && (m_len != SSL_SIG_LENGTH) ) { + if(dtype == NID_md5_sha1) + { + if (m_len != SSL_SIG_LENGTH) + { RSAerr(RSA_F_RSA_VERIFY,RSA_R_INVALID_MESSAGE_LENGTH); goto err; - } + } + } + /* NB: in FIPS mode block anything that isn't a TLS signature */ +#ifdef OPENSSL_FIPS + else if(FIPS_mode() && !(rsa->flags & RSA_FLAG_NON_FIPS_ALLOW)) + { + RSAerr(RSA_F_RSA_VERIFY, RSA_R_OPERATION_NOT_ALLOWED_IN_FIPS_MODE); + return 0; + } +#endif i=RSA_public_decrypt((int)siglen,sigbuf,s,rsa,RSA_PKCS1_PADDING); if (i <= 0) goto err; diff --git a/lib/libcrypto/sha/sha.h b/lib/libcrypto/sha/sha.h index eed44d7f946..47a2c29f662 100644 --- a/lib/libcrypto/sha/sha.h +++ b/lib/libcrypto/sha/sha.h @@ -106,6 +106,9 @@ typedef struct SHAstate_st } SHA_CTX; #ifndef OPENSSL_NO_SHA0 +#ifdef OPENSSL_FIPS +int private_SHA_Init(SHA_CTX *c); +#endif int SHA_Init(SHA_CTX *c); int SHA_Update(SHA_CTX *c, const void *data, size_t len); int SHA_Final(unsigned char *md, SHA_CTX *c); diff --git a/lib/libcrypto/sha/sha1_one.c b/lib/libcrypto/sha/sha1_one.c index 7c65b60276c..4831174198e 100644 --- a/lib/libcrypto/sha/sha1_one.c +++ b/lib/libcrypto/sha/sha1_one.c @@ -61,7 +61,7 @@ #include <openssl/sha.h> #include <openssl/crypto.h> -#ifndef OPENSSL_NO_SHA1 +#if !defined(OPENSSL_NO_SHA1) unsigned char *SHA1(const unsigned char *d, size_t n, unsigned char *md) { SHA_CTX c; diff --git a/lib/libcrypto/sha/sha1dgst.c b/lib/libcrypto/sha/sha1dgst.c index 50d1925cdeb..d31f0781a06 100644 --- a/lib/libcrypto/sha/sha1dgst.c +++ b/lib/libcrypto/sha/sha1dgst.c @@ -63,6 +63,10 @@ #define SHA_1 #include <openssl/opensslv.h> +#ifdef OPENSSL_FIPS +#include <openssl/fips.h> +#endif + const char SHA1_version[]="SHA1" OPENSSL_VERSION_PTEXT; diff --git a/lib/libcrypto/sha/sha_dgst.c b/lib/libcrypto/sha/sha_dgst.c index 70eb56032c3..598f4d721af 100644 --- a/lib/libcrypto/sha/sha_dgst.c +++ b/lib/libcrypto/sha/sha_dgst.c @@ -57,6 +57,12 @@ */ #include <openssl/opensslconf.h> +#include <openssl/crypto.h> +#ifdef OPENSSL_FIPS +#include <openssl/fips.h> +#endif + +#include <openssl/err.h> #if !defined(OPENSSL_NO_SHA0) && !defined(OPENSSL_NO_SHA) #undef SHA_1 diff --git a/lib/libcrypto/sha/sha_locl.h b/lib/libcrypto/sha/sha_locl.h index e37e5726e33..da46ddfe794 100644 --- a/lib/libcrypto/sha/sha_locl.h +++ b/lib/libcrypto/sha/sha_locl.h @@ -122,8 +122,15 @@ void sha1_block_data_order (SHA_CTX *c, const void *p,size_t num); #define INIT_DATA_h3 0x10325476UL #define INIT_DATA_h4 0xc3d2e1f0UL +#if defined(SHA_0) && defined(OPENSSL_FIPS) +FIPS_NON_FIPS_MD_Init(SHA) +#else int HASH_INIT (SHA_CTX *c) +#endif { +#if defined(SHA_1) && defined(OPENSSL_FIPS) + FIPS_selftest_check(); +#endif c->h0=INIT_DATA_h0; c->h1=INIT_DATA_h1; c->h2=INIT_DATA_h2; diff --git a/lib/libcrypto/symhacks.h b/lib/libcrypto/symhacks.h index 64528ad5c2e..6cfb5fe4794 100644 --- a/lib/libcrypto/symhacks.h +++ b/lib/libcrypto/symhacks.h @@ -179,6 +179,11 @@ #define ENGINE_set_load_privkey_function ENGINE_set_load_privkey_fn #undef ENGINE_get_load_privkey_function #define ENGINE_get_load_privkey_function ENGINE_get_load_privkey_fn +#undef ENGINE_set_load_ssl_client_cert_function +#define ENGINE_set_load_ssl_client_cert_function \ + ENGINE_set_ld_ssl_clnt_cert_fn +#undef ENGINE_get_ssl_client_cert_function +#define ENGINE_get_ssl_client_cert_function ENGINE_get_ssl_client_cert_fn /* Hack some long OCSP names */ #undef OCSP_REQUEST_get_ext_by_critical diff --git a/lib/libcrypto/ui/ui_openssl.c b/lib/libcrypto/ui/ui_openssl.c index 8446673ed4b..5fbedf6ff8c 100644 --- a/lib/libcrypto/ui/ui_openssl.c +++ b/lib/libcrypto/ui/ui_openssl.c @@ -678,6 +678,8 @@ static int noecho_fgets(char *buf, int size, FILE *tty) size--; #ifdef WIN16TTY i=_inchar(); +#elif defined(_WIN32) + i=_getch(); #else i=getch(); #endif diff --git a/lib/libcrypto/util/libeay.num b/lib/libcrypto/util/libeay.num index 62664f3c374..0eb54ddc891 100644 --- a/lib/libcrypto/util/libeay.num +++ b/lib/libcrypto/util/libeay.num @@ -2804,12 +2804,12 @@ OPENSSL_cleanse 3245 EXIST::FUNCTION: ENGINE_setup_bsd_cryptodev 3246 EXIST:__FreeBSD__:FUNCTION:ENGINE ERR_release_err_state_table 3247 EXIST::FUNCTION:LHASH EVP_aes_128_cfb8 3248 EXIST::FUNCTION:AES -FIPS_corrupt_rsa 3249 NOEXIST::FUNCTION: -FIPS_selftest_des 3250 NOEXIST::FUNCTION: +FIPS_corrupt_rsa 3249 EXIST:OPENSSL_FIPS:FUNCTION: +FIPS_selftest_des 3250 EXIST:OPENSSL_FIPS:FUNCTION: EVP_aes_128_cfb1 3251 EXIST::FUNCTION:AES EVP_aes_192_cfb8 3252 EXIST::FUNCTION:AES -FIPS_mode_set 3253 NOEXIST::FUNCTION: -FIPS_selftest_dsa 3254 NOEXIST::FUNCTION: +FIPS_mode_set 3253 EXIST:OPENSSL_FIPS:FUNCTION: +FIPS_selftest_dsa 3254 EXIST:OPENSSL_FIPS:FUNCTION: EVP_aes_256_cfb8 3255 EXIST::FUNCTION:AES FIPS_allow_md5 3256 NOEXIST::FUNCTION: DES_ede3_cfb_encrypt 3257 EXIST::FUNCTION:DES @@ -2817,44 +2817,44 @@ EVP_des_ede3_cfb8 3258 EXIST::FUNCTION:DES FIPS_rand_seeded 3259 NOEXIST::FUNCTION: AES_cfbr_encrypt_block 3260 EXIST::FUNCTION:AES AES_cfb8_encrypt 3261 EXIST::FUNCTION:AES -FIPS_rand_seed 3262 NOEXIST::FUNCTION: -FIPS_corrupt_des 3263 NOEXIST::FUNCTION: +FIPS_rand_seed 3262 EXIST:OPENSSL_FIPS:FUNCTION: +FIPS_corrupt_des 3263 EXIST:OPENSSL_FIPS:FUNCTION: EVP_aes_192_cfb1 3264 EXIST::FUNCTION:AES -FIPS_selftest_aes 3265 NOEXIST::FUNCTION: +FIPS_selftest_aes 3265 EXIST:OPENSSL_FIPS:FUNCTION: FIPS_set_prng_key 3266 NOEXIST::FUNCTION: EVP_des_cfb8 3267 EXIST::FUNCTION:DES -FIPS_corrupt_dsa 3268 NOEXIST::FUNCTION: +FIPS_corrupt_dsa 3268 EXIST:OPENSSL_FIPS:FUNCTION: FIPS_test_mode 3269 NOEXIST::FUNCTION: -FIPS_rand_method 3270 NOEXIST::FUNCTION: +FIPS_rand_method 3270 EXIST:OPENSSL_FIPS:FUNCTION: EVP_aes_256_cfb1 3271 EXIST::FUNCTION:AES -ERR_load_FIPS_strings 3272 NOEXIST::FUNCTION: -FIPS_corrupt_aes 3273 NOEXIST::FUNCTION: -FIPS_selftest_sha1 3274 NOEXIST::FUNCTION: -FIPS_selftest_rsa 3275 NOEXIST::FUNCTION: -FIPS_corrupt_sha1 3276 NOEXIST::FUNCTION: +ERR_load_FIPS_strings 3272 EXIST:OPENSSL_FIPS:FUNCTION: +FIPS_corrupt_aes 3273 EXIST:OPENSSL_FIPS:FUNCTION: +FIPS_selftest_sha1 3274 EXIST:OPENSSL_FIPS:FUNCTION: +FIPS_selftest_rsa 3275 EXIST:OPENSSL_FIPS:FUNCTION: +FIPS_corrupt_sha1 3276 EXIST:OPENSSL_FIPS:FUNCTION: EVP_des_cfb1 3277 EXIST::FUNCTION:DES FIPS_dsa_check 3278 NOEXIST::FUNCTION: AES_cfb1_encrypt 3279 EXIST::FUNCTION:AES EVP_des_ede3_cfb1 3280 EXIST::FUNCTION:DES -FIPS_rand_check 3281 NOEXIST::FUNCTION: +FIPS_rand_check 3281 EXIST:OPENSSL_FIPS:FUNCTION: FIPS_md5_allowed 3282 NOEXIST::FUNCTION: -FIPS_mode 3283 NOEXIST::FUNCTION: -FIPS_selftest_failed 3284 NOEXIST::FUNCTION: +FIPS_mode 3283 EXIST:OPENSSL_FIPS:FUNCTION: +FIPS_selftest_failed 3284 EXIST:OPENSSL_FIPS:FUNCTION: sk_is_sorted 3285 EXIST::FUNCTION: X509_check_ca 3286 EXIST::FUNCTION: -private_idea_set_encrypt_key 3287 NOEXIST::FUNCTION: +private_idea_set_encrypt_key 3287 EXIST:OPENSSL_FIPS:FUNCTION:IDEA HMAC_CTX_set_flags 3288 EXIST::FUNCTION:HMAC -private_SHA_Init 3289 NOEXIST::FUNCTION: -private_CAST_set_key 3290 NOEXIST::FUNCTION: -private_RIPEMD160_Init 3291 NOEXIST::FUNCTION: -private_RC5_32_set_key 3292 NOEXIST::FUNCTION: -private_MD5_Init 3293 NOEXIST::FUNCTION: -private_RC4_set_key 3294 NOEXIST::FUNCTION: -private_MDC2_Init 3295 NOEXIST::FUNCTION: -private_RC2_set_key 3296 NOEXIST::FUNCTION: -private_MD4_Init 3297 NOEXIST::FUNCTION: -private_BF_set_key 3298 NOEXIST::FUNCTION: -private_MD2_Init 3299 NOEXIST::FUNCTION: +private_SHA_Init 3289 EXIST:OPENSSL_FIPS:FUNCTION:SHA,SHA0 +private_CAST_set_key 3290 EXIST:OPENSSL_FIPS:FUNCTION:CAST +private_RIPEMD160_Init 3291 EXIST:OPENSSL_FIPS:FUNCTION:RIPEMD +private_RC5_32_set_key 3292 EXIST:OPENSSL_FIPS:FUNCTION:RC5 +private_MD5_Init 3293 EXIST:OPENSSL_FIPS:FUNCTION:MD5 +private_RC4_set_key 3294 EXIST:OPENSSL_FIPS:FUNCTION:RC4 +private_MDC2_Init 3295 EXIST:OPENSSL_FIPS:FUNCTION:MDC2 +private_RC2_set_key 3296 EXIST:OPENSSL_FIPS:FUNCTION:RC2 +private_MD4_Init 3297 EXIST:OPENSSL_FIPS:FUNCTION:MD4 +private_BF_set_key 3298 EXIST:OPENSSL_FIPS:FUNCTION:BF +private_MD2_Init 3299 EXIST:OPENSSL_FIPS:FUNCTION:MD2 d2i_PROXY_CERT_INFO_EXTENSION 3300 EXIST::FUNCTION: PROXY_POLICY_it 3301 EXIST:!EXPORT_VAR_AS_FUNCTION:VARIABLE: PROXY_POLICY_it 3301 EXIST:EXPORT_VAR_AS_FUNCTION:FUNCTION: @@ -2868,13 +2868,13 @@ PROXY_CERT_INFO_EXTENSION_it 3307 EXIST:EXPORT_VAR_AS_FUNCTION:FUNCTI PROXY_POLICY_free 3308 EXIST::FUNCTION: PROXY_POLICY_new 3309 EXIST::FUNCTION: BN_MONT_CTX_set_locked 3310 EXIST::FUNCTION: -FIPS_selftest_rng 3311 NOEXIST::FUNCTION: +FIPS_selftest_rng 3311 EXIST:OPENSSL_FIPS:FUNCTION: EVP_sha384 3312 EXIST::FUNCTION:SHA,SHA512 EVP_sha512 3313 EXIST::FUNCTION:SHA,SHA512 EVP_sha224 3314 EXIST::FUNCTION:SHA,SHA256 EVP_sha256 3315 EXIST::FUNCTION:SHA,SHA256 -FIPS_selftest_hmac 3316 NOEXIST::FUNCTION: -FIPS_corrupt_rng 3317 NOEXIST::FUNCTION: +FIPS_selftest_hmac 3316 EXIST:OPENSSL_FIPS:FUNCTION: +FIPS_corrupt_rng 3317 EXIST:OPENSSL_FIPS:FUNCTION: BN_mod_exp_mont_consttime 3318 EXIST::FUNCTION: RSA_X931_hash_id 3319 EXIST::FUNCTION:RSA RSA_padding_check_X931 3320 EXIST::FUNCTION:RSA @@ -2882,7 +2882,7 @@ RSA_verify_PKCS1_PSS 3321 EXIST::FUNCTION:RSA RSA_padding_add_X931 3322 EXIST::FUNCTION:RSA RSA_padding_add_PKCS1_PSS 3323 EXIST::FUNCTION:RSA PKCS1_MGF1 3324 EXIST::FUNCTION:RSA -BN_X931_generate_Xpq 3325 NOEXIST::FUNCTION: +BN_X931_generate_Xpq 3325 EXIST::FUNCTION: RSA_X931_generate_key 3326 NOEXIST::FUNCTION: BN_X931_derive_prime 3327 NOEXIST::FUNCTION: BN_X931_generate_prime 3328 NOEXIST::FUNCTION: @@ -3652,51 +3652,75 @@ CMS_set1_eContentType 4040 EXIST::FUNCTION:CMS CMS_ReceiptRequest_create0 4041 EXIST::FUNCTION:CMS CMS_add1_signer 4042 EXIST::FUNCTION:CMS CMS_RecipientInfo_set0_pkey 4043 EXIST::FUNCTION:CMS -ENGINE_set_load_ssl_client_cert_function 4044 EXIST::FUNCTION:ENGINE -ENGINE_get_ssl_client_cert_function 4045 EXIST::FUNCTION:ENGINE +ENGINE_set_load_ssl_client_cert_function 4044 EXIST:!VMS:FUNCTION:ENGINE +ENGINE_set_ld_ssl_clnt_cert_fn 4044 EXIST:VMS:FUNCTION:ENGINE +ENGINE_get_ssl_client_cert_function 4045 EXIST:!VMS:FUNCTION:ENGINE +ENGINE_get_ssl_client_cert_fn 4045 EXIST:VMS:FUNCTION:ENGINE ENGINE_load_ssl_client_cert 4046 EXIST::FUNCTION:ENGINE ENGINE_load_capi 4047 EXIST::FUNCTION:CAPIENG,ENGINE OPENSSL_isservice 4048 EXIST::FUNCTION: -FIPS_dsa_sig_decode 4049 NOEXIST::FUNCTION: -EVP_CIPHER_CTX_clear_flags 4050 NOEXIST::FUNCTION: -FIPS_rand_status 4051 NOEXIST::FUNCTION: -FIPS_rand_set_key 4052 NOEXIST::FUNCTION: -CRYPTO_set_mem_info_functions 4053 NOEXIST::FUNCTION: -RSA_X931_generate_key_ex 4054 NOEXIST::FUNCTION: -int_ERR_set_state_func 4055 NOEXIST::FUNCTION: -int_EVP_MD_set_engine_callbacks 4056 NOEXIST::FUNCTION: -int_CRYPTO_set_do_dynlock_callback 4057 NOEXIST::FUNCTION: -FIPS_rng_stick 4058 NOEXIST::FUNCTION: -EVP_CIPHER_CTX_set_flags 4059 NOEXIST::FUNCTION: -BN_X931_generate_prime_ex 4060 NOEXIST::FUNCTION: -FIPS_selftest_check 4061 NOEXIST::FUNCTION: -FIPS_rand_set_dt 4062 NOEXIST::FUNCTION: -CRYPTO_dbg_pop_info 4063 NOEXIST::FUNCTION: -FIPS_dsa_free 4064 NOEXIST::FUNCTION: -RSA_X931_derive_ex 4065 NOEXIST::FUNCTION: -FIPS_rsa_new 4066 NOEXIST::FUNCTION: -FIPS_rand_bytes 4067 NOEXIST::FUNCTION: -fips_cipher_test 4068 NOEXIST::FUNCTION: -EVP_CIPHER_CTX_test_flags 4069 NOEXIST::FUNCTION: -CRYPTO_malloc_debug_init 4070 NOEXIST::FUNCTION: -CRYPTO_dbg_push_info 4071 NOEXIST::FUNCTION: -FIPS_corrupt_rsa_keygen 4072 NOEXIST::FUNCTION: -FIPS_dh_new 4073 NOEXIST::FUNCTION: -FIPS_corrupt_dsa_keygen 4074 NOEXIST::FUNCTION: -FIPS_dh_free 4075 NOEXIST::FUNCTION: -fips_pkey_signature_test 4076 NOEXIST::FUNCTION: -EVP_add_alg_module 4077 NOEXIST::FUNCTION: -int_RAND_init_engine_callbacks 4078 NOEXIST::FUNCTION: -int_EVP_CIPHER_set_engine_callbacks 4079 NOEXIST::FUNCTION: -int_EVP_MD_init_engine_callbacks 4080 NOEXIST::FUNCTION: -FIPS_rand_test_mode 4081 NOEXIST::FUNCTION: -FIPS_rand_reset 4082 NOEXIST::FUNCTION: -FIPS_dsa_new 4083 NOEXIST::FUNCTION: -int_RAND_set_callbacks 4084 NOEXIST::FUNCTION: -BN_X931_derive_prime_ex 4085 NOEXIST::FUNCTION: -int_ERR_lib_init 4086 NOEXIST::FUNCTION: -int_EVP_CIPHER_init_engine_callbacks 4087 NOEXIST::FUNCTION: -FIPS_rsa_free 4088 NOEXIST::FUNCTION: -FIPS_dsa_sig_encode 4089 NOEXIST::FUNCTION: -CRYPTO_dbg_remove_all_info 4090 NOEXIST::FUNCTION: -OPENSSL_init 4091 NOEXIST::FUNCTION: +FIPS_dsa_sig_decode 4049 EXIST:OPENSSL_FIPS:FUNCTION:DSA +EVP_CIPHER_CTX_clear_flags 4050 EXIST::FUNCTION: +FIPS_rand_status 4051 EXIST:OPENSSL_FIPS:FUNCTION: +FIPS_rand_set_key 4052 EXIST:OPENSSL_FIPS:FUNCTION: +CRYPTO_set_mem_info_functions 4053 EXIST::FUNCTION: +RSA_X931_generate_key_ex 4054 EXIST::FUNCTION:RSA +int_ERR_set_state_func 4055 EXIST:OPENSSL_FIPS:FUNCTION: +int_EVP_MD_set_engine_callbacks 4056 EXIST:OPENSSL_FIPS:FUNCTION:ENGINE +int_CRYPTO_set_do_dynlock_callback 4057 EXIST::FUNCTION: +FIPS_rng_stick 4058 EXIST:OPENSSL_FIPS:FUNCTION: +EVP_CIPHER_CTX_set_flags 4059 EXIST::FUNCTION: +BN_X931_generate_prime_ex 4060 EXIST::FUNCTION: +FIPS_selftest_check 4061 EXIST:OPENSSL_FIPS:FUNCTION: +FIPS_rand_set_dt 4062 EXIST:OPENSSL_FIPS:FUNCTION: +CRYPTO_dbg_pop_info 4063 EXIST::FUNCTION: +FIPS_dsa_free 4064 EXIST:OPENSSL_FIPS:FUNCTION:DSA +RSA_X931_derive_ex 4065 EXIST::FUNCTION:RSA +FIPS_rsa_new 4066 EXIST:OPENSSL_FIPS:FUNCTION:RSA +FIPS_rand_bytes 4067 EXIST:OPENSSL_FIPS:FUNCTION: +fips_cipher_test 4068 EXIST:OPENSSL_FIPS:FUNCTION: +EVP_CIPHER_CTX_test_flags 4069 EXIST::FUNCTION: +CRYPTO_malloc_debug_init 4070 EXIST::FUNCTION: +CRYPTO_dbg_push_info 4071 EXIST::FUNCTION: +FIPS_corrupt_rsa_keygen 4072 EXIST:OPENSSL_FIPS:FUNCTION: +FIPS_dh_new 4073 EXIST:OPENSSL_FIPS:FUNCTION:DH +FIPS_corrupt_dsa_keygen 4074 EXIST:OPENSSL_FIPS:FUNCTION: +FIPS_dh_free 4075 EXIST:OPENSSL_FIPS:FUNCTION:DH +fips_pkey_signature_test 4076 EXIST:OPENSSL_FIPS:FUNCTION: +EVP_add_alg_module 4077 EXIST::FUNCTION: +int_RAND_init_engine_callbacks 4078 EXIST:OPENSSL_FIPS:FUNCTION:ENGINE +int_EVP_CIPHER_set_engine_callbacks 4079 EXIST:OPENSSL_FIPS:FUNCTION:ENGINE +int_EVP_MD_init_engine_callbacks 4080 EXIST:OPENSSL_FIPS:FUNCTION:ENGINE +FIPS_rand_test_mode 4081 EXIST:OPENSSL_FIPS:FUNCTION: +FIPS_rand_reset 4082 EXIST:OPENSSL_FIPS:FUNCTION: +FIPS_dsa_new 4083 EXIST:OPENSSL_FIPS:FUNCTION:DSA +int_RAND_set_callbacks 4084 EXIST:OPENSSL_FIPS:FUNCTION:ENGINE +BN_X931_derive_prime_ex 4085 EXIST::FUNCTION: +int_ERR_lib_init 4086 EXIST:OPENSSL_FIPS:FUNCTION: +int_EVP_CIPHER_init_engine_callbacks 4087 EXIST:OPENSSL_FIPS:FUNCTION:ENGINE +FIPS_rsa_free 4088 EXIST:OPENSSL_FIPS:FUNCTION:RSA +FIPS_dsa_sig_encode 4089 EXIST:OPENSSL_FIPS:FUNCTION:DSA +CRYPTO_dbg_remove_all_info 4090 EXIST::FUNCTION: +OPENSSL_init 4091 EXIST::FUNCTION: +private_Camellia_set_key 4092 EXIST:OPENSSL_FIPS:FUNCTION:CAMELLIA +CRYPTO_strdup 4093 EXIST::FUNCTION: +JPAKE_STEP3A_process 4094 EXIST::FUNCTION:JPAKE +JPAKE_STEP1_release 4095 EXIST::FUNCTION:JPAKE +JPAKE_get_shared_key 4096 EXIST::FUNCTION:JPAKE +JPAKE_STEP3B_init 4097 EXIST::FUNCTION:JPAKE +JPAKE_STEP1_generate 4098 EXIST::FUNCTION:JPAKE +JPAKE_STEP1_init 4099 EXIST::FUNCTION:JPAKE +JPAKE_STEP3B_process 4100 EXIST::FUNCTION:JPAKE +JPAKE_STEP2_generate 4101 EXIST::FUNCTION:JPAKE +JPAKE_CTX_new 4102 EXIST::FUNCTION:JPAKE +JPAKE_CTX_free 4103 EXIST::FUNCTION:JPAKE +JPAKE_STEP3B_release 4104 EXIST::FUNCTION:JPAKE +JPAKE_STEP3A_release 4105 EXIST::FUNCTION:JPAKE +JPAKE_STEP2_process 4106 EXIST::FUNCTION:JPAKE +JPAKE_STEP3B_generate 4107 EXIST::FUNCTION:JPAKE +JPAKE_STEP1_process 4108 EXIST::FUNCTION:JPAKE +JPAKE_STEP3A_generate 4109 EXIST::FUNCTION:JPAKE +JPAKE_STEP2_release 4110 EXIST::FUNCTION:JPAKE +JPAKE_STEP3A_init 4111 EXIST::FUNCTION:JPAKE +ERR_load_JPAKE_strings 4112 EXIST::FUNCTION:JPAKE +JPAKE_STEP2_init 4113 EXIST::FUNCTION:JPAKE diff --git a/lib/libcrypto/util/mk1mf.pl b/lib/libcrypto/util/mk1mf.pl index 7ba804ce33a..4c16f1dc9ee 100644 --- a/lib/libcrypto/util/mk1mf.pl +++ b/lib/libcrypto/util/mk1mf.pl @@ -15,6 +15,18 @@ my $engines = ""; local $zlib_opt = 0; # 0 = no zlib, 1 = static, 2 = dynamic local $zlib_lib = ""; +local $fips_canister_path = ""; +my $fips_premain_dso_exe_path = ""; +my $fips_premain_c_path = ""; +my $fips_sha1_exe_path = ""; + +local $fipscanisterbuild = 0; +local $fipsdso = 0; + +my $fipslibdir = ""; +my $baseaddr = ""; + +my $ex_l_libs = ""; open(IN,"<Makefile") || die "unable to open Makefile!\n"; while(<IN>) { @@ -221,6 +233,7 @@ $cflags.=" -DOPENSSL_NO_SSL2" if $no_ssl2; $cflags.=" -DOPENSSL_NO_SSL3" if $no_ssl3; $cflags.=" -DOPENSSL_NO_TLSEXT" if $no_tlsext; $cflags.=" -DOPENSSL_NO_CMS" if $no_cms; +$cflags.=" -DOPENSSL_NO_JPAKE" if $no_jpake; $cflags.=" -DOPENSSL_NO_CAPIENG" if $no_capieng; $cflags.=" -DOPENSSL_NO_ERR" if $no_err; $cflags.=" -DOPENSSL_NO_KRB5" if $no_krb5; @@ -229,7 +242,7 @@ $cflags.=" -DOPENSSL_NO_ECDSA" if $no_ecdsa; $cflags.=" -DOPENSSL_NO_ECDH" if $no_ecdh; $cflags.=" -DOPENSSL_NO_ENGINE" if $no_engine; $cflags.=" -DOPENSSL_NO_HW" if $no_hw; - +$cflags.=" -DOPENSSL_FIPS" if $fips; $cflags.= " -DZLIB" if $zlib_opt; $cflags.= " -DZLIB_SHARED" if $zlib_opt == 2; @@ -251,9 +264,9 @@ else $ex_libs="$l_flags$ex_libs" if ($l_flags ne ""); - %shlib_ex_cflags=("SSL" => " -DOPENSSL_BUILD_SHLIBSSL", - "CRYPTO" => " -DOPENSSL_BUILD_SHLIBCRYPTO"); + "CRYPTO" => " -DOPENSSL_BUILD_SHLIBCRYPTO", + "FIPS" => " -DOPENSSL_BUILD_SHLIBCRYPTO"); if ($msdos) { @@ -281,11 +294,21 @@ for (;;) { if ($lib ne "") { - $uc=$lib; - $uc =~ s/^lib(.*)\.a/$1/; - $uc =~ tr/a-z/A-Z/; - $lib_nam{$uc}=$uc; - $lib_obj{$uc}.=$libobj." "; + if ($fips && $dir =~ /^fips/) + { + $uc = "FIPS"; + } + else + { + $uc=$lib; + $uc =~ s/^lib(.*)\.a/$1/; + $uc =~ tr/a-z/A-Z/; + } + if (($uc ne "FIPS") || $fipscanisterbuild) + { + $lib_nam{$uc}=$uc; + $lib_obj{$uc}.=$libobj." "; + } } last if ($val eq "FINISHED"); $lib=""; @@ -328,11 +351,130 @@ for (;;) if ($key eq "LIBNAMES" && $dir eq "engines" && $no_static_engine) { $engines.=$val } + if ($key eq "FIPS_EX_OBJ") + { + $fips_ex_obj=&var_add("crypto",$val,0); + } + + if ($key eq "FIPSLIBDIR") + { + $fipslibdir=$val; + $fipslibdir =~ s/\/$//; + $fipslibdir =~ s/\//$o/g; + } + + if ($key eq "BASEADDR") + { $baseaddr=$val;} + if (!($_=<IN>)) { $_="RELATIVE_DIRECTORY=FINISHED\n"; } } close(IN); +if ($fips) + { + + foreach (split " ", $fips_ex_obj) + { + $fips_exclude_obj{$1} = 1 if (/\/([^\/]*)$/); + } + + $fips_exclude_obj{"cpu_win32"} = 1; + $fips_exclude_obj{"bn_asm"} = 1; + $fips_exclude_obj{"des_enc"} = 1; + $fips_exclude_obj{"fcrypt_b"} = 1; + $fips_exclude_obj{"aes_core"} = 1; + $fips_exclude_obj{"aes_cbc"} = 1; + + my @ltmp = split " ", $lib_obj{"CRYPTO"}; + + + $lib_obj{"CRYPTO"} = ""; + + foreach(@ltmp) + { + if (/\/([^\/]*)$/ && exists $fips_exclude_obj{$1}) + { + if ($fipscanisterbuild) + { + $lib_obj{"FIPS"} .= "$_ "; + } + } + else + { + $lib_obj{"CRYPTO"} .= "$_ "; + } + } + + } + +if ($fipscanisterbuild) + { + $fips_canister_path = "\$(LIB_D)${o}fipscanister.lib" if $fips_canister_path eq ""; + $fips_premain_c_path = "\$(LIB_D)${o}fips_premain.c"; + } +else + { + if ($fips_canister_path eq "") + { + $fips_canister_path = "\$(FIPSLIB_D)${o}fipscanister.lib"; + } + + if ($fips_premain_c_path eq "") + { + $fips_premain_c_path = "\$(FIPSLIB_D)${o}fips_premain.c"; + } + } + +if ($fips) + { + if ($fips_sha1_exe_path eq "") + { + $fips_sha1_exe_path = + "\$(BIN_D)${o}fips_standalone_sha1$exep"; + } + } + else + { + $fips_sha1_exe_path = ""; + } + +if ($fips_premain_dso_exe_path eq "") + { + $fips_premain_dso_exe_path = "\$(BIN_D)${o}fips_premain_dso$exep"; + } + +# $ex_build_targets .= "\$(BIN_D)${o}\$(E_PREMAIN_DSO)$exep" if ($fips); + +#$ex_l_libs .= " \$(L_FIPS)" if $fipsdso; + +if ($fips) + { + if (!$shlib) + { + $ex_build_targets .= " \$(LIB_D)$o$crypto_compat \$(PREMAIN_DSO_EXE)"; + $ex_l_libs .= " \$(O_FIPSCANISTER)"; + $ex_libs_dep .= " \$(O_FIPSCANISTER)" if $fipscanisterbuild; + } + if ($fipscanisterbuild) + { + $fipslibdir = "\$(LIB_D)"; + } + else + { + if ($fipslibdir eq "") + { + open (IN, "util/fipslib_path.txt") || fipslib_error(); + $fipslibdir = <IN>; + chomp $fipslibdir; + close IN; + } + fips_check_files($fipslibdir, + "fipscanister.lib", "fipscanister.lib.sha1", + "fips_premain.c", "fips_premain.c.sha1"); + } + } + if ($shlib) { $extra_install= <<"EOF"; @@ -398,6 +540,7 @@ SRC_D=$src_dir LINK=$link LFLAGS=$lflags RSC=$rsc +FIPSLINK=\$(PERL) util${o}fipslink.pl AES_ASM_OBJ=$aes_asm_obj AES_ASM_SRC=$aes_asm_src @@ -441,6 +584,17 @@ MKLIB=$bin_dir$mklib MLFLAGS=$mlflags ASM=$bin_dir$asm +# FIPS validated module and support file locations + +E_PREMAIN_DSO=fips_premain_dso + +FIPSLIB_D=$fipslibdir +BASEADDR=$baseaddr +FIPS_PREMAIN_SRC=$fips_premain_c_path +O_FIPSCANISTER=$fips_canister_path +FIPS_SHA1_EXE=$fips_sha1_exe_path +PREMAIN_DSO_EXE=$fips_premain_dso_exe_path + ###################################################### # You should not need to touch anything below this point ###################################################### @@ -448,6 +602,7 @@ ASM=$bin_dir$asm E_EXE=openssl SSL=$ssl CRYPTO=$crypto +LIBFIPS=libosslfips # BIN_D - Binary output directory # TEST_D - Binary test file output directory @@ -468,12 +623,14 @@ INCL_D=\$(TMP_D) O_SSL= \$(LIB_D)$o$plib\$(SSL)$shlibp O_CRYPTO= \$(LIB_D)$o$plib\$(CRYPTO)$shlibp +O_FIPS= \$(LIB_D)$o$plib\$(LIBFIPS)$shlibp SO_SSL= $plib\$(SSL)$so_shlibp SO_CRYPTO= $plib\$(CRYPTO)$so_shlibp L_SSL= \$(LIB_D)$o$plib\$(SSL)$libp L_CRYPTO= \$(LIB_D)$o$plib\$(CRYPTO)$libp +L_FIPS= \$(LIB_D)$o$plib\$(LIBFIPS)$libp -L_LIBS= \$(L_SSL) \$(L_CRYPTO) +L_LIBS= \$(L_SSL) \$(L_CRYPTO) $ex_l_libs ###################################################### # Don't touch anything below this point @@ -483,13 +640,13 @@ INC=-I\$(INC_D) -I\$(INCL_D) APP_CFLAGS=\$(INC) \$(CFLAG) \$(APP_CFLAG) LIB_CFLAGS=\$(INC) \$(CFLAG) \$(LIB_CFLAG) SHLIB_CFLAGS=\$(INC) \$(CFLAG) \$(LIB_CFLAG) \$(SHLIB_CFLAG) -LIBS_DEP=\$(O_CRYPTO) \$(O_SSL) +LIBS_DEP=\$(O_CRYPTO) \$(O_SSL) $ex_libs_dep ############################################# EOF $rules=<<"EOF"; -all: banner \$(TMP_D) \$(BIN_D) \$(TEST_D) \$(LIB_D) \$(INCO_D) headers lib exe +all: banner \$(TMP_D) \$(BIN_D) \$(TEST_D) \$(LIB_D) \$(INCO_D) headers \$(FIPS_SHA1_EXE) lib exe $ex_build_targets banner: $banner @@ -604,6 +761,26 @@ $rules.=&do_compile_rule("\$(OBJ_D)",$test,"\$(APP_CFLAGS)"); $defs.=&do_defs("E_OBJ",$e_exe,"\$(OBJ_D)",$obj); $rules.=&do_compile_rule("\$(OBJ_D)",$e_exe,'-DMONOLITH $(APP_CFLAGS)'); +# Special case rules for fips_start and fips_end fips_premain_dso + +if ($fips) + { + if ($fipscanisterbuild) + { + $rules.=&cc_compile_target("\$(OBJ_D)${o}fips_start$obj", + "fips${o}fips_canister.c", + "-DFIPS_START \$(SHLIB_CFLAGS)"); + $rules.=&cc_compile_target("\$(OBJ_D)${o}fips_end$obj", + "fips${o}fips_canister.c", "\$(SHLIB_CFLAGS)"); + } + $rules.=&cc_compile_target("\$(OBJ_D)${o}fips_standalone_sha1$obj", + "fips${o}sha${o}fips_standalone_sha1.c", + "\$(SHLIB_CFLAGS)"); + $rules.=&cc_compile_target("\$(OBJ_D)${o}\$(E_PREMAIN_DSO)$obj", + "fips${o}fips_premain.c", + "-DFINGERPRINT_PREMAIN_DSO_LOAD \$(SHLIB_CFLAGS)"); + } + foreach (values %lib_nam) { $lib_obj=$lib_obj{$_}; @@ -614,27 +791,41 @@ foreach (values %lib_nam) $rules.="\$(O_SSL):\n\n"; next; } - if (($aes_asm_obj ne "") && ($_ eq "CRYPTO")) - { - $lib_obj =~ s/\s(\S*\/aes_core\S*)/ \$(AES_ASM_OBJ)/; - $lib_obj =~ s/\s\S*\/aes_cbc\S*//; - $rules.=&do_asm_rule($aes_asm_obj,$aes_asm_src); - } - if (($bn_asm_obj ne "") && ($_ eq "CRYPTO")) - { - $lib_obj =~ s/\s\S*\/bn_asm\S*/ \$(BN_ASM_OBJ)/; - $rules.=&do_asm_rule($bn_asm_obj,$bn_asm_src); - } - if (($bnco_asm_obj ne "") && ($_ eq "CRYPTO")) - { - $lib_obj .= "\$(BNCO_ASM_OBJ)"; - $rules.=&do_asm_rule($bnco_asm_obj,$bnco_asm_src); - } - if (($des_enc_obj ne "") && ($_ eq "CRYPTO")) + + if ((!$fips && ($_ eq "CRYPTO")) || ($fips && ($_ eq "FIPS"))) { - $lib_obj =~ s/\s\S*des_enc\S*/ \$(DES_ENC_OBJ)/; - $lib_obj =~ s/\s\S*\/fcrypt_b\S*\s*/ /; - $rules.=&do_asm_rule($des_enc_obj,$des_enc_src); + if ($cpuid_asm_obj ne "") + { + $lib_obj =~ s/(\S*\/cryptlib\S*)/$1 \$(CPUID_ASM_OBJ)/; + $rules.=&do_asm_rule($cpuid_asm_obj,$cpuid_asm_src); + } + if ($aes_asm_obj ne "") + { + $lib_obj =~ s/\s(\S*\/aes_core\S*)/ \$(AES_ASM_OBJ)/; + $lib_obj =~ s/\s\S*\/aes_cbc\S*//; + $rules.=&do_asm_rule($aes_asm_obj,$aes_asm_src); + } + if ($sha1_asm_obj ne "") + { + $lib_obj =~ s/\s(\S*\/sha1dgst\S*)/ $1 \$(SHA1_ASM_OBJ)/; + $rules.=&do_asm_rule($sha1_asm_obj,$sha1_asm_src); + } + if ($bn_asm_obj ne "") + { + $lib_obj =~ s/\s\S*\/bn_asm\S*/ \$(BN_ASM_OBJ)/; + $rules.=&do_asm_rule($bn_asm_obj,$bn_asm_src); + } + if ($bnco_asm_obj ne "") + { + $lib_obj .= "\$(BNCO_ASM_OBJ)"; + $rules.=&do_asm_rule($bnco_asm_obj,$bnco_asm_src); + } + if ($des_enc_obj ne "") + { + $lib_obj =~ s/\s\S*des_enc\S*/ \$(DES_ENC_OBJ)/; + $lib_obj =~ s/\s\S*\/fcrypt_b\S*\s*/ /; + $rules.=&do_asm_rule($des_enc_obj,$des_enc_src); + } } if (($bf_enc_obj ne "") && ($_ eq "CRYPTO")) { @@ -661,21 +852,11 @@ foreach (values %lib_nam) $lib_obj =~ s/\s(\S*\/md5_dgst\S*)/ $1 \$(MD5_ASM_OBJ)/; $rules.=&do_asm_rule($md5_asm_obj,$md5_asm_src); } - if (($sha1_asm_obj ne "") && ($_ eq "CRYPTO")) - { - $lib_obj =~ s/\s(\S*\/sha1dgst\S*)/ $1 \$(SHA1_ASM_OBJ)/; - $rules.=&do_asm_rule($sha1_asm_obj,$sha1_asm_src); - } if (($rmd160_asm_obj ne "") && ($_ eq "CRYPTO")) { $lib_obj =~ s/\s(\S*\/rmd_dgst\S*)/ $1 \$(RMD160_ASM_OBJ)/; $rules.=&do_asm_rule($rmd160_asm_obj,$rmd160_asm_src); } - if (($cpuid_asm_obj ne "") && ($_ eq "CRYPTO")) - { - $lib_obj =~ s/\s(\S*\/cversion\S*)/ $1 \$(CPUID_ASM_OBJ)/; - $rules.=&do_asm_rule($cpuid_asm_obj,$cpuid_asm_src); - } $defs.=&do_defs(${_}."OBJ",$lib_obj,"\$(OBJ_D)",$obj); $lib=($slib)?" \$(SHLIB_CFLAGS)".$shlib_ex_cflags{$_}:" \$(LIB_CFLAGS)"; $rules.=&do_compile_rule("\$(OBJ_D)",$lib_obj{$_},$lib); @@ -690,15 +871,43 @@ if (($platform eq "VC-WIN32") || ($platform eq "VC-NT")) { \$(OBJ_D)\\\$(SSL).res: ms\\version32.rc \$(RSC) /fo"\$(OBJ_D)\\\$(SSL).res" /d SSL ms\\version32.rc +\$(OBJ_D)\\\$(LIBFIPS).res: ms\\version32.rc + \$(RSC) /fo"\$(OBJ_D)\\\$(LIBFIPS).res" /d FIPS ms\\version32.rc + EOF } $defs.=&do_defs("T_EXE",$test,"\$(TEST_D)",$exep); foreach (split(/\s+/,$test)) { + my $t_libs; $t=&bname($_); + my $ltype; + # Check to see if test program is FIPS + if ($fips && /fips/) + { + # If fipsdso link to libosslfips.dll + # otherwise perform static link to + # $(O_FIPSCANISTER) + if ($fipsdso) + { + $t_libs = "\$(L_FIPS)"; + $ltype = 0; + } + else + { + $t_libs = "\$(O_FIPSCANISTER)"; + $ltype = 2; + } + } + else + { + $t_libs = "\$(L_LIBS)"; + $ltype = 0; + } + $tt="\$(OBJ_D)${o}$t${obj}"; - $rules.=&do_link_rule("\$(TEST_D)$o$t$exep",$tt,"\$(LIBS_DEP)","\$(L_LIBS) \$(EX_LIBS)"); + $rules.=&do_link_rule("\$(TEST_D)$o$t$exep",$tt,"\$(LIBS_DEP)","$t_libs \$(EX_LIBS)", $ltype); } $defs.=&do_defs("E_SHLIB",$engines,"\$(ENG_D)",$shlibp); @@ -712,9 +921,69 @@ foreach (split(/\s+/,$engines)) $rules.= &do_lib_rule("\$(SSLOBJ)","\$(O_SSL)",$ssl,$shlib,"\$(SO_SSL)"); -$rules.= &do_lib_rule("\$(CRYPTOOBJ)","\$(O_CRYPTO)",$crypto,$shlib,"\$(SO_CRYPTO)"); -$rules.=&do_link_rule("\$(BIN_D)$o\$(E_EXE)$exep","\$(E_OBJ)","\$(LIBS_DEP)","\$(L_LIBS) \$(EX_LIBS)"); +if ($fips) + { + if ($shlib) + { + if ($fipsdso) + { + $rules.= &do_lib_rule("\$(CRYPTOOBJ)", + "\$(O_CRYPTO)", "$crypto", + $shlib, "", ""); + $rules.= &do_lib_rule( + "\$(O_FIPSCANISTER)", + "\$(O_FIPS)", "\$(LIBFIPS)", + $shlib, "\$(SO_CRYPTO)", "\$(BASEADDR)"); + $rules.= &do_sdef_rule(); + } + else + { + $rules.= &do_lib_rule( + "\$(CRYPTOOBJ) \$(O_FIPSCANISTER)", + "\$(O_CRYPTO)", "$crypto", + $shlib, "\$(SO_CRYPTO)", "\$(BASEADDR)"); + } + } + else + { + $rules.= &do_lib_rule("\$(CRYPTOOBJ)", + "\$(O_CRYPTO)",$crypto,$shlib,"\$(SO_CRYPTO)", ""); + $rules.= &do_lib_rule("\$(CRYPTOOBJ) \$(FIPSOBJ)", + "\$(LIB_D)$o$crypto_compat",$crypto,$shlib,"\$(SO_CRYPTO)", ""); + } + } + else + { + $rules.= &do_lib_rule("\$(CRYPTOOBJ)","\$(O_CRYPTO)",$crypto,$shlib, + "\$(SO_CRYPTO)"); + } + +if ($fips) + { + if ($fipscanisterbuild) + { + $rules.= &do_rlink_rule("\$(O_FIPSCANISTER)", + "\$(OBJ_D)${o}fips_start$obj", + "\$(FIPSOBJ)", + "\$(OBJ_D)${o}fips_end$obj", + "\$(FIPS_SHA1_EXE)", ""); + $rules.=&do_link_rule("\$(FIPS_SHA1_EXE)", + "\$(OBJ_D)${o}fips_standalone_sha1$obj \$(OBJ_D)${o}sha1dgst$obj \$(SHA1_ASM_OBJ)", + "","\$(EX_LIBS)", 1); + } + else + { + $rules.=&do_link_rule("\$(FIPS_SHA1_EXE)", + "\$(OBJ_D)${o}fips_standalone_sha1$obj \$(O_FIPSCANISTER)", + "","", 1); + + } + $rules.=&do_link_rule("\$(PREMAIN_DSO_EXE)","\$(OBJ_D)${o}\$(E_PREMAIN_DSO)$obj \$(CRYPTOOBJ) \$(O_FIPSCANISTER)","","\$(EX_LIBS)", 1); + + } + +$rules.=&do_link_rule("\$(BIN_D)$o\$(E_EXE)$exep","\$(E_OBJ)","\$(LIBS_DEP)","\$(L_LIBS) \$(EX_LIBS)", ($fips && !$shlib) ? 2 : 0); print $defs; @@ -752,6 +1021,8 @@ sub var_add return("") if $no_dh && $dir =~ /\/dh/; return("") if $no_ec && $dir =~ /\/ec/; return("") if $no_cms && $dir =~ /\/cms/; + return("") if $no_jpake && $dir =~ /\/jpake/; + return("") if !$fips && $dir =~ /^fips/; if ($no_des && $dir =~ /\/des/) { if ($val =~ /read_pwd/) @@ -1011,6 +1282,7 @@ sub read_options "no-hmac" => \$no_hmac, "no-asm" => \$no_asm, "nasm" => \$nasm, + "ml64" => \$ml64, "nw-nasm" => \$nw_nasm, "nw-mwasm" => \$nw_mwasm, "gaswin" => \$gaswin, @@ -1018,6 +1290,7 @@ sub read_options "no-ssl3" => \$no_ssl3, "no-tlsext" => \$no_tlsext, "no-cms" => \$no_cms, + "no-jpake" => \$no_jpake, "no-capieng" => \$no_capieng, "no-err" => \$no_err, "no-sock" => \$no_sock, @@ -1045,6 +1318,9 @@ sub read_options "no-shared" => 0, "no-zlib" => 0, "no-zlib-dynamic" => 0, + "fips" => \$fips, + "fipscanisterbuild" => [\$fips, \$fipscanisterbuild], + "fipsdso" => [\$fips, \$fipscanisterbuild, \$fipsdso], ); if (exists $valid_options{$_}) @@ -1086,6 +1362,18 @@ sub read_options {return 1;} return 0; } + # experimental-xxx is mostly like enable-xxx, but opensslconf.v + # will still set OPENSSL_NO_xxx unless we set OPENSSL_EXPERIMENTAL_xxx. + # (No need to fail if we don't know the algorithm -- this is for adventurous users only.) + elsif (/^experimental-/) + { + my $algo, $ALGO; + ($algo = $_) =~ s/^experimental-//; + ($ALGO = $algo) =~ tr/[a-z]/[A-Z]/; + + $xcflags="-DOPENSSL_EXPERIMENTAL_$ALGO $xcflags"; + + } elsif (/^--with-krb5-flavor=(.*)$/) { my $krb5_flavor = $1; @@ -1109,3 +1397,31 @@ sub read_options else { return(0); } return(1); } + +sub fipslib_error + { + print STDERR "***FIPS module directory sanity check failed***\n"; + print STDERR "FIPS module build failed, or was deleted\n"; + print STDERR "Please rebuild FIPS module.\n"; + exit 1; + } + +sub fips_check_files + { + my $dir = shift @_; + my $ret = 1; + if (!-d $dir) + { + print STDERR "FIPS module directory $dir does not exist\n"; + fipslib_error(); + } + foreach (@_) + { + if (!-f "$dir${o}$_") + { + print STDERR "FIPS module file $_ does not exist!\n"; + $ret = 0; + } + } + fipslib_error() if ($ret == 0); + } diff --git a/lib/libcrypto/util/mkdef.pl b/lib/libcrypto/util/mkdef.pl index 8ecfde1848a..5ae9ebb6191 100644 --- a/lib/libcrypto/util/mkdef.pl +++ b/lib/libcrypto/util/mkdef.pl @@ -79,7 +79,7 @@ my $OS2=0; my $safe_stack_def = 0; my @known_platforms = ( "__FreeBSD__", "PERL5", "NeXT", - "EXPORT_VAR_AS_FUNCTION", "ZLIB" ); + "EXPORT_VAR_AS_FUNCTION", "ZLIB", "OPENSSL_FIPS"); my @known_ossl_platforms = ( "VMS", "WIN16", "WIN32", "WINNT", "OS2" ); my @known_algorithms = ( "RC2", "RC4", "RC5", "IDEA", "DES", "BF", "CAST", "MD2", "MD4", "MD5", "SHA", "SHA0", "SHA1", @@ -102,6 +102,8 @@ my @known_algorithms = ( "RC2", "RC4", "RC5", "IDEA", "DES", "BF", "CMS", # CryptoAPI Engine "CAPIENG", + # JPAKE + "JPAKE", # Deprecated functions "DEPRECATED" ); @@ -122,7 +124,8 @@ my $no_rsa; my $no_dsa; my $no_dh; my $no_hmac=0; my $no_aes; my $no_krb5; my $no_ec; my $no_ecdsa; my $no_ecdh; my $no_engine; my $no_hw; my $no_camellia; my $no_seed; my $no_fp_api; my $no_static_engine; my $no_gmp; my $no_deprecated; -my $no_rfc3779; my $no_tlsext; my $no_cms; my $no_capieng; +my $no_rfc3779; my $no_tlsext; my $no_cms; my $no_capieng; my $no_jpake; +my $fips; foreach (@ARGV, split(/ /, $options)) @@ -144,12 +147,13 @@ foreach (@ARGV, split(/ /, $options)) } $VMS=1 if $_ eq "VMS"; $OS2=1 if $_ eq "OS2"; + $fips=1 if /^fips/; + if ($_ eq "zlib" || $_ eq "zlib-dynamic" - || $_ eq "enable-zlib-dynamic") { - $zlib = 1; + || $_ eq "enable-zlib-dynamic") { + $zlib = 1; } - $do_ssl=1 if $_ eq "ssleay"; if ($_ eq "ssl") { $do_ssl=1; @@ -209,6 +213,7 @@ foreach (@ARGV, split(/ /, $options)) elsif (/^no-tlsext$/) { $no_tlsext=1; } elsif (/^no-cms$/) { $no_cms=1; } elsif (/^no-capieng$/) { $no_capieng=1; } + elsif (/^no-jpake$/) { $no_jpake=1; } } @@ -305,6 +310,8 @@ $crypto.=" crypto/tmdiff.h"; $crypto.=" crypto/store/store.h"; $crypto.=" crypto/pqueue/pqueue.h"; $crypto.=" crypto/cms/cms.h"; +$crypto.=" crypto/jpake/jpake.h"; +$crypto.=" fips/fips.h fips/rand/fips_rand.h"; my $symhacks="crypto/symhacks.h"; @@ -1090,6 +1097,9 @@ sub is_valid if ($keyword eq "EXPORT_VAR_AS_FUNCTION" && ($VMSVAX || $W32 || $W16)) { return 1; } + if ($keyword eq "OPENSSL_FIPS" && $fips) { + return 1; + } if ($keyword eq "ZLIB" && $zlib) { return 1; } return 0; } else { @@ -1135,6 +1145,7 @@ sub is_valid if ($keyword eq "TLSEXT" && $no_tlsext) { return 0; } if ($keyword eq "CMS" && $no_cms) { return 0; } if ($keyword eq "CAPIENG" && $no_capieng) { return 0; } + if ($keyword eq "JPAKE" && $no_jpake) { return 0; } if ($keyword eq "DEPRECATED" && $no_deprecated) { return 0; } # Nothing recognise as true diff --git a/lib/libcrypto/util/mkerr.pl b/lib/libcrypto/util/mkerr.pl index 53e14ab4df9..554bebb1590 100644 --- a/lib/libcrypto/util/mkerr.pl +++ b/lib/libcrypto/util/mkerr.pl @@ -44,7 +44,8 @@ while (@ARGV) { } if($recurse) { - @source = (<crypto/*.c>, <crypto/*/*.c>, <ssl/*.c>); + @source = ( <crypto/*.c>, <crypto/*/*.c>, <ssl/*.c>, + <fips/*.c>, <fips/*/*.c>); } else { @source = @ARGV; } diff --git a/lib/libcrypto/util/mkfiles.pl b/lib/libcrypto/util/mkfiles.pl index 1282392feae..67fb8694c88 100644 --- a/lib/libcrypto/util/mkfiles.pl +++ b/lib/libcrypto/util/mkfiles.pl @@ -47,6 +47,7 @@ my @dirs = ( "crypto/x509", "crypto/x509v3", "crypto/conf", +"crypto/jpake", "crypto/txt_db", "crypto/pkcs7", "crypto/pkcs12", @@ -58,6 +59,15 @@ my @dirs = ( "crypto/store", "crypto/pqueue", "crypto/cms", +"fips", +"fips/aes", +"fips/des", +"fips/dsa", +"fips/dh", +"fips/hmac", +"fips/rand", +"fips/rsa", +"fips/sha", "ssl", "apps", "engines", diff --git a/lib/libcrypto/util/mklink.pl b/lib/libcrypto/util/mklink.pl index d9bc98aab87..eacc3278826 100644 --- a/lib/libcrypto/util/mklink.pl +++ b/lib/libcrypto/util/mklink.pl @@ -15,13 +15,21 @@ # Apart from this, this script should be able to handle even the most # pathological cases. -use Cwd; +my $pwd; +eval 'use Cwd;'; +if ($@) + { + $pwd = `pwd`; + } +else + { + $pwd = getcwd(); + } my $from = shift; my @files = @ARGV; my @from_path = split(/[\\\/]/, $from); -my $pwd = getcwd(); chomp($pwd); my @pwd_path = split(/[\\\/]/, $pwd); diff --git a/lib/libcrypto/util/pl/VC-32.pl b/lib/libcrypto/util/pl/VC-32.pl index 1e254119e6a..166785db8d3 100644 --- a/lib/libcrypto/util/pl/VC-32.pl +++ b/lib/libcrypto/util/pl/VC-32.pl @@ -4,12 +4,26 @@ # $ssl= "ssleay32"; -$crypto="libeay32"; + +if ($fips && !$shlib) + { + $crypto="libeayfips32"; + $crypto_compat = "libeaycompat32.lib"; + } +else + { + $crypto="libeay32"; + } + +if ($fipscanisterbuild) + { + $fips_canister_path = "\$(LIB_D)\\fipscanister.lib"; + } $o='\\'; $cp='$(PERL) util/copy.pl'; $mkdir='$(PERL) util/mkdir-p.pl'; -$rm='del'; +$rm='del /Q'; $zlib_lib="zlib1.lib"; @@ -96,7 +110,7 @@ else # Win32 $base_cflags=' /W3 /WX /Gs0 /GF /Gy /nologo -DOPENSSL_SYSNAME_WIN32 -DWIN32_LEAN_AND_MEAN -DL_ENDIAN -DDSO_WIN32'; $base_cflags.=' -D_CRT_SECURE_NO_DEPRECATE'; # shut up VC8 $base_cflags.=' -D_CRT_NONSTDC_NO_DEPRECATE'; # shut up VC8 - my $f = $shlib?' /MD':' /MT'; + my $f = $shlib || $fips ?' /MD':' /MT'; $lib_cflag='/Zl' if (!$shlib); # remove /DEFAULTLIBs from static lib $opt_cflags=$f.' /Ox /O2 /Ob2'; $dbg_cflags=$f.'d /Od -DDEBUG -D_DEBUG'; @@ -165,12 +179,17 @@ if ($nasm) { # pick newest version $asm=($ver gt $vew?"nasm":"nasmw")." -f win32"; $afile='-o '; +} elsif ($ml64) { + $asm='ml64 /c /Cp /Cx'; + $asm.=' /Zi' if $debug; + $afile='/Fo'; } else { $asm='ml /Cp /coff /c /Cx'; $asm.=" /Zi" if $debug; $afile='/Fo'; } +$aes_asm_obj=''; $bn_asm_obj=''; $bn_asm_src=''; $des_enc_obj=''; @@ -179,11 +198,13 @@ $bf_enc_obj=''; $bf_enc_src=''; if (!$no_asm) + { + if ($FLAVOR =~ "WIN32") { $aes_asm_obj='crypto\aes\asm\a_win32.obj'; $aes_asm_src='crypto\aes\asm\a_win32.asm'; - $bn_asm_obj='crypto\bn\asm\bn_win32.obj'; - $bn_asm_src='crypto\bn\asm\bn_win32.asm'; + $bn_asm_obj='crypto\bn\asm\bn_win32.obj crypto\bn\asm\mt_win32.obj'; + $bn_asm_src='crypto\bn\asm\bn_win32.asm crypto\bn\asm\mt_win32.asm'; $bnco_asm_obj='crypto\bn\asm\co_win32.obj'; $bnco_asm_src='crypto\bn\asm\co_win32.asm'; $des_enc_obj='crypto\des\asm\d_win32.obj crypto\des\asm\y_win32.obj'; @@ -204,12 +225,26 @@ if (!$no_asm) $rmd160_asm_src='crypto\ripemd\asm\rm_win32.asm'; $cpuid_asm_obj='crypto\cpu_win32.obj'; $cpuid_asm_src='crypto\cpu_win32.asm'; - $cflags.=" -DOPENSSL_CPUID_OBJ -DOPENSSL_IA32_SSE2 -DAES_ASM -DBN_ASM -DOPENSSL_BN_ASM_PART_WORDS -DMD5_ASM -DSHA1_ASM -DRMD160_ASM"; + $cflags.=" -DOPENSSL_CPUID_OBJ -DOPENSSL_IA32_SSE2 -DAES_ASM -DBN_ASM -DOPENSSL_BN_ASM_PART_WORDS -DOPENSSL_BN_ASM_MONT -DMD5_ASM -DSHA1_ASM -DRMD160_ASM"; } + elsif ($FLAVOR =~ "WIN64A") + { + $aes_asm_obj='$(OBJ_D)\aes-x86_64.obj'; + $aes_asm_src='crypto\aes\asm\aes-x86_64.asm'; + $bn_asm_obj='$(OBJ_D)\x86_64-mont.obj $(OBJ_D)\bn_asm.obj'; + $bn_asm_src='crypto\bn\asm\x86_64-mont.asm'; + $sha1_asm_obj='$(OBJ_D)\sha1-x86_64.obj $(OBJ_D)\sha256-x86_64.obj $(OBJ_D)\sha512-x86_64.obj'; + $sha1_asm_src='crypto\sha\asm\sha1-x86_64.asm crypto\sha\asm\sha256-x86_64.asm crypto\sha\asm\sha512-x86_64.asm'; + $cpuid_asm_obj='$(OBJ_D)\cpuid-x86_64.obj'; + $cpuid_asm_src='crypto\cpuid-x86_64.asm'; + $cflags.=" -DOPENSSL_CPUID_OBJ -DAES_ASM -DOPENSSL_BN_ASM_MONT -DSHA1_ASM -DSHA256_ASM -DSHA512_ASM"; + } + } if ($shlib && $FLAVOR !~ /CE/) { $mlflags.=" $lflags /dll"; +# $cflags =~ s| /MD| /MT|; $lib_cflag=" -D_WINDLL"; $out_def="out32dll"; $tmp_def="tmp32dll"; @@ -232,8 +267,8 @@ $(INCO_D)\applink.c: ms\applink.c EXHEADER= $(EXHEADER) $(INCO_D)\applink.c LIBS_DEP=$(LIBS_DEP) $(OBJ_D)\applink.obj -CRYPTOOBJ=$(OBJ_D)\uplink.obj $(CRYPTOOBJ) ___ +$banner .= "CRYPTOOBJ=\$(OBJ_D)\\uplink.obj \$(CRYPTOOBJ)\n"; $banner.=<<'___' if ($FLAVOR =~ /WIN64/); CRYPTOOBJ=ms\uptable.obj $(CRYPTOOBJ) ___ @@ -250,26 +285,56 @@ $cflags.=" /Fd$out_def"; sub do_lib_rule { - local($objs,$target,$name,$shlib)=@_; + my($objs,$target,$name,$shlib,$ign,$base_addr) = @_; local($ret); $taget =~ s/\//$o/g if $o ne '/'; - if ($name ne "") + my $base_arg; + if ($base_addr ne "") + { + $base_arg= " /base:$base_addr"; + } + else + { + $base_arg = ""; + } + if ($target =~ /O_CRYPTO/ && $fipsdso) + { + $name = "/def:ms/libeayfips.def"; + } + elsif ($name ne "") { $name =~ tr/a-z/A-Z/; $name = "/def:ms/${name}.def"; } # $target="\$(LIB_D)$o$target"; - $ret.="$target: $objs\n"; +# $ret.="$target: $objs\n"; if (!$shlib) { # $ret.="\t\$(RM) \$(O_$Name)\n"; $ex =' '; + $ret.="$target: $objs\n"; $ret.="\t\$(MKLIB) $lfile$target @<<\n $objs $ex\n<<\n"; } else { - local($ex)=($target =~ /O_CRYPTO/)?'':' $(L_CRYPTO)'; + my $ex = ""; + if ($target =~ /O_SSL/) + { + $ex .= " \$(L_CRYPTO)"; + #$ex .= " \$(L_FIPS)" if $fipsdso; + } + my $fipstarget; + if ($fipsdso) + { + $fipstarget = "O_FIPS"; + } + else + { + $fipstarget = "O_CRYPTO"; + } + + if ($name eq "") { $ex.=' bufferoverflowu.lib' if ($FLAVOR =~ /WIN64/); @@ -290,7 +355,39 @@ sub do_lib_rule $ex.=' bufferoverflowu.lib' if ($FLAVOR =~ /WIN64/); } $ex.=" $zlib_lib" if $zlib_opt == 1 && $target =~ /O_CRYPTO/; - $ret.="\t\$(LINK) \$(MLFLAGS) $efile$target $name @<<\n \$(SHLIB_EX_OBJ) $objs $ex\n<<\n"; + + if ($fips && $target =~ /$fipstarget/) + { + $ex.= $mwex unless $fipscanisterbuild; + $ret.="$target: $objs \$(PREMAIN_DSO_EXE)"; + if ($fipsdso) + { + $ex.=" \$(OBJ_D)\\\$(LIBFIPS).res"; + $ret.=" \$(OBJ_D)\\\$(LIBFIPS).res"; + $ret.=" ms/\$(LIBFIPS).def"; + } + $ret.="\n\tSET FIPS_LINK=\$(LINK)\n"; + $ret.="\tSET FIPS_CC=\$(CC)\n"; + $ret.="\tSET FIPS_CC_ARGS=/Fo\$(OBJ_D)${o}fips_premain.obj \$(SHLIB_CFLAGS) -c\n"; + $ret.="\tSET PREMAIN_DSO_EXE=\$(PREMAIN_DSO_EXE)\n"; + $ret.="\tSET FIPS_SHA1_EXE=\$(FIPS_SHA1_EXE)\n"; + $ret.="\tSET FIPS_TARGET=$target\n"; + $ret.="\tSET FIPSLIB_D=\$(FIPSLIB_D)\n"; + $ret.="\t\$(FIPSLINK) \$(MLFLAGS) /map $base_arg $efile$target "; + $ret.="$name @<<\n \$(SHLIB_EX_OBJ) $objs "; + $ret.="\$(OBJ_D)${o}fips_premain.obj $ex\n<<\n"; + } + else + { + $ret.="$target: $objs"; + if ($target =~ /O_CRYPTO/ && $fipsdso) + { + $ret .= " \$(O_FIPS)"; + $ex .= " \$(L_FIPS)"; + } + $ret.="\n\t\$(LINK) \$(MLFLAGS) $efile$target $name @<<\n \$(SHLIB_EX_OBJ) $objs $ex\n<<\n"; + } + $ret.="\tIF EXIST \$@.manifest mt -nologo -manifest \$@.manifest -outputresource:\$@;2\n\n"; } $ret.="\n"; @@ -299,16 +396,64 @@ sub do_lib_rule sub do_link_rule { - local($target,$files,$dep_libs,$libs)=@_; + my($target,$files,$dep_libs,$libs,$standalone)=@_; local($ret,$_); - $file =~ s/\//$o/g if $o ne '/'; $n=&bname($targer); $ret.="$target: $files $dep_libs\n"; - $ret.="\t\$(LINK) \$(LFLAGS) $efile$target @<<\n"; - $ret.=" \$(APP_EX_OBJ) $files $libs\n<<\n"; - $ret.="\tIF EXIST \$@.manifest mt -nologo -manifest \$@.manifest -outputresource:\$@;1\n\n"; + if ($standalone == 1) + { + $ret.=" \$(LINK) \$(LFLAGS) $efile$target @<<\n\t"; + $ret.= "$mwex advapi32.lib " if ($files =~ /O_FIPSCANISTER/ && !$fipscanisterbuild); + $ret.="$files $libs\n<<\n"; + } + elsif ($standalone == 2) + { + $ret.="\tSET FIPS_LINK=\$(LINK)\n"; + $ret.="\tSET FIPS_CC=\$(CC)\n"; + $ret.="\tSET FIPS_CC_ARGS=/Fo\$(OBJ_D)${o}fips_premain.obj \$(SHLIB_CFLAGS) -c\n"; + $ret.="\tSET PREMAIN_DSO_EXE=\n"; + $ret.="\tSET FIPS_TARGET=$target\n"; + $ret.="\tSET FIPS_SHA1_EXE=\$(FIPS_SHA1_EXE)\n"; + $ret.="\tSET FIPSLIB_D=\$(FIPSLIB_D)\n"; + $ret.="\t\$(FIPSLINK) \$(LFLAGS) /map $efile$target @<<\n"; + $ret.="\t\$(APP_EX_OBJ) $files \$(OBJ_D)${o}fips_premain.obj $libs\n<<\n"; + } + else + { + $ret.="\t\$(LINK) \$(LFLAGS) $efile$target @<<\n"; + $ret.="\t\$(APP_EX_OBJ) $files $libs\n<<\n"; + } + $ret.="\tIF EXIST \$@.manifest mt -nologo -manifest \$@.manifest -outputresource:\$@;1\n\n"; return($ret); } +sub do_rlink_rule + { + local($target,$rl_start, $rl_mid, $rl_end,$dep_libs,$libs)=@_; + local($ret,$_); + my $files = "$rl_start $rl_mid $rl_end"; + + $file =~ s/\//$o/g if $o ne '/'; + $n=&bname($targer); + $ret.="$target: $files $dep_libs \$(FIPS_SHA1_EXE)\n"; + $ret.="\t\$(PERL) ms\\segrenam.pl \$\$a $rl_start\n"; + $ret.="\t\$(PERL) ms\\segrenam.pl \$\$b $rl_mid\n"; + $ret.="\t\$(PERL) ms\\segrenam.pl \$\$c $rl_end\n"; + $ret.="\t\$(MKLIB) $lfile$target @<<\n\t$files\n<<\n"; + $ret.="\t\$(FIPS_SHA1_EXE) $target > ${target}.sha1\n"; + $ret.="\t\$(PERL) util${o}copy.pl -stripcr fips${o}fips_premain.c \$(LIB_D)${o}fips_premain.c\n"; + $ret.="\t\$(CP) fips${o}fips_premain.c.sha1 \$(LIB_D)${o}fips_premain.c.sha1\n"; + $ret.="\n"; + return($ret); + } + +sub do_sdef_rule + { + my $ret = "ms/\$(LIBFIPS).def: \$(O_FIPSCANISTER)\n"; + $ret.="\t\$(PERL) util/mksdef.pl \$(MLFLAGS) /out:dummy.dll /def:ms/libeay32.def @<<\n \$(O_FIPSCANISTER)\n<<\n"; + $ret.="\n"; + return $ret; + } + 1; diff --git a/lib/libcrypto/x509/by_dir.c b/lib/libcrypto/x509/by_dir.c index 37f9a482069..341e0ba6a41 100644 --- a/lib/libcrypto/x509/by_dir.c +++ b/lib/libcrypto/x509/by_dir.c @@ -74,6 +74,10 @@ #include <openssl/lhash.h> #include <openssl/x509.h> +#ifdef _WIN32 +#define stat _stat +#endif + typedef struct lookup_dir_st { BUF_MEM *buffer; diff --git a/lib/libcrypto/x509/x509_cmp.c b/lib/libcrypto/x509/x509_cmp.c index 0d6bc653b21..e4c682fc44e 100644 --- a/lib/libcrypto/x509/x509_cmp.c +++ b/lib/libcrypto/x509/x509_cmp.c @@ -322,10 +322,16 @@ unsigned long X509_NAME_hash(X509_NAME *x) { unsigned long ret=0; unsigned char md[16]; + EVP_MD_CTX md_ctx; /* Make sure X509_NAME structure contains valid cached encoding */ i2d_X509_NAME(x,NULL); - EVP_Digest(x->bytes->data, x->bytes->length, md, NULL, EVP_md5(), NULL); + EVP_MD_CTX_init(&md_ctx); + EVP_MD_CTX_set_flags(&md_ctx, EVP_MD_CTX_FLAG_NON_FIPS_ALLOW); + EVP_DigestInit_ex(&md_ctx, EVP_md5(), NULL); + EVP_DigestUpdate(&md_ctx, x->bytes->data, x->bytes->length); + EVP_DigestFinal_ex(&md_ctx,md,NULL); + EVP_MD_CTX_cleanup(&md_ctx); ret=( ((unsigned long)md[0] )|((unsigned long)md[1]<<8L)| ((unsigned long)md[2]<<16L)|((unsigned long)md[3]<<24L) diff --git a/lib/libcrypto/x509/x509_trs.c b/lib/libcrypto/x509/x509_trs.c index 9c84a59d523..ed187005859 100644 --- a/lib/libcrypto/x509/x509_trs.c +++ b/lib/libcrypto/x509/x509_trs.c @@ -1,5 +1,5 @@ /* x509_trs.c */ -/* Written by Dr Stephen N Henson (shenson@bigfoot.com) for the OpenSSL +/* Written by Dr Stephen N Henson (steve@openssl.org) for the OpenSSL * project 1999. */ /* ==================================================================== diff --git a/lib/libcrypto/x509/x509cset.c b/lib/libcrypto/x509/x509cset.c index 9d1646d5c8d..7f4004b2911 100644 --- a/lib/libcrypto/x509/x509cset.c +++ b/lib/libcrypto/x509/x509cset.c @@ -1,5 +1,5 @@ /* crypto/x509/x509cset.c */ -/* Written by Dr Stephen N Henson (shenson@bigfoot.com) for the OpenSSL +/* Written by Dr Stephen N Henson (steve@openssl.org) for the OpenSSL * project 2001. */ /* ==================================================================== diff --git a/lib/libcrypto/x509/x509spki.c b/lib/libcrypto/x509/x509spki.c index ed868b838e3..02a203d72c6 100644 --- a/lib/libcrypto/x509/x509spki.c +++ b/lib/libcrypto/x509/x509spki.c @@ -1,5 +1,5 @@ /* x509spki.c */ -/* Written by Dr Stephen N Henson (shenson@bigfoot.com) for the OpenSSL +/* Written by Dr Stephen N Henson (steve@openssl.org) for the OpenSSL * project 1999. */ /* ==================================================================== diff --git a/lib/libcrypto/x509v3/ext_dat.h b/lib/libcrypto/x509v3/ext_dat.h index 5c063ac65df..3eaec46f8a6 100644 --- a/lib/libcrypto/x509v3/ext_dat.h +++ b/lib/libcrypto/x509v3/ext_dat.h @@ -1,5 +1,5 @@ /* ext_dat.h */ -/* Written by Dr Stephen N Henson (shenson@bigfoot.com) for the OpenSSL +/* Written by Dr Stephen N Henson (steve@openssl.org) for the OpenSSL * project 1999. */ /* ==================================================================== diff --git a/lib/libcrypto/x509v3/pcy_data.c b/lib/libcrypto/x509v3/pcy_data.c index 4711b1ee927..fb392b901f0 100644 --- a/lib/libcrypto/x509v3/pcy_data.c +++ b/lib/libcrypto/x509v3/pcy_data.c @@ -1,5 +1,5 @@ /* pcy_data.c */ -/* Written by Dr Stephen N Henson (shenson@bigfoot.com) for the OpenSSL +/* Written by Dr Stephen N Henson (steve@openssl.org) for the OpenSSL * project 2004. */ /* ==================================================================== diff --git a/lib/libcrypto/x509v3/pcy_tree.c b/lib/libcrypto/x509v3/pcy_tree.c index b1ce77b9afc..6c87a7f506c 100644 --- a/lib/libcrypto/x509v3/pcy_tree.c +++ b/lib/libcrypto/x509v3/pcy_tree.c @@ -1,5 +1,5 @@ /* pcy_tree.c */ -/* Written by Dr Stephen N Henson (shenson@bigfoot.com) for the OpenSSL +/* Written by Dr Stephen N Henson (steve@openssl.org) for the OpenSSL * project 2004. */ /* ==================================================================== diff --git a/lib/libcrypto/x509v3/tabtest.c b/lib/libcrypto/x509v3/tabtest.c index dad0d38dd53..5ed6eb68911 100644 --- a/lib/libcrypto/x509v3/tabtest.c +++ b/lib/libcrypto/x509v3/tabtest.c @@ -1,5 +1,5 @@ /* tabtest.c */ -/* Written by Dr Stephen N Henson (shenson@bigfoot.com) for the OpenSSL +/* Written by Dr Stephen N Henson (steve@openssl.org) for the OpenSSL * project 1999. */ /* ==================================================================== diff --git a/lib/libcrypto/x509v3/v3_addr.c b/lib/libcrypto/x509v3/v3_addr.c index c6730ab3fd2..a37f844d3c2 100644 --- a/lib/libcrypto/x509v3/v3_addr.c +++ b/lib/libcrypto/x509v3/v3_addr.c @@ -878,6 +878,7 @@ int v3_addr_canonize(IPAddrBlocks *addr) v3_addr_get_afi(f))) return 0; } + (void)sk_IPAddressFamily_set_cmp_func(addr, IPAddressFamily_cmp); sk_IPAddressFamily_sort(addr); assert(v3_addr_is_canonical(addr)); return 1; diff --git a/lib/libcrypto/x509v3/v3_akey.c b/lib/libcrypto/x509v3/v3_akey.c index ac0548b7751..c6b68ee2211 100644 --- a/lib/libcrypto/x509v3/v3_akey.c +++ b/lib/libcrypto/x509v3/v3_akey.c @@ -1,5 +1,5 @@ /* v3_akey.c */ -/* Written by Dr Stephen N Henson (shenson@bigfoot.com) for the OpenSSL +/* Written by Dr Stephen N Henson (steve@openssl.org) for the OpenSSL * project 1999. */ /* ==================================================================== diff --git a/lib/libcrypto/x509v3/v3_akeya.c b/lib/libcrypto/x509v3/v3_akeya.c index 2aafa26ba71..2c50f7360eb 100644 --- a/lib/libcrypto/x509v3/v3_akeya.c +++ b/lib/libcrypto/x509v3/v3_akeya.c @@ -1,5 +1,5 @@ /* v3_akey_asn1.c */ -/* Written by Dr Stephen N Henson (shenson@bigfoot.com) for the OpenSSL +/* Written by Dr Stephen N Henson (steve@openssl.org) for the OpenSSL * project 1999. */ /* ==================================================================== diff --git a/lib/libcrypto/x509v3/v3_alt.c b/lib/libcrypto/x509v3/v3_alt.c index ac3139d1e65..75fda7f2681 100644 --- a/lib/libcrypto/x509v3/v3_alt.c +++ b/lib/libcrypto/x509v3/v3_alt.c @@ -1,5 +1,5 @@ /* v3_alt.c */ -/* Written by Dr Stephen N Henson (shenson@bigfoot.com) for the OpenSSL +/* Written by Dr Stephen N Henson (steve@openssl.org) for the OpenSSL * project. */ /* ==================================================================== @@ -527,7 +527,8 @@ GENERAL_NAME *v2i_GENERAL_NAME_ex(GENERAL_NAME *out, return gen; err: - GENERAL_NAME_free(gen); + if (!out) + GENERAL_NAME_free(gen); return NULL; } diff --git a/lib/libcrypto/x509v3/v3_bcons.c b/lib/libcrypto/x509v3/v3_bcons.c index 74b1233071c..82aa488f75c 100644 --- a/lib/libcrypto/x509v3/v3_bcons.c +++ b/lib/libcrypto/x509v3/v3_bcons.c @@ -1,5 +1,5 @@ /* v3_bcons.c */ -/* Written by Dr Stephen N Henson (shenson@bigfoot.com) for the OpenSSL +/* Written by Dr Stephen N Henson (steve@openssl.org) for the OpenSSL * project 1999. */ /* ==================================================================== diff --git a/lib/libcrypto/x509v3/v3_bitst.c b/lib/libcrypto/x509v3/v3_bitst.c index cf31f0816ee..058d0d4dceb 100644 --- a/lib/libcrypto/x509v3/v3_bitst.c +++ b/lib/libcrypto/x509v3/v3_bitst.c @@ -1,5 +1,5 @@ /* v3_bitst.c */ -/* Written by Dr Stephen N Henson (shenson@bigfoot.com) for the OpenSSL +/* Written by Dr Stephen N Henson (steve@openssl.org) for the OpenSSL * project 1999. */ /* ==================================================================== diff --git a/lib/libcrypto/x509v3/v3_conf.c b/lib/libcrypto/x509v3/v3_conf.c index 2b867305fba..11eb6b7fd5f 100644 --- a/lib/libcrypto/x509v3/v3_conf.c +++ b/lib/libcrypto/x509v3/v3_conf.c @@ -1,5 +1,5 @@ /* v3_conf.c */ -/* Written by Dr Stephen N Henson (shenson@bigfoot.com) for the OpenSSL +/* Written by Dr Stephen N Henson (steve@openssl.org) for the OpenSSL * project 1999. */ /* ==================================================================== diff --git a/lib/libcrypto/x509v3/v3_cpols.c b/lib/libcrypto/x509v3/v3_cpols.c index a40f490aa90..95596055ab4 100644 --- a/lib/libcrypto/x509v3/v3_cpols.c +++ b/lib/libcrypto/x509v3/v3_cpols.c @@ -1,5 +1,5 @@ /* v3_cpols.c */ -/* Written by Dr Stephen N Henson (shenson@bigfoot.com) for the OpenSSL +/* Written by Dr Stephen N Henson (steve@openssl.org) for the OpenSSL * project 1999. */ /* ==================================================================== diff --git a/lib/libcrypto/x509v3/v3_crld.c b/lib/libcrypto/x509v3/v3_crld.c index c6e3ebae7b2..181a8977b12 100644 --- a/lib/libcrypto/x509v3/v3_crld.c +++ b/lib/libcrypto/x509v3/v3_crld.c @@ -1,5 +1,5 @@ /* v3_crld.c */ -/* Written by Dr Stephen N Henson (shenson@bigfoot.com) for the OpenSSL +/* Written by Dr Stephen N Henson (steve@openssl.org) for the OpenSSL * project 1999. */ /* ==================================================================== diff --git a/lib/libcrypto/x509v3/v3_enum.c b/lib/libcrypto/x509v3/v3_enum.c index a236cb22e15..36576eaa4d1 100644 --- a/lib/libcrypto/x509v3/v3_enum.c +++ b/lib/libcrypto/x509v3/v3_enum.c @@ -1,5 +1,5 @@ /* v3_enum.c */ -/* Written by Dr Stephen N Henson (shenson@bigfoot.com) for the OpenSSL +/* Written by Dr Stephen N Henson (steve@openssl.org) for the OpenSSL * project 1999. */ /* ==================================================================== diff --git a/lib/libcrypto/x509v3/v3_extku.c b/lib/libcrypto/x509v3/v3_extku.c index a4efe0031e1..c0d14500ed8 100644 --- a/lib/libcrypto/x509v3/v3_extku.c +++ b/lib/libcrypto/x509v3/v3_extku.c @@ -1,5 +1,5 @@ /* v3_extku.c */ -/* Written by Dr Stephen N Henson (shenson@bigfoot.com) for the OpenSSL +/* Written by Dr Stephen N Henson (steve@openssl.org) for the OpenSSL * project 1999. */ /* ==================================================================== diff --git a/lib/libcrypto/x509v3/v3_genn.c b/lib/libcrypto/x509v3/v3_genn.c index 650b510980d..84b4b1c8813 100644 --- a/lib/libcrypto/x509v3/v3_genn.c +++ b/lib/libcrypto/x509v3/v3_genn.c @@ -1,5 +1,5 @@ /* v3_genn.c */ -/* Written by Dr Stephen N Henson (shenson@bigfoot.com) for the OpenSSL +/* Written by Dr Stephen N Henson (steve@openssl.org) for the OpenSSL * project 1999. */ /* ==================================================================== diff --git a/lib/libcrypto/x509v3/v3_ia5.c b/lib/libcrypto/x509v3/v3_ia5.c index b739ccd0361..4ff12b52b54 100644 --- a/lib/libcrypto/x509v3/v3_ia5.c +++ b/lib/libcrypto/x509v3/v3_ia5.c @@ -1,5 +1,5 @@ /* v3_ia5.c */ -/* Written by Dr Stephen N Henson (shenson@bigfoot.com) for the OpenSSL +/* Written by Dr Stephen N Henson (steve@openssl.org) for the OpenSSL * project 1999. */ /* ==================================================================== diff --git a/lib/libcrypto/x509v3/v3_info.c b/lib/libcrypto/x509v3/v3_info.c index e0ef69de423..e1b8699f921 100644 --- a/lib/libcrypto/x509v3/v3_info.c +++ b/lib/libcrypto/x509v3/v3_info.c @@ -1,5 +1,5 @@ /* v3_info.c */ -/* Written by Dr Stephen N Henson (shenson@bigfoot.com) for the OpenSSL +/* Written by Dr Stephen N Henson (steve@openssl.org) for the OpenSSL * project 1999. */ /* ==================================================================== diff --git a/lib/libcrypto/x509v3/v3_int.c b/lib/libcrypto/x509v3/v3_int.c index 9a48dc1508d..4bfd14cf46b 100644 --- a/lib/libcrypto/x509v3/v3_int.c +++ b/lib/libcrypto/x509v3/v3_int.c @@ -1,5 +1,5 @@ /* v3_int.c */ -/* Written by Dr Stephen N Henson (shenson@bigfoot.com) for the OpenSSL +/* Written by Dr Stephen N Henson (steve@openssl.org) for the OpenSSL * project 1999. */ /* ==================================================================== diff --git a/lib/libcrypto/x509v3/v3_lib.c b/lib/libcrypto/x509v3/v3_lib.c index f3015ea610c..df3a48f43ef 100644 --- a/lib/libcrypto/x509v3/v3_lib.c +++ b/lib/libcrypto/x509v3/v3_lib.c @@ -1,5 +1,5 @@ /* v3_lib.c */ -/* Written by Dr Stephen N Henson (shenson@bigfoot.com) for the OpenSSL +/* Written by Dr Stephen N Henson (steve@openssl.org) for the OpenSSL * project 1999. */ /* ==================================================================== diff --git a/lib/libcrypto/x509v3/v3_ocsp.c b/lib/libcrypto/x509v3/v3_ocsp.c index 62aac063353..e426ea930c4 100644 --- a/lib/libcrypto/x509v3/v3_ocsp.c +++ b/lib/libcrypto/x509v3/v3_ocsp.c @@ -1,5 +1,5 @@ /* v3_ocsp.c */ -/* Written by Dr Stephen N Henson (shenson@bigfoot.com) for the OpenSSL +/* Written by Dr Stephen N Henson (steve@openssl.org) for the OpenSSL * project 1999. */ /* ==================================================================== diff --git a/lib/libcrypto/x509v3/v3_pku.c b/lib/libcrypto/x509v3/v3_pku.c index 5c4626e89b5..076f3ff48e2 100644 --- a/lib/libcrypto/x509v3/v3_pku.c +++ b/lib/libcrypto/x509v3/v3_pku.c @@ -1,5 +1,5 @@ /* v3_pku.c */ -/* Written by Dr Stephen N Henson (shenson@bigfoot.com) for the OpenSSL +/* Written by Dr Stephen N Henson (steve@openssl.org) for the OpenSSL * project 1999. */ /* ==================================================================== diff --git a/lib/libcrypto/x509v3/v3_prn.c b/lib/libcrypto/x509v3/v3_prn.c index 20bd9bda190..c1bb17f105a 100644 --- a/lib/libcrypto/x509v3/v3_prn.c +++ b/lib/libcrypto/x509v3/v3_prn.c @@ -1,5 +1,5 @@ /* v3_prn.c */ -/* Written by Dr Stephen N Henson (shenson@bigfoot.com) for the OpenSSL +/* Written by Dr Stephen N Henson (steve@openssl.org) for the OpenSSL * project 1999. */ /* ==================================================================== diff --git a/lib/libcrypto/x509v3/v3_purp.c b/lib/libcrypto/x509v3/v3_purp.c index c54e7887c70..e18751e01cb 100644 --- a/lib/libcrypto/x509v3/v3_purp.c +++ b/lib/libcrypto/x509v3/v3_purp.c @@ -1,5 +1,5 @@ /* v3_purp.c */ -/* Written by Dr Stephen N Henson (shenson@bigfoot.com) for the OpenSSL +/* Written by Dr Stephen N Henson (steve@openssl.org) for the OpenSSL * project 2001. */ /* ==================================================================== diff --git a/lib/libcrypto/x509v3/v3_skey.c b/lib/libcrypto/x509v3/v3_skey.c index da0a3558f65..202c9e48965 100644 --- a/lib/libcrypto/x509v3/v3_skey.c +++ b/lib/libcrypto/x509v3/v3_skey.c @@ -1,5 +1,5 @@ /* v3_skey.c */ -/* Written by Dr Stephen N Henson (shenson@bigfoot.com) for the OpenSSL +/* Written by Dr Stephen N Henson (steve@openssl.org) for the OpenSSL * project 1999. */ /* ==================================================================== diff --git a/lib/libcrypto/x509v3/v3_sxnet.c b/lib/libcrypto/x509v3/v3_sxnet.c index eaea9ea01b4..2a6bf11b650 100644 --- a/lib/libcrypto/x509v3/v3_sxnet.c +++ b/lib/libcrypto/x509v3/v3_sxnet.c @@ -1,5 +1,5 @@ /* v3_sxnet.c */ -/* Written by Dr Stephen N Henson (shenson@bigfoot.com) for the OpenSSL +/* Written by Dr Stephen N Henson (steve@openssl.org) for the OpenSSL * project 1999. */ /* ==================================================================== diff --git a/lib/libcrypto/x509v3/v3_utl.c b/lib/libcrypto/x509v3/v3_utl.c index 57be441399f..2cb53008e37 100644 --- a/lib/libcrypto/x509v3/v3_utl.c +++ b/lib/libcrypto/x509v3/v3_utl.c @@ -1,5 +1,5 @@ /* v3_utl.c */ -/* Written by Dr Stephen N Henson (shenson@bigfoot.com) for the OpenSSL +/* Written by Dr Stephen N Henson (steve@openssl.org) for the OpenSSL * project. */ /* ==================================================================== @@ -736,17 +736,20 @@ static int ipv6_from_asc(unsigned char *v6, const char *in) /* Format result */ - /* Copy initial part */ - if (v6stat.zero_pos > 0) + if (v6stat.zero_pos >= 0) + { + /* Copy initial part */ memcpy(v6, v6stat.tmp, v6stat.zero_pos); - /* Zero middle */ - if (v6stat.total != 16) + /* Zero middle */ memset(v6 + v6stat.zero_pos, 0, 16 - v6stat.total); - /* Copy final part */ - if (v6stat.total != v6stat.zero_pos) - memcpy(v6 + v6stat.zero_pos + 16 - v6stat.total, - v6stat.tmp + v6stat.zero_pos, - v6stat.total - v6stat.zero_pos); + /* Copy final part */ + if (v6stat.total != v6stat.zero_pos) + memcpy(v6 + v6stat.zero_pos + 16 - v6stat.total, + v6stat.tmp + v6stat.zero_pos, + v6stat.total - v6stat.zero_pos); + } + else + memcpy(v6, v6stat.tmp, 16); return 1; } diff --git a/lib/libcrypto/x509v3/v3conf.c b/lib/libcrypto/x509v3/v3conf.c index 00cf5b4a5b2..a9e6ca35428 100644 --- a/lib/libcrypto/x509v3/v3conf.c +++ b/lib/libcrypto/x509v3/v3conf.c @@ -1,5 +1,5 @@ /* v3conf.c */ -/* Written by Dr Stephen N Henson (shenson@bigfoot.com) for the OpenSSL +/* Written by Dr Stephen N Henson (steve@openssl.org) for the OpenSSL * project 1999. */ /* ==================================================================== diff --git a/lib/libcrypto/x509v3/v3prin.c b/lib/libcrypto/x509v3/v3prin.c index b529814319b..d5ff268296f 100644 --- a/lib/libcrypto/x509v3/v3prin.c +++ b/lib/libcrypto/x509v3/v3prin.c @@ -1,5 +1,5 @@ /* v3prin.c */ -/* Written by Dr Stephen N Henson (shenson@bigfoot.com) for the OpenSSL +/* Written by Dr Stephen N Henson (steve@openssl.org) for the OpenSSL * project 1999. */ /* ==================================================================== diff --git a/lib/libcrypto/x509v3/x509v3.h b/lib/libcrypto/x509v3/x509v3.h index 5ba59f71c94..9ef83da755e 100644 --- a/lib/libcrypto/x509v3/x509v3.h +++ b/lib/libcrypto/x509v3/x509v3.h @@ -1,5 +1,5 @@ /* x509v3.h */ -/* Written by Dr Stephen N Henson (shenson@bigfoot.com) for the OpenSSL +/* Written by Dr Stephen N Henson (steve@openssl.org) for the OpenSSL * project 1999. */ /* ==================================================================== diff --git a/lib/libssl/d1_pkt.c b/lib/libssl/d1_pkt.c index b2765ba8019..eb56cf987ba 100644 --- a/lib/libssl/d1_pkt.c +++ b/lib/libssl/d1_pkt.c @@ -597,6 +597,7 @@ again: /* check whether this is a repeat, or aged record */ if ( ! dtls1_record_replay_check(s, bitmap, &(rr->seq_num))) { + rr->length = 0; s->packet_length=0; /* dump this record */ goto again; /* get another record */ } diff --git a/lib/libssl/s3_clnt.c b/lib/libssl/s3_clnt.c index 9b823fddbd3..50308487aa5 100644 --- a/lib/libssl/s3_clnt.c +++ b/lib/libssl/s3_clnt.c @@ -972,7 +972,7 @@ int ssl3_get_server_certificate(SSL *s) } i=ssl_verify_cert_chain(s,sk); - if ((s->verify_mode != SSL_VERIFY_NONE) && (!i) + if ((s->verify_mode != SSL_VERIFY_NONE) && (i <= 0) #ifndef OPENSSL_NO_KRB5 && (s->s3->tmp.new_cipher->algorithms & (SSL_MKEY_MASK|SSL_AUTH_MASK)) != (SSL_aKRB5|SSL_kKRB5) @@ -1006,7 +1006,7 @@ int ssl3_get_server_certificate(SSL *s) == (SSL_aKRB5|SSL_kKRB5))? 0: 1; #ifdef KSSL_DEBUG - printf("pkey,x = %p, %p\n", pkey,x); + printf("pkey,x = %p, %p\n", (void *)pkey,(void *)x); printf("ssl_cert_type(x,pkey) = %d\n", ssl_cert_type(x,pkey)); printf("cipher, alg, nc = %s, %lx, %d\n", s->s3->tmp.new_cipher->name, s->s3->tmp.new_cipher->algorithms, need_cert); @@ -1459,7 +1459,7 @@ int ssl3_get_key_exchange(SSL *s) EVP_VerifyUpdate(&md_ctx,&(s->s3->client_random[0]),SSL3_RANDOM_SIZE); EVP_VerifyUpdate(&md_ctx,&(s->s3->server_random[0]),SSL3_RANDOM_SIZE); EVP_VerifyUpdate(&md_ctx,param,param_len); - if (!EVP_VerifyFinal(&md_ctx,p,(int)n,pkey)) + if (EVP_VerifyFinal(&md_ctx,p,(int)n,pkey) <= 0) { /* bad signature */ al=SSL_AD_DECRYPT_ERROR; @@ -1477,7 +1477,7 @@ int ssl3_get_key_exchange(SSL *s) EVP_VerifyUpdate(&md_ctx,&(s->s3->client_random[0]),SSL3_RANDOM_SIZE); EVP_VerifyUpdate(&md_ctx,&(s->s3->server_random[0]),SSL3_RANDOM_SIZE); EVP_VerifyUpdate(&md_ctx,param,param_len); - if (!EVP_VerifyFinal(&md_ctx,p,(int)n,pkey)) + if (EVP_VerifyFinal(&md_ctx,p,(int)n,pkey) <= 0) { /* bad signature */ al=SSL_AD_DECRYPT_ERROR; @@ -1777,7 +1777,7 @@ int ssl3_get_cert_status(SSL *s) goto f_err; } n2l3(p, resplen); - if (resplen + 4 != n) + if (resplen + 4 != (unsigned long)n) { al = SSL_AD_DECODE_ERROR; SSLerr(SSL_F_SSL3_GET_CERT_STATUS,SSL_R_LENGTH_MISMATCH); diff --git a/lib/libssl/s3_pkt.c b/lib/libssl/s3_pkt.c index 72853a2e728..9476dcddf6e 100644 --- a/lib/libssl/s3_pkt.c +++ b/lib/libssl/s3_pkt.c @@ -753,8 +753,15 @@ int ssl3_write_pending(SSL *s, int type, const unsigned char *buf, s->rwstate=SSL_NOTHING; return(s->s3->wpend_ret); } - else if (i <= 0) + else if (i <= 0) { + if (s->version == DTLS1_VERSION || + s->version == DTLS1_BAD_VER) { + /* For DTLS, just drop it. That's kind of the whole + point in using a datagram service */ + s->s3->wbuf.left = 0; + } return(i); + } s->s3->wbuf.offset+=i; s->s3->wbuf.left-=i; } diff --git a/lib/libssl/s3_srvr.c b/lib/libssl/s3_srvr.c index 398ce469d68..80b45eb86ff 100644 --- a/lib/libssl/s3_srvr.c +++ b/lib/libssl/s3_srvr.c @@ -902,22 +902,28 @@ int ssl3_get_client_hello(SSL *s) break; } } - if (j == 0) - { - if ((s->options & SSL_OP_NETSCAPE_REUSE_CIPHER_CHANGE_BUG) && (sk_SSL_CIPHER_num(ciphers) == 1)) - { - /* Very bad for multi-threading.... */ - s->session->cipher=sk_SSL_CIPHER_value(ciphers, 0); - } - else + if (j == 0 && (s->options & SSL_OP_NETSCAPE_REUSE_CIPHER_CHANGE_BUG) && (sk_SSL_CIPHER_num(ciphers) == 1)) + { + /* Special case as client bug workaround: the previously used cipher may + * not be in the current list, the client instead might be trying to + * continue using a cipher that before wasn't chosen due to server + * preferences. We'll have to reject the connection if the cipher is not + * enabled, though. */ + c = sk_SSL_CIPHER_value(ciphers, 0); + if (sk_SSL_CIPHER_find(SSL_get_ciphers(s), c) >= 0) { - /* we need to have the cipher in the cipher - * list if we are asked to reuse it */ - al=SSL_AD_ILLEGAL_PARAMETER; - SSLerr(SSL_F_SSL3_GET_CLIENT_HELLO,SSL_R_REQUIRED_CIPHER_MISSING); - goto f_err; + s->session->cipher = c; + j = 1; } } + if (j == 0) + { + /* we need to have the cipher in the cipher + * list if we are asked to reuse it */ + al=SSL_AD_ILLEGAL_PARAMETER; + SSLerr(SSL_F_SSL3_GET_CLIENT_HELLO,SSL_R_REQUIRED_CIPHER_MISSING); + goto f_err; + } } /* compression */ @@ -2560,7 +2566,7 @@ int ssl3_get_client_certificate(SSL *s) else { i=ssl_verify_cert_chain(s,sk); - if (!i) + if (i <= 0) { al=ssl_verify_alarm_type(s->verify_result); SSLerr(SSL_F_SSL3_GET_CLIENT_CERTIFICATE,SSL_R_NO_CERTIFICATE_RETURNED); diff --git a/lib/libssl/ssl_ciph.c b/lib/libssl/ssl_ciph.c index 514292a03ed..4116fd12f1a 100644 --- a/lib/libssl/ssl_ciph.c +++ b/lib/libssl/ssl_ciph.c @@ -115,7 +115,10 @@ */ #include <stdio.h> #include <openssl/objects.h> +#ifndef OPENSSL_NO_COMP #include <openssl/comp.h> +#endif + #include "ssl_locl.h" #define SSL_ENC_DES_IDX 0 diff --git a/lib/libssl/ssl_locl.h b/lib/libssl/ssl_locl.h index 735db397132..ed4ddbbae6c 100644 --- a/lib/libssl/ssl_locl.h +++ b/lib/libssl/ssl_locl.h @@ -124,7 +124,9 @@ #include "e_os.h" #include <openssl/buffer.h> +#ifndef OPENSSL_NO_COMP #include <openssl/comp.h> +#endif #include <openssl/bio.h> #include <openssl/stack.h> #ifndef OPENSSL_NO_RSA @@ -500,6 +502,7 @@ typedef struct ssl3_enc_method int (*alert_value)(int); } SSL3_ENC_METHOD; +#ifndef OPENSSL_NO_COMP /* Used for holding the relevant compression methods loaded into SSL_CTX */ typedef struct ssl3_comp_st { @@ -507,6 +510,7 @@ typedef struct ssl3_comp_st char *name; /* Text name used for the compression type */ COMP_METHOD *method; /* The method :-) */ } SSL3_COMP; +#endif extern SSL3_ENC_METHOD ssl3_undef_enc_method; OPENSSL_EXTERN SSL_CIPHER ssl2_ciphers[]; diff --git a/lib/libssl/t1_enc.c b/lib/libssl/t1_enc.c index 3c4dec76d75..7cb3e29a41b 100644 --- a/lib/libssl/t1_enc.c +++ b/lib/libssl/t1_enc.c @@ -111,10 +111,15 @@ #include <stdio.h> #include "ssl_locl.h" +#ifndef OPENSSL_NO_COMP #include <openssl/comp.h> +#endif #include <openssl/evp.h> #include <openssl/hmac.h> #include <openssl/md5.h> +#ifdef KSSL_DEBUG +#include <openssl/des.h> +#endif static void tls1_P_hash(const EVP_MD *md, const unsigned char *sec, int sec_len, unsigned char *seed, int seed_len, @@ -251,15 +256,15 @@ int tls1_change_cipher_state(SSL *s, int which) #ifdef KSSL_DEBUG printf("tls1_change_cipher_state(which= %d) w/\n", which); printf("\talg= %ld, comp= %p\n", s->s3->tmp.new_cipher->algorithms, - comp); - printf("\tevp_cipher == %p ==? &d_cbc_ede_cipher3\n", c); + (void *)comp); + printf("\tevp_cipher == %p ==? &d_cbc_ede_cipher3\n", (void *)c); printf("\tevp_cipher: nid, blksz= %d, %d, keylen=%d, ivlen=%d\n", c->nid,c->block_size,c->key_len,c->iv_len); printf("\tkey_block: len= %d, data= ", s->s3->tmp.key_block_length); { - int i; - for (i=0; i<s->s3->tmp.key_block_length; i++) - printf("%02x", key_block[i]); printf("\n"); + int ki; + for (ki=0; ki<s->s3->tmp.key_block_length; ki++) + printf("%02x", key_block[ki]); printf("\n"); } #endif /* KSSL_DEBUG */ @@ -415,11 +420,13 @@ printf("which = %04X\nmac key=",which); s->session->key_arg_length=0; #ifdef KSSL_DEBUG { - int i; + int ki; printf("EVP_CipherInit_ex(dd,c,key=,iv=,which)\n"); - printf("\tkey= "); for (i=0; i<c->key_len; i++) printf("%02x", key[i]); + printf("\tkey= "); + for (ki=0; ki<c->key_len; ki++) printf("%02x", key[ki]); printf("\n"); - printf("\t iv= "); for (i=0; i<c->iv_len; i++) printf("%02x", iv[i]); + printf("\t iv= "); + for (ki=0; ki<c->iv_len; ki++) printf("%02x", iv[ki]); printf("\n"); } #endif /* KSSL_DEBUG */ @@ -592,10 +599,11 @@ int tls1_enc(SSL *s, int send) { unsigned long ui; printf("EVP_Cipher(ds=%p,rec->data=%p,rec->input=%p,l=%ld) ==>\n", - ds,rec->data,rec->input,l); - printf("\tEVP_CIPHER_CTX: %d buf_len, %d key_len [%d %d], %d iv_len\n", + (void *)ds,rec->data,rec->input,l); + printf("\tEVP_CIPHER_CTX: %d buf_len, %d key_len [%ld %ld], %d iv_len\n", ds->buf_len, ds->cipher->key_len, - DES_KEY_SZ, DES_SCHEDULE_SZ, + (unsigned long)DES_KEY_SZ, + (unsigned long)DES_SCHEDULE_SZ, ds->cipher->iv_len); printf("\t\tIV: "); for (i=0; i<ds->cipher->iv_len; i++) printf("%02X", ds->iv[i]); @@ -620,10 +628,10 @@ int tls1_enc(SSL *s, int send) #ifdef KSSL_DEBUG { - unsigned long i; + unsigned long ki; printf("\trec->data="); - for (i=0; i<l; i++) - printf(" %02x", rec->data[i]); printf("\n"); + for (ki=0; ki<l; i++) + printf(" %02x", rec->data[ki]); printf("\n"); } #endif /* KSSL_DEBUG */ @@ -807,7 +815,7 @@ int tls1_generate_master_secret(SSL *s, unsigned char *out, unsigned char *p, unsigned char buff[SSL_MAX_MASTER_KEY_LENGTH]; #ifdef KSSL_DEBUG - printf ("tls1_generate_master_secret(%p,%p, %p, %d)\n", s,out, p,len); + printf ("tls1_generate_master_secret(%p,%p, %p, %d)\n", (void *)s,out, p,len); #endif /* KSSL_DEBUG */ /* Setup the stuff to munge */ diff --git a/lib/libssl/test/Makefile b/lib/libssl/test/Makefile index 3e58351cb9b..73d64440b15 100644 --- a/lib/libssl/test/Makefile +++ b/lib/libssl/test/Makefile @@ -5,7 +5,7 @@ DIR= test TOP= .. CC= cc -INCLUDES= -I$(TOP) -I../include $(KRB5_INCLUDES) +INCLUDES= -I$(TOP) -I../include $(KRB5_INCLUDES) -I$(TOP)/fips CFLAG= -g MAKEDEPEND= $(TOP)/util/domd $(TOP) -MD $(MAKEDEPPROG) PERL= perl @@ -27,6 +27,7 @@ DLIBCRYPTO= ../libcrypto.a DLIBSSL= ../libssl.a LIBCRYPTO= -L.. -lcrypto LIBSSL= -L.. -lssl +LIBFIPS= -L.. -lfips BNTEST= bntest ECTEST= ectest @@ -59,6 +60,18 @@ RSATEST= rsa_test ENGINETEST= enginetest EVPTEST= evp_test IGETEST= igetest +FIPS_SHATEST= fips_shatest +FIPS_DESTEST= fips_desmovs +FIPS_RANDTEST= fips_randtest +FIPS_AESTEST= fips_aesavs +FIPS_HMACTEST= fips_hmactest +FIPS_RSAVTEST= fips_rsavtest +FIPS_RSASTEST= fips_rsastest +FIPS_RSAGTEST= fips_rsagtest +FIPS_DSATEST= fips_dsatest +FIPS_DSSVS= fips_dssvs +FIPS_RNGVS= fips_rngvs +FIPS_TEST_SUITE=fips_test_suite TESTS= alltests @@ -69,7 +82,13 @@ EXE= $(BNTEST)$(EXE_EXT) $(ECTEST)$(EXE_EXT) $(ECDSATEST)$(EXE_EXT) $(ECDHTEST) $(MDC2TEST)$(EXE_EXT) $(RMDTEST)$(EXE_EXT) \ $(RANDTEST)$(EXE_EXT) $(DHTEST)$(EXE_EXT) $(ENGINETEST)$(EXE_EXT) \ $(BFTEST)$(EXE_EXT) $(CASTTEST)$(EXE_EXT) $(SSLTEST)$(EXE_EXT) $(EXPTEST)$(EXE_EXT) $(DSATEST)$(EXE_EXT) $(RSATEST)$(EXE_EXT) \ - $(EVPTEST)$(EXE_EXT) $(IGETEST)$(EXE_EXT) + $(EVPTEST)$(EXE_EXT) $(IGETEST)$(EXE_EXT) \ + $(FIPS_SHATEST)$(EXE_EXT) $(FIPS_DESTEST)$(EXE_EXT) \ + $(FIPS_RANDTEST)$(EXE_EXT) $(FIPS_AESTEST)$(EXE_EXT) \ + $(FIPS_HMACTEST)$(EXE_EXT) $(FIPS_RSAVTEST)$(EXE_EXT) \ + $(FIPS_RSASTEST)$(EXE_EXT) $(FIPS_RSAGTEST)$(EXE_EXT) \ + $(FIPS_DSSVS)$(EXE_EXT) $(FIPS_DSATEST)$(EXE_EXT) \ + $(FIPS_RNGVS)$(EXE_EXT) $(FIPS_TEST_SUITE)$(EXE_EXT) jpaketest$(EXE_EXT) # $(METHTEST)$(EXE_EXT) @@ -81,7 +100,13 @@ OBJ= $(BNTEST).o $(ECTEST).o $(ECDSATEST).o $(ECDHTEST).o $(IDEATEST).o \ $(MDC2TEST).o $(RMDTEST).o \ $(RANDTEST).o $(DHTEST).o $(ENGINETEST).o $(CASTTEST).o \ $(BFTEST).o $(SSLTEST).o $(DSATEST).o $(EXPTEST).o $(RSATEST).o \ - $(EVPTEST).o $(IGETEST).o + $(EVPTEST).o $(IGETEST).o \ + $(FIPS_SHATEST).o $(FIPS_DESTEST).o $(FIPS_RANDTEST).o \ + $(FIPS_AESTEST).o $(FIPS_HMACTEST).o $(FIPS_RSAVTEST).o \ + $(FIPS_RSASTEST).o $(FIPS_RSAGTEST).o \ + $(FIPS_DSSVS).o $(FIPS_DSATEST).o $(FIPS_RNGVS).o $(FIPS_TEST_SUITE).o \ + jpaketest.o + SRC= $(BNTEST).c $(ECTEST).c $(ECDSATEST).c $(ECDHTEST).c $(IDEATEST).c \ $(MD2TEST).c $(MD4TEST).c $(MD5TEST).c \ $(HMACTEST).c \ @@ -89,7 +114,12 @@ SRC= $(BNTEST).c $(ECTEST).c $(ECDSATEST).c $(ECDHTEST).c $(IDEATEST).c \ $(DESTEST).c $(SHATEST).c $(SHA1TEST).c $(MDC2TEST).c $(RMDTEST).c \ $(RANDTEST).c $(DHTEST).c $(ENGINETEST).c $(CASTTEST).c \ $(BFTEST).c $(SSLTEST).c $(DSATEST).c $(EXPTEST).c $(RSATEST).c \ - $(EVPTEST).c $(IGETEST).c + $(EVPTEST).c $(IGETEST).c \ + $(FIPS_SHATEST).c $(FIPS_DESTEST).c $(FIPS_RANDTEST).c \ + $(FIPS_AESTEST).c $(FIPS_HMACTEST).c $(FIPS_RSAVTEST).c \ + $(FIPS_RSASTEST).c $(FIPS_RSAGTEST).c \ + $(FIPS_DSSVS).c $(FIPS_DSATEST).c $(FIPS_RNGVS).c $(FIPS_TEST_SUITE).c \ + jpaketest.c EXHEADER= HEADER= $(EXHEADER) @@ -131,7 +161,7 @@ alltests: \ test_rand test_bn test_ec test_ecdsa test_ecdh \ test_enc test_x509 test_rsa test_crl test_sid \ test_gen test_req test_pkcs7 test_verify test_dh test_dsa \ - test_ss test_ca test_engine test_evp test_ssl test_ige + test_ss test_ca test_engine test_evp test_ssl test_ige test_jpake test_evp: ../util/shlib_wrap.sh ./$(EVPTEST) evptests.txt @@ -147,6 +177,9 @@ test_sha: ../util/shlib_wrap.sh ./$(SHA1TEST) ../util/shlib_wrap.sh ./$(SHA256TEST) ../util/shlib_wrap.sh ./$(SHA512TEST) + if [ -n "$(FIPSCANLIB)" ]; then \ + ../util/shlib_wrap.sh ./$(FIPS_SHATEST) < SHAmix.r | diff -w SHAmix.x - ; \ + fi test_mdc2: ../util/shlib_wrap.sh ./$(MDC2TEST) @@ -183,6 +216,9 @@ test_rc5: test_rand: ../util/shlib_wrap.sh ./$(RANDTEST) + if [ -n "$(FIPSCANLIB)" ]; then \ + ../util/shlib_wrap.sh ./$(FIPS_RANDTEST); \ + fi test_enc: sh ./testenc @@ -247,6 +283,9 @@ test_dsa: @echo "Generate a set of DSA parameters" ../util/shlib_wrap.sh ./$(DSATEST) ../util/shlib_wrap.sh ./$(DSATEST) -app2_1 + if [ -n "$(FIPSCANLIB)" ]; then \ + ../util/shlib_wrap.sh ./$(FIPS_DSATEST); \ + fi test_gen: @echo "Generate and verify a certificate request" @@ -266,6 +305,9 @@ test_engine: test_ssl: keyU.ss certU.ss certCA.ss certP1.ss keyP1.ss certP2.ss keyP2.ss \ intP1.ss intP2.ss @echo "test SSL protocol" + @if [ -n "$(FIPSCANLIB)" ]; then \ + sh ./testfipsssl keyU.ss certU.ss certCA.ss; \ + fi ../util/shlib_wrap.sh ./$(SSLTEST) -test_cipherlist @sh ./testssl keyU.ss certU.ss certCA.ss @sh ./testsslproxy keyP1.ss certP1.ss intP1.ss @@ -287,6 +329,10 @@ test_ige: $(IGETEST)$(EXE_EXT) @echo "Test IGE mode" ../util/shlib_wrap.sh ./$(IGETEST) +test_jpake: jpaketest$(EXE_EXT) + @echo "Test JPAKE" + ../util/shlib_wrap.sh ./jpaketest + lint: lint -DLINT $(INCLUDES) $(SRC)>fluff @@ -302,7 +348,7 @@ dclean: mv -f Makefile.new $(MAKEFILE) clean: - rm -f .rnd tmp.bntest tmp.bctest *.o *.obj lib tags core .pure .nfs* *.old *.bak fluff $(EXE) *.ss *.srl log + rm -f .rnd tmp.bntest tmp.bctest *.o *.obj lib tags core .pure .nfs* *.old *.bak fluff $(EXE) *.ss *.srl log dummytest $(DLIBSSL): (cd ..; $(MAKE) DIRS=ssl all) @@ -314,6 +360,7 @@ BUILD_CMD=shlib_target=; if [ -n "$(SHARED_LIBS)" ]; then \ shlib_target="$(SHLIB_TARGET)"; \ fi; \ LIBRARIES="$(LIBSSL) $(LIBCRYPTO) $(LIBKRB5)"; \ + [ "$(FIPSCANLIB)" = "libfips" ] && LIBRARIES="$$LIBRARIES -lfips"; \ $(MAKE) -f $(TOP)/Makefile.shared -e \ APPNAME=$$target$(EXE_EXT) OBJECTS="$$target.o" \ LIBDEPS="$(PEX_LIBS) $$LIBRARIES $(EX_LIBS)" \ @@ -349,6 +396,69 @@ $(SHA256TEST)$(EXE_EXT): $(SHA256TEST).o $(DLIBCRYPTO) $(SHA512TEST)$(EXE_EXT): $(SHA512TEST).o $(DLIBCRYPTO) @target=$(SHA512TEST); $(BUILD_CMD) +FIPS_BUILD_CMD=shlib_target=; if [ -n "$(SHARED_LIBS)" ]; then \ + shlib_target="$(SHLIB_TARGET)"; \ + fi; \ + if [ "$(FIPSCANLIB)" = "libfips" ]; then \ + LIBRARIES="-L$(TOP) -lfips"; \ + elif [ -n "$(FIPSCANLIB)" ]; then \ + FIPSLD_CC=$(CC); CC=$(TOP)/fips/fipsld; export CC FIPSLD_CC; \ + LIBRARIES="$${FIPSLIBDIR:-$(TOP)/fips/}fipscanister.o"; \ + fi; \ + $(MAKE) -f $(TOP)/Makefile.shared -e \ + CC=$${CC} APPNAME=$$target$(EXE_EXT) OBJECTS="$$target.o" \ + LIBDEPS="$(PEX_LIBS) $$LIBRARIES $(EX_LIBS)" \ + link_app.$${shlib_target} + +FIPS_CRYPTO_BUILD_CMD=shlib_target=; if [ -n "$(SHARED_LIBS)" ]; then \ + shlib_target="$(SHLIB_TARGET)"; \ + fi; \ + LIBRARIES="$(LIBSSL) $(LIBCRYPTO) $(LIBKRB5)"; \ + if [ -z "$(SHARED_LIBS)" -a -n "$(FIPSCANLIB)" ] ; then \ + FIPSLD_CC=$(CC); CC=$(TOP)/fips/fipsld; export CC FIPSLD_CC; \ + fi; \ + [ "$(FIPSCANLIB)" = "libfips" ] && LIBRARIES="$$LIBRARIES -lfips"; \ + $(MAKE) -f $(TOP)/Makefile.shared -e \ + CC=$${CC} APPNAME=$$target$(EXE_EXT) OBJECTS="$$target.o" \ + LIBDEPS="$(PEX_LIBS) $$LIBRARIES $(EX_LIBS)" \ + link_app.$${shlib_target} + +$(FIPS_SHATEST)$(EXE_EXT): $(FIPS_SHATEST).o $(DLIBCRYPTO) + @target=$(FIPS_SHATEST); $(FIPS_BUILD_CMD) + +$(FIPS_AESTEST)$(EXE_EXT): $(FIPS_AESTEST).o $(DLIBCRYPTO) + @target=$(FIPS_AESTEST); $(FIPS_BUILD_CMD) + +$(FIPS_DESTEST)$(EXE_EXT): $(FIPS_DESTEST).o $(DLIBCRYPTO) + @target=$(FIPS_DESTEST); $(FIPS_BUILD_CMD) + +$(FIPS_HMACTEST)$(EXE_EXT): $(FIPS_HMACTEST).o $(DLIBCRYPTO) + @target=$(FIPS_HMACTEST); $(FIPS_BUILD_CMD) + +$(FIPS_RANDTEST)$(EXE_EXT): $(FIPS_RANDTEST).o $(DLIBCRYPTO) + @target=$(FIPS_RANDTEST); $(FIPS_BUILD_CMD) + +$(FIPS_RSAVTEST)$(EXE_EXT): $(FIPS_RSAVTEST).o $(DLIBCRYPTO) + @target=$(FIPS_RSAVTEST); $(FIPS_BUILD_CMD) + +$(FIPS_RSASTEST)$(EXE_EXT): $(FIPS_RSASTEST).o $(DLIBCRYPTO) + @target=$(FIPS_RSASTEST); $(FIPS_BUILD_CMD) + +$(FIPS_RSAGTEST)$(EXE_EXT): $(FIPS_RSAGTEST).o $(DLIBCRYPTO) + @target=$(FIPS_RSAGTEST); $(FIPS_BUILD_CMD) + +$(FIPS_DSATEST)$(EXE_EXT): $(FIPS_DSATEST).o $(DLIBCRYPTO) + @target=$(FIPS_DSATEST); $(FIPS_BUILD_CMD) + +$(FIPS_DSSVS)$(EXE_EXT): $(FIPS_DSSVS).o $(DLIBCRYPTO) + @target=$(FIPS_DSSVS); $(FIPS_BUILD_CMD) + +$(FIPS_RNGVS)$(EXE_EXT): $(FIPS_RNGVS).o $(DLIBCRYPTO) + @target=$(FIPS_RNGVS); $(FIPS_BUILD_CMD) + +$(FIPS_TEST_SUITE)$(EXE_EXT): $(FIPS_TEST_SUITE).o $(DLIBCRYPTO) + @target=$(FIPS_TEST_SUITE); $(FIPS_BUILD_CMD) + $(RMDTEST)$(EXE_EXT): $(RMDTEST).o $(DLIBCRYPTO) @target=$(RMDTEST); $(BUILD_CMD) @@ -395,7 +505,7 @@ $(METHTEST)$(EXE_EXT): $(METHTEST).o $(DLIBCRYPTO) @target=$(METHTEST); $(BUILD_CMD) $(SSLTEST)$(EXE_EXT): $(SSLTEST).o $(DLIBSSL) $(DLIBCRYPTO) - @target=$(SSLTEST); $(BUILD_CMD) + @target=$(SSLTEST); $(FIPS_CRYPTO_BUILD_CMD) $(ENGINETEST)$(EXE_EXT): $(ENGINETEST).o $(DLIBCRYPTO) @target=$(ENGINETEST); $(BUILD_CMD) @@ -412,6 +522,9 @@ $(ECDHTEST)$(EXE_EXT): $(ECDHTEST).o $(DLIBCRYPTO) $(IGETEST)$(EXE_EXT): $(IGETEST).o $(DLIBCRYPTO) @target=$(IGETEST); $(BUILD_CMD) +jpaketest$(EXE_EXT): jpaketest.o $(DLIBCRYPTO) + @target=jpaketest; $(BUILD_CMD) + #$(AESTEST).o: $(AESTEST).c # $(CC) -c $(CFLAGS) -DINTERMEDIATE_VALUE_KAT -DTRACE_KAT_MCT $(AESTEST).c @@ -435,14 +548,15 @@ bntest.o: ../include/openssl/crypto.h ../include/openssl/dh.h bntest.o: ../include/openssl/dsa.h ../include/openssl/e_os2.h bntest.o: ../include/openssl/ec.h ../include/openssl/ecdh.h bntest.o: ../include/openssl/ecdsa.h ../include/openssl/err.h -bntest.o: ../include/openssl/evp.h ../include/openssl/lhash.h -bntest.o: ../include/openssl/obj_mac.h ../include/openssl/objects.h -bntest.o: ../include/openssl/opensslconf.h ../include/openssl/opensslv.h -bntest.o: ../include/openssl/ossl_typ.h ../include/openssl/pkcs7.h -bntest.o: ../include/openssl/rand.h ../include/openssl/rsa.h -bntest.o: ../include/openssl/safestack.h ../include/openssl/sha.h -bntest.o: ../include/openssl/stack.h ../include/openssl/symhacks.h -bntest.o: ../include/openssl/x509.h ../include/openssl/x509_vfy.h bntest.c +bntest.o: ../include/openssl/evp.h ../include/openssl/fips.h +bntest.o: ../include/openssl/lhash.h ../include/openssl/obj_mac.h +bntest.o: ../include/openssl/objects.h ../include/openssl/opensslconf.h +bntest.o: ../include/openssl/opensslv.h ../include/openssl/ossl_typ.h +bntest.o: ../include/openssl/pkcs7.h ../include/openssl/rand.h +bntest.o: ../include/openssl/rsa.h ../include/openssl/safestack.h +bntest.o: ../include/openssl/sha.h ../include/openssl/stack.h +bntest.o: ../include/openssl/symhacks.h ../include/openssl/x509.h +bntest.o: ../include/openssl/x509_vfy.h bntest.c casttest.o: ../e_os.h ../include/openssl/cast.h ../include/openssl/e_os2.h casttest.o: ../include/openssl/opensslconf.h casttest.c destest.o: ../include/openssl/des.h ../include/openssl/des_old.h @@ -481,53 +595,54 @@ ecdsatest.o: ../include/openssl/crypto.h ../include/openssl/e_os2.h ecdsatest.o: ../include/openssl/ec.h ../include/openssl/ecdh.h ecdsatest.o: ../include/openssl/ecdsa.h ../include/openssl/engine.h ecdsatest.o: ../include/openssl/err.h ../include/openssl/evp.h -ecdsatest.o: ../include/openssl/lhash.h ../include/openssl/obj_mac.h -ecdsatest.o: ../include/openssl/objects.h ../include/openssl/opensslconf.h -ecdsatest.o: ../include/openssl/opensslv.h ../include/openssl/ossl_typ.h -ecdsatest.o: ../include/openssl/pkcs7.h ../include/openssl/rand.h -ecdsatest.o: ../include/openssl/safestack.h ../include/openssl/sha.h -ecdsatest.o: ../include/openssl/stack.h ../include/openssl/symhacks.h -ecdsatest.o: ../include/openssl/x509.h ../include/openssl/x509_vfy.h -ecdsatest.o: ecdsatest.c +ecdsatest.o: ../include/openssl/fips.h ../include/openssl/lhash.h +ecdsatest.o: ../include/openssl/obj_mac.h ../include/openssl/objects.h +ecdsatest.o: ../include/openssl/opensslconf.h ../include/openssl/opensslv.h +ecdsatest.o: ../include/openssl/ossl_typ.h ../include/openssl/pkcs7.h +ecdsatest.o: ../include/openssl/rand.h ../include/openssl/safestack.h +ecdsatest.o: ../include/openssl/sha.h ../include/openssl/stack.h +ecdsatest.o: ../include/openssl/symhacks.h ../include/openssl/x509.h +ecdsatest.o: ../include/openssl/x509_vfy.h ecdsatest.c ectest.o: ../e_os.h ../include/openssl/asn1.h ../include/openssl/bio.h ectest.o: ../include/openssl/bn.h ../include/openssl/buffer.h ectest.o: ../include/openssl/crypto.h ../include/openssl/e_os2.h ectest.o: ../include/openssl/ec.h ../include/openssl/ecdh.h ectest.o: ../include/openssl/ecdsa.h ../include/openssl/engine.h ectest.o: ../include/openssl/err.h ../include/openssl/evp.h -ectest.o: ../include/openssl/lhash.h ../include/openssl/obj_mac.h -ectest.o: ../include/openssl/objects.h ../include/openssl/opensslconf.h -ectest.o: ../include/openssl/opensslv.h ../include/openssl/ossl_typ.h -ectest.o: ../include/openssl/pkcs7.h ../include/openssl/rand.h -ectest.o: ../include/openssl/safestack.h ../include/openssl/sha.h -ectest.o: ../include/openssl/stack.h ../include/openssl/symhacks.h -ectest.o: ../include/openssl/x509.h ../include/openssl/x509_vfy.h ectest.c +ectest.o: ../include/openssl/fips.h ../include/openssl/lhash.h +ectest.o: ../include/openssl/obj_mac.h ../include/openssl/objects.h +ectest.o: ../include/openssl/opensslconf.h ../include/openssl/opensslv.h +ectest.o: ../include/openssl/ossl_typ.h ../include/openssl/pkcs7.h +ectest.o: ../include/openssl/rand.h ../include/openssl/safestack.h +ectest.o: ../include/openssl/sha.h ../include/openssl/stack.h +ectest.o: ../include/openssl/symhacks.h ../include/openssl/x509.h +ectest.o: ../include/openssl/x509_vfy.h ectest.c enginetest.o: ../include/openssl/asn1.h ../include/openssl/bio.h enginetest.o: ../include/openssl/buffer.h ../include/openssl/crypto.h enginetest.o: ../include/openssl/e_os2.h ../include/openssl/ec.h enginetest.o: ../include/openssl/ecdh.h ../include/openssl/ecdsa.h enginetest.o: ../include/openssl/engine.h ../include/openssl/err.h -enginetest.o: ../include/openssl/evp.h ../include/openssl/lhash.h -enginetest.o: ../include/openssl/obj_mac.h ../include/openssl/objects.h -enginetest.o: ../include/openssl/opensslconf.h ../include/openssl/opensslv.h -enginetest.o: ../include/openssl/ossl_typ.h ../include/openssl/pkcs7.h -enginetest.o: ../include/openssl/safestack.h ../include/openssl/sha.h -enginetest.o: ../include/openssl/stack.h ../include/openssl/symhacks.h -enginetest.o: ../include/openssl/x509.h ../include/openssl/x509_vfy.h -enginetest.o: enginetest.c +enginetest.o: ../include/openssl/evp.h ../include/openssl/fips.h +enginetest.o: ../include/openssl/lhash.h ../include/openssl/obj_mac.h +enginetest.o: ../include/openssl/objects.h ../include/openssl/opensslconf.h +enginetest.o: ../include/openssl/opensslv.h ../include/openssl/ossl_typ.h +enginetest.o: ../include/openssl/pkcs7.h ../include/openssl/safestack.h +enginetest.o: ../include/openssl/sha.h ../include/openssl/stack.h +enginetest.o: ../include/openssl/symhacks.h ../include/openssl/x509.h +enginetest.o: ../include/openssl/x509_vfy.h enginetest.c evp_test.o: ../e_os.h ../include/openssl/asn1.h ../include/openssl/bio.h evp_test.o: ../include/openssl/buffer.h ../include/openssl/conf.h evp_test.o: ../include/openssl/crypto.h ../include/openssl/e_os2.h evp_test.o: ../include/openssl/ec.h ../include/openssl/ecdh.h evp_test.o: ../include/openssl/ecdsa.h ../include/openssl/engine.h evp_test.o: ../include/openssl/err.h ../include/openssl/evp.h -evp_test.o: ../include/openssl/lhash.h ../include/openssl/obj_mac.h -evp_test.o: ../include/openssl/objects.h ../include/openssl/opensslconf.h -evp_test.o: ../include/openssl/opensslv.h ../include/openssl/ossl_typ.h -evp_test.o: ../include/openssl/pkcs7.h ../include/openssl/safestack.h -evp_test.o: ../include/openssl/sha.h ../include/openssl/stack.h -evp_test.o: ../include/openssl/symhacks.h ../include/openssl/x509.h -evp_test.o: ../include/openssl/x509_vfy.h evp_test.c +evp_test.o: ../include/openssl/fips.h ../include/openssl/lhash.h +evp_test.o: ../include/openssl/obj_mac.h ../include/openssl/objects.h +evp_test.o: ../include/openssl/opensslconf.h ../include/openssl/opensslv.h +evp_test.o: ../include/openssl/ossl_typ.h ../include/openssl/pkcs7.h +evp_test.o: ../include/openssl/safestack.h ../include/openssl/sha.h +evp_test.o: ../include/openssl/stack.h ../include/openssl/symhacks.h +evp_test.o: ../include/openssl/x509.h ../include/openssl/x509_vfy.h evp_test.c exptest.o: ../e_os.h ../include/openssl/bio.h ../include/openssl/bn.h exptest.o: ../include/openssl/crypto.h ../include/openssl/e_os2.h exptest.o: ../include/openssl/err.h ../include/openssl/lhash.h @@ -535,40 +650,220 @@ exptest.o: ../include/openssl/opensslconf.h ../include/openssl/opensslv.h exptest.o: ../include/openssl/ossl_typ.h ../include/openssl/rand.h exptest.o: ../include/openssl/safestack.h ../include/openssl/stack.h exptest.o: ../include/openssl/symhacks.h exptest.c +fips_aesavs.o: ../e_os.h ../fips/fips_utl.h ../include/openssl/aes.h +fips_aesavs.o: ../include/openssl/asn1.h ../include/openssl/bio.h +fips_aesavs.o: ../include/openssl/bn.h ../include/openssl/crypto.h +fips_aesavs.o: ../include/openssl/e_os2.h ../include/openssl/err.h +fips_aesavs.o: ../include/openssl/evp.h ../include/openssl/fips.h +fips_aesavs.o: ../include/openssl/lhash.h ../include/openssl/obj_mac.h +fips_aesavs.o: ../include/openssl/objects.h ../include/openssl/opensslconf.h +fips_aesavs.o: ../include/openssl/opensslv.h ../include/openssl/ossl_typ.h +fips_aesavs.o: ../include/openssl/safestack.h ../include/openssl/stack.h +fips_aesavs.o: ../include/openssl/symhacks.h fips_aesavs.c +fips_desmovs.o: ../e_os.h ../fips/fips_utl.h ../include/openssl/asn1.h +fips_desmovs.o: ../include/openssl/bio.h ../include/openssl/bn.h +fips_desmovs.o: ../include/openssl/crypto.h ../include/openssl/des.h +fips_desmovs.o: ../include/openssl/des_old.h ../include/openssl/e_os2.h +fips_desmovs.o: ../include/openssl/err.h ../include/openssl/evp.h +fips_desmovs.o: ../include/openssl/fips.h ../include/openssl/lhash.h +fips_desmovs.o: ../include/openssl/obj_mac.h ../include/openssl/objects.h +fips_desmovs.o: ../include/openssl/opensslconf.h ../include/openssl/opensslv.h +fips_desmovs.o: ../include/openssl/ossl_typ.h ../include/openssl/safestack.h +fips_desmovs.o: ../include/openssl/stack.h ../include/openssl/symhacks.h +fips_desmovs.o: ../include/openssl/ui.h ../include/openssl/ui_compat.h +fips_desmovs.o: fips_desmovs.c +fips_dsatest.o: ../e_os.h ../fips/fips_utl.h ../include/openssl/asn1.h +fips_dsatest.o: ../include/openssl/bio.h ../include/openssl/bn.h +fips_dsatest.o: ../include/openssl/buffer.h ../include/openssl/crypto.h +fips_dsatest.o: ../include/openssl/des.h ../include/openssl/des_old.h +fips_dsatest.o: ../include/openssl/dsa.h ../include/openssl/e_os2.h +fips_dsatest.o: ../include/openssl/ec.h ../include/openssl/ecdh.h +fips_dsatest.o: ../include/openssl/ecdsa.h ../include/openssl/engine.h +fips_dsatest.o: ../include/openssl/err.h ../include/openssl/evp.h +fips_dsatest.o: ../include/openssl/fips.h ../include/openssl/fips_rand.h +fips_dsatest.o: ../include/openssl/lhash.h ../include/openssl/obj_mac.h +fips_dsatest.o: ../include/openssl/objects.h ../include/openssl/opensslconf.h +fips_dsatest.o: ../include/openssl/opensslv.h ../include/openssl/ossl_typ.h +fips_dsatest.o: ../include/openssl/pkcs7.h ../include/openssl/rand.h +fips_dsatest.o: ../include/openssl/safestack.h ../include/openssl/sha.h +fips_dsatest.o: ../include/openssl/stack.h ../include/openssl/symhacks.h +fips_dsatest.o: ../include/openssl/ui.h ../include/openssl/ui_compat.h +fips_dsatest.o: ../include/openssl/x509.h ../include/openssl/x509_vfy.h +fips_dsatest.o: fips_dsatest.c +fips_dssvs.o: ../fips/fips_utl.h ../include/openssl/asn1.h +fips_dssvs.o: ../include/openssl/bio.h ../include/openssl/bn.h +fips_dssvs.o: ../include/openssl/crypto.h ../include/openssl/dsa.h +fips_dssvs.o: ../include/openssl/e_os2.h ../include/openssl/err.h +fips_dssvs.o: ../include/openssl/evp.h ../include/openssl/fips.h +fips_dssvs.o: ../include/openssl/lhash.h ../include/openssl/obj_mac.h +fips_dssvs.o: ../include/openssl/objects.h ../include/openssl/opensslconf.h +fips_dssvs.o: ../include/openssl/opensslv.h ../include/openssl/ossl_typ.h +fips_dssvs.o: ../include/openssl/safestack.h ../include/openssl/stack.h +fips_dssvs.o: ../include/openssl/symhacks.h fips_dssvs.c +fips_hmactest.o: ../fips/fips_utl.h ../include/openssl/asn1.h +fips_hmactest.o: ../include/openssl/bio.h ../include/openssl/bn.h +fips_hmactest.o: ../include/openssl/buffer.h ../include/openssl/conf.h +fips_hmactest.o: ../include/openssl/crypto.h ../include/openssl/e_os2.h +fips_hmactest.o: ../include/openssl/ec.h ../include/openssl/ecdh.h +fips_hmactest.o: ../include/openssl/ecdsa.h ../include/openssl/err.h +fips_hmactest.o: ../include/openssl/evp.h ../include/openssl/fips.h +fips_hmactest.o: ../include/openssl/hmac.h ../include/openssl/lhash.h +fips_hmactest.o: ../include/openssl/obj_mac.h ../include/openssl/objects.h +fips_hmactest.o: ../include/openssl/opensslconf.h ../include/openssl/opensslv.h +fips_hmactest.o: ../include/openssl/ossl_typ.h ../include/openssl/pkcs7.h +fips_hmactest.o: ../include/openssl/safestack.h ../include/openssl/sha.h +fips_hmactest.o: ../include/openssl/stack.h ../include/openssl/symhacks.h +fips_hmactest.o: ../include/openssl/x509.h ../include/openssl/x509_vfy.h +fips_hmactest.o: ../include/openssl/x509v3.h fips_hmactest.c +fips_randtest.o: ../e_os.h ../fips/fips_utl.h ../include/openssl/bio.h +fips_randtest.o: ../include/openssl/bn.h ../include/openssl/crypto.h +fips_randtest.o: ../include/openssl/des.h ../include/openssl/des_old.h +fips_randtest.o: ../include/openssl/e_os2.h ../include/openssl/err.h +fips_randtest.o: ../include/openssl/fips_rand.h ../include/openssl/lhash.h +fips_randtest.o: ../include/openssl/opensslconf.h ../include/openssl/opensslv.h +fips_randtest.o: ../include/openssl/ossl_typ.h ../include/openssl/rand.h +fips_randtest.o: ../include/openssl/safestack.h ../include/openssl/stack.h +fips_randtest.o: ../include/openssl/symhacks.h ../include/openssl/ui.h +fips_randtest.o: ../include/openssl/ui_compat.h fips_randtest.c +fips_rngvs.o: ../fips/fips_utl.h ../include/openssl/asn1.h +fips_rngvs.o: ../include/openssl/bio.h ../include/openssl/bn.h +fips_rngvs.o: ../include/openssl/buffer.h ../include/openssl/conf.h +fips_rngvs.o: ../include/openssl/crypto.h ../include/openssl/des.h +fips_rngvs.o: ../include/openssl/des_old.h ../include/openssl/dsa.h +fips_rngvs.o: ../include/openssl/e_os2.h ../include/openssl/ec.h +fips_rngvs.o: ../include/openssl/ecdh.h ../include/openssl/ecdsa.h +fips_rngvs.o: ../include/openssl/err.h ../include/openssl/evp.h +fips_rngvs.o: ../include/openssl/fips.h ../include/openssl/fips_rand.h +fips_rngvs.o: ../include/openssl/lhash.h ../include/openssl/obj_mac.h +fips_rngvs.o: ../include/openssl/objects.h ../include/openssl/opensslconf.h +fips_rngvs.o: ../include/openssl/opensslv.h ../include/openssl/ossl_typ.h +fips_rngvs.o: ../include/openssl/pkcs7.h ../include/openssl/rand.h +fips_rngvs.o: ../include/openssl/safestack.h ../include/openssl/sha.h +fips_rngvs.o: ../include/openssl/stack.h ../include/openssl/symhacks.h +fips_rngvs.o: ../include/openssl/ui.h ../include/openssl/ui_compat.h +fips_rngvs.o: ../include/openssl/x509.h ../include/openssl/x509_vfy.h +fips_rngvs.o: ../include/openssl/x509v3.h fips_rngvs.c +fips_rsagtest.o: ../fips/fips_utl.h ../include/openssl/asn1.h +fips_rsagtest.o: ../include/openssl/bio.h ../include/openssl/bn.h +fips_rsagtest.o: ../include/openssl/buffer.h ../include/openssl/conf.h +fips_rsagtest.o: ../include/openssl/crypto.h ../include/openssl/e_os2.h +fips_rsagtest.o: ../include/openssl/ec.h ../include/openssl/ecdh.h +fips_rsagtest.o: ../include/openssl/ecdsa.h ../include/openssl/err.h +fips_rsagtest.o: ../include/openssl/evp.h ../include/openssl/fips.h +fips_rsagtest.o: ../include/openssl/hmac.h ../include/openssl/lhash.h +fips_rsagtest.o: ../include/openssl/obj_mac.h ../include/openssl/objects.h +fips_rsagtest.o: ../include/openssl/opensslconf.h ../include/openssl/opensslv.h +fips_rsagtest.o: ../include/openssl/ossl_typ.h ../include/openssl/pkcs7.h +fips_rsagtest.o: ../include/openssl/rsa.h ../include/openssl/safestack.h +fips_rsagtest.o: ../include/openssl/sha.h ../include/openssl/stack.h +fips_rsagtest.o: ../include/openssl/symhacks.h ../include/openssl/x509.h +fips_rsagtest.o: ../include/openssl/x509_vfy.h ../include/openssl/x509v3.h +fips_rsagtest.o: fips_rsagtest.c +fips_rsastest.o: ../fips/fips_utl.h ../include/openssl/asn1.h +fips_rsastest.o: ../include/openssl/bio.h ../include/openssl/bn.h +fips_rsastest.o: ../include/openssl/buffer.h ../include/openssl/conf.h +fips_rsastest.o: ../include/openssl/crypto.h ../include/openssl/e_os2.h +fips_rsastest.o: ../include/openssl/ec.h ../include/openssl/ecdh.h +fips_rsastest.o: ../include/openssl/ecdsa.h ../include/openssl/err.h +fips_rsastest.o: ../include/openssl/evp.h ../include/openssl/fips.h +fips_rsastest.o: ../include/openssl/hmac.h ../include/openssl/lhash.h +fips_rsastest.o: ../include/openssl/obj_mac.h ../include/openssl/objects.h +fips_rsastest.o: ../include/openssl/opensslconf.h ../include/openssl/opensslv.h +fips_rsastest.o: ../include/openssl/ossl_typ.h ../include/openssl/pkcs7.h +fips_rsastest.o: ../include/openssl/rsa.h ../include/openssl/safestack.h +fips_rsastest.o: ../include/openssl/sha.h ../include/openssl/stack.h +fips_rsastest.o: ../include/openssl/symhacks.h ../include/openssl/x509.h +fips_rsastest.o: ../include/openssl/x509_vfy.h ../include/openssl/x509v3.h +fips_rsastest.o: fips_rsastest.c +fips_rsavtest.o: ../fips/fips_utl.h ../include/openssl/asn1.h +fips_rsavtest.o: ../include/openssl/bio.h ../include/openssl/bn.h +fips_rsavtest.o: ../include/openssl/buffer.h ../include/openssl/conf.h +fips_rsavtest.o: ../include/openssl/crypto.h ../include/openssl/e_os2.h +fips_rsavtest.o: ../include/openssl/ec.h ../include/openssl/ecdh.h +fips_rsavtest.o: ../include/openssl/ecdsa.h ../include/openssl/err.h +fips_rsavtest.o: ../include/openssl/evp.h ../include/openssl/fips.h +fips_rsavtest.o: ../include/openssl/hmac.h ../include/openssl/lhash.h +fips_rsavtest.o: ../include/openssl/obj_mac.h ../include/openssl/objects.h +fips_rsavtest.o: ../include/openssl/opensslconf.h ../include/openssl/opensslv.h +fips_rsavtest.o: ../include/openssl/ossl_typ.h ../include/openssl/pkcs7.h +fips_rsavtest.o: ../include/openssl/rsa.h ../include/openssl/safestack.h +fips_rsavtest.o: ../include/openssl/sha.h ../include/openssl/stack.h +fips_rsavtest.o: ../include/openssl/symhacks.h ../include/openssl/x509.h +fips_rsavtest.o: ../include/openssl/x509_vfy.h ../include/openssl/x509v3.h +fips_rsavtest.o: fips_rsavtest.c +fips_shatest.o: ../fips/fips_utl.h ../include/openssl/asn1.h +fips_shatest.o: ../include/openssl/bio.h ../include/openssl/bn.h +fips_shatest.o: ../include/openssl/buffer.h ../include/openssl/conf.h +fips_shatest.o: ../include/openssl/crypto.h ../include/openssl/e_os2.h +fips_shatest.o: ../include/openssl/ec.h ../include/openssl/ecdh.h +fips_shatest.o: ../include/openssl/ecdsa.h ../include/openssl/err.h +fips_shatest.o: ../include/openssl/evp.h ../include/openssl/fips.h +fips_shatest.o: ../include/openssl/lhash.h ../include/openssl/obj_mac.h +fips_shatest.o: ../include/openssl/objects.h ../include/openssl/opensslconf.h +fips_shatest.o: ../include/openssl/opensslv.h ../include/openssl/ossl_typ.h +fips_shatest.o: ../include/openssl/pkcs7.h ../include/openssl/safestack.h +fips_shatest.o: ../include/openssl/sha.h ../include/openssl/stack.h +fips_shatest.o: ../include/openssl/symhacks.h ../include/openssl/x509.h +fips_shatest.o: ../include/openssl/x509_vfy.h ../include/openssl/x509v3.h +fips_shatest.o: fips_shatest.c +fips_test_suite.o: ../fips/fips_utl.h ../include/openssl/aes.h +fips_test_suite.o: ../include/openssl/asn1.h ../include/openssl/bio.h +fips_test_suite.o: ../include/openssl/bn.h ../include/openssl/crypto.h +fips_test_suite.o: ../include/openssl/des.h ../include/openssl/des_old.h +fips_test_suite.o: ../include/openssl/dh.h ../include/openssl/dsa.h +fips_test_suite.o: ../include/openssl/e_os2.h ../include/openssl/err.h +fips_test_suite.o: ../include/openssl/evp.h ../include/openssl/fips.h +fips_test_suite.o: ../include/openssl/hmac.h ../include/openssl/lhash.h +fips_test_suite.o: ../include/openssl/obj_mac.h ../include/openssl/objects.h +fips_test_suite.o: ../include/openssl/opensslconf.h +fips_test_suite.o: ../include/openssl/opensslv.h ../include/openssl/ossl_typ.h +fips_test_suite.o: ../include/openssl/rand.h ../include/openssl/rsa.h +fips_test_suite.o: ../include/openssl/safestack.h ../include/openssl/sha.h +fips_test_suite.o: ../include/openssl/stack.h ../include/openssl/symhacks.h +fips_test_suite.o: ../include/openssl/ui.h ../include/openssl/ui_compat.h +fips_test_suite.o: fips_test_suite.c hmactest.o: ../e_os.h ../include/openssl/asn1.h ../include/openssl/bio.h hmactest.o: ../include/openssl/crypto.h ../include/openssl/e_os2.h -hmactest.o: ../include/openssl/evp.h ../include/openssl/hmac.h -hmactest.o: ../include/openssl/md5.h ../include/openssl/obj_mac.h -hmactest.o: ../include/openssl/objects.h ../include/openssl/opensslconf.h -hmactest.o: ../include/openssl/opensslv.h ../include/openssl/ossl_typ.h -hmactest.o: ../include/openssl/safestack.h ../include/openssl/stack.h -hmactest.o: ../include/openssl/symhacks.h hmactest.c +hmactest.o: ../include/openssl/evp.h ../include/openssl/fips.h +hmactest.o: ../include/openssl/hmac.h ../include/openssl/md5.h +hmactest.o: ../include/openssl/obj_mac.h ../include/openssl/objects.h +hmactest.o: ../include/openssl/opensslconf.h ../include/openssl/opensslv.h +hmactest.o: ../include/openssl/ossl_typ.h ../include/openssl/safestack.h +hmactest.o: ../include/openssl/stack.h ../include/openssl/symhacks.h hmactest.c ideatest.o: ../e_os.h ../include/openssl/e_os2.h ../include/openssl/idea.h ideatest.o: ../include/openssl/opensslconf.h ideatest.c igetest.o: ../include/openssl/aes.h ../include/openssl/e_os2.h igetest.o: ../include/openssl/opensslconf.h ../include/openssl/ossl_typ.h igetest.o: ../include/openssl/rand.h igetest.c +jpaketest.o: ../include/openssl/buffer.h ../include/openssl/crypto.h +jpaketest.o: ../include/openssl/e_os2.h ../include/openssl/opensslconf.h +jpaketest.o: ../include/openssl/opensslv.h ../include/openssl/ossl_typ.h +jpaketest.o: ../include/openssl/safestack.h ../include/openssl/stack.h +jpaketest.o: ../include/openssl/symhacks.h jpaketest.c md2test.o: ../e_os.h ../include/openssl/asn1.h ../include/openssl/bio.h md2test.o: ../include/openssl/crypto.h ../include/openssl/e_os2.h -md2test.o: ../include/openssl/evp.h ../include/openssl/md2.h -md2test.o: ../include/openssl/obj_mac.h ../include/openssl/objects.h -md2test.o: ../include/openssl/opensslconf.h ../include/openssl/opensslv.h -md2test.o: ../include/openssl/ossl_typ.h ../include/openssl/safestack.h -md2test.o: ../include/openssl/stack.h ../include/openssl/symhacks.h md2test.c +md2test.o: ../include/openssl/evp.h ../include/openssl/fips.h +md2test.o: ../include/openssl/md2.h ../include/openssl/obj_mac.h +md2test.o: ../include/openssl/objects.h ../include/openssl/opensslconf.h +md2test.o: ../include/openssl/opensslv.h ../include/openssl/ossl_typ.h +md2test.o: ../include/openssl/safestack.h ../include/openssl/stack.h +md2test.o: ../include/openssl/symhacks.h md2test.c md4test.o: ../e_os.h ../include/openssl/asn1.h ../include/openssl/bio.h md4test.o: ../include/openssl/crypto.h ../include/openssl/e_os2.h -md4test.o: ../include/openssl/evp.h ../include/openssl/md4.h -md4test.o: ../include/openssl/obj_mac.h ../include/openssl/objects.h -md4test.o: ../include/openssl/opensslconf.h ../include/openssl/opensslv.h -md4test.o: ../include/openssl/ossl_typ.h ../include/openssl/safestack.h -md4test.o: ../include/openssl/stack.h ../include/openssl/symhacks.h md4test.c +md4test.o: ../include/openssl/evp.h ../include/openssl/fips.h +md4test.o: ../include/openssl/md4.h ../include/openssl/obj_mac.h +md4test.o: ../include/openssl/objects.h ../include/openssl/opensslconf.h +md4test.o: ../include/openssl/opensslv.h ../include/openssl/ossl_typ.h +md4test.o: ../include/openssl/safestack.h ../include/openssl/stack.h +md4test.o: ../include/openssl/symhacks.h md4test.c md5test.o: ../e_os.h ../include/openssl/asn1.h ../include/openssl/bio.h md5test.o: ../include/openssl/crypto.h ../include/openssl/e_os2.h -md5test.o: ../include/openssl/evp.h ../include/openssl/md5.h -md5test.o: ../include/openssl/obj_mac.h ../include/openssl/objects.h -md5test.o: ../include/openssl/opensslconf.h ../include/openssl/opensslv.h -md5test.o: ../include/openssl/ossl_typ.h ../include/openssl/safestack.h -md5test.o: ../include/openssl/stack.h ../include/openssl/symhacks.h md5test.c +md5test.o: ../include/openssl/evp.h ../include/openssl/fips.h +md5test.o: ../include/openssl/md5.h ../include/openssl/obj_mac.h +md5test.o: ../include/openssl/objects.h ../include/openssl/opensslconf.h +md5test.o: ../include/openssl/opensslv.h ../include/openssl/ossl_typ.h +md5test.o: ../include/openssl/safestack.h ../include/openssl/stack.h +md5test.o: ../include/openssl/symhacks.h md5test.c mdc2test.o: ../include/openssl/buffer.h ../include/openssl/crypto.h mdc2test.o: ../include/openssl/e_os2.h ../include/openssl/opensslconf.h mdc2test.o: ../include/openssl/opensslv.h ../include/openssl/ossl_typ.h @@ -589,11 +884,12 @@ rc5test.o: ../include/openssl/safestack.h ../include/openssl/stack.h rc5test.o: ../include/openssl/symhacks.h rc5test.c rmdtest.o: ../e_os.h ../include/openssl/asn1.h ../include/openssl/bio.h rmdtest.o: ../include/openssl/crypto.h ../include/openssl/e_os2.h -rmdtest.o: ../include/openssl/evp.h ../include/openssl/obj_mac.h -rmdtest.o: ../include/openssl/objects.h ../include/openssl/opensslconf.h -rmdtest.o: ../include/openssl/opensslv.h ../include/openssl/ossl_typ.h -rmdtest.o: ../include/openssl/ripemd.h ../include/openssl/safestack.h -rmdtest.o: ../include/openssl/stack.h ../include/openssl/symhacks.h rmdtest.c +rmdtest.o: ../include/openssl/evp.h ../include/openssl/fips.h +rmdtest.o: ../include/openssl/obj_mac.h ../include/openssl/objects.h +rmdtest.o: ../include/openssl/opensslconf.h ../include/openssl/opensslv.h +rmdtest.o: ../include/openssl/ossl_typ.h ../include/openssl/ripemd.h +rmdtest.o: ../include/openssl/safestack.h ../include/openssl/stack.h +rmdtest.o: ../include/openssl/symhacks.h rmdtest.c rsa_test.o: ../e_os.h ../include/openssl/asn1.h ../include/openssl/bio.h rsa_test.o: ../include/openssl/bn.h ../include/openssl/crypto.h rsa_test.o: ../include/openssl/e_os2.h ../include/openssl/err.h @@ -604,18 +900,20 @@ rsa_test.o: ../include/openssl/safestack.h ../include/openssl/stack.h rsa_test.o: ../include/openssl/symhacks.h rsa_test.c sha1test.o: ../e_os.h ../include/openssl/asn1.h ../include/openssl/bio.h sha1test.o: ../include/openssl/crypto.h ../include/openssl/e_os2.h -sha1test.o: ../include/openssl/evp.h ../include/openssl/obj_mac.h -sha1test.o: ../include/openssl/objects.h ../include/openssl/opensslconf.h -sha1test.o: ../include/openssl/opensslv.h ../include/openssl/ossl_typ.h -sha1test.o: ../include/openssl/safestack.h ../include/openssl/sha.h -sha1test.o: ../include/openssl/stack.h ../include/openssl/symhacks.h sha1test.c +sha1test.o: ../include/openssl/evp.h ../include/openssl/fips.h +sha1test.o: ../include/openssl/obj_mac.h ../include/openssl/objects.h +sha1test.o: ../include/openssl/opensslconf.h ../include/openssl/opensslv.h +sha1test.o: ../include/openssl/ossl_typ.h ../include/openssl/safestack.h +sha1test.o: ../include/openssl/sha.h ../include/openssl/stack.h +sha1test.o: ../include/openssl/symhacks.h sha1test.c shatest.o: ../e_os.h ../include/openssl/asn1.h ../include/openssl/bio.h shatest.o: ../include/openssl/crypto.h ../include/openssl/e_os2.h -shatest.o: ../include/openssl/evp.h ../include/openssl/obj_mac.h -shatest.o: ../include/openssl/objects.h ../include/openssl/opensslconf.h -shatest.o: ../include/openssl/opensslv.h ../include/openssl/ossl_typ.h -shatest.o: ../include/openssl/safestack.h ../include/openssl/sha.h -shatest.o: ../include/openssl/stack.h ../include/openssl/symhacks.h shatest.c +shatest.o: ../include/openssl/evp.h ../include/openssl/fips.h +shatest.o: ../include/openssl/obj_mac.h ../include/openssl/objects.h +shatest.o: ../include/openssl/opensslconf.h ../include/openssl/opensslv.h +shatest.o: ../include/openssl/ossl_typ.h ../include/openssl/safestack.h +shatest.o: ../include/openssl/sha.h ../include/openssl/stack.h +shatest.o: ../include/openssl/symhacks.h shatest.c ssltest.o: ../e_os.h ../include/openssl/asn1.h ../include/openssl/bio.h ssltest.o: ../include/openssl/bn.h ../include/openssl/buffer.h ssltest.o: ../include/openssl/comp.h ../include/openssl/conf.h @@ -624,17 +922,18 @@ ssltest.o: ../include/openssl/dsa.h ../include/openssl/dtls1.h ssltest.o: ../include/openssl/e_os2.h ../include/openssl/ec.h ssltest.o: ../include/openssl/ecdh.h ../include/openssl/ecdsa.h ssltest.o: ../include/openssl/engine.h ../include/openssl/err.h -ssltest.o: ../include/openssl/evp.h ../include/openssl/hmac.h -ssltest.o: ../include/openssl/kssl.h ../include/openssl/lhash.h -ssltest.o: ../include/openssl/obj_mac.h ../include/openssl/objects.h -ssltest.o: ../include/openssl/opensslconf.h ../include/openssl/opensslv.h -ssltest.o: ../include/openssl/ossl_typ.h ../include/openssl/pem.h -ssltest.o: ../include/openssl/pem2.h ../include/openssl/pkcs7.h -ssltest.o: ../include/openssl/pq_compat.h ../include/openssl/pqueue.h -ssltest.o: ../include/openssl/rand.h ../include/openssl/rsa.h -ssltest.o: ../include/openssl/safestack.h ../include/openssl/sha.h -ssltest.o: ../include/openssl/ssl.h ../include/openssl/ssl2.h -ssltest.o: ../include/openssl/ssl23.h ../include/openssl/ssl3.h -ssltest.o: ../include/openssl/stack.h ../include/openssl/symhacks.h -ssltest.o: ../include/openssl/tls1.h ../include/openssl/x509.h -ssltest.o: ../include/openssl/x509_vfy.h ../include/openssl/x509v3.h ssltest.c +ssltest.o: ../include/openssl/evp.h ../include/openssl/fips.h +ssltest.o: ../include/openssl/hmac.h ../include/openssl/kssl.h +ssltest.o: ../include/openssl/lhash.h ../include/openssl/obj_mac.h +ssltest.o: ../include/openssl/objects.h ../include/openssl/opensslconf.h +ssltest.o: ../include/openssl/opensslv.h ../include/openssl/ossl_typ.h +ssltest.o: ../include/openssl/pem.h ../include/openssl/pem2.h +ssltest.o: ../include/openssl/pkcs7.h ../include/openssl/pq_compat.h +ssltest.o: ../include/openssl/pqueue.h ../include/openssl/rand.h +ssltest.o: ../include/openssl/rsa.h ../include/openssl/safestack.h +ssltest.o: ../include/openssl/sha.h ../include/openssl/ssl.h +ssltest.o: ../include/openssl/ssl2.h ../include/openssl/ssl23.h +ssltest.o: ../include/openssl/ssl3.h ../include/openssl/stack.h +ssltest.o: ../include/openssl/symhacks.h ../include/openssl/tls1.h +ssltest.o: ../include/openssl/x509.h ../include/openssl/x509_vfy.h +ssltest.o: ../include/openssl/x509v3.h ssltest.c diff --git a/lib/libssl/test/tests.com b/lib/libssl/test/tests.com index 056082e7fe7..88a33d0531b 100644 --- a/lib/libssl/test/tests.com +++ b/lib/libssl/test/tests.com @@ -25,7 +25,7 @@ $ tests := - test_rand,test_bn,test_ec,test_ecdsa,test_ecdh,- test_enc,test_x509,test_rsa,test_crl,test_sid,- test_gen,test_req,test_pkcs7,test_verify,test_dh,test_dsa,- - test_ss,test_ca,test_engine,test_evp,test_ssl + test_ss,test_ca,test_engine,test_evp,test_ssl,test_ige,test_jpake $ endif $ tests = f$edit(tests,"COLLAPSE") $ @@ -57,6 +57,8 @@ $ SSLTEST := ssltest $ RSATEST := rsa_test $ ENGINETEST := enginetest $ EVPTEST := evp_test +$ IGETEST := igetest +$ JPAKETEST := jpaketest $ $ tests_i = 0 $ loop_tests: @@ -250,6 +252,14 @@ $ test_rd: $ write sys$output "test Rijndael" $ !mcr 'texe_dir''rdtest' $ return +$ test_ige: +$ write sys$output "Test IGE mode" +$ mcr 'texe_dir''igetest' +$ return +$ test_jpake: +$ write sys$output "Test JPAKE" +$ mcr 'texe_dir''jpaketest' +$ return $ $ $ exit: |